Presentation Material
Abstract
Hardware security is not as well known as other fields in computer security. This is chiefly because usually there are more widely known and easier paths into a target organisation. It’s much easier to exploit a web application vulnerability or a wireless AP than to launch a hardware based attack. Sometimes however in situations where other attacks are impractical or downright impossible, a hardware attack might succeed. This presentation will be about using such techniques to gain access to the target systems. Each attack vector will be described in short detail and a demonstration will be provided for it.
HID Vector: Imagine if an attacker had physical access to your system. This is what an HID attack almost entirely emulates. HID stands for Human Interface Device. It’s a class of devices like keyboards and mouses that allow a user to interact with the system. An HID attack utilizes devices such as the Teensy microcontroller can store a set of user inputs in it and then replay it when it is plugged into a system. This would allow an attacker to execute commands as if he was sitting in front of the system.
IR Vector: Infrared is a fairly widespread protocol. It’s used in TV systems and even in traffic lights. However IR is one of those systems which was not built with security in mind. Unlike some radio keyfobs they do not employ any form of rolling codes. So it is a trivial job of recording the IR codes and retransmitting them. This session will handle the creation and use of a simple IR spoofer and discuss various issues with IR security.
Radio: Radio technology is all around us. Instead of showing how to pwn wireless APs, this session will handle the usage of SDRs or software defined radios. Specifically the audience will be introduced to the RTL-SDR project ( a very cheap SDR). They will also be introduced on how to sniff for wireless data and understand what type of transmission it is. Car keyfob transmissions will be shown as an example. RFCat (another SDR with TX) will also be covered.
AI Generated Summary
The talk focused on embedded system security, specifically hardware-based attack vectors that exploit the physical layer of electronic devices. It argued that hardware attacks provide a relatively easy and undetected entry point into otherwise secure networks, as they are less scrutinized than software exploits and can bypass defenses like full-disk encryption and BIOS passwords.
Key techniques presented included Human Interface Device (HID) attacks, where a programmable microcontroller like a Teensy emulates a keyboard to inject malicious commands automatically upon USB connection. Frameworks such as Cobalt Strike were noted for generating payloads that execute via this method, often using PowerShell scripts to establish persistence while evading antivirus detection. Infrared (IR) replay attacks were detailed, using an Arduino with an IR receiver and LED to capture and retransmit control signals, demonstrated against TVs and pedestrian traffic lights. The TV-B-Gone, a device storing power-off codes for numerous IR-controlled displays, was cited as a tool for disruptive physical attacks. The talk also covered radio-based attacks on systems like keyless car entry and satellite communications, as well as bus protocol sniffing on internal device communications, which often lack security by design.
Practical implications emphasize that embedded systems frequently prioritize functionality over security, using weak or no encryption in protocols like IR and serial buses. This makes them vulnerable to low-cost, replay-based compromises. HID attacks are particularly effective because operating systems cannot distinguish between legitimate user input and automated keystrokes from a malicious device, allowing command execution with the user’s privileges. The overarching takeaway is that hardware attack surfaces represent a critical and often overlooked vulnerability, requiring specialized tools and awareness for both offensive testing and defensive hardening in physical security assessments.