Common Embedded Device Vulnerabilities Speaker: Rob Wood

Fault injection attacks, side-channel attacks, cryptographic attacks, and invasive silicon attacks are all well and good, but what about the security basics? You need to crawl before you can walk. This talk will discuss some of the most common vulnerabilities seen in embedded devices. We’ll touch only lightly on the network attack surface, as that is more commonly understood. Mostly we will discuss common failures in the hardware and low level firmware. These are the issues we see most frequently during security assessments of embedded devices. We’ll discuss how to find these issues, how one might exploit them if desired, and most importantly, how to mitigate them where possible. This talk will be suitable for embedded device hackers and builders alike.

Rob is also attending

2-Day Crypto Attacks and Defenses

Nov 26-Nov 27, 2018

Rob is also attending

2-Day Hacking the USB World with FaceDancer

Nov 28-Nov 29, 2018

About the speaker

Rob Wood
NCC Group
Rob Wood is the Practice Director for the Hardware and Embedded Security Services practice at NCC Group. His career in embedded devices spans 17 years, having worked at both BlackBerry and Motorola Mobility in roles focussed on embedded software development, product firmware and hardware security, and supply chain security. Rob is an experienced firmware developer with extensive security architecture experience. His specialty is in designing, building, and reviewing products to push the security boundaries deeper into the firmware, hardware, and supply chain. He is most comfortable working with the software layers deep in the bowels of the system, well below userland, where the lines between hardware and software begin to blur. This includes things like the bootloaders, kernel, device drivers, firmware, baseband, trusted execution environments, debug and development tools, factory and repair tools, and all the processes that surround them. Rob has built and managed three hardware security labs with varying budgets and levels of capabilities. These labs produced a number of projects including leading-edge security research, product security assessments, and security incident response. Capabilities have included circuit and component level testing and assessments, silicon device failure analysis (with outside help), factory and repair process/tool/system security and incident response.

See this talk

If you want to see this talk, please register for one of our training classes.

List of Trainings and Registration