Security

Unpatchable

Living with a vulnerable implanted device
Gradually we are all becoming more and more dependent on machines, we will be able to live longer with an increased quality of life due to machines integrated into our body. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device can have fatal consequences. This talk is about Marie's personal experience with being the host of a vulnerable medical implant, and how this has forced her to become a human part of the "Internet-of-Things".
Marie's life depends on the functioning of a medical device, a pacemaker that generates each and every beat of her heart. This computer inside of her may fail due to hardware and software issues, due to misconfigurations or network-connectivity. Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring forcing the patient to become a human part of the Internet-of-Things. As a security-professional Marie is worried about her heart's attack surface. How can she trust the machine inside her body, when it is running on proprietary code and there is no transparency? This is why she went shopping on eBay to acquire medical devices that can communicate with her pacemaker, and started a hacking project together with her friend Éireann. This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can't easily be patched without performing surgery on patients, Marie's personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Additional information

Type lecture
Language English

More sessions

12/27/15
Security
Joanna Rutkowska
Hall 2
Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?
12/27/15
Security
Hall 6
Unser Vortrag demonstriert einen PLC-only Wurm. Der PLC-Wurm kann selbstständig ein Netzwerk nach Siemens Simatic S7-1200 Geräten in den Versionen 1 bis 3 durchsuchen und diese befallen. Hierzu ist keine Unterstützung durch PCs oder Server erforderlich. Der Wurm „lebt“ ausschließlich in den PLCs.
12/27/15
Security
Hall 2
Dr. Peter Laackmann und Marcus Janke zeigen mit einem tiefen Einblick in die Welt der Hardware-Trojaner, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen.
12/27/15
Security
Yaniv Balmas
Hall G
Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?
12/27/15
Security
Ilja van Sprundel
Hall 2
This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.
12/27/15
Security
Alexander Graf
Hall 2
Did you ever want to have access to a few hundred thousand network end points? Or a few hundred thousand phone numbers? A short look behind the curtains of how not to do network security.
12/27/15
Security
Hall 1
For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. Railroads is a complex systems and process automation is used in different areas: to control power, switches, ...