Hristo Bojinov : 2009 Security Meeting


Thursday, April 16, 2009
Location: Fisher Conference Center, Arrillaga Alumni Center

"Embedded Management Interfaces: Emerging Massive Insecurity"


In this talk, we will cover the attack surface of embedded management interfaces and pinpoint which parts of them are the most likely to be vulnerable, based on our evaluation of more than a dozen device models from different categories. In particular, we will review known yet underestimated implementation shortcuts that lead to vulnerabilities. To illustrate each shortcut, we will describe real-world vulnerabilities that we have found and exploited in devices from Intel, Linksys, Lacie, Samsung, and Dell among others.


Hristo Bojinov is a PhD student at the Stanford Security Lab. Prior to joining the Computer Science PhD program at Stanford, Hristo worked in various software engineering and management positions at Oracle, Decru, and NetApp. He got his SB degree in Computer Science and Engineering at MIT.