Our community of unapologetically enthusiastic innovators arise from maker communities with the dynamic perspective of emerging biology, technology, security, and human enhancement, we look to deliver the future.
The Catalyst Lab works to convene thought leaders, hacktivists, citizen scientists, and manufacturers from across the biomedical industry to investigate solutions-of-best-fit for the world's largest, meatiest problems as they enter the Biohacking Village.
Catalyst Lab
Join us @ the BHV Loft
Sunday, 8August2021
1000-1030: Exploiting Security Controls Within COVID Crisis Management Apps
Kartik Lalan
With outbreak of Covid-19, various solutions are developed to control the crisis situation. 1) With emerging need of the contact tracing apps, although holistically such apps could serve purpose of controlling spread of Covid-19, but there have been many flip sides of such contact tracing apps, the biggest of all - the risks is abusing security controls, as that can completely turn the feature of the application against the primary agenda of its usage. Since all of the contact tracing apps, for features like GPS, HTTPS/WSS Communication, BLE, app-sandbox, etc., rely upon Android-iOS platform security, compromising the underlying platform would eventually lead to exploitation of such contact tracing apps. This study depicts how a malicious evil-doer can conduct frauds, thereby remaining unnoticed, since major activities happen at client-side. 2) Solutions like epass for vaccinated people are now evolving, which would certify a person had been vaccinated or not. These are planned to be kept open in public domain where government as well as private agencies can verify epass of any person, who is willing to avail any service, travel flexibility, etc. With practically no Authorization (just by relying on Authentication), plus these epass would contain PII of almost all individuals who are vaccinated, it opens a wider scope at national and international level.
1030-1130: Sex / Intimate Tech
Alice Stewart
on: In this workshop, participants will become Sex Tech experts by exploring how to “tear down” a device of their choosing to see what makes it unique on the inside. This workshop is an opportunity to build greater intimacy with your favourite toys with a team of experienced Sex Tech Hackers on hand to guide you!
Participants will be shown how to tear something down, and given time to take apart their own devices before being invited to collectively share any new discoveries or questions with the group.
By the end of the session, participants will have a core understanding of how various Sex Tech devices function from both a hardware and software perspective, as well the confidence and knowledge to move forward with more complex Sex Tech hacking and customisation projects.
1130-1200: U.S. FDA 101: Introduction to Medical Device Security
Kevin Fu
In this session, attendees will receive a caffeinated “FDA 101” introduction to medical device security through the FDA lens. Come learn about the nuance of how the U.S. Food and Drug Administration works to improve medical device security. Participants will learn about (1) the regulations and expectations of security engineering in medical device design, (2) best practices for coordinated disclosure of vulnerabilities with clinical impact to medical devices, (3) how BHV researchers can be part of the solution to improving security in the medical device ecosystem, and (4) facts and myths about FDA expectations for medical device security.
1200-1300: Backdoors and Breaches
Black Hills Security
Play along! Back Doors and Breaches is an Incident Response Card Game, from Black Hills Information Securityand Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.
1300-1430: Application Security and Medical Security: The Odd Couple
Jasmine Jackson
This talk will discuss the importance of application security concepts in medical security. With the increase of medical devices and medical instruments depending on application code it's important to make sure they're built securely. This talk also describes case studies and the ramifications of having insecure code in medical security. Topics explored: Software Development Lifecycle (SDLC), OWASP Top 10, and Regulatory guidelines.