Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in the consumer IoT supply chain through this 29-minute DEF CON 33 conference talk that investigates firmware persistence in returned commercial devices. Learn how researchers purchased IoT devices, modified them with custom firmware containing callback mechanisms, returned them to major retailers, and later repurchased the same devices to test whether proper firmware sanitization occurred. Discover the alarming findings that reveal inconsistent retailer policies, with some major retailers failing to properly wipe and reflash firmware before reselling returned products. Examine real-world examples of persistent firmware modifications and understand how these sanitization failures create new attack vectors for mass surveillance, botnet propagation, and backdoor persistence at scale. Gain insights into the potential for IoT-based supply chain attacks and explore practical mitigation strategies for manufacturers, retailers, and consumers to address this overlooked risk in the rapidly expanding IoT ecosystem.
