Practical protection from firmware attacks in hardware supply chain
This talk reviews the practical risk from supply chain attacks, with a focus on those that may impact firmware integrity, either through hardware implants or other threats to firmware during manufacturing, provisioning, or deployment. Fresh styles and latest trends in hardware backdoors rarely make the news, with a few exceptions—such as the recent discovery of the CIA backdoor in Crypto AG Ciphering Machines. To remedy this, we review several newly documented types of attacks against trusted platform modules and system buses, which may compromise firmware integrity. We look at new methods being researched to detect these attacks and present a new tool as well as practical steps that engineers, product designers, and firms can use to both prevent supply chain attacks against firmware and automatically scan for these attacks.