@barsteward
After around 15 years of working on embedded systems, including writing ROM based secure bootloaders, I switched hats; now I try to ruin other people's release schedules by exploiting the security goals of microcontrollers, primarily using non-invasive physical attacks.
Session
Embedded systems are everywhere, automating more and more of our everyday lives. Our cars, phones, games consoles, industrial controllers and IoT devices increasingly require security mechanisms to protect their security configurations, and in some cases, stored secrets, such as cryptographic keys, debug/flash protection access mechanisms, firmware images, and AI models. For a long time, local, physical attacks on general purpose microcontrollers were considered out of scope during threat analysis, but the increase in value of breaking the device security protections, the decrease in cost of the attacks, and the increase in awareness of such attacks, means that we’re in a transitional state regarding protection against fault-injection.