Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Welcome back, Colin O’Flynn of NewAE Technology! He was last on the show for episode 239 in 2015, as he was releasing the Chip Whisperer
We recorded this all on video as well:
- Colin is an assistant professor at Dalhousie University, where he got his PhD. He is moving out of that role (and likely into a role as an Adjunct) as of 8/31. Private sector, FTW!
- Side channel analysis
- Colin has been testing the security of the doorlocks on his new building
- Samy Kamkar was on episode 308, and is now working on a smart doorlock system.
- Jon Beri (ep 526) also mentioned doorlock security and the vertical nature of the industry
- The point of university
- Colin is doing remote training for Black Hat this year.
- Getting access to the pins on the Apple AirTag
- “Wibbly wobbly, timey wimey, What’s really inside Apple’s U1 Chip”
- Apple U1 Chip
- The new(er) Chip Shouter kit is for Fault Injection
- Colin tried it on early Trezor wallets
- It’s surprising there isn’t a stamp of approval like a UL certification for embedded device security.
- How can you test your product for security issues?
- The ARM PSA is a self checklist and certification program.
- Colin has been working on The Hardware Hacking Handbook with Jasper van Woudenberg. The book is due out in November.
- Smart Locks – Schlage
- Starlink dish
- Ransomware for IoT
- Dumping firmware
- Unlocking firmware
- Sourcing woes
- ChipWhisperer Husky is coming out soon, keep an eye on Crowd Supply for the latest news about the
- Colin has been using his Desktop PNP less often
- How should you get started? Try the ChipWhisperer Nano
- Colin is taking Matt Venn’s Zero to ASIC course
great episode, as i am a little bit too lazy too read the data sheet of the chip shouter 🙂
How exactly is the emf pulse generated, how does it get coupled into the line or device, is it line coupled or via air, so is it about radiated or conducted suscepibility.
How repeatable is the pulse, does it get supervised somehow, is it something like 30 V peak 100 µs long, or how is that defined, and is it triggered at a certain time, for example as you spoke about during bootup at a certain time in the code, how does that happen, via JTAG codestepping?
Very interesting stuff overall, although I doubt a lot of companies will use it, in my opinion every firmware engineer should be using something like that, at least to test the reset line 🙂