Using this tool, we found more than 180 unique vulnerable OEM device candidates from over 50,000 IoT device images, which we had collected from EC websites. Furthermore, we analyzed the latest firmware image of some of these OEM device candidates, which are distributed by the OEM vendor (not OEM suppliers), and confirmed that the devices detected by the tool are indeed an OEM device. Moreover, we also found that the OEM firmware images are still vulnerable.

By Asuka Nakajima

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...