Home CheapSCAte: attacking IoT with less than $60

CheapSCAte: attacking IoT with less than $60

All general-purpose microcontrollers are inherently vulnerable to Side Channel Attacks. Riscure’s Principal Trainer & Security Specialist Rafael Boix Carpi proved this by attacking an IoT device with less then $60 worth of equipment. Although Side Channel and Fault Injection attacks still require quite a lot of experience to perform, if successful they have a potential for a full compromise of a device’s security. Below you can find the slides from Rafael’s presentation at the RSA 2018 conference, and an expanded video with additional technical details.

Things to read to learn more about hardware security, Side Channel and Fault Injection attacks

Secure Application Programming in the presence of Side Channel Attacks (PDF) – whitepaper by Riscure’s CEO Marc Witteman

Escalating Privileges in Linux using Voltage Fault Injection – Applying FI to a complex target. Originally presented by Riscure’s Niek Timmers and independent embedded security expert Cristofaro Mune at FDTC 2017.

Riscure’s Github repository – access a number of open source tools to get to know hardware attack concepts

Slides from the presentation at RSA 2018. We recommend to watch the video to understand all the details about an attack (download PDF).

CheapSCAte: Attacking IoT with less than $60 from Riscure

The best way to introduce your development team to the principles of robust hardware security is Riscure Training Academy. Learn more about our selection of online and offline training courses that focus both on hardware and software. Fill out the form below if you would like to discuss how to boost the skills and expertise of your development team with the Riscure representative. We will get back to you as soon as possible.