Hacking Embedded Devices

Presented by

Deb Radcliff, Shift Left Editor, Alexander Heid, VP Threat Intelligence, James Bell co-founder, Bryce Case

About this talk

A quick look at the OWASP Embedded Application Security Project Best Practice Guide reveals numerous vulnerabilities in code developed for OT and embedded systems, including but not limited to buffer and stack overflows, injection attacks, cryptographic signatures and firmware updates, third party code components, and lax authentication and access controls. To understand how these other vulnerabilities could result in serious risk to society, three red team hackers share some of their most chilling findings in critical infrastructure systems, and provide advice for shifting left on OT and embedded DevOps practices. These experts explain why embedded and OT systems are more difficult to code to because of their small footprint, how microservices can be riddled with buffer overflows and other issues that can’t be fixed, how attackers can exploit the web servers, APIs, terminal sessions, and radio signals used to connect these devices, and how IoT and small devices often contain hard-coded passwords, and lack encryption to prevent man in the middle attacks.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (38)
Subscribers (2079)
CodeSecure is a global provider of application security testing solutions including static analysis (SAST) and software composition (SCA) products. Our products, CodeSonar and CodeSentry, help organizations develop and release higher quality and more secure software – free of harmful defects and exploitable weaknesses that cause system failures, enable data breaches, and increase corporate liability.