Finding Zero-Day Vulnerabilities in Vilo Home Routers - Security Research Process and Discoveries

Explore a detailed security research presentation from DEF CON 32 where student researchers from Brigham Young University reveal their discovery of nine zero-day vulnerabilities in Vilo Living home routers. Learn about their comprehensive investigation process, starting with initial reconnaissance and progressing through hardware hacking, cloud infrastructure analysis, and firmware examination. Follow their journey of vulnerability discovery, including critical findings like stack overflows, authentication bypasses, and command injection vulnerabilities. Understand the challenges faced during vendor disclosure, CVE filing, and the broader implications for IoT security. Gain insights into the systematic approach used for discovering security flaws in consumer-grade networking equipment, from OSINT techniques and hardware analysis to cloud enumeration and firmware reverse engineering. Discover practical lessons about IoT device security, vendor responses to vulnerability disclosures, and potential areas for future security research in the IoT space.