Home > On-Demand Archives > Q&A Sessions >
Live Q&A - The $5 Wrench: Realistic Embedded Security Threats
Colin O'Flynn - Watch Now - Duration: 19:41
Live Q&A with Colin O'Flynn for the talk titled The $5 Wrench: Realistic Embedded Security Threats
andrei
Score: 0 | 3 years ago | no reply
DS
Score: 0 | 3 years ago | no reply
Thank you for a very interesting presentation. I'm looking forward to checking out your book when it is available.
Khaled
Score: 0 | 3 years ago | no reply
Great talk, thank you Mr Colin.
11:41:43 From Leandro Pérez : Your talk was very interesting... How I can start to learn o understand all the concepts to protect an embedded system? The only that I applied is code flash protect fuse... but I'm not sure how can improve that.. How can I start to learn the concepts? 11:42:24 From Chris : Fascinating! I so want to learn more! 11:43:26 From enrico : What are some ways (as either hw or sw dev) to circumvent a glitch attack ? 11:46:20 From Keith J : Great presentation. Scary actually. Seeing how systems are vulnerable is good. But, the solutions are the hard part. Thank you Colin. 11:47:47 From Thomas LeMense : Can the source code for the Infineon AURIX MCU EMC exposure test be shared? It would be helpful to see what fault handling mechanisms were enabled (or not) in that particular example. (full disclosure: I am an applications engineer working for Infineon) 11:47:59 From Josh : It's also worth noting it's not about *perfect security* - you'll never be completely secure and claiming so will just make you a target - you just have to be *secure enough* to make it not worth attacking - in other words, you don't have to outrun the *bear*, just the other guy you're with :p 11:51:47 From Mark Z : Do you have a set of a guidelines that you use for safe coding? An example guideline might be "Compare secret strings in constant time". 11:51:48 From enrico : TAKE MY MONEY 11:52:39 From Thomas LeMense : sorry, my mistake - I saw the Infineon logo on a chip on the red eval board ;-) 11:53:04 From enrico : Colin - preferred RE tool - IDA or Ghidra and why ? 11:54:21 From Colin O'Flynn : https://www.riscure.com/uploads/2018/11/201708_Riscure_Whitepaper_Side_Channel_Patterns.pdf 11:55:51 From Mark Z : Cool Thank You! In the past I've used something similar to this:https://github.com/veorq/cryptocoding 11:56:35 From Colin O'Flynn : Here was the book (for when it's availbe) - https://nostarch.com/hardwarehacking 11:57:11 From Leandro Pérez : Yes good lab 11:58:53 From Rhonda : When is your book coming out? 11:59:11 From Leandro Pérez : lol 11:59:19 From patelk5 : Better than George RR Martin 11:59:32 From Leandro Pérez : Thanks Colin 11:59:34 From Gerhard : Thanks! 11:59:39 From Tom.Davies : Thank you Colin 11:59:45 From Rhonda : Great Talk! 11:59:46 From Gustavo : Thanks! 11:59:49 From Chris : Thanks Colin! 11:59:53 From patelk5 : Thanks! 12:00:19 From Keith J : Thank you Colin. 12:00:45 From Mikael Albertsson : Thanks Colin, great talk!
Very nice overview on such a complex topic. I'd say that when it comes to bluetooth, there's a lot of bad reputation, even though most of the time, the bluetooth users (I.e. app level, end products) are basically buying the wrench and using it on themselves:)