Skip to content

Details

This Saturday, June 27th 2026 our group DCG518 is getting together to present:
The Ghost in the IoT Machine, Extracting, Analyzing, and Defending the Hidden Layer of IoT Security.

How many of you have a smart device at home that you've never updated? How many of you trust it anyway? We are going to talk about why that trust may be misplaced and why firmware is often where that trust is won or lost. When most people think about IoT security, they think about weak passwords, exposed web interfaces, or vulnerable mobile applications. Those issues certainly matter, but they're often symptoms rather than root causes.

This presentation is going to focus on a deeper layer of trust: firmware. Every smart camera, smart lock, smart thermostat, industrial controller, router, medical device, and connected appliance is ultimately only as trustworthy as the firmware running inside it.

Firmware sits between hardware and software. It controls how a device boots, how it communicates, what security controls are enforced, and ultimately who controls the device. If an attacker gains the ability to analyze, modify, or replace firmware, they can often bypass every security mechanism built on top of it.

Over the past decade we've seen countless examples of insecure update mechanisms, exposed debug interfaces, hardcoded credentials, unsigned firmware images, and supply-chain weaknesses that have turned embedded devices into attractive targets. Whether we're talking about consumer smart-home products, industrial controllers, network appliances, or medical devices, the same question continues to surface:
Can we trust the code running on the device?

In this presentation, we'll examine how security researchers approach firmware extraction and analysis, how firmware tampering can be identified, what types of persistence mechanisms and unauthorized modifications attackers seek to introduce, and most importantly, how organizations can defend against these threats through secure design, validation, and monitoring.
The goal isn't simply to understand how firmware can be manipulated. The goal is to understand why firmware remains one of the most critical and frequently overlooked security boundaries in modern connected systems.

  • For more DEFCON DCG518 Group information and updates, check our site https://dc518.github.io/
  • Doors open at 2:00pm for social hang out. The presentation starts sharp at 3pm. The Tech Valley center of Gravity is located at 30 3rd Street, Troy, New York 12180.
  • This event is free and open to all the community. No attendee limits.

Everyone is welcome!

Related topics

Events in Troy, NY
Cybersecurity
Knowledge Sharing
Hardware Hacking and Reverse Engineering
Information Security
Hackers and Makers

You may also like