This talk goes beyond describing a particular attack and lets you inside the attacker’s mind when exploiting a “dumb” embedded device. A “dumb” embedded device has a microcontroller which senses and/or controls hardware circuitry, but doesn't have any wireless connectivity. Examples of “dumb” embedded devices include a hairdryer, many electronic control units in vehicles, electric toothbrushes, and more. These devices run a variety of architectures and often run either minimal or no operating system. When a device doesn’t have wireless connectivity, or even an OS, you have to dig in with hardware reversing and firmware reversing to develop your exploit or implant. This talk will unveil the process from defining the goal of the attack all the way through the hurdles and obstacles to the specific implementation of your attack. You will hear which techniques ought to be used when, what results are often signals or “red-flags” to change your execution plan, and how to leverage hardware and software hacking techniques together to make the “dumb” device do your bidding. If you’ve ever sat in a talk and wondered “why did they do that?” or “how did they know?” or “when would I use that technique?”, then this talk is for you.
Maddie Stone is a Security Engineer on the Android Security team at Google. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including REcon Montreal, DerbyCon, and the Women in Cybersecurity Conference.