Home > On-Demand Archives > Q&A Sessions >

Live Q&A - The $5 Wrench: Realistic Embedded Security Threats

Colin O'Flynn - Watch Now - EOC 2021 - Duration: 19:41

Live Q&A with Colin O'Flynn for the talk titled The $5 Wrench: Realistic Embedded Security Threats
M↓ MARKDOWN HELP
italicssurround text with
*asterisks*
boldsurround text with
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with
`backticks`
strikethroughsurround text with
~~two tilde characters~~
quote
prefix with
>

andrei
Score: 0 | 4 years ago | no reply

Very nice overview on such a complex topic. I'd say that when it comes to bluetooth, there's a lot of bad reputation, even though most of the time, the bluetooth users (I.e. app level, end products) are basically buying the wrench and using it on themselves:)

DS
Score: 0 | 4 years ago | no reply

Thank you for a very interesting presentation. I'm looking forward to checking out your book when it is available.

Khaled
Score: 0 | 4 years ago | no reply

Great talk, thank you Mr Colin.

11:41:43	 From  Leandro Pérez : Your talk was very interesting... How I can start to learn o understand all the concepts to protect an embedded system? The only that I applied is code flash protect fuse... but I'm not sure how can improve that.. How can I start to learn the concepts?
11:42:24	 From  Chris : Fascinating! I so want to learn more!
11:43:26	 From  enrico : What are some ways (as either hw or sw dev) to circumvent a glitch attack ?
11:46:20	 From  Keith J : Great presentation.  Scary actually.  Seeing how systems are vulnerable is good.  But, the solutions are the hard part.  Thank you Colin.
11:47:47	 From  Thomas LeMense : Can the source code for the Infineon AURIX MCU EMC exposure test be shared? It would be helpful to see what fault handling mechanisms were enabled (or not) in that particular example. (full disclosure: I am an applications engineer working for Infineon)
11:47:59	 From  Josh : It's also worth noting it's not about *perfect security* - you'll never be completely secure and claiming so will just make you a target - you just have to be *secure enough* to make it not worth attacking - in other words, you don't have to outrun the *bear*, just the other guy you're with :p
11:51:47	 From  Mark Z : Do you have a set of a guidelines that you use for safe coding? An example guideline might be "Compare secret strings in constant time".
11:51:48	 From  enrico : TAKE MY MONEY
11:52:39	 From  Thomas LeMense : sorry, my mistake - I saw the Infineon logo on a chip on the red eval board ;-)
11:53:04	 From  enrico : Colin - preferred RE tool - IDA or Ghidra and why ?
11:54:21	 From  Colin O'Flynn : https://www.riscure.com/uploads/2018/11/201708_Riscure_Whitepaper_Side_Channel_Patterns.pdf
11:55:51	 From  Mark Z : Cool Thank You! In the past I've used something similar to this:https://github.com/veorq/cryptocoding
11:56:35	 From  Colin O'Flynn : Here was the book (for when it's availbe) - https://nostarch.com/hardwarehacking
11:57:11	 From  Leandro Pérez : Yes good lab
11:58:53	 From  Rhonda : When is your book coming out?
11:59:11	 From  Leandro Pérez : lol
11:59:19	 From  patelk5 : Better than George RR Martin
11:59:32	 From  Leandro Pérez : Thanks Colin
11:59:34	 From  Gerhard : Thanks!
11:59:39	 From  Tom.Davies : Thank you Colin
11:59:45	 From  Rhonda : Great Talk!
11:59:46	 From  Gustavo : Thanks!
11:59:49	 From  Chris : Thanks Colin!
11:59:53	 From  patelk5 : Thanks!
12:00:19	 From  Keith J : Thank you Colin.
12:00:45	 From  Mikael Albertsson : Thanks Colin, great talk!

OUR SPONSORS

OUR PARTNERS