Cybersecurity of embedded systems and connected objects

UNDERSTAND THE BASICS OF HARDWARE HACKING

• Understand the historical context of attacks on connected objects
• Review vulnerabilities and their offensive and defensive aspects
• Know the fundamentals of electronics
• Take information from a target (component fingerprint)

HOW DO HACKERS GAIN ACCESS TO HARDWARE?

• Present the tools and methods available for auditing a product
• Extract sensitive data with auditing tools (HardSploit)
• Acquire electronic signals, tools and demonstration

HOW TO ACCESS THE SOFTWARE

• Present the different types of architecture (Microcontroller, FPGA), and the different direct accesses to the software via input and output interfaces (JTAG / SWD, I2C, SPI, UART, RF band ISM, etc.).
• Firmware access via various interfaces

ATTACKS ON A SPECIFIC EMBEDDED SYSTEM, THE CONNECTED DEVICE (IOT)

• Carry out a complete audit applied to our vulnerable embedded system:
  • Identify electronic components
  • Acquire electronic signals
  • Intercept and analyze electronic signals with HardSploit
  • Modify and extract firmware via JTAG debug functions with HardSploit
  • Fuzz external interfaces to detect basic embedded vulnerabilities
  • Exploit vulnerabilities (buffer overflow) during a hardware security audit

HOW TO SECURE YOUR HARDWARE ?

• Discover cryptography and the different ways of securing your system and communications.
• Understand secure design and the notion of development cycles (SDLC)
• Understand hardware security best practices to limit risks
• Limiting JTAG access and software vulnerabilities at the embedded level

HACKING WITH SDR TECHNOLOGY

• Learn SDR audit methodology (capture, analysis, exploitation with radio software)
• Use of tools (GQRX, GNU Radio, etc.)
• Reverse-engineer a wireless protocol from radio emissions captured in the air (wireless communication of an LED panel).

“CAPTURE THE DRONE” EXERCISE

• Present a practical scenario for attacking/defending a mini drone
• Defend your drone and attack others using the tools and methods learned during training

No experience in IT security required. However, some knowledge of electronics or embedded software is desirable.

Equipment provided: The electronic and computer equipment required for the exercises will be provided to participants on site:

• Full HD screen with HDMI port
• Keyboard and mouse
• Pre-prepared Raspberry Pi
• Hardsploit with training board
• Radio analysis tools…

This course is aimed at people interested in security aspects related to hardware or embedded systems. Electronics enthusiasts and professionals, as well as IT security professionals (developers, architects, integrators, hardware designers, project managers).

Expert in embedded cybersecurity.

• PowerPoint presentation
• Use of the Hardsploit IoT testing tool to carry out a hardware intrusion testing exercise
• Interactive Web platform (Klaxoon)
• Practical scenario for attacking/defending a mini-drone

Assessments at the beginning and end of the course, quizzes, etc.

A training certificate complying with the provisions of Article L. 6353-1 paragraph 2 is issued to the trainee.

5 working days before the course start date (if financed by OPCO).

2023 :

Satisfaction rate : 85%

Number of sessions : 5

Number of trainees : 27