is harder than software
costs more to develop
is riskier to deploy
just doesn't scale
10k Hosts in the park
10k hardware implants? No way!
10k unique 0days? Of course not!
1 or more 0days that deliver a software payload that propagates internally?
Now we're talking!
1 or more Hardware Implants that deliver a software payload that propagates internally?
Why Not?
hardware
delights havesoftware
ends!multiple hops through different systems
vs.
targeted hardware implant
You don't need to be a nation state target to be a hardware attack victim!
use Physical Access to *inform* the software attack
Hardware attacks are not difficult
Physical access is not a high barrier
Everyone is vulnerable to malicious hardware