Nicholas Cerne, Security Consultant at Bishop Fox, takes the stage at OWASP Global AppSec USA 2025 to reveal what really happens when researchers dig into the internals of everyday smart devices — and uncover zero-day vulnerabilities hiding beneath the plastic.

For full details, visit the conference website: OWASP Global AppSec USA 2025.

"Peeling Back the Plastic: Finding 0-Days in IoT Devices"

Speaker: Nicholas Cerne, Security Consultant

Date/Time: Friday, November 7, 2025 | 10:30–11:15 a.m. EST

Location: Supreme Court Room

Abstract:

As smart home technology becomes increasingly mainstream, the market has seen a surge in low-cost IoT devices flooding platforms like Amazon. Many of these products are backed by lesser-known manufacturers — often overseas — that prioritize rapid deployment and market share over security and long-term support. This trend has led to a growing number of insecure devices being integrated into home networks, exposing users to significant privacy and security risks.

This presentation will cover getting into IoT security research, and lead up to a discussion of new zero day vulnerabilities that have been responsibly disclosed from prior research. Additionally, the session will touch on introductory practical testing techniques that can uncover critical 0-day vulnerabilities in these devices. We’ll walk through introductory methods for analyzing firmware, hardware, and corresponding mobile applications, then bridge the gap into real-world 0-day vulnerability discovery. Additionally, the talk will cover how device-centric research can reveal API vulnerabilities which are invisible to traditional web-focused assessments.