15+ years of hardware fun:
• silicon debug
• security research
• pen testing of CPUs
• security training
• Applied Physical Attacks Training
is harder than software
has longer development cycles
gets fewer development iterations
has real tangible costs
are riskier to deploy
have nonzero risk of bricking
just don't scale
Ignorance to hardware vulnerabilities
General laziness (aka efficiency)
Massive *percieved* barrier to entry
Malicious hardware device
Malicious firmware on exsiting device
Malicious payload on a normal device
Malicious electrical attacks
You'll learn more than you expect
It's running 2.5 to 8GHz
It's locked up inside your PC
It's not like hooking wires up to a parallel port!
It automatically connects and negotiates
It has LOTS of error checking/correction
FPGAs can do it out-of-the-box*
Thunderbolt can do it too!
1. Connect everything inside your PC
2. Lock it in a box
3. Call it secure...
Think about 386 paged memory.
Think about embedded graphics.
Think about IP blocks on an SOC.
Hot swap predates thunderbolt.
Even systems that don't support hot swap - support hot swap
Is an issue 'fixed' or is it just remediated?
If something seems too hard - try a different approach.
Step 1: Use Physical Access for a Hardware attack
Step 2: Use Hardware to escalate software privilege
Step 3: Use software privilege to do all that dirty work
Is there someone who can help me with the hardware?
Is there someone I can help with the software?
You DON'T need to do it all!
A little bit goes a long way (for now)
Keep your expectations realistic
Get help and share what you find!