Got To Glitch Them All: 10+ Years of War Stories Glitching Embedded and IoT Devices

Presented at DEF CON China 1.0 (2019), June 1, 2019, 3 p.m. (45 minutes).

Fault injection, also known as glitch attacks, is a hardware hacking technique that has been successfully used to attack all kind of targets for more than 20 years. However, most of the security experts ignore about its existence or understates its risks. With the recent decrease on the tooling cost required to perform fault injection, these type of attacks have become affordable for the masses. At the same time, the generalization of secure coding practices and the rise of the IoT devices based on small SoCs is increasing the interest on these and other hardware attacks, as quite often nowdays they are the only resort to attack some electronic devices.

In this talk, we tell our war stories about performing fault injection attacks on a wide variety of devices used by different industries. Our real stories - a compendium of more than 10 years of experience as hardware security analysts - will cover the full spectrum what fault injection is about. We will be talking about shooting lasers, breaking military grade cryptography, unblocking locked devices, revealing the deepest secrets hidden in the hardware and much more. But not everything is lost for your electronic devices! We will also talk about how you can protect your hardware and software against these powerful attacks.


Presenters:

  • Ramiro Pareja - Technical Leader, Riscure Security Lab China
    Ramiro Pareja is the technical leader of the Riscure security testing laboratory located in China. He has large experience on hardware security and he specializes on Embedded Systems and SoC security. In the last years, Ramiro has developed an interest and expertise in the automotive industry (embedded and connected technologies deployed in modern vehicles), applying fault injection and side channel attacks - very common in other markets like smartcards or content protection - to the automotive electronic systems. If it has chips, he can break it ;) www.riscure.com

Links:

Similar Presentations: