Security
Exploring Security Problems in Hardware Devices
Most users treat a hardware solution as an inherently trusted black box. “If it’s hardware, it must be secure,” they say. This presentation explores a number of classic, historical security problems with hardware products, including access to stored data, privilege escalation, spoofing, and man-in-the-middle attacks. Technologies commonly used in the network and computer security industries are examined, including access control, authentication tokens, and network appliances. Some of the devices mentioned in this presentation have since been updated to prevent the discussed attacks. [ continue ]
Understanding Hardware Security
This presentation serves as an introduction to embedded security. Designing offensively may be your best protection against attack, so we discuss how to reduce the number of vulnerabilities in your hardware designs and how to evaluate the threats against your products. [ continue ]
A Commentary on Adopting Security Technologies
We, as a population, have become so dependent on technology that we often forget the major risks associated with using it. This commentary discusses the problem as it relates to the computer security industry and examines the need for proper understanding, scrutiny, and testing of new security technologies before they are released into a live environment. [ continue ]
Advanced Hardware Hacking Techniques
This presentation looks at advanced hardware hacking and reverse engineering techniques. We’ll examine the steps taken by designers to incorporate security into their hardware products and then discuss ways to attack them. [ continue ]
A Historical Look at Hardware Token Compromises
This presentation examines the details behind successful hardware attacks of early authentication tokens: two USB devices and one iButton device. We’ll be looking at the methods used to compromise the devices and gain access to private data stored on them without having legitimate credentials. Our attacks were based on an approach of using only common, off-the-shelf tools, yet we still succeeded in defeating the security features. Both USB devices have since been updated to prevent the attacks mentioned in this presentation. While learning from history is important to avoid repeating the same design mistakes, we’ll also look at some of the newer authentication tokens and hypothesize about potential attacks. [ continue ]