Presented at
DEF CON 33 (2025),
Aug. 9, 2025, noon
(45 minutes).
In this talk, we dive into a world of webcams that secretly run Linux. What started as a casual curiosity turned into a deep dive into embedded Linux systems, obscure supply chains, and alarming security oversights.
Along the way, we discovered how decisions made far upstream – by silicon vendors and OEMs – can introduce vulnerabilities that quietly ship in tens of thousands of devices.
This presentation explores the broader implications of insecure firmware, broken update mechanisms, and the surprising autonomy of devices many assume to be simple peripherals.
We share how we traced the tech stack from brand-name distributors back to little-known chipset manufacturers, and what that journey revealed about responsibility, transparency, and the risks of neglecting security at the hardware-software boundary.
Come for curiosity, stay for the demos and laughs.
Presenters:
-
Mickey Shkatov
Mickey has been involved in security research for over a decade, specializing in breaking down complex concepts and identifying security vulnerabilities in unusual places. His experience spans a variety of topics, which he has presented at security conferences worldwide. His talks have covered areas ranging from web penetration testing to the intricacies of BIOS firmware.
-
Jesse Michael / @jessemichael
as Jesse Michael
Jesse is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.