Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from consumer, medical, and IIoT to industrial control systems (ICS). Dubbed “BadAlloc,” the vulnerabilities were found in 20+ widely-used SDKs and RTOSs like VxWorks. This session will describe how they were found, demonstrate how adversaries can leverage them, and give recommended mitigations.

RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Tens of Millions of Critical Devices

Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Hundreds of Millions of Critical Devices