In Search of Lost Bytes: Hardware Implants and the Trouble with Supply Chains

Presented at Kernelcon 2020 Virtual, Unknown date/time (60 minutes)

Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency and, often overlooked, incalculable risks. There is a fine line between acceptable and irreconcilable risk, while some risks are mitigatable, others are not, and ignoring the facts has disproportionate consequences. This presentation will explore modern supply chain security risks through a technical deep dive of 5G infrastructure and the political battles surrounding it. However, a wider acknowledgment of the supply chain problem doesn’t make it go away. We need to understand the inherent hardware vulnerabilities exposed. Currently, confidence in hardware security relies too much implicit trust — overlooking serious threats. Assurance in this area is hard won, manual, and costly. To highlight this, several hardware implant techniques will be discussed, showcasing various attack methods as well as the point at which they are most likely to be exploited in a standard supply chain.

Presenters:

• Sophia d'Antoine - Hacker in Residence at NYU
  Sophia is the founder of Margin Research, based in New York City, and the Hacker in Residence at NYU. Previously she has served at the NSA as well as a commercial security company. She is an alumnus of RPI where she taught Modern Binary Exploitation and helped run RPISEC, the university CTF team. Sophia has spoken at over a dozen conferences worldwide on topics ranging from automated exploitation to information operations. Her current work focuses on finding novel solutions to unique security problems, software vulnerabilities, and information operations. She has co-authored policy papers on topics in offensive cyber including an [Executive Order and a Lawfare article](https://www.lawfareblog.com/risks-huawei-risk-mitigation) on the risks associated with Huawei 5G. [A mostly complete listing of conference talks and publications.](https://www.sophia.re/#pcs)

Links:

• https://www.youtube.com/watch?v=b5iQzJ5X-sQ
• https://www.youtube.com/watch?v=mc6yGExJuUc

Similar Presentations:

• Black Hat USA 2021 / Keynote: Supply Chain Infections and the Future of Contactless Deliveries
• Black Hat USA 2019 / The Enemy Within: Modern Supply Chain Attacks
• BSidesLV 2019 / Supply Chain Security