Auf in die Zukunft!
Listen to Your Heart: Security and Privacy of Implantable Cardio Foo
December 28, 2021
8:00 PM – 8:40 PM Add to calendar
8:00 PM – 8:40 PM Add to calendar
Chaos-West TV
We analyzed the security of the environment around heart pacemakers, implantable cardioverter-defibrillators, and heart monitors.
We also took the hard way to get our data from manufacturers and hospitals with EU General Data Protection Regulation (GDPR) inquiries.
Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health.
This talk gives an overview about the security of this ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices.
Additionally, we sent several General Data Protection Regulation (GDPR, ger: DSGVO) inquiries to manufacturers of implantable cardiologic devices and hospitals, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem.
Additional information
| Live Stream | https://streaming.media.ccc.de/rc3/cwtv |
|---|---|
| Type | Talk |
| Language | English |
More sessions
| 12/27/21 |
Die Kölner Initiative Kameras stoppen richtet sich gegen die polizeiliche Videoüberwachung in Köln. Die Initiative stellt die Kampagne vor und berichtet über die Erfolge und der aktuellen Stand.
|
| 12/27/21 |
In this joint talk, four internet freedom advocates will expose and criticize current plans for general mass collection of everyone's communication data. 2022 will bring threats to Internet freedoms but also opportunities for civil society to act.
|
| 12/27/21 |
"Frau Kastl, sie müssen uns helfen, diese Zettelwirtschaft abzuschaffen" Mit diesem Anruf begann im August 2020 eine ziemliche abenteuerliche Reise durch die wunderbare Welt der Digitalisierung in einem Gesundheitsamt – noch viel weiter…
|
| 12/28/21 |
Post-quantum crypto is being rolled out to secure **you** from quantum computers! Unfortunately, few people know how post-quantum works. Let's change that! In this zero-to-hero talk we'll dive into the inner workings of Kyber, a prominent member of the post-quantum family.
|
| 12/29/21 |
The last two years where pretty darn terrible, but one of the things that provided hope was a growing solidarity between workers. Sadly this was also met with enormous repression. In this talk I want to show why we need unions and how we're prevented from getting them.
|
| 12/29/21 |
Imagine you are running late for your bus and decide to grab a bike-sharing bike to get there in time. More often than not I found myself standing at an empty station only to miss my bus. Here, I present you my data-driven approach to avoid walking to empty bike-sharing stations.
|
