Unpatchable: 32C3 edition
-
Upload
marie-elisabeth-gaup-moe -
Category
Technology
-
view
4.807 -
download
0
Transcript of Unpatchable: 32C3 edition
![Page 1: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/1.jpg)
Concinnity Risks
Unpatchable Living with a vulnerable implanted device
@MarieGMoe @blackswanburst
Marie Moe, PhD, Research Scien?st at SINTEF Eireann LevereE, Founder and CEO of Concinnity Risks
![Page 2: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/2.jpg)
Hack to save lives!
![Page 3: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/3.jpg)
A brief history of my heart…
![Page 4: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/4.jpg)
How the heart works
![Page 5: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/5.jpg)
Electrical system of the heart
![Page 6: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/6.jpg)
Pacemaker
![Page 7: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/7.jpg)
The Internet of Medical ”Things” is real,
and Marie’s heart is wired into it…
![Page 8: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/8.jpg)
① Implantable medical device – ICD/Pacemaker/other devices – MICS (Medical Implant
Communica?on Service) – Bluetooth
② Access point – POTS/GSM/SMS/email
③ GSM/Telephone/Internet ④ Telemetry store
– Programmers – Doctor’s worksta?on – Telemetry server at vendor
⑤ Medical staff – Social engineering
![Page 9: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/9.jpg)
With connec?vity comes vulnerability…
![Page 10: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/10.jpg)
Poten?al impact Pa?ent privacy issues
BaEery exhaus?on
Device malfunc?on
Death threats and extor?on
Remote assassina?on scenario…
![Page 11: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/11.jpg)
”We need to be able to verify the so\ware that
controls our lives”
Bruce Schneier on “Volkswagen and Chea?ng So\ware”
![Page 12: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/12.jpg)
Previous work • Kevin Fu et al:
– Pacemakers and implantable cardiac defibrillators: So\ware radio aEacks and zero-‐power defenses (2008)
– Mi?ga?ng EMI signal injec?on aEacks against analog sensors (2013)
• Barnaby Jack • Hardcoded creden?als • Medical device honeypots • Drug infusion pumps
![Page 13: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/13.jpg)
Hacking can save lives
Source: h*p://www.fda.gov/MedicalDevices/Safety/AlertsandNo>ces/ucm456815.htm
![Page 14: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/14.jpg)
Medical devices do get infected
Source: h*ps://securityledger.com/wp-‐content/uploads/2015/06/AOA_MEDJACK_LAYOUT_6-‐0_6-‐3-‐2015-‐1.pdf
![Page 15: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/15.jpg)
WTF are you doing with my data?
![Page 16: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/16.jpg)
The stairs that almost killed me
![Page 17: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/17.jpg)
Debugging me
![Page 18: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/18.jpg)
Leadless pacemaker
![Page 19: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/19.jpg)
The future?
![Page 20: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/20.jpg)
Reflec?ons on trus?ng machines
![Page 21: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/21.jpg)
Why?
Legacy technology
No so\ware updates Long life?me of devices
No security tes?ng or monitoring
Medical devices are ”black boxes” Proprietary
so\ware
More connec?vity
Lack of regula?ons Increased aEack surface
![Page 22: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/22.jpg)
How to solve it?
Security research
Informa?on sharing Third party collabora?on Coordinated disclosure
Vendor awareness
Regula?on Procurement
Safety by design Security tes?ng
Security risk
monitoring
Security updates Incident response Cyber insurance Resilience
![Page 23: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/23.jpg)
![Page 24: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/24.jpg)
What is the social contract for the
code in our bodies?
![Page 25: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/25.jpg)
Research needed • Open source medical devices • Medical device cryptography • Personal area network monitoring • Jamming protec?on • Forensics evidence capture
![Page 26: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/26.jpg)
Credits
Tony Naggs (@xa329) Gunnar Alendal (@gradoisageek) Alexandre Dulaunoy (@adulau) Joshua Corman (@joshcorman)
Claus Cramon Houmann (@ClausHoumann) ScoE Erven (@scoEerven) Beau Woods (@beauwoods) Suzanne Schwartz (US FDA)
Family & Friends
![Page 27: Unpatchable: 32C3 edition](https://reader034.fdocuments.us/reader034/viewer/2022050613/588512f01a28abd05e8b5d9f/html5/thumbnails/27.jpg)
Concinnity Risks
Thank you!
www.infosec.sintef.no www.iamthecavalry.org www.concinnity-‐risks.com
@MarieGMoe @blackswanburst