WHISTL: JYVÄSKYLÄ - A Medical Device Hackathon!

Organized by MDISS.org
WHISTL: JYVÄSKYLÄ @ Agora Building Room AgD122.1, Jyväskylä
From Nov 1st 2017
To Nov 2nd 2017
See the website


Novasano, together with MDISS, Synopsys, the University of Jyväskylä and Jyväskylä Hospital invite you to join us for the WHISTL: JYVÄSKYLÄ Medical Device Hackathon on 1-2 November 2017!

Visit Jyväskylä's very first World Health Information Security Testing Lab (WHISTL) facility, with actual medical device targets and an impressive array of advanced penetration tools to help you evaluate medical device cybersecurity, resilience, vulnerabilities and patching.   


This is a great place to catch up with the scene and network with other experts in and around the medical device security field.   The WHISTL: JYVÄSKYLÄ Medical Device Hackathon is free of charge.    Join us!

THINGS TO BRING 'N STUFF:1.) Please bring your own laptop.2.) Feel free to bring any open source or commercial hacking tools you have along with you. 3.) Novasano engineers will be on hand to offer advice and suggest genius hacks.4.) If you have time, take a look at the devices we plan to have onsite (links below). This list is subject to change, and we'd love your suggestions.5.) If you are not familiar with the SYNOPSYS tools, get up to speed fast with the video tutorial links below.


09:00   Doors open, people welcome to come in and work on getting tools installed.

10:00   Hackathon starts with brief introduction and getting familiar with the tools and devices. Form groups and start hacking.

17:30   SPECIAL GUEST SPEAKER talks about medical device vulnerabilites


10:00 Hackathon continues

15:00 Wrap up & Awarding of Prizes

16:00 Hackathon Ends


Medical Devices on Hand for Your Pleasure and Experimentation(SUBJECT TO CHANGE)

We'll have quite a nice selection of medical devices available on-site. The devices vary from infusion pumps to patient monitoring and infusion therapy devices, with connectivity ranging from RS-232 to ethernet and Bluetooth LE.  Please find below a list of planned devices, along with links to their manuals/websites/datasheets, so that you can start preparing your attacks! :-)

Philips IntelliVue MX800https://s3.amazonaws.com/novasano-device-manuals/EQU1200417.pdf

Fresenius Agilia Link 8+, Volumat MC and Injectomat MChttps://s3.amazonaws.com/novasano-device-manuals/EQU1600743.pdfhttps://s3.amazonaws.com/novasano-device-manuals/EQU1600739.pdf

B.Braun SpaceStation, Perfusor Space and Infusomat Spacehttps://s3.amazonaws.com/novasano-device-manuals/EQU1402930.pdfhttps://s3.amazonaws.com/novasano-device-manuals/EQU1500410.pdf

GE Healthcare Carescape -series devicehttps://s3.amazonaws.com/novasano-device-manuals/EQU1600745.pdf

Monidor Monidrop https://monidor.com/monidrop-en.html

Philips CX50https://s3.amazonaws.com/novasano-device-manuals/1485-1643.pdf


Synopsys will provide you with access to Defensics fuzz testing and Protecode software composition analysis tools. Learn more about Synopsys Defensics https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html and have a look at the video tutorials at https://www.synopsys.com/software-integrity/training/education/video-tutorials.html Also, feel free to bring any open source tools, or commercial tools you have licensed with you.


We kindly ask all participants to follow responsible disclosure best practices. For your hosts, responsible and coordinated disclosure is very important. MDISS will collect all vulnerabilities found during the hackathon and report them to the vendor. If you want your name mentioned in a potential security advisory, please let us know. MDISS will be using the MD-VIPER portal for this: https://mdviper.org/. The vendors may be interested in talking directly to the person(s) who have found a vulnerability, in order to get more information.  Maybe you'll get a job offer out of it ;-)


Email MDISS at info@mdiss.org


Sign Up
New to Hackathon.com?
Sign-up to take advantage of all the features
Sign In
Already have an account?
to join or create hackathons
Forgot password
We just sent you a confirmation email.
Validate your email address to finish registration.
The recovery email has been sent
If you don’t receive it, make sure you already have an account.