Hackers 2 Hackers Conference

Keynote: False Injections: Tales of Physics, Misconceptions and Weird Machines

Cristofaro Mune is a Co-Founder and Security Researcher at Raelize. He has been in the security field for 20+ years and he has 15+ years of experience in the evaluation of SW and HW security of secure products.

His research on Fault Injection, TEEs, Secure Boot, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.

In the brief history of computing, security threats have often been modeled without considering the underlying hardware, conveniently abstracting it away. Micro-architectural attacks reminded us that such convenience can make us oblivious to vulnerabilities rooted in hardware.

In a similar fashion, physics is usually abstracted away by the hardware and pretty much invisible at the computational level. Until things go wrong. Fault injection (FI) attacks are known since decades and have become accessible to a fairly wide audience. Yet, the common understanding is often partial at the best, when not outright incorrect. A "computing-centric" approach, more focused on the effects on software rather than on the faults introduced in the system, may have a played a role in building the current understanding.

In this talk, we will wear our physics hat and discuss the effect physics may have on a computing system and its security. We will be using data from FI testing for challenging some widespread beliefs. By reasoning with physics and data, we will visit rarely explored corners, such as an energy-based interpretation for voltage glitching, which may allow to uncover new, powerful attacks.

We will also discuss how FI has been incorrectly modeled for decades using the "instruction skipping" fault model. This simple fault model allows performing effective attacks, but, at the same time, it has likely hindered the understanding of "what really happens to instructions". To grasp the impact of such a choice, we will show how, by simply switching to an "instruction corruption" fault model, a paradigm shift occurs. Code execution becomes the primary FI goal. Timing constraints can be loosened. Common FI countermeasures are bypassed...and...weird machines arise purely from control of (any) transferred data.

This talk aims to bring more attention to the relationship between physics, computing and security, fostering a holistic discussion on such topics. For a faithful and courageous understanding of computing, it's likely time to face complexity and embrace its chaos, with an open, scientific and inquisitive mindset. Abstracting reality will not make it go away.

Gerardo Richarte is the CTO, CISO and co-founder of Satellogic. Long time ago, Gera co-founded Core Security Technologies and some years later Disarmista, companies dedicated to specialized security products and services. He’s also presented and taught courses at ReCon, BlackHat, CanSecWest, Ekoparty and other Security Conferences and wrote articles to help spread the knowledge on offensive security, exploit writing and reverse engineering.

He’s today at Satellogic, working to remap the surface of the Earth every day, coordinating the security and other technological aspects of the company to build planetary-scale insights for improving life on Earth (rather than preparing to fly away to another planet).