Joe FitzPatrick
@securelyfitz
15+ years of hardware fun:
• silicon debug
• security research
• pen testing of CPUs
• security training
SecuringHardware.com:
• Applied Physical Attacks Training
• HardwareSecurity.Training
YES!
That's how they're made!
NO?
ECOs, updates and revisions guarantee that
YES?!
THEY ALL DO THESE DAYS
We still don't know!
Component Grafitti?
Should we trust anyone who says they do?
YES
YES
But that's not the quesiton
Expect lots of homebrew solutions at BH USA, DEFCON, and in upcoming PoC||GTFO
• Hardware vulnerability
• Software expliotable
• REAL response
They don't know they shouldn't.
You can look for it
That will distract you
All for money and disruption
Then why worry about 1M€ attacks?
How common is that attack?
Risk = vulnerability * exposure
Hardware Attacks are a real threat...
...respond to the threat, not the hype