Ground Truth - 18 Vendors, 6000 Firmware Images, 2.7 Million Binaries, and a Flaw in the Linux-MIPS Stack

Explore a comprehensive analysis of embedded devices, IoT, and home routers in this 53-minute conference talk from ShmooCon 2019. Dive into the findings from an extensive study of over 6000 firmware images from 18 vendors, encompassing 2.7 million binaries. Discover alarming trends in software hardening practices, including regression of features over product lifetimes and inconsistent application of basic protections across major vendors. Learn about the differences in hardening between newer and older architectures, and the surprising decrease in ASLR implementation from 2012 to 2018. Investigate a critical flaw in Linux/MIPS stack support, resulting in a universal DEP bypass and subsequent ASLR bypass. Gain insights from industry experts Parker Thompson, Tim Carstens, and Mudge as they discuss the importance of large empirical studies in assessing overall security trends and their implications for the future of embedded device security.