Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the intricacies of identifying multi-binary vulnerabilities in embedded firmware at scale in this 37-minute conference talk from the 36th Chaos Communication Congress. Delve into the challenges of analyzing hardware-dependent software on low-power, single-purpose embedded devices like routers and IoT systems. Learn about Karonte, a novel static analysis tool that models and tracks multi-binary interactions to detect insecure, attacker-controlled vulnerabilities. Discover the results of experiments on 53 firmware samples from various vendors, leading to the discovery of 46 zero-day bugs. Gain insights from a large-scale experiment on 899 different samples, demonstrating Karonte's scalability and effectiveness in analyzing real-world firmware. Watch a demonstration of the tool in action, showcasing its ability to detect previously unknown vulnerabilities.
Syllabus
Introduction
Overview of IoT
Why is it hard to secure IoT
Firmware design
Interprocess communication
Environment variable
Unpacking
CPS
BDG
Static Link
Results
Running current
Summary
Taught by
media.ccc.de
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube