29
Unpatchable Living with a vulnerable implanted device @MarieGMoe @SINTEF_Infosec Marie Moe, PhD, Research Scientist at SINTEF

Unpatchable: Troopers 2016 edition

Embed Size (px)

Citation preview

Page 1: Unpatchable: Troopers 2016 edition

UnpatchableLivingwithavulnerableimplanteddevice

@MarieGMoe@SINTEF_Infosec

MarieMoe,PhD,ResearchScientistatSINTEF

Page 2: Unpatchable: Troopers 2016 edition

Hacktosavelives!

Page 3: Unpatchable: Troopers 2016 edition

Howtheheartworks

3https://www.youtube.com/watch?v=d6RbN5lPqIU

Page 4: Unpatchable: Troopers 2016 edition

Electricalsystemoftheheart

4

Page 5: Unpatchable: Troopers 2016 edition

Pacemaker

5https://www.youtube.com/watch?v=-f2FKmMneXY

Page 6: Unpatchable: Troopers 2016 edition

Leadless pacemaker

Page 7: Unpatchable: Troopers 2016 edition

Thefuture?

Page 8: Unpatchable: Troopers 2016 edition

TheInternetofMedical”Things”isreal,andmyheartiswiredintoit…

Page 9: Unpatchable: Troopers 2016 edition

Pacemaker/ICDProgrammer

Homemonitoringunit

CellularorTelephoneNetwork Webportal

InductivenearfieldcommunicationMICS/

ISM

POTS/SMS

Remotemonitoring

Page 10: Unpatchable: Troopers 2016 edition

Withconnectivitycomesvulnerability…

10

Page 11: Unpatchable: Troopers 2016 edition

PotentialthreatsDeviceisvulnerable?

Accesspointisvulnerable?

Mobilenetworkiscompromised?

Serveratvendoriscompromised?

Websitethatdoctorlogsintoisvulnerable?

Page 12: Unpatchable: Troopers 2016 edition
Page 13: Unpatchable: Troopers 2016 edition

PersonalInfrastructureYourrelianceonaninfrastructureisinverselyproportionaltohowinvisibleitistoyou.

Weallrelyonoxygen,ourlungs,andourhearts,buthowoftentowethinkaboutthem?

Howoftendowedomaintenanceordebugthem?

Page 14: Unpatchable: Troopers 2016 edition

“Techisnotneutralnorvalue-free.”

BenZevenbergen, Troopers16

Page 15: Unpatchable: Troopers 2016 edition

Thestairs that almost killed me

Page 16: Unpatchable: Troopers 2016 edition

Debuggingme

Page 17: Unpatchable: Troopers 2016 edition

”We need tobeable toverify the software thatcontrols our lives”

BruceSchneier on“VolkswagenandCheatingSoftware”

Page 18: Unpatchable: Troopers 2016 edition

Reflections on trusting machines

Page 19: Unpatchable: Troopers 2016 edition

Whentrustisbroken

http://www.startribune.com/guidant-to-pay-a-fine-of-296m/113367264/

Page 20: Unpatchable: Troopers 2016 edition

Previouswork• KevinFuetal:

– Pacemakersandimplantablecardiacdefibrillators:Softwareradioattacksandzero-powerdefenses (2008)

– MitigatingEMIsignalinjectionattacksagainstanalogsensors(2013)

• BarnabyJack• Hardcodedcredentials• Medicaldevicehoneypots• Druginfusionpumps

20

Page 21: Unpatchable: Troopers 2016 edition

Hackingcansavelives!

21http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm456815.htm

Page 22: Unpatchable: Troopers 2016 edition

WTFare you doing with mydata?

22

Page 23: Unpatchable: Troopers 2016 edition
Page 24: Unpatchable: Troopers 2016 edition
Page 25: Unpatchable: Troopers 2016 edition

25

Page 26: Unpatchable: Troopers 2016 edition

Researchneeded• Opensourcemedicaldevices• Medicaldevicecryptography• Personalareanetworkmonitoring• Jammingprotection• Forensicsevidencecapture

Page 27: Unpatchable: Troopers 2016 edition

Thebenefitoutweighstherisk

Page 28: Unpatchable: Troopers 2016 edition

CreditsÉireann Leverett (@blackswanburst)

TonyNaggs (@xa329)GunnarAlendal (@gradoisageek)

HugoCampos(@HugoOC)ScottErven (@scotterven)

Alexandre Dulaunoy (@adulau)ClausCramonHoumann (@ClausHoumann)

JoshuaCorman (@joshcorman)BeauWoods (@beauwoods)SuzanneSchwartz(USFDA)

Family&Friends

Page 29: Unpatchable: Troopers 2016 edition

Thankyou!marie.moe@sintef.nowww.infosec.sintef.nowww.iamthecavalry.org

@MarieGMoe@SINTEF_Infosec


TROOPERS 10k Run - Motivational

TROOPERS 10k Run - Motivational

Sports
Mar 16 18 Spouses of Deployed Troopers Retreat

Mar 16 18 Spouses of Deployed Troopers Retreat

Business
THE AMERICAN REVOLUTION MADE EASY. STAR WARS…Evil Empire…Imperial Storm Troopers…Pesky Rebels Evil Empire = Britain Imperial Storm Troopers = The

THE AMERICAN REVOLUTION MADE EASY. STAR WARS…Evil Empire…Imperial Storm Troopers…Pesky Rebels Evil Empire = Britain Imperial Storm Troopers = The

Documents
Pitt Troopers Summer Daycamp

Pitt Troopers Summer Daycamp

Documents
81770397 Starship Troopers Painting Guide

81770397 Starship Troopers Painting Guide

Documents
Unpatchable - 2018.hack.lu … · SINTEFICT’ Unpatchable:! Living!with!avulnerable!implanted!device! @MarieGMoe!@iamthecavalry! #safersoonertogether! Marie!Moe,!PhD,!Research!ScienAstatSINTEF!

Unpatchable - 2018.hack.lu … · SINTEFICT’ Unpatchable:! Living!with!avulnerable!implanted!device! @MarieGMoe!@iamthecavalry! #safersoonertogether! Marie!Moe,!PhD,!Research!ScienAstatSINTEF!

Documents
DEATH TROOPERS - SORASTRO'S PAINTING...Hello! In this guide I’ll be painting the Death Troopers from Star Wars Legion. My aim is to paint the Death Troopers fairly quickly, but still

DEATH TROOPERS - SORASTRO'S PAINTING...Hello! In this guide I’ll be painting the Death Troopers from Star Wars Legion. My aim is to paint the Death Troopers fairly quickly, but still

Documents
Unpatchable: Living with a vulnerable implanted device

Unpatchable: Living with a vulnerable implanted device

Devices & Hardware
Starship Troopers Savage Worlds, l’adaptation amateur et gratuite …ekladata.com/.../Starship-Troopers-SW_GregoryHUYGHE.pdf · 2015-06-16 · Starship Troopers SW vous permet de

Starship Troopers Savage Worlds, l’adaptation amateur et gratuite …ekladata.com/.../Starship-Troopers-SW_GregoryHUYGHE.pdf · 2015-06-16 · Starship Troopers SW vous permet de

Documents
IPv6 in Wireshark - TROOPERS

IPv6 in Wireshark - TROOPERS

Documents
20190319 Troopers IETF IPv6 News

20190319 Troopers IETF IPv6 News

Documents
Troopers 10 - Some Notes on SAP Security

Troopers 10 - Some Notes on SAP Security

Documents
Ruler and Liniaal @ Troopers 17

Ruler and Liniaal @ Troopers 17

Technology
Starship Troopers Aff 3 6 Zac

Starship Troopers Aff 3 6 Zac

Documents
Starship Troopers - United Citizens Federation

Starship Troopers - United Citizens Federation

Documents
Implementing an USB Host Driver Fuzzer - TROOPERS

Implementing an USB Host Driver Fuzzer - TROOPERS

Documents
Chief Law Enforcement Officers Resident Troopers 'l

Chief Law Enforcement Officers Resident Troopers 'l

Documents
The Troopers in Design Trends for 2016

The Troopers in Design Trends for 2016

Design
Alaska Wildlife Troopers 2/29/12

Alaska Wildlife Troopers 2/29/12

Documents
Starship Troopers - 7chan

Starship Troopers - 7chan

Documents
Troopers Diffray v1.1

Troopers Diffray v1.1

Technology
Starship Troopers Rules

Starship Troopers Rules

Documents
Troopers Dance

Troopers Dance

Environment
Avalon Hill - Warame Boardgame - Starship Troopers

Avalon Hill - Warame Boardgame - Starship Troopers

Documents
Laya healthcare Super Troopers presentation, Lorraine Walsh

Laya healthcare Super Troopers presentation, Lorraine Walsh

Marketing
Starship Troopers: Terran Ascendancy Walktrough

Starship Troopers: Terran Ascendancy Walktrough

Documents
Unpatchable: 32C3 edition

Unpatchable: 32C3 edition

Technology
Securing Networks Against Unpatchable and Unknown

Securing Networks Against Unpatchable and Unknown

Documents
56972550 Avalon Hill Warame Boardgame Starship Troopers

56972550 Avalon Hill Warame Boardgame Starship Troopers

Documents
Starship Troopers (AH) Variants Collection

Starship Troopers (AH) Variants Collection

Documents