Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices

Available On Demand
Thursday, Jun. 9, 2022
9:40 AM - 10:30 AM PT
Moscone West 3009

Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from consumer, medical, and IIoT to industrial control systems (ICS). Dubbed “BadAlloc,” the vulnerabilities were found in 20+ widely-used SDKs and RTOSs like VxWorks. This session will describe how they were found, demonstrate how adversaries can leverage them, and give recommended mitigations.


Session Video

Participants
Tamir Ariel

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Omri Ben-Bassat

Speaker

Security Researcher, Section 52, Microsoft Defender for IoT, Microsoft

Hackers & Threats Technology Infrastructure & Operations

application security Internet of Things zero day vulnerability Malware operational technology (OT Security)



Session Code
SAT-R02

Topic/Track
Securing All the Things

Type/Format
Track Session

Classification
Advanced - Technical

Pass Requirements
  • Full Conference
  • Press
  • College Day
  • Digital Pass
  • Speaker


Share With Your Community