Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices


Posted on in Presentations

Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from consumer, medical, and IIoT to industrial control systems (ICS). Dubbed “BadAlloc,” the vulnerabilities were found in 20+ widely-used SDKs and RTOSs like VxWorks. This session will describe how they were found, demonstrate how adversaries can leverage them, and give recommended mitigations.

Participants
Tamir Ariel

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Omri Ben-Bassat

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft


Share With Your Community