Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices | RSA Conference

Posted on Jun 09, 2022 in Presentations

Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from consumer, medical, and IIoT to industrial control systems (ICS). Dubbed “BadAlloc,” the vulnerabilities were found in 20+ widely-used SDKs and RTOSs like VxWorks. This session will describe how they were found, demonstrate how adversaries can leverage them, and give recommended mitigations.

Download Slides: 2022_USA22_SAT-R02_01_Uncovering-BadAlloc-Memory-Vulnerabilities-in-Millions-of-IoT-Devices

Participants

Tamir Ariel

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Omri Ben-Bassat

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Hackers & Threats Technology Infrastructure & Operations

application security Internet of Things zero day vulnerability malware operational technology (OT Security)

View More Presentations

Topic

Hackers & Threats

Technology Infrastructure & Operations

Subtopic

application security

Internet of Things

zero day vulnerability

malware

operational technology (OT Security)

Share With Your Community