Spreading the load: building a better hardware hacking community
Hardware hacking is often treated as an almost mystic art -- a perception reinforced as we regale those in other security fields with epic stories of intensely-clever practitioners who pierce the veil of abstraction to bring complex systems to their knees. It's easy to understand why hardware hackers seem so much like sorcerers: we leverage understanding of the fundamental but often-neglected hardware layer to undermine systems in surprisingly-powerful ways.
Unfortunately, the mystique surrounding hardware hacking often comes with a dramatic downside: the things that make hardware hacking seem mystical and exciting can also discourage people from picking up the art -- and can leave those in other security fields feeling like hardware techniques are well beyond their reach. These issues are reflected in the hardware itself: all too often, hardware specifics are hidden as 'implementation details' that ordinary engineers need not understand -- and all too often, these unaudited details hide significant security issues.
This keynote address explores examples of significant hardware vulnerabilities discovered by the speaker -- touching on the hardware techniques that led to their discovery -- and shows how these issues arose not just from failures of hardware design practice, but from shortcomings in the way we treat hardware security as a community. As we explore these shortcomings, the address will pivot to the core opportunity we have as hardware hackers: the ability to, together, build a better hardware hacking community.
Kate Temkin (@ktemkin) is a hardware hacker and low-level engineer who spends most of her time exploring the hardware/software boundary and figuring out how to empower people with educational technology. Her recent interests include embedded bootrom security, hacking the Nintendo Switch, and developing tools that make techniques like hardware fault injection more accessible.
When not hacking hardware, she maintains and contributes to a variety of open-source projects, including GlitchKit, FaceDancer, and GreatFET, and probably spends more time than she should reverse engineering and be creating educational materials. As part of her educational efforts, Kate regularly streams reverse engineering and hardware-hacking content on YouTube and Twitch.