15+ years of hardware fun:
• silicon debug
• security research
• pen testing of CPUs
• security training
• Applied Physical Attacks Training
is harder than software
has longer development cycles
gets fewer development iterations
has real tangible costs
are riskier to deploy
have nonzero risk of bricking
just don't scale
Ignorance to hardware vulnerabilities
General laziness (aka efficiency)
Massive *percieved* barrier to entry
Off the shelf tools
explicit trust in hardware
You don't need to be a nation state target
to be a hardware attack victim!
multiple hops through different systems
targeted hardware implant
Malicious hardware device
Malicious firmware on exsiting device
Malicious payload on a normal device
Malicious electrical attacks
You'll learn more than you expect
It's running 2.5 to 8GHz
It's locked up inside your PC
It's not like hooking wires up to a parallel port!
It automatically connects and negotiates
It has LOTS of error checking/correction
FPGAs can do it out-of-the-box*
Thunderbolt can do it too!
1. Connect everything inside your PC
2. Lock it in a box
3. Call it secure...
Think about 386 paged memory.
Think about embedded graphics.
Think about IP blocks on an SOC.
Hot swap predates thunderbolt.
Even systems that don't support hot swap - support hot swap
Hardware attacks are not difficult
Software can access hardware!
Physical access is not a high barrier
You don't need malicious hardware to have a hardware attack!
Software is just the tip of the iceberg.
Don't ingore the hardware underneath!