EP 84: When Old Medical Devices Keep Pre-shared Keys

The Hacker Mind

Nov 14 2023 • 43 mins

You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact. In theory he could join that network as that device and potentially pivot to other parts of the HDO.  No good since there are 100s of thousands of these devices in use today. Transcript here.