Category Archives: Podcast Episode

In this weeks episode, Felix delves into the security aspects of insulin pumps within the context of the Internet of Things (IoT). Insulin pumps are medical devices used by diabetics to regulate blood sugar levels, and they offer various benefits, particularly in automated insulin delivery. These wearable devices often employ Bluetooth low energy (BLE) and proprietary protocols for communication, sometimes connecting to cloud services and blood sugar monitors.

Felix discusses potential motivations for hacking insulin pumps, including the hypothetical scenario of using a hacked pump to inject a lethal amount of insulin or invading users’ privacy by tracking their movements. The host acknowledges the history of vulnerabilities in insulin pumps, with particular attention on the Medtronic brand, highlighting instances where vulnerabilities have been reported.

Several specific vulnerabilities are discussed, which involves clear text communication between the pump and wireless accessories, potentially leading to information disclosure. Another vulnerability, allows for wireless capture and replay attacks, indicating poor authentication. Felix explores another where the wireless protocol lacks proper authentication, enabling unauthorized commands that could alter pump settings and insulin delivery.

Felix acknowledges Medtronic’s efforts to address vulnerabilities, but raises concerns about the time it takes to implement fixes due to the rigorous and often stifling regulatory processes in the medical device industry. Felix critiques some of the advice given to patients, as it may not be practical or effective for the average user.

The episode delves into broader IoT vulnerabilities, specifically referencing the Ripple 20 vulnerabilities and another vulnerability discovered in Thales’ secure storage module. These vulnerabilities, although not directly confirmed to impact insulin pumps, highlight the potential risks posed by insecure software libraries in IoT devices.

Felix emphasizes the importance of staying informed about security patches for insulin pumps and suggests creating Software Bill Of Materials (S-BOMs) to track and manage software components within products. The host also advises seeking specialist assistance for proprietary protocols and performing thorough security audits.

In conclusion, the episode encourages listeners to prioritize medical advice over the discussion and highlights the importance of addressing security vulnerabilities to ensure the safety of IoT devices, particularly those critical to healthcare. It also underscores the significance of transparency and proactive measures in the medical device industry to mitigate potential risks.

Felix, delves into the security implications surrounding pacemakers, implantable medical devices (IMD) that regulate and manage heart rhythms. He introduces the concept of pacemakers, describing how they are placed under the skin near the chest with probes connecting to the heart to sense and control heart rhythms, explaining the differences between low voltage and high voltage pacemakers, as well as the distinction between pacing dependent and pacing assisted patients.

The episode explores various aspects of pacemaker technology, highlighting the key functions they perform, such as running the operating system, pacing the heart, diagnostics, and update handling. The discussion also touches on the challenges of ensuring security in pacemakers, including potential hacking risks, unauthorized access to patient data, and implications for patient privacy. Felix emphasizes that he is not a medical professional and this discussion focuses on the security aspect of pacemakers.

The communication protocols used by pacemakers, including Medical Implant Communication Service (MICS), Med Radio, and Medical Body Area Network (MBAN), are explained. Data transmitted from the pacemakers to cloud services for medical monitoring and configuration changes is detailed, including various communication methods, such as Wi-Fi, telephone lines, and more.

The vulnerability of pacemakers to hacking and the potential motivations behind such attacks are examined. Risks range from causing harm to threatening and coercing patients to privacy invasion or even cyber terrorism. The episode underscores the significance of pacemaker firmware updates, outlining the process of updating pacemaker software and its potential implications for patient safety. Historical incidents involving pacemaker vulnerabilities and recalls due to cybersecurity concerns, as well as legal and regulatory aspects, are also mentioned.

Felix discusses potential vulnerabilities in the pacemaker ecosystem, from the RF protocols used for communication to potential risks related to cloud applications and data sovereignty. He acknowledges that while security concerns exist, the life-saving benefits of pacemakers far outweigh the risks. The host concludes by highlighting the importance of pacemaker patching, despite the slow process, and encourages listeners to share the podcast and engage in discussions around IoT security.

Felix discusses the intricacies of IoT and embedded systems penetration testing. Penetration testing involves technical experts simulating threats to identify vulnerabilities in systems, ultimately providing insights and actionable steps to clients. The motivation for pen testing can stem from contractual obligations, compliance requirements, or regulatory mandates. Felix clarifies that pen testing doesn’t have a one-size-fits-all approach, emphasizing that it should be tailored to the organization’s scale and needs.

Embedded systems penetration testing shares similarities with traditional pen testing in terms of motivation and scope definition. However, the technical aspects are more complex due to the various components in IoT ecosystems, such as mobile apps, web APIs, web applications, hardware, and wireless communications. Hardware reverse engineering involves dissecting devices to understand their components and interactions. This enables testers to find potential vulnerabilities, manipulate software, and access otherwise hidden functionalities. Firmware, the software running on devices, is another critical target for analysis, focusing on detecting hard-coded credentials, unsafe functions, and outdated components.

Wireless reverse engineering is essential for IoT devices, often communicating through various protocols. Testers explore protocol weaknesses, encryption, and authentication mechanisms. The process requires specialized equipment like software-defined radios and Bluetooth dongles for packet injection. Since IoT ecosystems comprise multiple interconnected devices, penetration testing must be conducted on each component, such as sensors and hubs. Infrastructure supporting IoT systems, including networks and cloud accounts, should also undergo testing to ensure overall security.

Felix delves into the qualities of a skilled penetration tester, highlighting the importance of critical thinking and creative problem-solving. While certifications are valuable, hands-on experience and contextual understanding are equally crucial. Communication skills, the ability to analyze findings, and provide actionable insights are key to effective penetration testing. Different testing styles, such as transparent (providing information to testers) and opaque (withholding information), allow customization based on the project’s needs.

The penetration testing process can be phased, focusing on specific aspects like hardware, firmware, and wireless communication. It’s important to note that IoT testing can be destructive, potentially damaging devices during analysis. Budget considerations play a role in determining the extent of testing and retesting needed. Felix encourages organizations to take steps towards IoT security within their means, emphasizing that some testing is better than none. The episode concludes with a call to rate and review the podcast while offering avenues for feedback and engagement.