Medical Devices: Pwnage and Honeypots - TIB AV-Portal

Medical Devices: Pwnage and Honeypots

00:00

Erven, Scott Collao, Mark

Formal Metadata

Title

Medical Devices: Pwnage and Honeypots

Title of Series

Number of Parts

Author

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/36435 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? We will release and present six months of medical device honeypot research showing the implications of these patient care devices increasing their connectivity. Speaker Bios: Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside todayís healthcare landscape. Mark Collao is a Security Consultant at Protiviti. He has over 5 years of experience in information security consulting, primarily in network and application penetration tests, red team assessments, and social engineering exercises. Mark also researches botnet activity and maintains several custom protocol and application honeypots on the net. He holds an Offensive Security Certified Professional (OSCP) certification, is a member of the MWCCDC red team, and graduated from DePaul University

Speech

Text

Image

00:00

Information securityMoment (mathematics)Goodness of fitInformation securitySelf-organizationRight angleInternet service providerCuboidInformation technology consultingAssociative propertyComputer programmingBitMultiplication signAreaReal numberProduct (business)Power (physics)Computer networkSoftware testingRobotGastropod shell

01:29

Phase transitionCovering spaceType theoryPhase transitionVulnerability (computing)Level (video gaming)Information securitySelf-organizationInternetworkingInformation technology consultingMatrix (mathematics)JSONXML

02:19

Video gameInformation privacyPoint (geometry)FamilyLipschitz-StetigkeitRight angleConnected spaceAbsolute valueLevel (video gaming)Computer animation

03:09

Level (video gaming)Web serviceType theoryStaff (military)Sound effectEvent horizonDigital rights managementGame controllerEndliche ModelltheorieRight angleDrawing

04:09

Content management systemSound effectRoundness (object)Self-organizationFörderverein International Co-Operative StudiesInformation securitySystem callInformationProduct (business)Arithmetic progressionSet (mathematics)1 (number)Online helpState of matterInformation privacyPlotterPhase transitionFocus (optics)

05:27

Phase transitionPhase transitionLevel (video gaming)Data transmissionVulnerability (computing)Real-time operating systemWeb serviceType theoryMobile appInformation privacyINTEGRALCuboidMetropolitan area networkComputer fileGroup actionEncryptionPhysical systemSystem administratorPatch (Unix)Information securityDefault (computer science)Multiplication signRow (database)Decision tree learningComputer animation

07:00

Phase transitionInternetworkingMessage passingPhysical systemServer (computing)Block (periodic table)Computer networkPhase transitionSelf-organizationCartesian coordinate systemPhysical systemOpen setReading (process)TelecommunicationIndependent set (graph theory)Configuration spacePrice indexComputer animation

08:01

System programmingPhysical systemDomain nameGame controllerSelf-organizationType theoryMedical imagingWeb serviceInformationSoftwarePhysical systemMatrix (mathematics)

08:35

Term (mathematics)System programmingPhysical systemDirection (geometry)Price indexInformationSelf-organizationKey (cryptography)Type theoryLatent heatPlastikkarteQuery languageUniform resource locatorVector spaceOffice suiteIndependent set (graph theory)Configuration space

09:35

System programmingMountain passPhysical systemPasswordInformation securityFront and back endsMedical imagingVector spaceData storage devicePicture archiving and communication systemNumberSelf-organizationSystem callMultilaterationType theoryBitCartesian coordinate systemComputer animation

10:31

NeuroinformatikOpen sourceBlock (periodic table)Information securityMoving averageFront and back endsVector spaceInformationOffice suiteMultiplication signSelf-organizationDirectory service

11:26

Ewe languageForcing (mathematics)InformationWindowPivot elementPhysical systemSocial engineering (security)NeuroinformatikComputer wormStructural load2 (number)Vector space

12:00

Phase transitionMultiplication signCrash (computing)Self-organizationPhysical systemSystem administratorSinc functionInternetworkingVulnerability (computing)Remote procedure callPhase transitionComputer animation

12:51

AuthorizationWebsiteType theoryInformationSet (mathematics)Line (geometry)System administratorMultiplication signSinc functionDependent and independent variablesValue-added network

13:44

Dependent and independent variablesWhiteboardSlide ruleHacker (term)Process (computing)Physical systemGoodness of fitTopological vector spaceInformation securityResultantPoint (geometry)Dependent and independent variablesCodeSimilarity (geometry)

14:50

InformationSlide ruleIterationPoint (geometry)Remote administrationSystem administrator1 (number)Medical imagingNuclear spacePhysical systemVulnerability (computing)Database

16:00

PasswordRootMedical imagingPhysical systemInheritance (object-oriented programming)Goodness of fitType theoryLine (geometry)Product (business)Software developerWeb service

16:42

Web servicePhysical systemWindowSystem administratorDenial-of-service attackMedical imagingLoginGreatest elementStaff (military)PasswordSingle-precision floating-point formatPerspective (visual)1 (number)Product (business)

17:16

Medical imagingPort scannerPhysical systemLoginType theoryPasswordData storage deviceInheritance (object-oriented programming)Server (computing)System administratorSequelSource codeComputer animation

18:22

Goodness of fitFile archiverTrailData storage deviceDigital rights managementEncryptionKey (cryptography)PasswordServer (computing)Decision theorySequelLoginAnalytic setData warehouseMedical imagingSource code

19:01

Order (biology)Cartesian coordinate systemFront and back endsDatei-ServerData storage device2 (number)Server (computing)Web 2.0Web serviceGamma functionType theorySource codeComputer animation

19:40

RoutingPort scannerLoginMessage passing1 (number)Source code

20:17

Web serviceLoginWordScripting languageDifferent (Kate Ryan album)Set (mathematics)Point cloudPasswordMultiplicationComputer animation

20:51

System administratoroutputPoint cloudInformationBitWordWebsitePasswordReal numberSoftwareRight angleMobile app

21:37

MathematicsImplementationPasswordCASE <Informatik>PasswordINTEGRALBit rateType theoryConfiguration spaceMassCartesian coordinate systemSelf-organizationDefault (computer science)Dependent and independent variablesWeb servicePhysical systemMathematicsInformation security

22:37

PasswordMathematicsTable (information)Video GeniePasswordFlagRemote procedure callDefault (computer science)Point (geometry)ImplementationReading (process)Self-organizationCASE <Informatik>Computer animation

23:24

PasswordMountain passPhysical systemOperator (mathematics)WindowFunction (mathematics)Computer-generated imageryDigital signalMenu (computing)Overlay-NetzCircleElectronic visual displayPasswordType theoryGreatest elementPhysical systemWeb serviceSystem callOperator (mathematics)Level (video gaming)Thermal radiationMathematicsWorkstation <Musikinstrument>Perspective (visual)Game controllerComputer fileParameter (computer programming)Vector spaceEncryptionDifferent (Kate Ryan album)Remote procedure call

25:17

InformationContent (media)BitEmulatorSpacetimeStatisticsProcedural programmingLatent heatCASE <Informatik>InformationNoise (electronics)Text editorType theoryDependent and independent variablesInternetworkingLevel (video gaming)

26:20

Context awarenessGame theorySicDefault (computer science)InformationPasswordMalwareWebsiteGeometryDifferent (Kate Ryan album)Latent heatComputer networkComputer animation

27:18

1 (number)Interactive televisionError messageWeb 2.0Different (Kate Ryan album)Web serviceType theoryOperating systemCommunications protocolCASE <Informatik>Revision controlDivisorVulnerability (computing)LoginInformationCartesian coordinate systemString (computer science)Right angleLevel (video gaming)PasswordFront and back endsOpen sourceFingerprintHeuristicScripting languageTelnetDebuggerInternetworking

28:29

ResultantInformationHoaxPhysical systemTwitterFile systemCore dumpGoogol

29:15

Forcing (mathematics)Web 2.0Regular graphUniqueness quantificationDifferent (Kate Ryan album)Type theoryAttribute grammarChemical equationDefault (computer science)QuicksortScripting languageFile Transfer ProtocolSource codeLoginMessage passingIn-System-ProgrammierungInternet service providerSystem administratorMalwareTwitterTelnetServer (computing)PasswordBitHoaxSystem callDrop (liquid)Core dumpIntelligent Network

31:33

RootEnumerated typeSimilarity (geometry)Type theoryServer (computing)WindowSoftwareCuboidRobotLevel (video gaming)Gastropod shellMereologyDenial-of-service attackVirtual machineLoginSpacetimeProper map

33:25

InternetworkingVirtual machineCuboidRobotConnected spaceWindowSpacetime1 (number)FingerprintInteractive televisionUser profile

34:35

Euler anglesSoftwareMach's principleType theoryInformation securitySelf-organizationSoftwareRight angleMassInformation privacyPhysical systemSurfaceContext awarenessMultiplication signComputer animation

35:24

Host Identity ProtocolPhysical systemValidity (statistics)Moving averageRight angleVulnerability (computing)Information privacyConnected spaceType theoryVector potentialInteractive televisionNumberGame controllerPlastikkarteMotion captureReal numberMalwareComputer forensics

36:21

Integrated development environmentMultiplicationAliasingSelf-organizationIntegrated development environmentGame controllerRight angleDesign by contractSystem callLevel (video gaming)Information technology consultingSelectivity (electronic)WordInformation securityVulnerability (computing)Statement (computer science)Order (biology)Formal grammarWebsiteRoundness (object)Web serviceInternet der DingeFlow separation

39:23

Motion captureTraffic reportingMotion captureLevel (video gaming)Event horizonInformation securityGeneric programmingCausalityRight angle

40:33

Term (mathematics)Information securityData structureInformation privacyCASE <Informatik>MereologyCollaborationismObject (grammar)Product (business)

41:41

Type theoryMereologyBuildingInformation securityLattice (order)Software testingMultiplication signSelf-organizationInternet service providerInteractive televisionCollaborationismInternet der DingeGroup actionSoftwarePhysical systemElectronic program guide1 (number)CodeEvent horizonInformation privacySpeech synthesisLevel (video gaming)Video gameComputer animation

Transcript: Englisch(auto-generated)