Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices


Posted on in Presentations

Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from consumer, medical, and IIoT to industrial control systems (ICS). Dubbed “BadAlloc,” the vulnerabilities were found in 20+ widely-used SDKs and RTOSs like VxWorks. This session will describe how they were found, demonstrate how adversaries can leverage them, and give recommended mitigations.

Join the RSAC Membership to unlock AI-powered summaries, mind maps, and slides for this and other RSAC Conference presentations. Learn more.


Participants
Tamir Ariel

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Omri Ben-Bassat

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft


Share With Your Community