Reverse Engineering Medical Devices for Privacy and Security

<p>Connected medical devices are increasingly common, playing roles ranging from essential hospital equipment to implanted medical devices. This poses a security challenge for patients and healthcare systems, as these devices are often shipped as a black-box system with little manufacturer documentation or security controls available to the user. This paper lays out and applies a repeatable and generalizable methodology for using reverse engineering to examine the security and privacy considerations of a medical device by observing communications and examining the software parts of the system through non-invasive and invasive means. This information can be used to inform risk and threat models surrounding these devices, as well as ”prove” the security of a device for purposes such as pre-market evaluation.  </p>