Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine

Hack In The Box Security Conference via YouTube

Overview

Dive into a comprehensive exploration of GarminOS and its MonkeyC virtual machine in this 48-minute conference talk from the Hack In The Box Security Conference. Discover the inner workings of Garmin's proprietary real-time operating system and custom language, which power their popular smartwatches and fitness devices. Follow the speaker's journey in reverse engineering the Garmin Forerunner 245 Music's firmware, uncovering critical vulnerabilities affecting over 100 Garmin devices. Learn about the CIQ application file format, virtual machine internals, binary resource management, and permissions implementation. Gain insights into the discovery and exploitation of low-level vulnerabilities, including design issues, memory corruption, and type confusion. Understand the impact of these findings on Garmin's product line and the coordinated disclosure process that led to security fixes. Explore specific examples of vulnerabilities with proof-of-concept applications, providing a deep technical understanding of the security challenges in smart fitness devices.

Syllabus

#HITB2023AMS D2T1 - A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine - Tao Sauvage

Taught by

Hack In The Box Security Conference

Reviews

Start your review of A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.