Billy Rios and Terry McCorkle of Cylance dive into medical device security, particularly the Philips XPER system that they bought for “a couple of hundred bucks” and was delivered to Billy’s home. They recover credentials, find a heap overflow 0-day exploit, and point out a number of violations of good security practice.
In addition they discuss how medical device security is similar and different than traditional SCADA and DCS.
You will notice that we put a censored image over the credentials they extracted from the XPER. This was at the request of Billy and Terry. Digital Bond’s view on vulnerability disclosure is it is researchers decison on what and where to disclose, and we honored their request.