Security Like It’s 1996: Foundational Techniques for Assessing and Manipulating Embedded Devices

May 15, 2019 10:00 AM

We all know there are a boatload of embedded OS devices down at levels 0-2, and I'm sure we all would agree that these devices are ‘insecure' though what does that mean, practically? How might an adversary assess and attack a device, plus how does the approach differ from more traditional computer or network-based attack vectors? Just how sophisticated does one need to be to execute attacks against run of the mill embedded systems? With this talk, we will review a methodology for assessing the security of embedded devices and demonstrate a variety of foundational techniques that an attacker may leverage to weaponize or otherwise manipulate that device. We will outline how to identify and prioritize integrated circuit components, how to find and process data sheets to determine pins, how to perform a memory dump at rest and sniff a bitstream in motion across a bus as well as utilize techniques like string and entropy analysis to find hidden gems in the firmware.

Speaker Information

Panelist Information

Michael Schroeder

3 Territory Solutions

Mike is an industry leader / champion in the visioning and functional implementation of cybersecurity for Facility-Related Control Systems, Medical Devices, IOT, ICS, and all things generally dubbed “OT” within industry and the DoD. He has worked for years to bring awareness, de-conflict policies and guidance developed in silos and make things easier for practical, cost effective implementations of cybersecurity within OT environments.