he Voting Machine Village, round two, took place at DEFCON this past weekend.
All in Hardware Security
As I write this at the end of 2017, I think it's safe to say this year was the year of the breach. Major privacy breaches achieved public notoriety. Huge corporations realized that trusting supply chain is actually a real problem...
Now that we know how the firmware is loaded, it's time to look at what the firmware looks like. For this attack to work, we need to be able to load our own code. Ideally, the device will continue to function as it was intended. How hard will this be?
But before we attack the firmware, we need more information. Let's look at how control software interacts with the device.
Most IoT hardware isn't reverse engineer resistant. Note how I don't say "reverse engineer proof." This would be a fallacy. As long as you don't control where the hardware is, you can't plan to resist every attack.