Defense Against the Dark Arts
Virginia Western Business Science Building, Room M302
3099 Colonial Avenue Southwest Roanoke, VA 24015 United States
RBTC Defense Against the Dark Arts brings you..
Unlocking Secrets: PulseView & Side-Channel Timing Attacks on Keypads
Overview:
In this demo of hardware hacking, we'll introduce PulseView - the 'Wireshark of hardware hacking' - and demonstrate a technique to unlock a keypad safe. Our method? A Side-Channel Timing Attack, which relies on the timing discrepancies in the user interface. Using an affordable logic analyzer (priced under $20), we'll capture microsecond changes in response times tied to incorrect passcodes. By leveraging this side-channel data, we will carefully decipher the true passcode of the safe.
Unique Approach:
Traditional hacking often focuses on software vulnerabilities to exfiltrate sensitive data. In this demonstration, we will show how the timing of system responses can leak data without any traditional vulnerabilities. This approach emphasizes the power and subtlety of side-channel attacks in extracting valuable information.
Takeaways for Attendees:
- Understand how a side-channel timing attack works to reveal sensitive data.
- Learn about the key functionality of logic analyzers and the PulseView software, often called the 'Wireshark of hardware hacking.'
- Gain practical knowledge on how to utilize changes in response time to recover the passcode of a keypad safe.
Join us for this insightful session to explore the intricacies of hardware hacking and enhance your cybersecurity skill set with real-world applications and techniques.
Featured Speaker:
Assistant Professor Monta Elkins
Monta Elkins is currently "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch provider. A security researcher and consultant; he was formerly Security Architect for Rackspace and the first ISO for Radford University. He has been a speaker at DEFCON, Homeland Security's ICSJWG (Industrial Control Systems Joint Working Group), EnergySec's Security Summit, VASCAN, GE Digital Energy's Annual Software Summit, Educause Security Professionals Conference, Toshiba's Industrial Control Systems Conference, NERC's GridSecCon, ICS CyberSecurity by Security Week, UTC Telecom and other security conferences.