The Tao of Hardware the Te of Implants

Black Hat USA 2016

Presented by: Joe FitzPatrick
Date: Thursday August 04, 2016
Time: 11:00 - 11:50
Location: South Seas GH

Embedded, IOT, and ICS devices tend to be things we can pick up, see, and touch. They're designed for nontechnical users who think of them as immutable hardware devices. Even software security experts, at some point, consider hardware attacks out of scope. Thankfully, even though a handful of hardware manufacturers are making some basic efforts to harden devices, there's still plenty of cheap and easy ways to subvert hardware. The leaked ANT catalog validated that these cheap hardware attacks are worthwhile. The projects of the NSA Playset have explored what's possible in terms of cheap and easy DIY hardware implants, so I've continued to apply those same techniques to more embedded devices and industrial control systems. I'll show off a handful of simple hardware implants that can 1) Blindly escalate privilege using JTAG 2) Patch kernels via direct memory access on an embedded device without JTAG 3) Enable wireless control of the inputs and outputs of an off-the-shelf PLC 4) Hot-plug a malicious expansion module onto another PLC without even taking the system offline and 5) Subvert a system via a malicious display adapter. Some of these are new applications of previously published implants - others are brand new. I'll conclude with some potential design decisions that could reduce vulnerability to implants, as well as ways of protecting existing hardware systems from tampering.

Joe FitzPatrick

Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher athttps://SecuringHardware.com. Joe has spent over a decade working on low-levelsilicon debug, security validation, and penetration testing of CPUS, SOCs, andmicrocontrollers. He has spend the past 5 years developing and leadinghardware security related training, instructing hundreds of securityresearchers, pen testers, hardware validators worldwide. When not teachingApplied Physical Attacks on x86 Systems, Joe is busy developing new coursecontent or working on contributions to the NSA Playset and other misdirectedhardware projects, which he regularly presents at all sorts of funconferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats