Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities

via YouTube

Overview

Explore the intricacies of hardware reverse engineering and vulnerability exploitation in embedded systems through this comprehensive 40-minute conference talk from the Central Ohio InfoSec Summit 2016. Delve into the increasing importance of embedded device security testing, addressing the lack of standardized practices in the field. Learn about the risks associated with compromised hardware systems and compare network penetration tests to hardware security assessments. Follow a structured approach to hardware reverse engineering, covering pre-engagement interactions, intelligence gathering, threat modeling, vulnerability assessment, exploitation techniques, and post-exploitation strategies. Gain insights into developing proof-of-concept exploits, bypassing network controls, and conducting responsible disclosure. Discover the HRES-A process, a repeatable and measurable methodology for hardware security testing, and understand its significance in today's rapidly evolving landscape of embedded devices.

Syllabus

Intro
What is the focus of today's talk? Today we are talking about why reverse engineering of embedded hardware systems is an important part of a security program Discussion regarding current state of hardware embedded RE security testing We are discussing why your organization should invest time and resources into performing this work
Is embedded device security a new problem? No, but now the risk is increasing with the staggering number of new embedded devices being deployed in organizations
Problem - No Standards for Embedded RE Testing Has become a new service offering with many security consulting companies who also perform penetration testing services Work performed currently does not follow a defined standard for hardware reverse engineering
Network Penetration Tests vs Hardware Security Testing
What is the risk to your organization? When we look at the hardware security problem we tend to associate several risks to an organization if these systems are compromised They include
Defining the testing Process We feel that the community needs to define a standard on how to properly RE hardware and embedded devices.
Pre-Engagement Interactions First ensure that your legal department has reviewed your testing plan and given approval for testing of devices Establish Rules of Engagement and scope
Intelligence Gathering During this phase we will be gathering data regarding our device, the chips and any firmware on device. We will also need to document how the device looks prior to disassembly Spec sheet research and schematic download • Photograph device prior to and during disassembly
Phase 3: Threat Modeling Process This phase will help you narrow your testing focus by identifying potential targets This should include business process reviews, threat intel analysis, and threat capability analysis Which components pose greatest risks of being compromised
Vulnerability Assessment During this phase we will be testing both the hardware and software for potential vulnerabilities. This can include: Solder jumpers on board (as needed) - Extract data from flash chips (SPI, EEPROM, etc.)
Exploitation Physical Exploitation, Memory Exploitation Wireless Exploitation Management System Exploitation, and Destructive Exploitation will all be avenues of attack Develop Proof-of-Concept exploits against discovered vulnerabilities to demonstrate code execution and process redirection Bypass restrictions (firewall [Data Diodes] or IDS, access permissions, etc.) to show that network controls can be bypassed If push comes to show, assess creative exploit methods (social engineering) to demonstrate the insider threat
Post-Exploitation During this phase we will now be showing how exploiting the device could lead to further system compromise. Other areas of interest include data exfiltration network pivoting destruction of device, Dos. Some things to think about for this phase of testing • Code developed should enable persistent access to device Code developed should enable privilege escalation on device
Testing Report "Responsible Disclosure" should be performed for any O-day discovered in vendor
HRES-A Repeatable Measurable Process Based on what we have outlined and tested we feel this process is repeatable and measurable

Reviews

Start your review of Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.