Date of the talk: 7 October 2016, 10h30-11h30, salle Petri/Turing
Analyzing thousands of firmware images and a few physical devices. What's next?There are many types of embedded systems, some are designed with security in mind, and others are not. This talk will make an overview of security problems that have been found with both large scale automated static analysis (within the firmware.re project) and with more focused and more manual dynamic analysis (using the Avatar project). Most of the devices we analyzed have a disappointing security level. I will then discuss what I think we can do about it and how. In particular, how can we make insecure devices more secure? A part of the solution clearly lies in an economic and engineering effort to but there are also probably some difficult research problems to solve in making security easier and cheaper.