Pique curiosity, not diabetic fingers
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
191 (this month: 3)Creation date:
July 1, 2020Speakers:
Axelle Apvrille, Travis GoodspeedLicense:
CC BY-SA v4Description
Connected glucose sensors come in very handy for diabetic patients, saving them from the chore to prick their finger several times a day to check their blood glucose level.
The sensor is attached to the patient’s skin. Before first use, it must be activated during 1 hour - this is a warm up period. Then, it can be used for 2 weeks, after which the sensor expires and must be replaced. Those limits actually depend on the country, each sensor only being able to operate in a given geographical zone.
Despite the fact this IoT is quite well designed, we are able to bypass all of these limits:
- Resurrect an expired sensor,
- Kill a sensor (i.e have it expire before the 2 week limit),
- Modify the geographical zone,
- Modify the warm up or expiration period.
We explain how we achieved this. Part of the treasure quest was done using Ghidra, locating checksum functions and walking up the call stack. The sensor’s format uses losts of checksums and although this is quite common, we struggled at finding the exact algorithm used by the sensor! You will see why… We also reversed apparently disabled NFC commands of the sensor’s firmware and found lovely hints. Some other limitations are at software level, but they can’t stand Frida hooks :)
To conclude, we open the discussion on security risks of medical IoT. In that particular case, the sensor is not the weak link, but the smartphone is. We explain why.
Speakers
Axelle Apvrille (Fortinet), Travis Goodspeed
Other media in the channel "2020"
17 viewsConclusion talkJuly 2nd, 2020
37 views, 1 this monthWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
51 views, 1 this monthTackling security issues in virtualizationJuly 2nd, 2020
28 views, 2 this monthEnarx - secured, attested execution on any cloudJuly 2nd, 2020
54 views, 1 this monthRemote Forensic Investigations For The WinJuly 2nd, 2020
97 views, 2 this monthCONCERT de Musique Libre / Chanson Française par -KPTN-June 30th, 2020