This course aims to clarify misconceptions surrounding the security of medical devices and provide insights on how to effectively defend them. The learning outcomes include understanding the reality of patching and running anti-virus protection on medical devices, as well as learning how to bring about substantive security changes in these devices. The course covers topics such as the framework for improving device security, bug disclosure processes, and FDA involvement in reporting. The intended audience includes vendors, buyers, administrators of medical devices, and researchers interested in disclosing bugs and vulnerabilities. The teaching method involves a presentation with real-world examples and a live replication of a software bug on stage.
Overview
Syllabus
Intro
Why do you care?
Diabetes 101: What is it?
Diabetes 101: High Sugar
Diabetes 101: Low Sugar
Medical Device and the FDA
Medical Devices to the Rescue!
Independent Medical Device
Peripheral Medical Device
Networked Medical Device
Device Reporting in the Real World
FDA Involvement in Reporting
Animas Reaction to "Bug"
Device Updates: Hero
MYTH OS Updates
Call for Action: FDA Guidance
Call for Action: Classification
Call for Action: Buyers
Final Thoughts
Taught by
Black Hat
