Breaking the Security Barrier of a Major Infusion Pump - Douglas McKee & Philippe Laulheret - Ekoparty 2021

Explore the process of remotely compromising the BBraun Infusomat pump, a widely used medical device in hospitals worldwide, in this 42-minute conference talk from Ekoparty 2021. Delve into firmware reverse engineering, vulnerability research, and exploitation demonstrations as speakers Douglas McKee and Philippe Laulheret investigate the potential for hackers to manipulate infusion rates and potentially overdose patients. Learn about past research, important applications, firmware extraction techniques, and the analysis of datasheets and manuals. Discover peripherals of interest, identify attack vectors, and understand the exploitation of format string vulnerabilities and privilege escalation methods. Gain insights into the internal database structure, critical data modification, and common pitfalls in the medical industry's approach to security.