Applied Physical Attacks on Embedded and IoT Systems (Day 1)

Presented at Kiwicon 2038AD: The Dystopic Future is Now (2018), Nov. 13, 2018, 9 a.m. (480 minutes).

This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells Course Outline Part 1: UART Background: UART History, Architecture, and Uses UART Lab 1: Connecting to a known UART UART Lab 2: Identifying and analyzing an unknown UART UART Lab 3: Escalating and persisting UART privilege Part 2: JTAG Background: JTAG History and Purpose JTAG Lab 1: Hardware and Software Setup JTAG Lab 2: Escalating Privilege via Kernel JTAG Lab 3: Escalating Privilege via a Process Part 3: SPI Background: Flash storage and the SPI interface SPI Lab 1: Accessing Flash from software SPI Lab 2: Sniffing and Parsing SPI SPI Lab 3: Dumping SPI from Hardware SPI Lab 4: Firmware Analysis Part 4: Firmware Background: More types of Flash, Storage, and Firmware Firmware Lab 1: Dumping Firmware from Software Firmware Lab 2: Manipulating firmware images Firmware Lab 3: Finding software bugs in firmware Prerequisites No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required. Familiarity with a Linux command line and a console text editor strongly recommended.

Presenters:

  • Joe FitzPatrick / @securelyfitz as Joe FitzPatrick
    Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

Similar Presentations: