A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Medical Devices: Pwnage & Honeypots - Scott Erven Cyphercon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Medical Devices: Pwnage & Honeypots
Scott Erven
@scotterven

Cyphercon 2016

We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? I will discuss over 30 CVE’s I have reported that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? I will discuss our medical device honeypot research showing the implications of these patient care devices increasing their connectivity, and steps that can be taken to reduce risk associated with these life saving devices.

Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has advised the Department of Homeland Security, Food and Drug Administration and national policymakers. His research on medical device security has been featured in Wired, Forbes, BBC and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. His current focus is on research that affects human life and public safety issues inside today’s healthcare landscape.

Back to Cyphercon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast