Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Ground Truth - 18 Vendors, 6000 Firmware Images, 2.7 Million Binaries, and a Flaw in the Linux-MIPS Stack

0xdade via YouTube

Overview

Explore a comprehensive analysis of embedded devices, IoT, and home routers in this 53-minute conference talk from ShmooCon 2019. Dive into the findings from an extensive study of over 6000 firmware images from 18 vendors, encompassing 2.7 million binaries. Discover alarming trends in software hardening practices, including regression of features over product lifetimes and inconsistent application of basic protections across major vendors. Learn about the differences in hardening between newer and older architectures, and the surprising decrease in ASLR implementation from 2012 to 2018. Investigate a critical flaw in Linux/MIPS stack support, resulting in a universal DEP bypass and subsequent ASLR bypass. Gain insights from industry experts Parker Thompson, Tim Carstens, and Mudge as they discuss the importance of large empirical studies in assessing overall security trends and their implications for the future of embedded device security.

Syllabus

Ground Truth: [...] and a flaw in the Linux/MIPS stack - Parker Thompson, Mudge, & Tim Carstens

Taught by

0xdade

Reviews

Start your review of Ground Truth - 18 Vendors, 6000 Firmware Images, 2.7 Million Binaries, and a Flaw in the Linux-MIPS Stack

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.