Jeff Spielberg - Bug hunting in firmware and hardware at scale: Tools, tips & real vulnerabilities

Finding vulnerabilities in embedded device firmware and hardware has historically been a slow and laborious process requiring security researchers to drink too much coffee while staring at a disassembler. While we will not attempt to solve the coffee problem, there are now tools and techniques to help those either new to embedded systems or those trying to scale up their bug finding to help automate vulnerability identification in firmware and hardware.

In this talk, we will provide an introduction to embedded bug classes and where they are most often seen. We will show today’s most common methods to find these bugs and why they are inadequate for today’s necessary scale. We will demonstrate some of the best uses of open source tools for finding firmware vulnerabilities and then demonstrate the types of vulnerabilities that can be found in an automated fashion. We will do the same for basic hardware vulnerabilities, and show a new open source tool to assist with debug port glitching to gain a shell on a device. Example targets will include routers, IP cameras, and others.

Attendees will learn the more about embedded hardware and firmware vulnerabilities and leave with tools and techniques to allow them to find these themselves in targets of their choosing.