Рет қаралды 902
Presentation slides from the talk: bit.ly/FirmlyRootedinHardware
Talk Title:
---------------
Firmly Rooted in Hardware: Practical protection from firmware attacks in hardware supply chain
Talk Abstract:
---------------------
This talk reviews the practical risk from supply chain attacks, with a focus on those that may impact firmware integrity, either through hardware implants or other threats to firmware during manufacturing, provisioning, or deployment. Fresh styles and latest trends in hardware backdoors rarely make the news, with a few exceptions - such as the recent discovery of the CIA backdoor in Crypto AG Ciphering Machines. To remedy this, we review several newly documented types of attacks against trusted platform modules and system buses, which may compromise firmware integrity. We look at new methods being researched to detect these attacks and present a new tool as well as practical steps that engineers, product designers, and firms can use to both prevent supply chain attacks against firmware and automatically scan for these attacks.
About Speaker:
------------------------
Sophia d'Antoine has spoken at many global security conferences worldwide, including RECon Montreal, Blackhat, and CanSecWest on topics from automated exploitation, program analysis, machine learning, and hardware hacking. Her keynotes have included topics such as exploiting hardware CPU optimizations. She currently sits on the program committee for Usenix WOOT and has been on multiple peer review panels in the past (www.sophia.re). Her current work involves research and discovery of vulnerabilities in a spectrum of targets. In the past, she has worked extensively on embedded devices, surveillance equipment, SCADA systems, and unique architectures. Additionally, she is the "Hacker in Residence" at NYU and enjoys assisting in hosting CTFs and other hacking competitions. A graduate of Rensselaer Polytechnic Institute (RPI), Sophia earned her MS and BS in 2015 after completing her Master's thesis under Dr. Bülent Yener on exploiting CPU optimizations. While at RPI, Sophia helped create and teach RPISEC's Modern Binary Exploitation class as well as other training courses for topics such as malware reverse engineering.
#Hardware #Firmware #Security
----------------------------------------------------------------------------------
Website: hardwear.io
Twitter: / hardwear_io
Facebook: / hardwear.io
LinkedIn: / hardwear.io-hardwarese...
Instagram: / hardwear.io
KZbin: / @hardweario
-------------------------------------------------------------------------------------