Abstract
Videos were in 4 parts these are link’s to those
AI Generated Summary
The talk presented research on analyzing and mitigating security vulnerabilities in embedded systems and Internet of Things (IoT) devices. The primary focus was on practical methodologies for discovering flaws in firmware and addressing supply chain risks.
Key techniques discussed included static and dynamic binary analysis for reverse engineering device firmware, with an emphasis on automated vulnerability scanning. Fuzzing was highlighted as a core method for triggering unexpected behavior in device inputs and network protocols. The speaker detailed processes for extracting firmware from physical devices, identifying hardcoded credentials and cryptographic keys, and tracing data flows to find injection points. A significant portion covered analyzing compromised devices found in botnets, specifically examining how malware persists through firmware modifications and leverages OEM backdoors or insecure update mechanisms.
Findings indicated that many consumer and industrial IoT devices contain critical vulnerabilities due to poor coding practices, lack of secure boot, and outdated open-source components. Supply chain attacks were identified as a growing threat, where malicious code is introduced during manufacturing or via third-party libraries. The research demonstrated that vulnerabilities often remain unpatched for years due to vendor neglect and the difficulty of updating deployed devices.
Practical implications stressed the necessity for mandatory security audits, secure-by-design principles in firmware development, and robust, cryptographically signed update frameworks. The talk advocated for improved vulnerability disclosure processes and greater collaboration between security researchers and vendors to remediate flaws in legacy systems. The overarching takeaway was that the security of embedded infrastructure remains fragile, requiring systematic analysis and proactive defense strategies to prevent large-scale compromise.