Ripple20- Reverse Engineering Archeology

Share on linkedin
Share on twitter
Share on facebook
Share on reddit
Share on telegram

Ripple20- Reverse Engineering Archeology

On September 8th, 2020, JSOF’s security researchers Shlomi Oberman, Moshe Kol and Ariel Schön presented the talk “Reverse Engineering Archeology: Multiple Devices, Multiple Versions” at the CONfidence 2020 infosec conference.

CONFidence is an international infosecurity conference originated in 2005 in Poland. The September 2020 edition has been the 19th edition of CONFidence.

JSOF’s session focused on the original research process used to identify and pinpoint the Ripple20 vulnerabilities, their variants, and some attempts to piece together the historical timeline showing how the original software library changed over time.

This was a complex process of reverse engineering multiple devices simultaneously (7 in total!), working in parallel on many different levels.

In this session we described how we reverse engineered the devices simultaneously, using comparative techniques to confirm each point. We explained an interesting outcome of the supply chain ripple effect, and how it is now possible to find a vulnerability affecting hundreds of devices for near zero effort.

The full presentation is available for download.

Want to see us in action, explaining the entire process? Join one of our future (virtual) sessions.

Get the full Reverse Engineering Archeology presentation HERE

Get our posts to your Email

Subscribe to our mailing list