Automotive/IoT Network Exploits: From Static Analysis to Reliable Exploits

Posted on in Presentations

Moabi just reported CVE-2016-10743 and CVE-2019-10064, which are not public. The first one relates to an accidental fix in Hostapd 2.5; the second one is current and affects all versions of Hostapd including the current ones (there is no patch). Both relate to the fact that Hostapd is relaying on PRNGs from the libc to generate various cryptographic keys, while never actually seeding those PRNGs.

Pre-Requisites: Technical experience in Reverse Engineering and a working knownedge of everything ranging from assembly to C auditing to compiler mitigations and exploits writing.

Mobile & IoT Security Hackers & Threats

zero day vulnerability Internet of Things hackers & threats exploit of vulnerability cryptography



Share With Your Community