15+ years of hardware fun:
• silicon debug
• security research
• pen testing of CPUs
• security training
• Applied Physical Attacks Training
That's how they're made!
ECOs, updates and revisions guarantee that
THEY ALL DO THESE DAYS
We still don't know!
Should we trust anyone who says they do?
But that's not the quesiton
Expect lots of homebrew solutions at BH USA, DEFCON, and in upcoming PoC||GTFO
• Hardware vulnerability
• Software expliotable
• REAL response
They don't know they shouldn't.
You can look for it
That will distract you
All for money and disruption
Then why worry about 1M€ attacks?
How common is that attack?
Risk = vulnerability * exposure
Hardware Attacks are a real threat...
...respond to the threat, not the hype