The way from App to Brain: attack surfaces of smart medical infrastructure presented at BSidesMunich 2019

by Denis Makrushin,


Summary : The concept of “SCADA for human” is central in focus of modern medicine. The realization of the systems that collects and proceed information about human body parameters, builds on current infrastructure and technology implementations. In the cases of some treatment procedures, data transferred via vulnerable medical networks and management software could be compromised, which could lead to an attacker being able to tamper with massive groups of patients at the same time. The goal of this talk is to provide the results of offensive research of networks and online-management software that uses in daily medical practice. We show not only typical entry points in medical infrastructure, but also highlight the vulnerabilities in software that popular with surgical teams, also permitted attackers to access sensitive data and even affect treatment procedures.