We just released a new set of Firmware Security challenges focused on common vulnerabilities in embedded and IoT devices.
-
Debugged.c
Leaving JTAG or SWD enabled in production gives attackers with physical access a path to extract firmware, read memory, and reprogram the device. -
Device ID.c
Hardcoded credentials or device identifiers in firmware mean one extracted binary can put an entire product fleet at risk. -
Fail Open.c
Fail-open logic can keep systems running after errors while skipping security checks, letting attackers trigger faults to bypass protections. -
Firmware Upgrade.c
Firmware updates without proper authenticity checks let attackers install malicious or downgraded firmware and fully compromise the device. -
Secure Boot.c
Weak secure boot implementations that do not verify firmware break the chain of trust and allow arbitrary code execution at boot. -
Secure Logging.c
Without secure logging, attackers can tamper with or erase logs, hide malicious activity, and block effective incident investigation.
Limited-time access
Some of these challenges are free for a limited time in the Weekly Incident game: