November Chapter Roundtable - Common Vulnerabilities Found in Medical Devices

When:  Nov 17, 2022 from 15:30 to 17:00 (CT)
Associated with  Minnesota Chapter
Medical devices can provide life-saving and quality of life improvements for the patients who use them, but these devices frequently use embedded systems that are vulnerable in a number of ways. Bypassing and/or sniffing the physical and wireless interfaces, extraction and manipulation of firmware, and even data exfiltration can be performed with some surprisingly simple attacks. This discussion will cover how years of penetration testing has shown that these vulnerabilities are present industry-wide as well as some simple ways to mitigate the risks of attack. Following the presentation,the speakers will walk through some of the embedded testing techniques commonly used on real hardware to paint a picture of what common attack vectors look like.

Speakers:
Nathan Smith, Manager, Protiviti
Caleb Davis, Sr. Manager, Protiviti

Speakers Bio:
Nathan Smith, has a background in embedded hardware/software development, is an inventor/patent holder, and performs device security penetration testing in various business sectors including medical devices.

Caleb Davis leads Protiviti’s device security practice, inventor/patent holder, has a background in embedded hardware/software development, and regularly performs penetration testing across a wide variety of products mainly focusing on medical devices, ATMs, chemical control systems, security systems, and other commercial products.

CPE Credits:1.5

Location

Online Instructions:
Url: https://cvent.me/nXQ2VO
Login: Register in CVENT, Zoom instructions will be send to your email. To assist us with automatically submitting your CPE's to ISACA, please register with the same email as your Isaca.org membership ID: https://www.isaca.org/myisaca