This course teaches how to remotely compromise a major infusion pump, exploring firmware reverse engineering, vulnerability research, and exploitation demos. The skills taught include finding vulnerabilities, penetration testing, reverse engineering, and software exploitation. The teaching method involves a talk with demonstrations. The intended audience includes security researchers, penetration testers, and individuals interested in medical device security.
Breaking the Security Barrier of a Major Infusion Pump - Douglas McKee & Philippe Laulheret - Ekoparty 2021
Ekoparty Security Conference via YouTube
Overview
Syllabus
Intro
PAST RESEARCH
IMPORTANT APPLICATIONS
DIVIDE AND CONQUER
GETTING THE FIRMWARE OUT
DATASHEET + MANUALS
PERIPHERALS OF INTEREST
FINDING THE FUN VECTORS
INTERNAL DATABASE
FORMAT STRING EXPLOITATION
PRIVILEGE ESCALATION
UNDERSTANDING THE CALL CHAIN
WHAT DATA CAN WE MESS WITH
MODIFYING CRITICAL DATA
MEDICAL INDUSTRY COMMON PITFALLS
Taught by
Ekoparty Security Conference
Related Courses
-
Exploitation of a Hardened MSP430-Based Device - Braden Thomas - Ekoparty Security Conference - 2014
-
Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities
-
Owning the Smart Home with Logitech Harmony Hub
-
Reverse-Engineering the Supra iBox - Exploitation of a Hardened MSP430-Based Device
-
Breaking Firmware Trust From Pre-EFI - Exploiting Early Boot Phases
-
Hacking Video Conferencing Systems
