medical – Page 2 – Insinuator.net

April 23, 2020 by Julian Suleder

Medical Device Security: HL7v2 Injections in Patient Monitors

Digital networking is already widespread in many areas of life. In the healthcare industry, a clear trend towards networked devices is noticeable, so that the number of high-tech medical devices in hospitals is steadily increasing.

In this blog post, we want to elucidate a vulnerability we identified during the security assessment of a patient monitor. The device sends HL7 v2.x messages, such as observation results to HL7 v2.x capable electronic medical record (EMR) systems. A user with malicious intent can tamper these messages. As HL7 v2.x is a common medical communication standard, we also want to present how this kind of vulnerability may be mitigated. The assessment was part of the BSI project ManiMed, which we would like to present in the following section.

Continue reading “Medical Device Security: HL7v2 Injections in Patient Monitors”

Events

September 3, 2016 by Florian Grunow

MRMCD16 – diagnosis:critical

This year’s MRMCD16 had a topic that immediately let me submit a talk about medical device security: “diagnosis:critical”. Or to quote the official website:


Security issues in soft- and hardware have a low chance of healing, especially in medical IT.
Despite years of therapy using code reviews and programming guidelines, we still face huge amounts of vulnerable software that probably is in need of palliative treatment.
Security vulnerabilities caused by the invasion of IT in the medical sector are becoming real threats. From insulin pumps over analgesic pumps through to pace makers, more and more medical devices have been hacked already. This year's motto "mrmcd2016 - diagnosis:critical" stands summarizing for the current state of the whole IT sector.

Continue reading “MRMCD16 – diagnosis:critical”

Events

April 7, 2016 by Christoph Klaaßen

Unpatchable – Living with a vulnerable implanted device

TL;DR: Marie Moe talked about security issues of medical devices, especially implantable devices like pacemakers, but not in overwhelming technological depth. She wanted to point out the necessity of intensified security research in the field of medical devices as vendors and medical personnel seem to be lacking necessary awareness of security of devices, interfaces, services, and even data privacy.”Get involved, join the cavalry” was her core message. Continue reading “Unpatchable – Living with a vulnerable implanted device”

Events

March 30, 2016 by Niki Vonderwell

Medical Device Security: Hack or Hype

Kevin Fu is an Associate Professor at the University of Michigan where he directs the Archimedes Center for Medical Device Security and cofounded Virta Labs. At Troopers 16 he held a talk in the field of his research: medical device security. Continue reading “Medical Device Security: Hack or Hype”

Events

November 4, 2015 by Florian Grunow

“We have a Code Blue right here!”

That was the opener for my presentation on the Security in Medical Devices at CodeBlue 2015 last week in Tokyo, Japan. A Code Blue often describes a patient in a critical condition, mostly needing resuscitation. That just seemed to be a perfect match, also in the sense that the condition of some medical devices out there are still pretty critical concerning security. If you follow our current research on this you know what I am talking about. I hope that we are not talking about this topic anymore three years from now. That would mean that we have made the world a safer place, although it took some time … 😉

Speaking at Code Blue really was a blast! “Arigato” for having me! The conference was organized very well and the staff was extremely caring. You could really feel the community vibe in this event. Considering that the conference is only around a few years that is really remarkable. The talks I enjoyed most obviously were both keynotes: Takuya Matsuda – The Singularity is Near and Richard Thieme’s thoughtprovoking speech at the end of the conference. I also enjoyed Bhavna Soman’s high quality talk about using metrics to correlate APT binaries. The overall quality of the talks on Code Blue was pretty good but what I enjoyed the most were the discussions and the exchange with other researcher from all over the planet.

I hope to see some of you at Troopers16! 🙂

Cheers,

Florian

Events

October 5, 2015 by Stefan Kiese

ERNW speaking @ hardwear.io

Hardwarebug

On October 1st and 2nd Flo and I were presenting at
hardwear.io in The Hague, NL. My topic was “Living in a fool’s
wireless-secured paradise” and Flo was presenting his current research
on medical device security. It was the first talk at an international
security conference for me and I am still quite excited! Continue reading “ERNW speaking @ hardwear.io”

Breaking

July 1, 2015 by Florian Grunow

The patient’s last words: I am not a target!

Last week I gave a short interview for Süddeutsche Zeitung on the security of medical devices. You can find it here. Unfortunately it is in German so I decided to sum up some of my key points that made it into the article and some that didn’t in this blog post. Continue reading “The patient’s last words: I am not a target!”

Events

November 13, 2014 by Florian Grunow

Power of Community 2014

I had the pleasure to participate in this year’s Power of Community and was invited to talk about the insecurity of medical devices. The conference is based in Seoul, Korea and started in 2006. It has a strong technical focus and it is a community driven event. For me it was great to participate as mostly hackers from Asia were there and I got the chance to talk to a lot of nice folks that I wouldn’t be able to meet otherwise. This is especially true for the host, vangelis.

Continue reading “Power of Community 2014”

Breaking

November 21, 2013 by Florian Grunow

Medical Device Security

One of our guiding principles at ERNW is “Make the World a Safer Place”. There could not be a topic that matches this principle more than the security or insecurity of medical devices. This is why we started a research project that is looking at how vulnerable those devices are that might be deployed in hospitals around the world. Recently the U.S. Food and Drug Administration (FDA) has put out a recommendation concerning the security of medical devices. It recommends that “manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks”. We thought that we should take a look at how manufacturers deal with security for these devices. Continue reading “Medical Device Security”