Play all

Intro

Overview

Secure boot?

Secure boot theory

Secure boot example

ways to ...

debug access to boot stage (JTAG) riscure

Debug/service functionality

Nook boot UART exploit

18. Overriding boot source medium

TOCTOU race conditions

Timing attacks

Timing attack with Infectus board

XBOX 360 timing attack procedure

Glitch sensitivity

Glitch demo

Is it a real attack?

Slot machine EMP Jamming

Code section

EM-FI Transient Probe

Research probes

Design mistakes

Accessibility of boot ROM after boot riscure

Crypto sanitization

Firmware Upgrade / Recovery flaws riscure

Relying on unverified code

Service backdoor/password

State errors

Driver weaknesses

ROM patching functionality

Inappropriate signing area

Key management

Weak signing keys/methods

Parting thoughts

Description:

Explore 20 methods for bypassing secure boot systems in this comprehensive conference talk. Delve into secure boot theory and examples before examining various attack vectors, including debug access, service functionality exploits, and UART vulnerabilities. Learn about timing attacks, glitch sensitivity, and electromagnetic fault injection techniques. Investigate design flaws, firmware upgrade vulnerabilities, and cryptographic weaknesses. Gain insights into key management issues and weak signing methods. Conclude with valuable parting thoughts on improving secure boot implementations and defending against potential exploits.

20 Ways Past Secure Boot

WEareTROOPERS

Add to list

#Conference Talks #TROOPERS #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Computer Science #Cryptography #Key Management #Engineering #Electrical Engineering #Embedded Systems #Firmware Development #Secure Boot #Timing Attacks

0:00 / 0:00