Wireless & Physical Interface Profiler

Pick the interfaces your device actually exposes - from Wi-Fi and BLE to NFC, RFID, USB-OTG, JTAG, and CAN. Get the threats reviewers expect to see in the threat model, the pen-test scoping that proves them out, and the evidence each interface adds to your premarket submission.

Every interface → threats + pen-test scope + premarket evidence

• 17 interface entries spanning wireless (Wi-Fi, BLE, BR/EDR, NFC, RFID, cellular, paired phone), wired/physical (USB data, USB-OTG, serial/CAN, removable media, JTAG/SWD), cloud/app (vendor API, companion app, portal), and update/service (OTA).
• Reviewer-relevant seeded threats with abuse case, safety impact, and AAMI TIR57 / SW96 control IDs.
• Pen-test scoping list per interface so your testing SOW covers every exposed surface.
• Premarket-evidence list per interface so your eSTAR cybersecurity sections include what reviewers expect.

What teams usually get wrong

• Myth: If it's just NFC for pairing, it doesn't need a threat model entry.

  Reality: Tap-to-configure NFC is one of the most common ways malicious configuration lands on a device. Reviewers expect it in the threat register with signed-payload mitigations.

• Myth: RFID is a logistics concern, not a cybersecurity concern.

  Reality: If the device authenticates a consumable, accessory, or clinician using RFID, it is a safety-relevant security control and must be modeled.

• Myth: A USB-C port that 'only charges' has no attack surface.

  Reality: USB-C role detection can be coerced. Without hardware-level data-line isolation, the port is a data path.

Primary sources behind this tool

1. AAMI TIR57 - Principles for Medical Device Security: Risk Management - AAMI
2. ANSI/AAMI SW96 - Standard for Medical Device Security - AAMI
3. FDA Cybersecurity in Medical Devices - premarket guidance - FDA
4. OWASP IoT Top 10 - OWASP

Where to take this next.