Airbreak Project CPAP board

Episode 182: Hackers take Medical Devices ‘off label’ to Save Lives

In this episode of the podcast (#182) Trammell Hudson of Lower Layer Labs talks to us about Project Airbreak, his recent work to jailbreak a CPAP machines and how an NSA hacking tool helped make this inexpensive equipment usable as a makeshift respirator.


From Wuhan, China, to the Lombardy region of Italy to Spain and the boroughs of New York City, the novel Corona Virus – COVID 19 – has taken a deadly toll. But, as pandemics often do, COVID has also shone a spotlight on the cracks and failures in societies’ healthcare and emergency response capacity. In the U.S., there have been critical shortages of medical equipment, especially respirators, which have been in high demand to treat patients who become critically ill from COVID. 

FDA Medical Device Plan: a Baby Step in the Right Direction

Trammel Hudson  is the founder of project Airbreak and of Lower Layer Labs.

The shortage of respirators has prompted a run on this critical piece of medical equipment, with hospitals bringing decades old equipment out of storage and manufacturing firms retooling to manufacture new devices. None other than New York Governor Andrew Cuomo has used his daily COVID updates to plead to the Federal Government and others for respirators to help treat thousands of critically ill New Yorkers struggling to breathe.

But what if a common and inexpensive piece of at-home medical equipment could be repurposed to help those sickened by COVID breathe and survive the worst of the illness? That was the challenge a group of pulmonologists presented to our guest this week, Trammell Hudson of Lower Layer Labs in Amsterdam, Netherlands. 

Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices

A world renowned expert in the security of firmware – the software that runs machinery – Hudson had never worked on medical devices before. But he had launched The Magic Lantern – an open source community of tinkerers that had been developing and releasing custom firmware and features for Canon SLR cameras for years. That brought him to the attention of a group of pulmonologists who were looking for a way to convert ubiquitous and inexpensive CPAP (continuous positive airway pressure) machines to their more sophisticated cousins, BIPAP (bi-level positive airway pressure) machines. The FDA had already issued emergency guidance clearing such devices for use as makeshift respirators “provided that appropriate design mitigations are in place to minimize aerosolization” of the COVID virus.

Hudson’s task: to dig into the guts of so-called “CPAP” machines, which help those suffering from sleep apnea, and figure out a way to turn them into functioning respirators that hospitals might deploy in an emergency. 

Spotlight Podcast: How Machine Learning is revolutionizing Application Fuzzing

The result: Airbreak.dev a proof of concept “jailbreak” of a common CPAP device, the Airsense 10 CPAP by ResMed. Specifically, Hudson and his compatriots modified the Airsense firmware so that they could run additional tasks on the device and make it possible, along with extra equipment like viral filters, to use the device as a temporary respirator. “This can help ease the shortage until more real respirators are available,” they wrote.

More intriguing: Hudson’s work on the Airsense bring the ~$600 Airsense S10 to near feature parity with BIPAP machines from the same manufacturer that sell for $1,600.

In this episode of the podcast, we invited Trammell into the SL studios to talk about the Airbreak project, hacking medical devices in an age of pandemics and how OEMs increasingly use software to both conceal and reveal the true capabilities of their hardware.

Check out our conversation in Episode #182 above.


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.