Pilot Security team members speak at the 2019 Ekoparty security conference

Ryan Speers, CEO of Pilot Security was invited to speak at the 2019 Ekoparty security conference in Buenos Aires, Argentina in October 2019, where he presented “20 devices in 45 seconds: Automated Bug Hunting in IoT Devices”

This talk addressed several core themes of Ekoparty, as well as important trends in embedded device security. Security researchers tasked to review code or binaries often face too much attack surface to effectively analyze for bugs within limited timeframes. This talk presented how to not just do this work manually, but rather how to automate and scale both defensive and offensive firmware security. The Pilot Security team has automated parts of our vulnerability research workflows, and this Ekoparty talk demonstrated what is possible at scale.

This talk explained the fundamentals of program analysis as it relates to vulnerability discovery and demonstrated the discovery of new vulnerabilities, as well as ones that were previously found by manual analysis, in 20 IoT devices. Inspired by the theme of “20 Devices in 45 Minutes” by the exploitee.rs, this talk showed how to scale this type of work via program analysis techniques in Pilot Security. Attendees learned the importance of bug class patterns, variable range recovery, and information flow analysis as it relates to determining bug efficacy on embedded devices.

Recognizing the challenges faced in conducting security evaluations at scale, the talk concluded with recommendations on how both automated and augmented analysis will help empower firm to evaluate security issues effectively.

This talk can be viewed on YouTube here.

Pilot Security

Pilot Security is an advanced IoT / embedded security platform which enables security to be integrated into any phase of device development and deployment. By automating analytic techniques developed over a decade of manual reverse engineering, companies can understand the real risks and vulnerabilities in devices, get specific technical guidance on how to remediate them, and ultimately bring proactive security to our complex connected world.


Back to top ↑


Back to top ↑