Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Welcome Dmitry Nedospasov (@nedos),
- Dmitry is from Russia, grew up in US, and moved to Germany for university (undergrad and PhD) at TU Berlin.
- He is a a hardware security researcher, like past guests Mike Ossmann and Colin O’Flynn
- Dmitry gave a great talk about these topics at 30c3 last year (also where the image above is from)
- There are different types of getting into chip level attacks
- Semi Invasive
- If you shine IR light light at the back of a thinned wafer you can see photonic emissions.
- This requires high end equipment but there are some DIY versions.
- Or you can use a saser pulse to flip bits and potentially probe the crypto key
- To thin the wafers, you use a CMP, chemical mechanical planarization. This is similar to the one done in a fab but on a much smaller scale. One brand is an ASAP CMP
- Fully invasive
- Focused ion beam to modify the silicon.
- Microprobing – making a probe pad with a laser
- Chris Tarnovsky does a lot of these type of attacks.
- Semi Invasive
- Dmitry recommends the book Murdoch’s TV pirates. This was about the hacking of Pay TV.
- Another area of attack are printer cartridges. The ones from vendors giving away printers are encrypted so you have to continue to buy the ink from them.
- Intellectual property law says that you can replicate the signals (nothing is protecting those) but you cannot steal the firmware. So as long as you emulate, you should be fine (that won’t stop companies from suing you though).
- Playstation modding/hacking was another big thing back in the day.
- Dave was asking about RFID credit cards because he just did a video about RFID jammers. Many of the terminals use the EMV standard.
- There have been pictures of “less than sophisticated” attacks on metros lately.
- Levels of security
- Bank card
- Pay TV
- Dmitry was invited to a conference about industrial control systems (ICS) in Vienna. This may have been a mistake based on the fact that Dmitry works with IC’s (note the apostrophe), but there are still lots of issues. The stuxnet hack comes to mind (though that was very sophisticated and software based).
- Industries that are hurting for security
- IoT security
- Dmitry has spent the week doing training a Recon. The conference is nearly 50% hardware talks and has tons of on site training.
- This particular class Dmitry is giving is teaching workflow for day to day hardware reverse engineering.
- Building stuff with FPGAs, such as a custom protocol analyzer (using a Papilio board)
- Also probing projects that were created on Olimex boards.
- Using external test equipment like a Saleae logic analyzer.
- Dmitry also will be at ToorCon in San Diego.
- He also gives on site trainings (outside of conferences) and will possibly do one in Berlin later this year. Check out his website toothless.co for more info on the trainings.
- Contact Dmitry if you’re in Europe and interested in hardware security. He has too much work and is looking to hire people. Contact him on Twitter, his handle is @nedos
Many thanks to Dmitry for telling us more about hardware security! It was a great look into how people can get into probing silicon for all its secrets!
So glad i’m listening to this podcast to keep up to date, going to register my .horse domain right now!
..and sorry for the stupid comment, i enjoyed the content/interview as usual, maybe someone can explain those destructive memory reads that were mentioned. How do you know something has changed if your first read destroys the data ?
ru4mj12 (@ru4mj12) says
I think Germany has good crypto/security universities! The maker of Chip Whisperer I believe is out of Ruhr-Universität Bochum, Germany.
Can’t wait for the stuxnet documentary to come out next week!
Any chance for an online version of Dmitry’s course? The need-to-know verilog synopsys sounds awesome, plus I’ve been itching to learn and use my red pitaya on something useful!
Another excellent interview! Thanks Chris! All the best to Dmitry!
Hi, all that Dimitry said about the education system in Germany is completely true.Apart from some special master courses, that are in English and cost a little more for foreign master students, not for German bachelors though, the education in Germany is pretty much free. Sure you pay some semester fees, but where I am studying its like 260 euros, and you get this transport ticket that covers all transportation means in a radius of about 80 to 120 km, you get free lawyer, which is extremely useful, especially if you have a problem with your landlord, and you get financial consultant for free. The Germans decided that the universities get enough money from the taxes and the education should be free (in a state university). And yes you can get in reaaaaly easy, I mean I haven’t even done extra courses on physics and math and there was no problem getting in. The problem is getting out. 60-70% fails on an exam is actually ok, I’ve had exams at which 80 to 90% failed. And there is something else: if you fail an exam 3 times, you are out of the university, and you are not allowed to study this subject in Germany anymore. I even heard of exams at which there was a 100% failure rate. Anyway I said enough, I hope this information was useful for the people that are interested in the German educational system.