BadAlloc - Broken Memory Allocators Led to Millions of Vulnerable IoT and Embedded Devices

Explore a critical class of security vulnerabilities called "BadAlloc" in this 39-minute Black Hat conference talk. Dive into integer-overflow related issues found in popular memory allocators' core functions like malloc and calloc. Learn how these vulnerabilities affect 17 different widely used real-time operating systems, standard C libraries, IoT device SDKs, and self-memory management applications. Discover the impact of BadAlloc on millions of IoT and embedded devices worldwide, with some vulnerabilities dating back to the early 90's. Gain insights from security researchers Omri Ben-Bassat and Tamir Ariel as they present their findings and discuss the implications for device security.