Life on the Line: Breaking into a Medical Device by Exploiting TEE/HSM
Tamil Mathi
Biohacking Village @ DEF CON 33 · Day 1 · Biohacking Village
In this critical presentation from Biohacking Village, Tamil Mathi, a Senior Product Security Engineer at Bectific Dickinson Advanced Patient Monitoring, delves into the often-overlooked vulnerabilities within medical devices leveraging **Trusted Execution Environments (TEE)** and **Hardware Security Modules (HSM)**. The talk specifically focuses on exploitation techniques targeting implementations of the **PKCS#11** standard within an **OP-TEE (Open Portable Trusted Execution Environment)** architecture. Mathi highlights that despite the robust security primitives offered by TEEs, common misconfigurations and design flaws can render these devices susceptible to attacks, with potentially life-threatening consequences for patients.
AI review
Solid, focused research from someone who clearly did the hands-on work — not a rehash, not a vendor pitch. Mathi walks a specific attack chain through OP-TEE/PKCS#11 misconfiguration in medical devices with enough architectural detail and a working tool to make this actionable for practitioners building or auditing similar systems. Minor reservation: the novelty ceiling is bounded by the fact that TEE misconfiguration research has precedent, and the Biohacking Village crowd will get more mileage from this than a mainstream con audience.