Episode 264: The Bluetooth Hack That Sent A Power Wheelchair Tumbling Down Stairs скачать в хорошем качестве

Episode 264: The Bluetooth Hack That Sent A Power Wheelchair Tumbling Down Stairs

In this episode of the Security Ledger podcast, host Paul Roberts, Editor in Chief at The Security Ledger, interviews Billy Rios and Brandon Rothel from QED Secure Solutions. The discussion centers around their recent research into vulnerabilities in WHILL power wheelchairs, which allowed them to take remote control of the device using unencrypted Bluetooth communications. The researchers reveal how they managed to demonstrate serious security flaws, including steering a (unoccupied) wheelchair down a long set of stairs - an attack that could easily result in the death of a wheelchair user. The conversation delves into the broader implications for medical device security and the necessity for rigorous cybersecurity assessments. 00:00 Introduction and Guest Welcome 00:44 Research on WHILL Power Wheelchair 01:28 About QED Secure Solutions 02:21 Brandon's Journey into Cybersecurity 03:16 Choosing the Wheelchair Project 05:35 Initial Setup and Research Process 07:07 Reverse Engineering Bluetooth Protocol 11:46 Developing the Exploit Application 13:57 Security Implications and Vendor Response 20:46 Overcoming Initial Pushback 21:03 FDA and CISA: Then and Now 22:21 Medical Device Security: A Decade of Progress 22:53 WHILL Wheelchair Vulnerabilities 23:14 Mitigation Measures and Their Effectiveness 25:54 Remote Exploitation Concerns 26:51 Right to Repair and Manufacturer Control 29:07 FDA's Role in Device Approval 32:49 Evaluating Manufacturer Security Practices 38:03 The Need for Formalized Testing 42:41 Concluding Thoughts and Future Outlook