How Embedded TCP-IP Stacks Breed Critical Vulnerabilities

Explore the rise of critical vulnerabilities in embedded TCP/IP stacks in this 37-minute Black Hat conference talk. Delve into the reasons behind the recent discovery of long-standing vulnerabilities, examining their direct, unauthenticated, and cross-perimeter network exposure. Learn about dynamic and static analysis techniques used to uncover these issues, and understand the types of vulnerabilities found, including heap buffer overflows and IPv6 extension header vulnerabilities. Gain insights from real-world examples, analyze the consequences of these vulnerabilities, and discover valuable lessons learned from the research conducted by security experts Amine Amri, Stanislav Dashevskyi, Daniel dos Santos, and Jos Wetzels.

Introduction
Overview
Prior vulnerabilities
Dynamic and static analysis
Positive results
Vulnerability analysis
Initial vulnerabilities
Vulnerability types
Cpip stack
ipv6 extension headers
destination options extension header
heap buffer overflow
highlevel overview
proof of concept
lessons learned
examples
consequences