Building Secure Devices in Untrusted Factories Speaker: Rob Wood

Today the production of hardware devices involves multiple suppliers at various stages of the production and support life-cycle. With very few exceptions, no electronics manufacturer actually designs and manufactures every single component of a device in their own factory. These hardware and manufacturing supply chains introduce considerable risk that threat actors could gain an opportunity to defraud, steal, counterfeit, or otherwise undermine the security of the produced electronic devices.

Some things that we will discuss in detail:

  • Why you should not trust your factories. We will explore the various attack patterns seen in real world manufacturing environments.
  • How you can build a secure product that your customers can trust even when using untrusted factories and repair center partners. We will talk about actual solutions that have been implemented to great effect.

Rob is also attending

2-Days with ChipWhisperer® for Power Analysis & Glitching

Nov 6-Nov 7, 2017

Rob is also attending

2-Day Software Defined Radio Training with HackRF One

Nov 8-Nov 9, 2017

About the speaker

Rob Wood
NCC Group
Rob Wood is the Practice Director for the Hardware and Embedded Security Services practice at NCC Group. His career in embedded devices spans 16 years, having worked at both BlackBerry and Motorola Mobility in roles focussed on embedded software development, product firmware and hardware security, and supply chain security. Rob is an experienced firmware developer with extensive security architecture experience. His specialty is in designing, building, and reviewing products to push the security boundaries deeper into the firmware, hardware, and supply chain. He is most comfortable working with the software layers deep in the bowels of the system, well below userland, where the lines between hardware and software begin to blur. This includes things like the bootloaders, kernel, device drivers, firmware, baseband, trusted execution environments, debug and development tools, factory and repair tools, and all the processes that surround them. Rob has built and managed three hardware security labs with varying budgets and levels of capabilities. These labs produced a number of projects including leading-edge security research, product security assessments, and security incident response. Capabilities have included circuit and component level testing and assessments, silicon device failure analysis (with outside help), factory and repair process/tool/system security and incident response.

See this talk

If you want to see this talk, please register for one of our training classes.

List of Trainings and Registration