Security Weekly Podcast Network (Audio) Making Medical Devices Secure - Tamil Mathi - ASW #373
Mar 10, 2026
Tamil Mathi, a product security engineer focused on medical and IoT device safety, discusses why medical gear often must prioritize availability and even fail open. He breaks down threat modeling across hardware, firmware, OS, and apps. Tamil also covers practical ways to get started safely with hardware hacking and reviewing firmware.
AI Snips
Chapters
Transcript
Episode notes
Black Box Threat Modeling For Medical Devices
- Medical devices require threat models that treat the device as a black box across hardware, firmware, OS/services, and application layers.
- Tamil Mathi prioritizes hardware/firmware and OS trust foundations (secure boot, platform TEEs) before app controls to preserve availability and safety.
Use Hardware Roots When TPMs Are Too Costly
- Build security from the hardware up: enable secure boot and leverage platform TEEs to prevent firmware extraction and protect IP.
- Use platform capabilities when TPMs are too expensive for low-cost devices (e.g., $50 smart cables).
Fail Open For Patient Safety
- For monitoring devices availability outweighs confidentiality and integrity; they should fail open so clinicians always have readings.
- Tamil Mathi explains clinicians use devices as aids, so taking a monitor offline for security can risk patient safety.