Night of the living vulnerabilities: forever-days of IoT
In a tribute to Romero's masterpiece, we will examine the resurgence of vulnerabilities we all thought dead. As soon as a security expert looks at the firmware and code of IoT devices, 2017 may as well be 1997: format string bugs, basic stack overflows and hardcoded credentials arise. Zero-days are actually forever-days. We will look at a number of real world cases of industrial and consumer IoT devices we tested and broke, and besides analyzing the most common and most outstanding findings, we will wonder why we seem unable to kill these pests once and forever.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching “Computer Security” and “Computer Forensics” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 60 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society (for which he is a member of the Board of Go
Roberto Clapis is a Security Engineer, working as a penetration tester for Secure Network, Italy's leading security assessment company. He received a B.Sc. degree in Computer Engineering from Politecnico di Milano university in Italy. In his spare time Roberto contributes to open source projects and plays CTF with the "Tower of Hanoi" team. He has a strong interest in developing automated tools to optimize the process of penetration testing and code analysis.