Device Lab
Get hands-on with real medical devices. Learn to identify vulnerabilities, test security controls, and understand how these critical systems work.
Led by Caleb DavisDevices Brought by Our Partners
Verified devices for the DEF CON 34 Device Lab — grouped by manufacturer, each with its coordinated vulnerability disclosure policy — will be listed here as they're confirmed.
The DEF CON 34 lineup is being finalized
Verified devices and the manufacturers bringing them will appear here as they're confirmed for 2026. In the meantime, here's how the Device Lab works and how to report a finding.
Report a Vulnerability
Findings from the Device Lab are disclosed through the Biohacking Village CVD portal on the REMEDiS Security PSIRT platform. Sign up to submit a coordinated disclosure directly to the participating manufacturers under safe-harbor protection — with CVE credit and hall-of-fame recognition.
How the Device Lab Works
- • Security researchers test medical instruments, applications, and devices in real time, alongside the manufacturers who build them.
- • Manufacturer staff answer questions, educate researchers, and triage any potential security issues on-site.
- • Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures (CVD) are produced.
- • Researchers follow each manufacturer's published coordinated vulnerability disclosure policy.
Before You Test
Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and after the conference.
