Infecting the Embedded Supply Chain

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.
  1. Moscone South

With a surge in the production of Internet of Things (IoT) devices, embedded development tools are becoming common and the software they run is often run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. This talk will demonstrate this via the exploitation of a common embedded debugger.

Learning Objectives:
1: Understand the risk introduced by untested development tools.
2: Find out the current state of development tools related to embedded development.
3: Learn how to best proceed when tools cannot be trusted.

General understanding of the concepts behind IoT device development (the design of both hardware and software, familiarity with the concept of a debugger, etc.); general understanding of basic binary exploitation (e.g. stack-overflow, memory corruption, etc.).

Download pdf