Carnegie Mellon University
Browse

Reverse Engineering Medical Devices for Privacy and Security

Download (178.26 kB)
thesis
posted on 2024-07-01, 19:13 authored by Sterling McTeeSterling McTee

Connected medical devices are increasingly common, playing roles ranging from essential hospital equipment to implanted medical devices. This poses a security challenge for patients and healthcare systems, as these devices are often shipped as a black-box system with little manufacturer documentation or security controls available to the user. This paper lays out and applies a repeatable and generalizable methodology for using reverse engineering to examine the security and privacy considerations of a medical device by observing communications and examining the software parts of the system through non-invasive and invasive means. This information can be used to inform risk and threat models surrounding these devices, as well as ”prove” the security of a device for purposes such as pre-market evaluation.  

History

Date

2024-05-01

Degree Type

  • Master's Thesis

Department

  • Heinz College of Information Systems and Public Policy

Degree Name

  • Master of Science in Information Security Policy and Management (MSISPM)

Advisor(s)

Patrick Tague

Usage metrics

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC