Anatomy & Impact of
Hardware attacks are too difficult. Physical access is too high a barrier for most attackers. Only nation-states and their victims need to worry about malicious hardware.
We're quick to dismiss hardware attacks, but why? At this point, we hardly understand them, which might be causing a blind spot in our view of realistic threats.
I'll start with the anatomy of hardware attack, which we'll quickly see in a broad umbrella term, including physical attacks, hardware logic attacks, software-enabled hardware attacks — all the way up to hardware-informed attacks. Next, we'll see a few examples of how this whole range of attacks can be used for simple pranks, pentests, red team engagements or nation-state campaigns. Finally, we'll get to the reason this all matters — how these attacks can be used in an effective and scalable manner. I'll show several examples of how small, simple, or inexpensive devices can be the first link in a chain of attack that wreaks havoc on an entire system.
Hopefully, you'll come away realising that hardware attacks are not difficult, physical access is not a very high barrier, and everyone is vulnerable to malicious hardware.