Hacking hardware's (almost) always a good time, so we think you'll like today's trio of highlighted Briefings from Black Hat USA 2013, which all focus, in some way or other, on the hard stuff. Let the vulnerabilities roll.
Technologies don't get much more ubiquitous than NAND memory, which is used in just about every gadget going. But ubiquity rarely equals safety, as Josh "m0nk" Thomas will demonstrate in Hiding @ Depth: Exploring, Subverting, and Breaking NAND Flash Memory. Thomas will show how NAND hardware can be subverted to hide persisting files, opening the door to everything from basic malwares to full-on device bricking. He'll release two open-source Android tools, to both hide and reveal these hidden files, and explore the security implications of NAND's striking vulnerabilities. Think there's an easy fix? Unlikely. Come to the session for the full appraisal.
Windows 8's Secure Boot, based on UEFI 2.3.1's Secure Boot, marks a needed, long-in-coming step toward securing boot sequences against malware. But as ever, the devil is in the minute details, and it turns out that platform vendors are making certain mistakes that can completely undermine Secure Boot's intended protections. Join Intel's Yuriy Bulygin for A Tale of One Software Bypass of Windows 8 Secure Boot, in which he'll demo a full software bypass of Windows 8 Secure Boot and explain how these breaches could've been avoided, had the hardware vendors done things differently.
Cracking crypto is fun, but the high cost of relevant hardware can be a discouraging barrier to entry; not everyone can afford the fancy oscilloscopes used by researchers. But never fear. In Power Analysis Attacks for Cheapskates, Colin Flynn will show you how to create surprisingly advanced crypto-cracking systems that cost a few hundred dollars instead of a few thousand, and, as a bonus, can fit in your pocket. Flynn deploys open source technologies, from the capture board to the Python tools, so attendees will walk away with all the knowledge needed to put together their own low-cost power analysis labs.