Unpatchable: Troopers 2016 edition
-
Upload
marie-elisabeth-gaup-moe -
Category
Technology
-
view
514 -
download
3
Transcript of Unpatchable: Troopers 2016 edition
UnpatchableLivingwithavulnerableimplanteddevice
@MarieGMoe@SINTEF_Infosec
MarieMoe,PhD,ResearchScientistatSINTEF
Pacemaker/ICDProgrammer
Homemonitoringunit
CellularorTelephoneNetwork Webportal
InductivenearfieldcommunicationMICS/
ISM
POTS/SMS
Remotemonitoring
PotentialthreatsDeviceisvulnerable?
Accesspointisvulnerable?
Mobilenetworkiscompromised?
Serveratvendoriscompromised?
Websitethatdoctorlogsintoisvulnerable?
PersonalInfrastructureYourrelianceonaninfrastructureisinverselyproportionaltohowinvisibleitistoyou.
Weallrelyonoxygen,ourlungs,andourhearts,buthowoftentowethinkaboutthem?
Howoftendowedomaintenanceordebugthem?
”We need tobeable toverify the software thatcontrols our lives”
BruceSchneier on“VolkswagenandCheatingSoftware”
Previouswork• KevinFuetal:
– Pacemakersandimplantablecardiacdefibrillators:Softwareradioattacksandzero-powerdefenses (2008)
– MitigatingEMIsignalinjectionattacksagainstanalogsensors(2013)
• BarnabyJack• Hardcodedcredentials• Medicaldevicehoneypots• Druginfusionpumps
20
Researchneeded• Opensourcemedicaldevices• Medicaldevicecryptography• Personalareanetworkmonitoring• Jammingprotection• Forensicsevidencecapture
CreditsÉireann Leverett (@blackswanburst)
TonyNaggs (@xa329)GunnarAlendal (@gradoisageek)
HugoCampos(@HugoOC)ScottErven (@scotterven)
Alexandre Dulaunoy (@adulau)ClausCramonHoumann (@ClausHoumann)
JoshuaCorman (@joshcorman)BeauWoods (@beauwoods)SuzanneSchwartz(USFDA)
Family&Friends