Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Slides

advertisement 
HACKING MEDICAL DEVICES
BY JENNIFER GROSS
GROWTH OF MEDICAL TECHNOLOGIES
• Medical technologies and computer science continue to mesh
• Pacemakers
• Insulin Pumps
• Defibrillators
• Just as susceptible to hacks and bugs as any other form of technology.
BARNABY JACK
• Renowned white hat hacker for
McAfee
• Hacked an insulin pump delivering
300 units of insulin to a mannequin
in a matter of seconds.
• Figured out how to hack pacemakers http://www.youtube.com/watch?v=YJ8PZe
from up to 500 feet away
RwweA
FDA’S ROLE
• Responsible for evaluating all new medical devices and risks associated with
them
• Seldom will examine new devices prior to them being surgically implanted
unless:
• Repeated malfunctions
• Recalled
OTHER ORGANIZATIONS INVOLVED
• Center for Medicare and Medicaid Services (CMS)
• Food and Drug Administration (FDA)
• Department of Health and Human Services (HHS)
• Department of Defense (DoD)
• Department of Veterans Affairs (VA)
• Department of Homeland Security (DHS)
POLITICS….
• Economics behind reporting devices with defects
• If a hospital were to file a report of an incident with one of the medical devices, the
hospital is liable
• Disincentive for notification
• False sense of security
• Lack of preparedness for any cyber security issues
ENCRYPTION AND OTHER PROTECTIONS
• All models of the various medical devices have the capability to use Advance
Encryption Standard (AES)
• Numerous backdoors to these devices
• Backdoor could “at least have it been embedded deep inside the ICD core”
LEGAL HELP?
• Product Liability
• Riegel v. Medtronic, Inc.
PROPOSED SOLUTION
• Software Freedom Law Center (SFLC)
• Publicly auditable source-code
OPTIONS
• Use with risks of what can happen
• Don’t use it at all
REFERENCES
• Fu, Kevin and James Blum. "Inside Risks: Controlling for Cybersecurity Risks of Medical Device Software." n.d.
Computer Science Laboratory - SRI International. 20 April 2014.
<http://www.csl.sri.com/users/neumann/cacm231.pdf>.
• Goodin, Dan. Insulin pump hack delivers fatal dosage over the air. 27 October 2011. 20 April 2014.
<http://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/>.
• Goodman, Marc. Hacking the Human Heart. 23 August 2011. 20 April 2014. <http://bigthink.com/futurecrimes/hacking-the-human-heart>.
• Kirk, Jeremy. Pacemaker hack can deliver deadly 830-volt jolt. 17 October 2012. 20 April 2014.
<http://www.computerworld.com/s/article/9232477/Pacemaker_hack_can_deliver_deadly_830_volt_jolt>.
• Peters, Jeff. Medical Devices: Death by Hacking and Barnaby Jack. July 2013. 20 April 2014.
<http://www.hacksurfer.com/articles/medical-devices-death-by-hacking-and-barnaby-jack>.
REFERENCES
• Radcliffe, Jerome. "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA
System." n.d. Black Hat. 20 April 2014. <http://media.blackhat.com/bh-us11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf>.
• "Riegel VS. Medtronic." n.d. American Association for Justice. Web. 23 April 2014.
<http://www.justice.org/cps/rde/justice/hs.xsl/2679.htm>.
• Sandler, Karen, et al. "Killed By Code: Software Transparency in Implantable Medical
Devices." 21 July 2010. Software Freedom Law Center. Web. 23 April 2014.
• Storm, Darlene. Pacemaker hacker says worm could possibly 'commit mass murder'. 17 October
2012. 20 April 2012. <http://blogs.computerworld.com/cybercrime-andhacking/21163/pacemaker-hacker-says-worm-could-possibly-commit-mass-murder>.
REFERENCES
• Talbot, David. Computer Viruses Are "Rampant" on Medical Devices in Hospitals. 17 October
2012. 20 April 2014. <http://www.technologyreview.com/news/429616/computer-virusesare-rampant-on-medical-devices-in-hospitals/>.
• Tobias, Marc Weber. What's to Stop Hackers From Infecting Medical Devices. 20 April 2012.
20 April 2014. <http://www.forbes.com/sites/marcwebertobias/2012/04/20/whats-tostop-hackers-from-infecting-medical-devices/>.
• Ungerleider, Neal. Medical Cybercrime: The Next Frontier. n.d. 20 April 2014.
<http://www.fastcompany.com/3000470/medical-cybercrime-next-frontier>.
• Zetter, Kim. Board Urges Feds to Prevent Medical Device Hacking. 10 April 2012. 20 April
2014. <http://www.wired.com/2012/04/security-of-medical-devices/>.
Related documents
The lab
The lab
File
File
20-minute Intro to Hacking
20-minute Intro to Hacking
Unit 20 – The Ex Hacker – Model Answers
Unit 20 – The Ex Hacker – Model Answers
Pitching your Hack PowerPoint Deck
Pitching your Hack PowerPoint Deck
Overview of Insulin Therapy in Diabetes
Overview of Insulin Therapy in Diabetes
Lesson 2 Effect of exercise on diabetes
Lesson 2 Effect of exercise on diabetes
presenter - ShmooCon
presenter - ShmooCon
PPTX - Systems, software and technology
PPTX - Systems, software and technology
Article
Article
What is Ethical Hacking??
What is Ethical Hacking??
点击下载浏览该文件201052220445366
点击下载浏览该文件201052220445366
Download
advertisement