Understanding Embedded Devices and Firmware in OT

URG11 and network stack flaws are not anything new. They are miscreants leftover from the 90’s and early 2000’s – a period where these types of software flaws were rampant.

For the most part, these flaws represent an era where devices lacked proper robustness testing and customers were obligated to trust the vendor’s security practices. While most of these were stranded in a land of security by obscurity or islanded (“air-gapped”), they were eventually retired or rotated out of deployment and into the hands of researchers with ubiquitous network-stack protocol “fuzzers” (a strategy/application where you test all permutations of a protocol to see if there unintended effects or erroneous logic).

Despite these vendors possibly having visibility or reports on these exact issues (or ones like them), stack-based vulnerabilities are commonly forgotten by vendor quality assurance and systems integration processes. Even if these systems are deployed in critical infrastructure, energy, oil & gas, manufacturing, building automation, or are consumer Internet of Things (IoT) products – the same issues are fundamentally present in all types of systems and represent a variable level of opportunity and susceptibility to exploitation by a malicious entity.

This webinar’s topic is a mile wide but will be a technical deep dive on a variety of components in embedded systems. It is intended for IT persons, asset owners, and those looking to understand the complexities of firmware (as they relate to managing vulnerabilities) at a level sufficient for coverage within a 45-minute webinar.