Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

media.ccc.de via YouTube

Overview

Explore the intricacies of identifying multi-binary vulnerabilities in embedded firmware at scale in this 37-minute conference talk from the 36th Chaos Communication Congress. Delve into the challenges of analyzing hardware-dependent software on low-power, single-purpose embedded devices like routers and IoT systems. Learn about Karonte, a novel static analysis tool that models and tracks multi-binary interactions to detect insecure, attacker-controlled vulnerabilities. Discover the results of experiments on 53 firmware samples from various vendors, leading to the discovery of 46 zero-day bugs. Gain insights from a large-scale experiment on 899 different samples, demonstrating Karonte's scalability and effectiveness in analyzing real-world firmware. Watch a demonstration of the tool in action, showcasing its ability to detect previously unknown vulnerabilities.

Syllabus

Introduction
Overview of IoT
Why is it hard to secure IoT
Firmware design
Interprocess communication
Environment variable
Unpacking
CPS
BDG
Static Link
Results
Running current
Summary

Taught by

media.ccc.de

Reviews

Start your review of Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.