Night of the living vulnerabilities: forever-days of IoT
In a tribute to Romero's masterpiece, we will examine the resurgence of vulnerabilities we all thought dead. As soon as a security expert looks at the firmware and code of IoT devices, 2017 may as well be 1997: format string bugs, basic stack overflows and hardcoded credentials arise. Zero-days are actually forever-days. We will look at a number of real world cases of industrial and consumer IoT devices we tested and broke, and besides analyzing the most common and most outstanding findings, we will wonder why we seem unable to kill these pests once and forever.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching “Computer Security” and “Computer Forensics” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 60 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society (for which he is a member of the Board of Go
Roberto became a Security Engineer at Google after spending two years working as a penetration tester and code reviewer for Secure Network. He loves to write, hack, customize, patch and tailor any software that allows him to do so.