back

Listen to Your Heart: Security and Privacy of Implantable Cardio Foo

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:53:05
Language
English
Abstract
We analyzed the ​security of the environment around heart pacemakers, implantable cardioverter-defibrillators, and heart monitors.
We also took the hard way to get our data from manufacturers and hospitals with EU General Data Protection Regulation (GDPR) inquiries.

Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health.

This talk gives an overview about the security of this ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices.

Additionally, we sent several General Data Protection Regulation (GDPR, ger: DSGVO) inquiries to manufacturers of implantable cardiologic devices and hospitals, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem.

Talk ID
rc3-nowhere-272
Event:
rc3-2021
Day
2
Room
Chaos-West TV
Start
8 p.m.
Duration
00:40:00
Track
Auf in die Zukunft!
Type of
Talk
Speaker
e7p
Christoph Saatjohann
Talk Slug & media link
rc3-2021-cwtv-272-listen-to-your-heart-security-and-privacy-of-implantable-cardio-foo

Talk & Speaker speed statistics

Very rough underestimation:
133.8 wpm
736.2 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
133.8 wpm
736.2 spm