Applied Physical Attacks on Embedded and IoT Systems

Applied Physical Attacks on Embedded and IoT System

Duration: two days


This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.

The course has several modules. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells

Course Outline

Part 1: UART
Background: UART History, Architecture, and Uses
UART Lab 1: Connecting to a known UART
UART Lab 2: Identifying and analyzing an unknown UART
UART Lab 3: Escalating and persisting UART privilege

Part 2: JTAG
Background: JTAG History and Purpose
JTAG Lab 1: Hardware and Software Setup
JTAG Lab 2: Escalating Privilege via Kernel
JTAG Lab 3: Escalating Privilege via a Process

Part 3: SPI
Background: Flash storage and the SPI interface
SPI Lab 1: Accessing Flash from software
SPI Lab 2: Sniffing and Parsing SPI
SPI Lab 3: Dumping SPI from Hardware
SPI Lab 4: Firmware Analysis

Part 4: Firmware
Background: More types of Flash, Storage, and Firmware
Firmware Lab 1: Dumping Firmware from Software
Firmware Lab 2: Manipulating firmware images
Firmware Lab 3: Finding software bugs in firmware

No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required. Familiarity with a Linux command line and a console text editor strongly recommended.