🎉 Welcome to the New IoT For All!
We’ve refreshed our look and upgraded your experience, but as we settle in, you might notice a few hiccups. Thank you for your patience as we fine-tune things—there’s much more to come! 🚀

MAY

Finding Vulnerabilities in Embedded Products: 3 Case Studies

May 28, 2024

1:00 PM - 2:00 PM

“Follow all these vague best practices, otherwise bad things might happen.” That sums up most security-related webinars. Here is something different. In this webinar, BugProve presents 3 vulnerabilities in embedded products.

Let’s take 3 real and recent examples, and check:

What problem was detected and how?
What did the remediation process look like?
How was it fixed?
What can be done to prevent such from happening?

Who is this webinar for?

Product Owners at embedded manufacturing companies
Embedded developers working on the firmware level
Security Researchers and QA who test such products

The 3 case studies selected:

CVE-2022-24942 in Silicon Labs Gecko SDK
CVE-2023-3959 in Zavio IP cameras
CVE-2023-31070 in Broadcom BCM47xx SDK

Our cases in finding vulnerabilities in embedded products highlight the need for real security over just meeting compliance standards. Regulations help steer the industry toward better security practices, but the goal is to have products free of vulnerabilities, not just compliant.

The case of CVE-2023-31070 will shed light on the challenges within the IoT supply chain. We discuss how IoT devices often rely on software kits that may not prioritize security, highlighting the risks involved when these kits are used "as is" without regular updates or security checks. This points to a broader issue in the tech industry: the need for ongoing, proactive security management to maintain and protect IoT devices over their lifespan.

The session will also touch on the significant disparity between the time spent discovering these issues versus the time and resources needed for manufacturers to address them, emphasizing the critical need for proactive security efforts.

We conclude with strategic recommendations for manufacturers to boost their product security and prevent similar vulnerabilities. This presentation aims to provide valuable insights into embedded product security and inspire more robust security practices within the IoT sector, making it particularly relevant for business leaders looking to understand and mitigate risks in their tech operations.

Our speaker:

Attila Szasz, CEO of Bugprove, a cybersecurity startup, has 10+ years of expertise. He discovered his passion for programming as a child and found his first Chrome vulnerability at 19. With vast experience in penetration testing and public speaking, Attila shares IoT security insights, trends, and automation solutions.

Watch the webinar on-demand today!

Speakers

Attila Szasz

Attila Szasz, CEO of Bugprove, a cybersecurity startup, has 10+ years of cybersecurity expertise.

Hosts

BugProve

BugProve offers an automated IoT firmware analysis tool to support security and compliance teams. Stay on top of supply chain risks and compliance needs. Get scan results within 5 minutes on known vulnerabilities, dependencies, and more. The 0-day engine lets security professionals spot new issues before others do.Combined with AI-driven remediation recommendations and one-click reporting, your company can save weeks during testing, and align product security and product development teams.