Understanding the Importance of Advanced Software Security in Embedded Systems
Description
This talk provides insights into how attackers exploit embedded systems. Many companies implement various kinds of security measures, such as hardware-based protections, encryption, and network security. However, one vertical that is often overlooked is software reverse engineering, which has the potential to bypass all other security measures if neglected. The motivations for reverse engineering software and exploiting bugs are manifold, ranging from stealing hardcoded keys, understanding and misappropriating competitors’ intellectual property, identifying vulnerabilities, to circumventing paid features. When it comes to exploiting vulnerabilities, embedded devices often lag behind in implementing standard software mitigation techniques that have been deployed on desktop systems for decades. In this talk, we will generalize the attack flow that embedded devices face, demystifying the reverse engineering process by examining modern tools available to attackers, such as Ghidra from the NSA. We will introduce different toolsets and capabilities that attackers utilize in their process of reverse engineering and hacking, outlining the severe threat posed by these types of attacks. In the final part of this talk, we will focus on protections and mitigations, which should be an integral part of the security ecosystem of every embedded system. Here, we will explore the role of advanced binary rewriting techniques, to provide advanced software protection.
.png)
