Looking for Malicious Hardware Implants with Minimal Equipment

Presented at ShmooCon XV (2019), Jan. 20, 2019, 10 a.m. (60 minutes).

We’ve all seen a lot of hype about malicious hardware and hardware implants this year. Not much came of it–except that now everyone wants to know if they might be affected or whether they have a chance to see a unicorn. I show my own process for finding unexpected features in hardware with little more than my soldering iron, discuss the use of some more advanced tools, and show what I’m looking for. Then, I’ll lay out my working general threat model for hardware security and conclude that scrappy, observant hackers can make life difficult for even advanced threat actors in this space.


Presenters:

  • Falcon Darkstar Momot as Falcon Darkstar
    Falcon (@FalconDarkstar) is a senior security consultant at Leviathan Security Group. He builds sub-Turing switching hardware for Shadytel and is still working on an M. Sc. at Athabasca University.

Links:

Similar Presentations: