The Biohacking Village, in collaboration with I Am The Cavalry, runs a Medical Device Lab at DEF CON to improve trust and trustworthiness of the public health system. The Lab is a high-trust, high-collaboration environment where security researchers can learn and build their skills alongside patients, medical device makers, hospitals, the FDA, and others. We welcome participants who will act in good faith, in the best interest of patients, when researching, disclosing, and addressing security issues.
Medical Device Makers at the Biohacking Village
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village. These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed.
Capture the Flag (CTF): Hackers work to defend a hospital under siege, racing against the clock. The immersive, “learn by doing” environment will challenge hackers to use their skills to anticipate, defend, and recover, as their adversary escalates their attacks throughout the DEF CON weekend. We have a cloud-based Device Lab CTF this year, teaching fundamentals of healthcare security from a defensive perspective.
(Remote) Open Security Testing: we support remote testing of devices hosted by manufacturers. Our cloud architecture is designed to facilitate secure remote network access to devices (physical, virtualized, or through standard images) and telepresence for you to directly speak with the medical device manufacturers. Testing will be conducted in a way that encourages coordinated disclosure of any issues found. Last year, for instance, dozens of security researchers tested devices and disclosed directly to manufacturers in real time. Check out the devices we have in the lab this year here.
Coordinated Vulnerability Disclosure
We believe that the Biohacking Village can save lives through security research. To do so, security researchers and medical device makers must be mindful of that vulnerability discovery, disclosure, and remediation in public safety contexts must be handled with both due haste and due care. Security researchers who take the Device Lab pledge to act in the best interest of patients, and to disclose potential vulnerabilities to the manufacturer in good faith are welcome to participate in our Open Security Testing.