Most embedded engineers rely on security patching and device hardening for their devices' security, and most people believe this is what should be done to ensure proper security for devices, but in fact, this is just not enough. In most cases, physical devices are left unprotected, exposed to security threats, and potential cyber-attacks. 
To understand the gap and what should be done we need to be able to see things from the attacker’s perspective.

This session will provide a unique view of the attacker's perspective on Zephyr’s based devices from former exploit/attack experts within the IDF Unit 8200. We will review the impossible task of identifying and mitigating all relevant vulnerabilities - and demonstrate the inadequacies in current IoT security practices focused on continuous patching, static analysis, encryption, and risk controls. We will also explain how attackers can easily evade such barriers, focusing on those that can make hardware security ineffective.

The session will also explore methods to achieve embedded, on-device runtime exploits protection to immunize devices from all underlying vulnerabilities, and provide zero-day protection for Zephyr-based devices.