Firmware Vulnerability Analysis

Presented at THOTCON 0x6 (2015), May 14, 2015, 5 p.m. (50 minutes)

Bad code is everywhere and the tools to dig it up are maturing at an astonishing rate. The day of reckoning has come device manufacturers who have neglected the adoption of secure development practices. Join us as we dive into firmware updates for many different devices and uncover undocumented 'recovery features' (backdoors), hardcoded accounts, direct url access/permissions issues and buffer overflows.

Presenters:

• Jeremy Richards
  Jeremy is a vulnerability researcher for SAINT Corporation - performing research and uncovering weaknesses in a variety of technologies, and developing security software professionally for nearly a decade. These days he spends his time writing remote unauthenticated vulnerability checks by reverse engineering changes introduced by security patches and identifying the root cause. Jeremy has recently started developing a framework to extract data from firmware images and perform automated analysis. His research in this area has uncovered a compelling number of undocumented risks that impact a large number of devices and user environments.

Similar Presentations:

• Black Hat USA 2015 / Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
• 30C3 (2013) / An introduction to Firmware Analysis: Techniques - Tools - Tricks