The Teridian 8051 based chips are found in a variety of places in daily life, from the smart energy grid to smart cards and pin-pads. While the most prominent placement in the US is currently the metrology and power measurement side of a smart meters, the 8051 core is ubiquitous in embedded devices. They are additionally found in power distribution automation (the backend power shoveling inside your utility) and home automation (monitoring energy usage and changing configuration of appliances and similar in the home).
The Teridian System-on-a-Chip platform wraps a complete system around a modified 8051 core, with additional features for chip security to block debug functionality and external access to memory. Additionally, the Harvard architecture design sets relatively rigid barriers between code and data (as opposed to x86/64), which presents an unintentional security barrier, somewhat similar to robust hardware DEP on x86/64 platforms.
In this talk, we will quickly cover architecture and system overviews, then dive into exploitation scenarios with techniques to attack Harvard architecture systems and code security implementations. End state results include pathways to gain coveted binary images of firmware and resident code execution.