#IICSG2018 Conference Deep-Tech Track
Day 1 (24 May 2018)
1.00pm—1.45pm
@ Stamford Ballroom (Olivia)
Abstract
Hardware attacks are too difficult. Physical access is too high a barrier for most attackers. Only nation-states and their victims need to worry about malicious hardware.
We're quick to dismiss hardware attacks, but why? At this point, we hardly understand them, which might be causing a blind spot in our view of realistic threats.
I'll start with the anatomy of hardware attack, which we'll quickly see in a broad umbrella term, including physical attacks, hardware logic attacks, software-enabled hardware attacks — all the way up to hardware-informed attacks. Next, we'll see a few examples of how this whole range of attacks can be used for simple pranks, pentests, red team engagements or nation-state campaigns. Finally, we'll get to the reason this all matters — how these attacks can be used in an effective and scalable manner. I'll show several examples of how small, simple, or inexpensive devices can be the first link in a chain of attack that wreaks havoc on an entire system.
Hopefully, you'll come away realising that hardware attacks are not difficult, physical access is not a very high barrier, and everyone is vulnerable to malicious hardware.
About Joe FitzPatrick
Joe FitzPatrick (@securityfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.