In the last few years we have seen an increase of high tech medical devices, including all flavors of communication capabilities. The need of hospitals and patients to transfer data from devices to a central health information system makes the use of a wide range of communication protocols absolutely essential. This results in an increasing complexity of these devices which also increases the attack surface of the equipment. Vendors of medical devices put a lot of effort into safety. However, it is often forgotten that the security of these devices is a crucial part in also providing safety. An attacker who is able to gain unauthorized access to these devices may be able to endanger the health of patients. In this presentation, we will provide threat scenarios for medical devices (e.g. how to inject overdoses or steal patients while the vital signs are still displayed) incl. vulnerabilities which we discovered in the course of our research emphasizing the need for more thorough security assurance in the field of medical devices.
