September 12, 2024 DEF CON 32: It takes a village

We believe in engineering resilient products that are secure by design

Medtronic just wrapped up another exciting year at the Biohacking Village at DEF CON, and we were thrilled to see the high level of engagement and curiosity from attendees at our tables.

In our previous post, we shared our excitement about bringing the Hugo™ robotic-assisted surgery (RAS) system and the next-generation Automated Insulin Delivery System to the Device Lab, where security researchers and hackers could test and attempt to compromise our security controls. Both of these device configurations are not yet available in the U.S. (pre-market) and are high-profile products in the Medtronic pipeline. So why did our leadership decide to bring these devices to one of the most intentionally insecure environments in the world?

Commitment to resilient, secure products

Attendees at DEF CON 2024

At Medtronic, we believe in engineering resilient products that are secure by design. We aim to anticipate threats in the worst possible real-world conditions, and DEF CON provides the perfect environment to put our devices to the test by some of the best and brightest minds in security. As we mentioned in last year’s DEF CON recap, we measure our maturity by how we handle vulnerabilities discovered by security researchers and hackers. By bringing our devices at this point stage in their product life cycle, we can identify and remediate any vulnerabilities before someone with real malicious intent can exploit them. This approach is one of the ways we strive to gain trust through transparency.

Celebrating our team

None of this would have been possible without the amazing team behind our devices. Our vice presidents, directors, and managers encourage us to strive for better security within our products, our engineers design innovative technologies with security at the forefront, and our young professionals are voracious learners; many of whom are hackers themselves and feel at home at DEF CON. Our people made this year such a success.

The efforts to bring the Hugo™ RAS System and the next-generation Automated Insulin Delivery System began well over a year ago. The team worked resolutely to overcome logistical, operational, and organizational challenges to make our participation at DEF CON 32 a reality.

Preparing for DEF CON

In addition to the usual convention planning activities, our engineers worked tirelessly to ensure that our devices were “DEF CON-ready”. This involved testing and re-testing security controls, implementing new countermeasures, and ensuring that hackers had ample scope for engagement. Most notably, our Surgical team ensured that the experience was as real-world and interactive as possible by allowing attendees to demo the Hugo™ RAS System while hackers actively attempted to compromise the system’s local network.

Engaging with the hacking community

After the long journey to get to DEF CON, it was incredibly rewarding to lean into this year’s theme and engage with the hacking community. Throughout the Biohacking Village’s Device Lab, we heard how excited people were that Medtronic brought these technologies to DEF CON. Attendees were eager to ask questions, learn more about our devices, and find out how to get involved. By showing up, we had the opportunity to share our passion of developing secure, lifesaving technologies and inspire the next-generation of innovators and security professionals.

Successful outcomes and ongoing commitment

Over the course of three days within the Devices Lab, more than 90 security researchers and hackers attempted to compromise our devices. We are proud to report that these security researchers and hackers did not find any vulnerabilities on the Hugo™ RAS System or the next-generation Automated Insulin Delivery System. However, we understand that cybersecurity is a journey, not a destination, and remain committed to delivering safe, secure products.

Thank you to our teams and the Biohacking Village

We want to thank our Surgical and Diabetes teams for their determination in getting the devices to DEF CON, the Biohacking Village for providing us with a platform to engage, and everyone we had a chance to talk with at the event. It truly took a village to bring these devices to DEF CON, and we hope to participate again next year to continue learning from each other and fostering positive relationships with the security community.