August 9th - 12th, 2018
Located at Caesars Palace, 3570 Las Vegas Boulevard South, Las Vegas, Nevada 89109

Village Agenda



Speaker: Staff

10:15 : Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure

Speaker: Jen Ellis

About Jen:
Jen Ellis is the vice president of community and public policy at Rapid7, a leading provider of analytics and automation for security and IT operations. Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. She has testified before Congress and spoken at a number of security industry events including SXSW, RSA, Derbycon, Shmoocon, SOURCE, UNITED, and various BSides.

As medical devices increasingly embrace connected technologies, there's a growing opportunity for malicious actors to interfere with devices for profit or to cause harm. The good news is that many security researchers are working to investigate the security of medical devices. However, for this effort to have a positive impact, researchers and vendors must work together to understand the true risk, address the issues, and educate physicians and patients. In many cases, the risk may be low and should not outweigh the benefits of the device; however, mismanaged disclosures can cause panic and confusion. In other cases, researchers may struggle to engage vendors on the issue and patients may never hear of it, or they do, but no mitigation is offered. With the stakes so much higher in the healthcare arena, it's essential that we learn lessons from medical device disclosures that have gone well, and those that have not. This talk will investigate a number of public disclosures, and provide actionable guidance on how to disclose security concerns for the best possible outcomes.

12:00 : Just what the Doctor Ordered: 2nd Opinions on Medical Device Security

Moderator: Christian "quaddi" Dameff MD

About Christian:
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.

Panelist:Beau Woods

About Beau:
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, a Cyber Safety Innovation Fellow with the Atlantic Council, Entrepreneur in Residence at the US Food and Drug Administration, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.

Panelist:Dr. Leslie Saxon

About Leslie:
Dr. Leslie Saxon is a Professor of Medicine, Clinical Scholar, at the Keck School of Medicine of USC. Dr. Saxon specializes in the diagnosis and treatment of cardiac arrhythmias and preventing sudden cardiac death. Dr. Saxon received her medical degree from the Ross University School of Medicine. She completed her internship and residency at St. Luke’s Hospital Washington University, and fellowships in cardiology at Rush-Presbyterian-St. Luke’s Medical Center in Chicago and UCLA. Dr. Saxon has completed over 100 publications in various medical journals and is an active member of a multitude of organizations, including the American Heart Association, and the Heart Failure Society of America. She is also a fellow of the American College of Cardiology and the Heart Rhythm Society.

As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

13:30 : Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism

Speaker: Mr. Br!ml3y

Editing genes is getting easier as knowledge of various genomes and technology advance. Malicious actors creating novel or custom infectious agents are a growing concern. This presentation explores use of Cyber Kill Chain methodology to detect and disrupt potential bioterrorist activities. Each link in the chain is defined and examined to identify potential attack indicators and countermeasures, discussing notable bottlenecks in each step. The goal is to apply existing information security knowledge and paradigms to counter the would-be bioterrorist. This talk will include brief discussions of current gene editing methods (CRISPR-CAS9, ZINCFINGER) for the lay person. Familiarity with the Cyber Kill Chain would be useful.

14:15 : Panel Discussion: The Internet of Bodies

Moderator: Prof Andrea M. Matwyshyn, Professor of Law, NUSL

About Andrea M. Matwyshyn:
Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security and consumer privacy. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, where she is the co-director of the Center for Law, Innovation, and Creativity (CLIC). Andrea is also a faculty affiliate of the Center for Internet and Society at Stanford Law School. She is a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security and a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission. Prior to entering academia, she was a corporate attorney in private practice. She is the legal specialty reviewer for the DEFCON CFP board.

Panelist:Prof Stephanie Pell, West Point

About Stephanie Pell:
Stephanie Pell is an Assistant Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute (ACI). She writes about privacy, surveillance and security law and policy, and is particularly interested in the tensions inherent in enabling traditional law enforcement efforts and making our communications networks more secure. Prior to joining the ACI faculty, Stephanie served as Counsel to the House Judiciary Committee, where she was lead counsel on Electronic Communications Privacy Act (ECPA) reform and PATRIOT Act reauthorization during the 111th Congress. Stephanie was also a federal prosecutor for over fourteen years, working as a Senior Counsel to the Deputy Attorney General, as a Counsel to the Assistant Attorney General of the National Security Division, and as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Southern District of Florida. She was a lead prosecutor in U.S. v. Jose Padilla (American Citizen detained as an enemy combatant prior to criminal indictment and trial), for which she received the Attorney General’s Exceptional Service Award, and in U.S. v. Conor Claxton (IRA operatives who purchased weapons in South Florida and smuggled them into Belfast, Northern Ireland during peace process negotiations). Stephanie received her undergraduate, master’s and law degrees from the University of North Carolina at Chapel Hill.

Panelist:Dr. Suzanne Schwartz, U.S. Federal Drug Administration

About Dr. Suzanne Schwartz:
Dr. Suzanne Schwartz is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). In this role, she assists the CDRH Director and Deputy Director for Science in the development, execution and evaluation of the Center’s biomedical science and engineering programs. Suzanne is passionate about cultivating critical dialogue across sectors and across entities towards advancing innovation in the biomedical space and within healthcare, where complex multifaceted problems exist. Suzanne joined FDA in October 2010. Initially recruited as a Commissioner’s Fellow, she became a Medical Officer in the Office of Device Evaluation, transitioning in September 2012 to become the Director of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures (EMCM) Program in the Office of the Center Director for the past 4 years. Among other public health concerns, her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector. Before FDA, Suzanne was a full time surgical faculty member at Weill Cornell Medical College, New York. Suzanne’s career has spanned the private sector as well, having served as Medical Director & Tissue Bank Director of Ortec International, a development stage medical device company focused on tissue engineering therapeutic approaches to burns and chronic wounds. Suzanne earned an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed the National Preparedness Leadership Initiative – Harvard School of Public Health & Kennedy School of Government.

Panelist:Rebecca Slaughter, U.S. Federal Trade Commission

About Rebecca Slaughter:
Prior to joining the Commission, she served as Chief Counsel to Senator Charles Schumer of New York, the Democratic Leader. A native New Yorker, she advised Leader Schumer on legal, competition, telecom, privacy, consumer protection, and intellectual property matters, among other issues. Prior to joining Senator Schumer's office, Ms. Slaughter was an associate in the D.C. office of Sidley Austin LLP. Ms. Slaughter received her B.A. in Anthropology magna cum laude from Yale University. She received her J.D. from Yale Law School, where she served as an editor on the Yale Law Journal.

As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

16:15 : Hey Bro, I Got Your Fitness Right Here (and your PHI).

Speakers: Nick - GraphX
This is a journey into fitness. My fitness and more importantly your fitness. Or rather the information that I've been collecting every day at the gym while getting ready for bikini season. This a look at my journey to become the sexy stud muffin you see before you (google image search "sexy stud muffin" for reference) and my quest to do bad things through various means, up to and including compromising cardio equipment, fitness apps, and changing delivery addresses for fitness equipment to my house instead of your gym. No zero days and nothing overly technical provided here, but the intended takeaway is awareness of who is collecting your PHI and from where. Just like on Maury, the results will shock and amaze. Or maybe you'll just get a good laugh at my journey to lose 100 pounds.

17:00 : Nature’s source code is vulnerable and cannot be patched

Speaker: Jeffrey Ladish

"Natural selection can produce marvelous functional systems, but constraints in the evolutionary process can be exploited. By leveraging humanity’s relative advantage in design foresight, we may be able to create synthetic organisms that can out-compete their natural counterparts. In this talk, I will explore the design limitations of evolved organisms that leave ecosystems permanently vulnerable to attack. In order to protect the natural world and human health, I will advocate we adopt the “biosecurity mindset” and improve our ecological security posture."

17:45 : Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity

Speaker: Debra Laefer

Recent advances in remote sensing, drones, distributed computing, bigdata, and environmental DNA offer an unprecedented opportunity to push epidemiology beyond its traditional, two-dimensional (i.e. map-based) approach and harness the full availability and power of three-dimensional data and novel investigation methods to explore such data. This talk will present an extremely technology-specific vision for achieving this. Examples of the potential usefulness of this approach will be demonstrated with respect to three scenarios: (1) avian flu, (2) asthma, and post-flooding fecal contamination. The current state of the art of the component technologies will be presented as well as the remaining challenges for their seamless integration.

18:30 : Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts

Speaker: Andy Coravos

"Healthcare is enamored with data. We have more data than we know what to do with (e.g., constant flows of data from wearables, new and cheaper ways to sequence genomes, digital phenotypes expressed through social media interactions) and there is a rush to deploy this data in clinical research and care. As we combine this “data”, we start to build a digital replica of each human. Our healthcare data carries new weight, new responsibilities. The rise in data means that we are gaining a greater body of knowledge as we assemble a digital representation of a person. We are getting closer to full understanding of someone’s biology, brain structure, how and why they think and do what they do. We are entering into a world where precision medicine and “N of 1” studies is (finally) becoming possible. On the flipside, we are also entering into a period of unprecedented monitoring and surveillance. As a society, we have standards for how we handle human blood, tissue and other human specimens. It’s now time for us to talk more about how we are to handle our digital specimens. In the talk, we’ll discuss the proliferation of our biometric and psychographic data, use cases, and the new ethical and custodial responsibilities that arise for individuals, regulators and companies."

19:15 : Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research

Speaker: Robert Portvliet

About Robert:
Robert Portvliet is the Director of Red Team services at Cylance, with a decade of experience in various disciplines of penetration testing. His focus is on embedded systems and wireless penetration testing and reverse engineering. Prior to joining Cylance, he was the network security service line lead for Foundstone and taught the ‘Ultimate Hacking: Wireless’ class at BlackHat 2011-2013.

To quote Bob Marley “If you know your history, then you would know where you coming from”. This talk is a retrospective on the last ten years or so of medical device security research, intended to bring hackers interested in this discipline up to speed on what has been accomplished to date, how it was done, why it matters and where we stand today. This talk will timeline all the major events in medical device security research, describing in technical detail what was accomplished and how. This should make evident some of the systemic vulnerability classes present in medical devices and hopefully give the medical device security researchers of tomorrow a good idea of where to start looking. It will also cover some of the basic tools and techniques needed to get started in this discipline, as well as some of the practicalities involved in obtaining devices, firmware and information on various classes of medical devices and how differences in attack surface may influence your choice of devices to target for research.


10:00 : WELCOME TO DAY 2 of BHV!

Speaker: Staff

10:15 : WaterBot - Hackable Scientific Plant Bot

Speaker: BiaSciLab

About BiaSciLab:
BiaSciLab is an 11 yr old girl who loves hacking, science, technology, and learning. She is constantly inventing new things, researching interesting unexplored topics, teaching kids and adults electronics and programming. She was the youngest speaker ever at H.O.P.E. with her talk "Inspiring The Next Next Generation Of Hackers". When she's not working on talks, hacking, or inventing new things, she enjoys fencing, archery, singing and acting.

The WaterBot is designed to dispense liquid (water, plant food, MS Media) and report how much and when it was administered. Designed, engineered and programed by 11 yr. old BiaSciLab, the WaterBot is open source and scaleable. Come see how you can hack it to help hack your plants!

11:15 : Technology Enabled Prosthetic Environments

Speaker: Gerry Scott

Even though employers are increasingly recruiting autistic employees, autistic adults have one of the highest unemployment rates in the United States. This paper presents ongoing research by the author: (a) providing a brief overview of current scientific and societal perspectives on autism; (b) describing an on-going qualitative study of autistic autobiographical writings to gain insight into the autistic ex-perience, challenges faced in society, and barriers to employment; and (c) proposing Technology-Enabled Prosthetic Environments (TEPE) as a design concept for the integration of assistive technology for workplace accommodation.

12:00 : No Firewall Can Save You At The Intersection Of Genetics and Privacy

Speaker: Almost Human

About Almost Human:
Chris currently works at Lares, prior to that he founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence. Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry.

This talk originally started as a look at the intersection of personal anonymity and personal genetic sequencing. The short version: “Genetic Privacy” is a very tough thing to accomplish; lack of such privacy has potentially “bad” consequences. But there was some hope IF you did everything right. Then we all discovered that the prospects for genetic privacy are even lower than we imagined. You may have heard that the suspected Golden State Killer was found and arrested after decades of terror. The suspect didn’t slip up, other than having relatives who wanted to know more about their own genes. No one is accusing you of murder (I hope), but almost everyone has some aspect of their genetics that they don’t want others to know. So now, not only do you have to get everything right the first time to guard your genetic privacy – you have to hope all your relatives get the genetic privacy stuff right the first time…and every time they get tested. And for those of you who say, “But wait! The laws against genetic discrimination will save us!” consider that various laws also ban other forms of discrimination. How’s that working out these days?

12:45 : Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders.

Speaker: siDragon

We broke Mother Natures SDLC for humans. We’ve been doing ad-hoc rapid prototyping and flying by the seat of our pants for enough time that we’ve changed the course of evolution. Unless we slow down a little, do the analysis, design and testing, we’re going off the edge of the cliff at full speed.The session is going to give some background on the evolutionary cycles that have happened in the past, and then examine the human SDLC for the last 12,000 years or so…then we’ll draw some comparisons to how we’re approaching the march of technology that we’re seeing today with the idea that we’ll match up what’s happening TO us is also a product of what we’re doing to ourselves etc.…Mother Nature’s not got a habit of rapid prototyping, so why do we do that to ourselves, why are we putting 20+ Billion devices into circulation with problems etc.

13:30 : DNA Encryption: Bioencryption to Store Your Secrets in living organisms

Speaker: John Dunlap

Recent advances in genetic sequencing and modification technology have made the goal of storing data in living cells an attainable goal. In this talk John Dunlap will cover the history of attempting to encrypt secrets into living cells, and discuss his own experiments encrypting secrets in living cells with affordable lab equipment. John will discuss lab methods, suitable encryption algorithms, and methods for detecting data tucked away in innocuous model organisms, as well as potential issues with the concept of DNA as data storage. John will also present his own software tool for converting data into a suitable form for storage in Living organisms.

14:15 : DEF CON Biohacking Village Badge Talk

Speaker: Joel Murphy

Joel will talk about how the DEF CON Biohacking Village came together in all its wonderful glory

15:00 : Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives.

Speaker: Mixæl Laufer

About Mixæl:
Chief spokesman for the Four Thieves Vinegar Collective, Mixæl Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and other social issues. Perpetually disruptive, his most recent project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them.

Two years ago, the Four Thieves Vinegar Collective became public at HOPE XI after almost a decade of working underground, and debuted the first generation of the Apothecary Microlab, the open-source automated chemical reactor designed to synthesize the active ingredients of pharmaceutical drugs. We synthesized Daraprim onstage, and called Martin Shkreli's cell phone from stage. It was a good time. Since then, the reactor has developed, and we have worked on more complicated syntheses, and hacking medical hardware. Most notably, we released plans for a DIY version of the EpiPen anyone can make for $30US. Come see the new releases we have planned and the new beta unit. Learn how to make medicine from poison, how to use the shrouding of information about medicine to make custom-tailored treatment programs for rare diseases, and how to use public data to find new, more efficient synthesis pathways for drugs. Hack your health. We can torrent medicine. File sharing saves lives.

16:15 : Hacking Human Fetuses

Speaker: Erin Hefley

About Erin:
Erin Hefley is a resident physician in her final year of training with the Phoenix Integrated Residency in Obstetrics & Gynecology. She has a background in public health and women's health, and obtained a Master of Public Health degree from the University of Northern Colorado prior to attending medical school at the University of Arizona - Phoenix. This is her 6th Defcon attendance over the past decade, and she is thrilled to have witnessed the development and expansion of the Biohacking Village. Her current interests include reproductive health technology, women's health policy, running, and vampire erotica

"As prenatal testing and ultrasound technology have greatly improved, so has our ability to diagnose birth defects and genetic diseases earlier and earlier in pregnancy. Until recently, our only available options were to offer pregnancy termination or wait to see if the baby survived long enough to be treated after birth. But what if we had the capability to intervene before those genetic mutations had a chance to cause their harmful effects, sparing parents from the agony of uncertain pregnancy outcomes and saving children from debilitating diseases? In last year’s “Designer Babies: Hacking Human Embryos” we discussed pre-implantation genetic testing and embryo modification as a means to identify and treat heritable diseases, by correcting harmful gene mutations before a pregnancy even begins. Since then, exciting new research has shown that even after a pregnancy is under way, opportunities still exist for hacking the biological machinery of the fetus to alter its developmental course.This talk will review new and rapidly evolving strategies to treat genetic disease in utero – while the baby is still in the womb - by hijacking the embryologic mechanisms responsible for fetal growth and development. Examples include:
- injection of a critical protein into the amniotic fluid surrounding babies with X-linked hypohydrotic ectodermal dysplasia, a genetic condition causing a lack of sweat glands and the life-threatening inability to regulate temperature
- transfusion of mesenchymal stem cells into the fetal umbilical cord to treat osteogenesis imperfecta or “brittle bone disease”
- in utero blood and bone marrow transplant to treat the fatal hemoglobin disorder alpha-thalessemia major
- correcting deformities such as cleft lip and palate by triggering cell signaling pathways ""knocked out"" by genetic mutation "

17:00 : Biohacking the Disability

Speaker: Gabriel Bergel

About Gabriel:
Gabriel Bergel is a System Engineer, Master in Cybersecurity from the IMF Business School and the Camilo José Cela University (Spain) and has 15 years of experience in different areas of information security. He regularly speakers in courses, workshops and forums on information security in different institutions, universities and national and international events. Currently he is Chief Executive Officer (CEO) of Vulnscope, Chief Strategy Officer (CSO) of Dreamlab Technologies, and Chief Security Ambassador (CSA) of Eleven Paths, Director of Public Policies in Whilolab and Founder and Organizer of 8.8 Computer Security Conference.

Speaker: Rodrigo Quevedo:

About Rodrigo:
Specialist in technological architecture and management, entrepreneur, teacher, inventor and mentor of scientific talents, with a high social and service vocation, fully dedicated to the development of mechatronics and robotics technology in different fields, for 10 years he has trained more than 3000 young people in Chile, Peru, Bolivia and Colombia, allowing more than 700 young people to travel to the USA to compete in robotic tournaments, forming 34 teams that have competed in national and international tournaments, obtaining various awards in Japan, USA and Chile. Speaker at various universities, colleges, innovation and entrepreneurship events, national and international. Interviewed by different means of print and television, national and international. Guest writer of technological columns in various specialized magazines. Inventor of 14 products, including MIVOS, bidirectional automatic translator of signlanguage for deaf people.

"The talk is about the project “Over Mind”. That it is a neuro wheelchair control software developed to help people with different physical abilities who have reduced mobility and use wheelchairs, by capturing data provided by neuro sensors or other sources of information, the software converts them into an order of movement to one or several engines, allowing the movement of a wheelchair. “Over Mind” will allow you to control any adapted electric wheelchair. You can also control an exoskeleton or other mechanism that facilitates the mobility of people. We have managed to control a high-tech robot using our Over Mind software and using a sensor provided by Neurosky The Problem: The 1% of the world population cannot move by itself, for various reasons such as Amyotrophic lateral sclerosis (ALS), accidents and others, 50,000,000 people. Over Mind is a a low-cost technology/system developed in Chile, designed to give mobility to 1% of the world population, increasing its available physical capacities allowing people with zero or reduced mobility to MOVE and carry out activities on their own, granting freedom and autonomy. The year 2016 Over Mind participated in the contest ""An idea to change history"", organized by History Channel together with 5,800 projects and it was the only Chilean project that finished among the four finalists."

17:45 : Batman, Brain Hacking, and Bank Accounts

Speaker: Katherine Pratt

About Katherine:
Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, where she received the MIT Women’s League Laya Weisner Award for public service to the university, and the MIT Aero/Astro James Means Memorial Award for Space Systems Engineering. She completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. After graduation, she served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. She is now a PhD Candidate in the BioRobotics Lab in the Electrical Engineering department of the University of Washington, and currently spending six months in Congress as a Congressional Innovation Scholar. Her work focuses on the privacy, ethics, and policy of neural data. In addition to research, Katherine is passionate about getting younger students, especially girls and minorities, interested in science and technology. She also competes in triathlons as a member of the Husky Triathlon Club and iracelikeagirl teams.

The advancement of technology means more data are being collected from a wider range of sources. Of particular concern is data collected using a Brain Computer Interface (BCI): a device that records neural signals and allows them to control objects external to the body. Applications for this technology range from therapeutic (e.g. controlling a prosthetic arm) to entertainment (e.g. playing a video game). These cases provide malicious entities the ability to intercept, manipulate, or hack neural signals and the devices they control: it is the plot of Batman Forever (1995) come to life. This talk will outline research in the field of neural security and information elicitation, as well as the corresponding ethical and policy implications.

18:30 : Building a Better Bedside - The Blue Team Needs a Plan B

Speaker: Nick Delewski and Saurabh Harit

While important changes may be afoot in the US regulatory environment for medical devices, which should hopefully allow more people to make informed decisions regarding patient safety, many CISOs, security engineers, and network admins have to live day to day in the world we have, not the world we wish for. There have been multiple presentations in the last few years about the details of medical device security that have rightly put the onus on manufacturers to provide long term fixes. However, we wonder if there are ways to create a more defensible and hardened hospital room until the notoriously slow regulatory process gains traction.We’ve done deep dives into specific medical devices and we’ve done pentests in several hospital systems. In our experience, we have noticed broad classes of common vulnerabilities across bedside equipment that transcend any one device or class of device. Input validation errors, buggy network stacks, and low-bandwidth links can be found in systems that monitor vitals, administer medications, or in components that glue disparate systems together. A long awaited patch may fix one vulnerability only for the hospital to bring in a different device for clinical or financial reasons, and wash-rinse-repeat. It’s not enough for one or two manufacturers to step up the security game if they are feeding data into other unreliable systems, and it will be a while before everyone is at the same level. We are dedicated red teamers, and we may feel the pain of those in the blue team trying to do the right thing, but we don’t know what it’s like to live in your shoes. In this talk, we will explain, in broad terms, vulnerabilities that we have seen and how we recommend remediating them. But we don’t want you to leave this session feeling that we are talking down to the defenders. We want you to have a seat at the table and share how you handle the unknown in your environment.

19:15 : Lightning Talks

Speaker: Maybe you?

Come present your own crazy and wacky biohacking talks and projects. You got 10 minutes to strut your stuff!



Speaker: Staff

10:15 : Exploiting immune defences - can malware learn from biological viruses?

Speaker: Guy Propper

Biological viruses have existed and evolved for millions of years, maliciously exploiting host cells for survival. How have they done this, and what can we learn from it? Extremely advanced mechanisms for privilege escalation, persistence, and defence evasion have been used by biological viruses long before malware was first written. This talk will provide an understanding of what mechanisms are used by biological viruses to exploit immune defences, persist, and survive in the arms race with the immune system. Surprising differences between malware and virus actions will be shown, and some mechanisms which are used by viruses, but have not been adopted, or even attempted by malware, will be revealed. No biological background is needed, only an open mind.

11:00 : Jumping the Epidermal Barrier

Speaker: Vlad Gostomelsky and Dr. Stan Naydin

This talk will focus on consumer grade glucose monitors - primarily continuous glucose monitors that are implantable or attach to the skin for extended length of time and provide readings via bluetooth low energy or have RF/BLE bridges. Research was focused on security/privacy implications.

12:15 : Selfie or Mugshot?

Speaker: Anne Kim

About Anne:
Anne Kim is a researcher and graduate student specializing in Computer Science and Molecular Biology at MIT. Professor Alex "Sandy" Pentland, head of the Human Dynamics Group at the MIT Media Lab, is the advisor for her thesis focusing on blockchain solutions for clinical trial optimization. Outside of her thesis work, Anne has done a number of different projects in quantum chemistry simulations, genome-wide association studies, natural language processing for electronic health records, and a startup in secure data sharing. Anne sees accessibility to healthcare as a right, and believes that the interface between biology, healthcare policy, and technology is a promising way to achieve that mission

Thanks to the use of DNA in criminal investigations, hundreds of innocent people have been exonerated from crimes they did not commit. DNA has also been used to used to arrest suspects in cold cases! In my presentation I will give a primer on the techniques used for DNA profiling and the statistics for false positives. The bulk of my presentation will be looking into the vulnerabilities of current DNA profiling methods and how a malicious actor could actually reconstruct enough genotypic information of any innocent person from just a picture of their face. This is based on recently published Nature Genetics research and extends the methods to suggest that it would only take ~50 million face:genotype samples to have a sufficient genotypic mapping that would allow someone to recreate your 23andMe profile (602,000 SNPs) from a selfie.

13:00 : Getting Skin in the Game: Biohacking & Business

Speaker: Cyberlass

About Cyberlass:
As an IT professional and biohacker Amanda Plimpton is delighted by the surge of citizen scientists who are driven to investigate, experiment and seek answers. She is interested in how the biohacking/body augmenting community can help its growing pool of talented, passionate individuals contribute to their fields from the commercial, academic or non-profit sectors. As Chief Operating Officer at Livestock Labs she is helping build a company that showcases one way biohackers can enter commercial spaces. Hoping to bring back lessons learned, she wants to keep helping grow a community that supports each other and promotes successes.

Let’s talk biohacking, technology and business. We are a community that is innovating and creating — mostly in non-profit and academic spaces. As we have grown so have the business opportunities, sometimes in unexpected places. My company, Livestock Labs, is bringing its biometric implant to market — in cows first. Started by grinders, the company is proving what we all know — that when we get funding and dedicated time our projects take off. This session tries to shed some light on learning to business as a biohacker and encourages other body augmenters and diyBio folks to take the leap and see what amazing things they can accomplish.

13:45 : PWN to OWN my own Heart. Journey into hacking my own pacemake

Speaker: Veronica Schmit

About Veronica:
Veronica or Vee is a Partner at DFIRLABS. She is a forensicator, avid researcher and quite literally the superglue that holds DFIRLABS together. She was previously in charge of the Free State Cyber Forensic Laboratory of the Special Investigating Unit. After deciding that this title on its own wasn’t already too much of a mouthful, she departed the SIU in order to add Malware (Reverse) Engineer, Photographer, Seamstress, Super Mom and Sleep-deprived MSc Chaser to her list. She PWN’s to own her own medical device which aids her broken heart beats, into a different rhythm, sometimes this beat is much like that of drums beating. She is passionate about medical device security and does not believe in security through obscurity. In between attending Metallica concerts and being converted into a cyborg (no really, ask her about her metal bits sometime), she completed a Diploma in Criminal Justice and Forensic Investigation from the University of Johannesburg. Deciding to brave foreign climes and curiosities, she went on to receive training in Europe on digital forensics and cyber crime investigation from the United States Department of Homeland Security. She is an Associate Member of a number of professional bodies, including the Institute of Information Technology of Professionals of South Africa, the Association of Certified Fraud Examiners, and the International Association of Computer Investigative Specialists. Veronica has contributed to several publications, including the ISC2 CCFP : Certified Computer Forensic Practitioner. She is currently juggling a Master’s thesis on ransomware, several digital forensics cases, getting a quality forensics training company off the ground, and reverse engineering ransomware whilst also keeping her two year old from walking into things. You can contact her by lighting up the night sky with the P10z0n_P1x13 beacon mounted on the top of the Twitter police department, or alternatively by email.

The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. This is my journey from regular hacker to gen-one cyborg to pwning my own heart that I can own the vulnerabilities to fix it. We forget that these are devices connected to flesh and blood, a person who depends on this device to have just one more heart beat. This is a journey into the inner sanctum of living with a vulnerable device in a time where technology progression has left behind security. We can no longer have security by obscurity when it comes to devices which cyborg’s like me depend on.We should not be in the business of sacrificing security for convenience or power. As a patient, I would rather sleep knowing my device has been hardened and have the inconvenience of replacing it more regularly than the converse. I feel that we, as the security community, should be addressing and assisting medical manufacturers with the security vulnerabilities in the devices that literally keep people alive. There should be more effort placed on addressing the security vulnerabilities. The simple fact is we are not dealing with just ones and zeroes. This is, for some, a life or death situation.

Implant Party

Are you interested in self augmentation, creating your own DIY evolution, then come to the Implant Party hosted at the DEFCON Biohacking Village, and learn how you can blur the lines between human and machine. Join the rise of cyborgs and enhance your own digital security with either an rfid xEM implant, or an nfc xNT implant.
All implants are manufactured by Dangerous Things for more information about these implants you can go to:
All implants will be available for a 50.00 donation
Last year we came with only 50 implants, 30 xNT or NFC based implants, and 20 xEM or RFID based implants. This year we will have over 200 implants so come out and get what you implant you want and or need. We will have plenty of xNT and xEM, with limited quantities of x1m-plus along with the possibility of a brand new implant being released at DEFCON having not been seen in public or implanted yet. So come out and see what we have, explore your new device with our volunteer techs, and explore your own DIY evolution.

Click here to reserve your implant

Implant Team


About Domino:
Cyber Consultant, Researcher, Guru.IT equivalent to Obi-Wan. Streamer Safety Enthusiast. Specializes in safety planning for those battling against particularly aggressive and tech-savvy stalkers. TL;DR Geek Squad on Steroid


About c00p3r:
Founder and Co-Host of DMP; c00p3r has a background in varied tech support roles which have provided him experience in Linux, Mac and Windows environments. His own entry to the ‘cyborg’ Biohacker culture was recent, augmenting his body with both NFC and RFID chips through ‘Dangerous Things’ products which were available at the BodyHack Con in Austin, TX this past January. He has also added to his collection with a flexNT while at DEFCON in August of 2016.


About Cur50r:
Co-Host DMP Bio-Hacking Focused; Cur5or is a software engineering graduate from London, UK currently completing my masters in RFID security and cryptanalysis. He is also a proficient programmer, and it is this union with biohacking which has sparked his interest in creating technology that can advance the capabilities of everyday life. Cur5or got involved in biohacking after seeing Amal from Dangerous Things on a Ted talk, since then he has worked on several projects both individually, with DT and Biohackers-UK.


About Keibone:
former us army front line Medic. Information Security Director with an interest in expanding his knowledge and experience daily along with exploring further the emerging world of biohacking along with all the possibilities of vulnerabilities to protect that it encompasses.


About RJmendez:
Infosec engineer, cyborg, researcher of wireless, rfid/nfc, and satcomms… be sure to turn off your wifi/bluetooth, and burn after reading…All in all if you have questions about packet capture, rfid/nfc and implantable tech, if he doesn’t know then he will be glad to research for a better answer to your question alongside of you often enough.

Max Power

About Max Power:
Lockpicker gone wireless. Max Power is usually found in the lockpick village. He spends his free time traveling around to teach lockpicking and enjoys learning about new types of locks. From lockpicking, Max now spends time cracking into MIFARE cards, in addition to other MIFARE technologies. When forced to step away from security systems he competes in powerlifting competitions as home is under the squat bar.




About Liza:
Developer, and technical project manager from the UK.

BioTorrent Demo

Would you like to cure the most common infectious disease in humans? Want to see it done? Come to the BioHacking Village at 2:30 on saturday, and watch it happen live. If you like what you see, come back and participate in the workshop, where you can make your own cure, and make as many copies as you want.
We are finding out that many diseases are tied to the balance of our microbiomes. We have ecosystems in our gut, our colon, our skin, our mouth, our eyes, our ears, and more. Some of the microbes we have a working relationship with, and others are pathogenic. Yet we are forced to suffer them all equally.
With a bit of genetic engineering, we can build a friendly version of a pathogen, make it stronger, and send it in to replace the pathogenic version. But the true magic, is that a medicine made of a living material is self-replicating, so you can make copies for everyone you know, and they can make copies for everyone they know.
This weekend may mark the beginning of the end of a disease. Want to be able to say you were there when it all began? Swing on by.

Medical Device village

The Biohacking Village, in collaboration with I Am The Cavalry, is building a Medical Device Lab at DEF CON to improve trust and trustworthiness of the public health system. The Lab is a high-trust, high-collaboration environment where security researchers can learn and build their skills alongside patients, medical device makers, hospitals, the FDA, and others.

We welcome participants who will act in good faith, in the best interest of patients, when researching, disclosing, and addressing security issues.

Medical Device Makers Participate

As part of their product security programs and their proactive initiatives to test their products and enhance the cybersecurity of their medical technologies, select medical device makers [to be revealed when the village opens] have provided devices for use in the Biohacking Village. These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed.

Bring Your Own Medical Device

Security researchers and others are also bringing devices, and there should be enough to go around. Some of these will require special tools and knowledge, so bring software defined radios, device manuals, and whatever else you think might help you research them. We expect researchers who perform testing on any devices in the lab will follow the manufacturers’ coordinated vulnerability disclosure policy and report issues found, where possible.

Medical Device Capture the Flag

A team of security researchers from the Mayo Clinic created a medical device Capture The Flag (CTF) to teach device hacking skills. Their game simulates a vulnerable infusion pump and PACS system, with several flags at different points that will keep researchers entertained as they learn. More details, such as time commitment, skills, and others, will be revealed in the Biohacking Village itself.

Office Hours

We will have several individuals holding “office hours,” from the security research community, device makers, FDA, and others. Want to know what the FDA is doing to improve security of medical devices? How does a doctor prioritize security over other considerations when treating patients with devices? What tradeoffs do product security teams consider when getting safe and effective devices in the hands of patients? How do successful security researchers start looking at medical devices? These questions, and more, will be fair game when some of the people in those roles every day hold “office hours” in the Lab.

  • Friday, August 10, 10:00-12:00 - Cardiologists meet Hackers
  • Friday, August 10, 12:00-14:00 - FDA on Medical Device Security - Seth Carmody
  • Friday, August 10, 14:00-15:00 - Medical Device Security Demo & CTF - Fotis Chantzis, Danilo Clemente
  • Saturday, August 11, 12:00-14:00 - FDA on Medical Device Security - Seth Carmody
  • Saturday, August 11, 14:00-15:00 - Medical Device Security Demo & CTF - Fotis Chantzis, Danilo Clemente
  • Sunday, August 10, 10:00-12:00 - Doctors are Hackers Too - Christian Dameff, MD

Quack Devices

A member of the DEF CON community will showcase his “quack” medical devices from the 1800s-1930s. These devices are crazy, creepy throwbacks from the Victorian era should make us all appreciate how far healthcare has come, in terms of safety, effectiveness, and trustworthiness!

Other Resources

We’re building out other resources that will be available for researchers to get started testing medical devices. We’ll have some tools, information, education, and training available to help you get started. If you have any to add, hit us up on Twitter or in the lab.

Government Security Documentation and Guidance

Industry and Civil Society Documents
Specialized Tools


The BHV celebrates global health ingenuity arising from maker communities from the dynamic perspective of emerging biology, technology, and human-enhancement. In one year, we have more than doubled our talks and tripled the number of attendees. The BioHacking Village has grown from a small half village of 11 talks and demos to a full village with 28 non-stop talks and demonstrations with standing room only and entrance lines that exceeded capacity.

Whether your interest lies in security, technology, engineering, science, humanities, design, or fabrication, donors to the BioHacking Village can be assured they are reaching an audience of unapologetically enthusiastic innovators.


Watch for our tweets @DC_BHV for important updates before, during, and after DEF CON... and for many neat biohacking & bioengineering retweets.

If you have any questions and for media inquires, please email us at For general discussion, we have a space on the DEF CON forums.

Buy the Biohacking Village Badge

Interested in buying the fantastic swag of the biohacking village?