Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Abusing IoT Medical Devices for Your Precious Health Records

via YouTube

Overview

Explore the vulnerabilities of IoT medical devices and their potential impact on health record security in this Derbycon 2018 conference talk. Delve into connected healthcare devices, medical device classifications, and data flow architectures. Examine real-world horror stories like MEDJACK and MEDJACK2, and follow the speakers' journey as they investigate a purchased PDA. Learn about wireless setting manipulation, telnet observations, and traffic analysis. Discover fuzzing techniques, privilege escalation methods, and how to access encrypted patient data and prescriptions. Gain insights into the importance of built-in security measures for IoT medical devices and understand the potential consequences of inadequate protection for sensitive health information.

Syllabus

Intro
[-]$ About us
[-]$ Connected Healthcare Devices
[-]$ Medical Devices Classification
[-]$ Data Loop
[-]$ The Architecture
[-]$ The Nightmare Tons of new connected medical devices
[-]$ The Horror Stories - MEDJACK/ MEDJACK2
[-]$ About the Device
[~]$ Workflow Hospital Network
[-]$ Initial Observations
[-]$ We Bought a PDA
[-]$ Overwriting Wireless Settings
[-]$ Additional Observations - Telnet
[-]$ The Initial Traffic
[-]$ Time to Fuzz
[-]$ Winning Packet
[-]$ Master Drug List
[-]$ Workflow
[-]$ Let's Break It Down
[-]$ Privilege Escalation
[-]$ The Encrypted File - Win!!!
[-]$ Access to Patient Data
[-]$ Prescriptions
[-]$ Closing Remarks • Built-in, not bolted on

Reviews

Start your review of Abusing IoT Medical Devices for Your Precious Health Records

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.