Nothing is Safe: An Introduction to Hardware (In)Security
Nathan J
nathancharlesjonesTrack two is in Jupiter Original
In much the same way that no lockbox is permanently safe when left in a room with a determined and skilled lockpicker, no electronic device is ever truly safe when left with a determined and skilled hardware hacker. Password protections can be bypassed with techniques such as voltage glitching (or even simpler ones such as a timing analysis!), but they may not enter a project’s threat model if the engineers on that project don’t know they exist. The objective of this talk is to bring awareness to the current suite of techniques a person has at their disposal to reverse engineer or otherwise "hack" an electronic device if they can hold it in their hands and probe it on their workbench.
The techniques discussed will include "easy" ones (such as the password timing analysis mentioned above and probing unencrypted, on-board signal lines), "medium" ones (such as clock- and voltage-glitching), and "hard" ones (such as differential power analysis and chip de-capping). Mitigation strategies will be briefly discussed at the end (so as to not end on a sour note!), though this is not the main objective of the talk.
About the Speaker
Nathan Jones is an embedded systems engineer and educator focused on understanding how low-level systems behave and how they fail. His work explores the boundary between hardware and firmware, including debugging, firmware development, and practical embedded security considerations. He is a frequent contributor to DigiKey and EmbeddedRelated, where he writes on topics including microcontroller architecture, debugging techniques, and practical embedded system design.
Nathan has spoken at the Embedded Online Conference, Hackaday Superconference, the Embedded Systems Summit, JawnCon, and Teardown. He lives in Tennessee with his wife, two children, and one black cat.