Cybersecurity of embedded systems and connected objects

• UNDERSTAND THE BASICS OF HARDWARE HACKING
  • Understand the historical context of attacks on connected objects
  • Review vulnerabilities and their offensive and defensive aspects
  • Know the fundamentals of electronics
  • Take information from a target (component fingerprint)
• HOW DO HACKERS GAIN ACCESS TO HARDWARE?
  • Present the tools and methods available for auditing a product
  • Extract sensitive data with auditing tools (HardSploit)
  • Acquire electronic signals, tools and demonstration
• HOW TO ACCESS THE SOFTWARE
  • Present the different types of architecture (Microcontroller, FPGA), and the different direct accesses to the software via input and output interfaces (JTAG / SWD, I2C, SPI, UART, RF band ISM, etc.).
  • Firmware access via various interfaces
• ATTACKS ON A SPECIFIC EMBEDDED SYSTEM, THE CONNECTED DEVICE (IOT)
  • Carry out a complete audit applied to our vulnerable embedded system:
    • Identify electronic components
    • Acquire electronic signals
    • Intercept and analyze electronic signals with HardSploit
    • Modify and extract firmware via JTAG debug functions with HardSploit
    • Fuzz external interfaces to detect basic embedded vulnerabilities
    • Exploit vulnerabilities (buffer overflow) during a hardware security audit
• HOW TO SECURE YOUR HARDWARE ?
  • Discover cryptography and the different ways of securing your system and communications.
  • Understand secure design and the notion of development cycles (SDLC)
  • Understand hardware security best practices to limit risks
  • Limiting JTAG access and software vulnerabilities at the embedded level
• HACKING WITH SDR TECHNOLOGY
  • Learn SDR audit methodology (capture, analysis, exploitation with radio software)
  • Use of tools (GQRX, GNU Radio, etc.)
  • Reverse-engineer a wireless protocol from radio emissions captured in the air (wireless communication of an LED panel).
• “CAPTURE THE DRONE” EXERCISE
  • Complete audit applied to a vulnerable miniature drone:
    • Identify electronic components
    • Retrieve technical documentation
    • Intercept and analyze digital signals
    • Intercept and analyze radio signals
    • Replay radio frames to start the drone
    • Extract and reflash the firmware to modify security keys
    • Perform binary reverse engineering to find vulnerabilities
    • Exploit these vulnerabilities via the radio link
    • Patch the vulnerable firmware

No experience in IT security required. However, some knowledge of electronics or embedded software is desirable.

Equipment provided: The electronic and computer equipment required for the exercises will be provided to participants on site:

• Full HD screen with HDMI port
• Keyboard and mouse
• Pre-prepared Raspberry Pi
• Hardsploit with training board
• Radio analysis tools…

This course is aimed at people interested in security aspects related to hardware or embedded systems. Electronics enthusiasts and professionals, as well as IT security professionals (developers, architects, integrators, hardware designers, project managers).

Expert in embedded cybersecurity.

• PowerPoint presentation
• Use of the Hardsploit IoT testing tool to carry out a hardware intrusion testing exercise
• Interactive Web platform (Klaxoon)
• Practical scenario for attacking/defending a mini-drone

Assessments at the beginning and end of the course, quizzes, etc.

5 working days before the course start date (if financed by OPCO).

A training certificate complying with the provisions of Article L. 6353-1 paragraph 2 is issued to the trainee.

2024 :

Satisfaction rate : 89%

Number of sessions : 5

Number of trainees : 46