Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore a critical cybersecurity vulnerability in the IoT supply chain through this 23-minute DEF CON 33 conference talk. Investigate how major retailers handle returned IoT devices and discover alarming gaps in firmware sanitization practices that could enable mass surveillance, botnet propagation, and persistent backdoors. Learn about groundbreaking research involving the purchase, modification, and return of commercial IoT devices embedded with custom firmware callbacks to test whether retailers properly reset devices before resale. Examine real-world findings that reveal inconsistent sanitization policies across major retailers, with some failing to wipe and reflash firmware completely. Understand how these firmware persistence vulnerabilities create new attack vectors that threat actors could exploit to build persistent IoT botnets, deploy data-exfiltration implants, or establish unauthorized surveillance networks. Gain insights into practical mitigation strategies for manufacturers, retailers, and consumers to address these supply chain security risks and protect against IoT-based attacks that leverage returned device vulnerabilities.
