Call for IoT Trainings: Secure Development for embedded Devices

René Pfeiffer/ March 24, 2021/ Discussion, Training

The world is much easier to handle without limits. If you have all your frameworks freely available and have the luxury of running your code with a multi-MB (or -GB) runtime environment, then you are in paradise. The world of embedded devices and the Internet of Things looks different. Saving energy is the prime directive. The power supply might be a battery or the connector pin of another device. Multiple cores are rare, memory is even rarer. If you are acquainted with the container and cloud lifestyle, then embedded systems will be a culture shock. Think kilo instead of mega or giga. Small devices run code, too. So this is where security comes into play. What can you do to design your embedded code to be small and secure? Secure design and coding have

Read More

DeepSec 2019 Training: IoT/Embedded Development – Attack and Defense Lior Yaari

Sanna/ September 19, 2019/ Training

Every developer makes mistakes. If you are unlucky, these mistakes result in a security vulnerability, an almost untraceable bug for the normal developer. Going around the world, helping developers to find and understand the vulnerabilities they’ve accidentally created, we learned that unlike bugs, vulnerabilities are invisible to the eye, mind and UT. No one teaches developers how an attacker thinks, what computers security mechanisms are capable of (and what not), and how to avoid creating possible security mistakes endangering your customers. In this course we will teach you the basics of Embedded Devices security from the beginning: How vulnerabilities are created and how an attacker approaches a new device. From the internals, – physical manipulations, buffer overflows, memory corruptions, timing attacks, all the way to the solution: How to avoid common mistakes and even

Read More