Unveiling IoT Vulns: From Backdoors to Bureaucracy
Kai-Ching Wang, Chiao-Lin Yu
DEF CON 33 · Day 1 · Main Stage
This talk by Kai-Ching Wang and Chiao-Lin Yu, seasoned security researchers from Trend Micro and CHT Security in Taiwan, delves into the often-overlooked realm of manufacturer-created backdoors and inherent vulnerabilities within Internet of Things (IoT) devices. Moving beyond conventional hacking narratives, the presentation illuminates how many IoT devices ship with pre-existing, hidden access points, rendering traditional external attack mitigation insufficient. The speakers emphasize that these backdoors are not the result of malicious external actors but rather stem from debug features, legacy code, internal access mechanisms, or flawed update processes left behind by manufacturers.
AI review
Competent IoT firmware research with genuine legwork behind it — 30+ devices, 50+ CVEs, real methodology — but nothing here redefines the space. The disclosure dysfunction narrative is the more interesting contribution, though it's undercut by a format that reads more like a survey than a surgical dissection of any single vulnerability class.