Abian Blome
Senior Key Expert for OT Security at Siemens
Abian works as Senior Key Expert for OT Security at Siemens. He has been a security researcher at Siemens for eight years with a focus on operational technology. Passionate about improving the state of security in the both, IT and OT environments, he has had the opportunity of looking under the hood of all kind of devices from many different industries. This has given him extensive knowledge on the intricacies of bugs and their root causes, and how they differ on different devices and systems.

Speech title: Fuzzing industrial devices: Implementing feedback driven fuzzing tests in an embedded world

In recent years one of the trends in the battle against memory corruption issues, problems that can quickly turn into security nightmares, has been the use of fuzzing. Especially with the rise of simple-to-use feedback fuzzers such as AFL, testing for not only security vulnerabilities, but all kind of issues that can lead to crashes or memory corruption through the use of fuzzing has been on the rise, not only thanks to the effort of Google in the open source community. However, most of the effort has been in the area of Linux programs where the source code is available. At Siemens we have been working on how to implement a system that can provide the same kind of tests on embedded devices with third party components where no source is available. This talk will detail what the unique challenges with regards to feedback fuzzing are when dealing with embedded devices and how we tackled them. By the end of the talk you will know what such a system could look like, what challenges you are likely to encounter, how you can tackle them and, most importantly, whether it is worth the effort.  
Back to main page