|
PRESENTATION:
|
Embedded Security 101
|
|
PRESENTER(S):
|
Tao Sauvage, Senior Security Consultant for IOActive
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Reseaux et Telecommunications de l’Universite de Franche-Comte, Belfort, France
|
|
DATE & TIME:
|
March 10, 2016 at 11:10AM
|
In this talk, Tao Sauvage will provide the basic knowledge required to begin assessing the security posture of embedded systems. Tao will answer questions such as: What are embedded systems? What is their attack surface? What tools do I need?’
Tao will then provide three real-life examples to illustrate security in the world of embedded systems.
- A repeater WiFi where a flaw in its web interface allowed an attacker to access sensitive information about the device.
- An IP camera where firmware analysis revealed an OS command injection with root privileges.
- A router where the extraction and analysis of the boot loader lead to the decryption of its firmware.
About Tao Sauvage
Tao Sauvage is a Senior Security Consultant for IOActive where he performs embedded device security testing, vulnerability assessments and analysis, secure code reviews, web application penetration testing, network penetration testing, mobile application penetration testing, and social engineering security testing.
Sauvage has been an Offensive Web Testing Framework (OWTF) developer for the Open Web Application Security Project (OWASP) since February 2014. He has participated in Google Summer of Code 2014, and OWASP Winter Code Sprint 2014. He has also served as the president of HackGyver, the hackerspace of Belfort, France.
About SecuRT
SecuRT is a free event open to everyone involved in computer security. For the past three years, it is organized in Montbeliard, the department Networks and Telecommunications of the University of Franche-Comté, with the help of Hackgyver the hackerspace Belfort.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github