Security
Understanding Hardware Security
This presentation serves as an introduction to embedded security. Designing offensively may be your best protection against attack, so we discuss how to reduce the number of vulnerabilities in your hardware designs and how to evaluate the threats against your products. [ continue ]
A Commentary on Adopting Security Technologies
We, as a population, have become so dependent on technology that we often forget the major risks associated with using it. This commentary discusses the problem as it relates to the computer security industry and examines the need for proper understanding, scrutiny, and testing of new security technologies before they are released into a live environment. [ continue ]
Advanced Hardware Hacking Techniques
This presentation looks at advanced hardware hacking and reverse engineering techniques. We’ll examine the steps taken by designers to incorporate security into their hardware products and then discuss ways to attack them. [ continue ]
A Historical Look at Hardware Token Compromises
This presentation examines the details behind successful hardware attacks of early authentication tokens: two USB devices and one iButton device. We’ll be looking at the methods used to compromise the devices and gain access to private data stored on them without having legitimate credentials. Our attacks were based on an approach of using only common, off-the-shelf tools, yet we still succeeded in defeating the security features. Both USB devices have since been updated to prevent the attacks mentioned in this presentation. While learning from history is important to avoid repeating the same design mistakes, we’ll also look at some of the newer authentication tokens and hypothesize about potential attacks. [ continue ]
Mobile Device Insecurity
This presentation serves as an introduction into the classes of security problems in mobile devices, including system password retrieval, debugging modes, and synchronization interfaces of Palm, Pocket PC, and Psion/Symbian platforms. Attack vectors and malicious code risks are examined, as are key recommendations for securing mobile devices in the face of these problems. [ continue ]