Rafael Boix Carpi (Riscure)
Physical attacks on IoT devices with dirt-cheap equipment
The common assumption is that physical attacks are impossible to conduct by an entry-level hacker. This talk will challenge this belief by showing that with only open-source tooling and dirt-cheap equipment, it is possible to successfully attack such devices. I will show how to build a general-purpose toolkit to extract an AES key with side-channel analysis and bypass a security check with fault injection on a real IoT device used in a hardware capture the flag.