Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers


View Recording

Thursday, August 22, 2019
11:00AM-12:00PM PDT
60 MINUTES, INCLUDING Q&A



Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers, by Sheila Ayelen Berta

Throughout the years, many studies have been published addressing different ways of backdooring devices by leveraging on their own hardware components. However, most of the existing work focuses on backdooring devices based on powerful microprocessors — such as ARM, Intel or AMD — instead of microcontrollers.

Is targeting microcontrollers worth the effort? Nowadays, they are responsible for controlling a wide range of interesting systems, e.g., physical security systems, car's ECUs, semaphores, elevators, sensors, critical components of industrial systems, some home appliances and even robots.

In this talk, it will be explained how microcontrollers can be backdoored too. After a quick review of basic knowledge about uC, we will dive into three different approaches to achieve payload injection, from basic to advanced techniques.

Guest Presenters:

Sheila Ayelen Berta

Sheila Ayelen Berta is an Information Security Specialist and Developer, who started at 12 years-old by herself. At the age of 15, she wrote her first book about Web Hacking, published by RedUSERS Editorial in several countries. Over the years, Sheila has discovered lots of vulnerabilities in popular web applications and software. She also has given courses of Hacking Techniques in universities and private institutes in Argentina.

Sheila currently works as Security Researcher who specializes in offensive techniques, reverse engineering and exploit writing. She is also a developer in ASM (microcontrollers and microprocessors x86/x64), C/C++, Golang and Python. Sheila is an international speaker who has spoken at important security conferences such as Black Hat Briefings, DEFCON 26, DEFCON 25 CHV, HITB, HackInParis, Ekoparty, IEEE ArgenCon, Hack.Lu, OWASP Latam Tour and others.

UpcomingEvents

ShowCoverage

 

StayConnected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.

 

Sustaining Partners

Accenture Carbon Black Cisco CrowdStrike ExtraHop Qualys Rapid7 Recorded Future SecurityScorecard ServiceNow Tenable