Top 5 'Hardware/Embedded' Talks From Black Hat Conference 2018 (USA)

Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)

(Source: Black Hat Conference USA 2018)

1) Software Attacks on Hardware Wallets

Speaker: Alyssa Milburn, Sergei Volokitin

In this research, we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by an attacker. The number of identified vulnerabilities in the hardware wallet show how software vulnerabilities in the TEE operating system can lead to a compromise of the memory isolation and a reveal of secrets of the OS and other user applications. Finally, based on the identified vulnerabilities an attack is proposed which allows anyone with only physical access to the hardware wallet to retrieve secret keys and data from the device. Additionally, a supply chain attack on a device allowing an attacker to bypass security features of the device and have full control of the installed wallets on the device.

>>Go To Presentation

2) TRITON: How it Disrupted Safety Systems and Changed the Threat L...

Speaker: Andrea Carcano, Marina Krotofil, Younes Dragoni

This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.

>> Go To Presentation

3) Screaming Channels: When Electromagnetic Side Channels Meet Radi...

Speaker: Aurélien Francillon, Giovanni Camurati, Marius Muench, Sebastian Poeplau, Tom Hayes

In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it's often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices.

>>Go To Presentation

4) GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

Speaker: Christopher Domas  

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

>>Go to Presentation

5) Wrangling with the Ghost: An Inside Story of Mitigating Speculat...

Speaker: Anders Fogh, Christopher Ertl, Matt Miller

n this presentation, we will describe Microsoft's approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the industry in a way not done previously. This team presentation between Microsoft and G DATA will provide a firsthand account of the engineering centric work done and the collaboration necessary to mitigate these issues. We will describe the taxonomy and framework we created which provided the industry foundation for reasoning about this new vulnerability class. This work built on the initial researcher reports and expanded into a larger understanding of the issues. Using this foundation, we will describe the mitigations that Microsoft developed and the impact they have on Spectre and Meltdown.

>>Go To Presentation

Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Views: 186

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform



CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service