Back to Labs

Device Lab

Get hands-on with real medical devices. Learn to identify vulnerabilities, test security controls, and understand how these critical systems work.

Devices Brought by Our Partners

Verified devices for the DEF CON 34 Device Lab — grouped by manufacturer, each with its coordinated vulnerability disclosure policy — will be listed here as they're confirmed.

The DEF CON 34 lineup is being finalized

Verified devices and the manufacturers bringing them will appear here as they're confirmed for 2026. In the meantime, here's how the Device Lab works and how to report a finding.

Report a Vulnerability

Findings from the Device Lab are disclosed through the Biohacking Village CVD portal on the REMEDiS Security PSIRT platform. Sign up to submit a coordinated disclosure directly to the participating manufacturers under safe-harbor protection — with CVE credit and hall-of-fame recognition.

Go to REMEDiS PSIRT

How the Device Lab Works

  • • Security researchers test medical instruments, applications, and devices in real time, alongside the manufacturers who build them.
  • • Manufacturer staff answer questions, educate researchers, and triage any potential security issues on-site.
  • • Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures (CVD) are produced.
  • • Researchers follow each manufacturer's published coordinated vulnerability disclosure policy.

Before You Test

Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and after the conference.