Remote code execution via MIDI messages

Name: Remote code execution via MIDI messages
Description: Anna Antonenko — a firmware developer at Flipper Devices who describes herself as a "decent forward engineer but not a great reverse engineer" — presents the discovery of what she characterizes as a b

Anna Antonenko

DEF CON 33 · Day 2 · Main Stage

Anna Antonenko — a firmware developer at Flipper Devices who describes herself as a "decent forward engineer but not a great reverse engineer" — presents the discovery of what she characterizes as a b

AI review

Backdoor — not vulnerability, backdoor — in Yamaha audio equipment triggerable via MIDI SysEx messages, no authentication, network or USB attack surface. A firmware developer who found it by accident and had the tenacity to reverse-engineer it despite limited RE skills. The unexpected attack surface angle is the headline.

Watch on YouTube