Endpoint Security
,
Events
,
Governance & Risk Management
Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat Modeling
IoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, making it easier to exploit them, said Dennis Giese, IoT security and privacy researcher. Manufacturers often rush products to market without proper security measures, leaving critical vulnerabilities unpatched.
See Also: Frost Radar™ on Healthcare IoT Security in the United States
“Teaching reverse engineering techniques to security engineers or to developers helps you to understand what your threat actually is, and it enables you to design threat models, way more efficiently, because most of the time, security engineers don’t have an idea what exactly is possible,” Giese said.
Companies underestimate how easily attackers can exploit IoT devices. Many assume breaking into these systems requires expensive tools and advanced skills but, in reality, attackers use simple, accessible methods to bypass security measures, Giese added.
In this video interview with Information Security Media Group at Nullcon Goa 2025, Giese also discussed:
- How attackers manipulate user-side applications to bypass security measures;
- Why CISOs must shift focus from reactive security testing to proactive risk management;
- The Ecovacs hack case study.
Giese is a seasoned IoT security and privacy researcher known for his expertise in reverse engineering and hardware security. His work has significantly advanced the understanding of vulnerabilities within embedded devices, particularly in consumer electronics like vacuum robots and smart locks.