ON-DEMAND: Sinking U-Boots with Depthcharge: Effective Exploitation of Boot-Time Security Debt

Check out the Hardwear.io webinar entitled, “Sinking U-Boots with Depthcharge: Effective Exploitation of Boot-Time Security Debt,” presented by NCC Group’s Hardware & Embedded Systems team member Jon Szymaniak!

https://www.youtube.com/watch?v=fTKMi3Is5x8

NCC Group’s Depthcharge toolkit is designed to allow security experts to more quickly find security holes in the modifications that product engineering teams have made to Free and Open Source (FOSS)Das U-Boot bootloader. It demonstrates how seemingly innocuous configuration changes and implementation decisions can be abused to undermine a product’s security objectives – and in some really clever ways!

At a higher level, Jon’s discussion about Depthcharge touches on a critical and much more universal topic of “security debt”– where the adoption of external code, without making investments into security-focused testing and review, can lead to a security-impacting form of technical debt.

You can learn more about Jon’s Depthcharge toolkit in our blog post [1], in the project documentation [2], and on GitHub [3]. Stay tuned for future updates, as Jon works toward some new features that will make the toolkit more accessible and helpful for product engineers!

And don’t forget – the Hardwear.io Netherlands 2020 conference registration is still open! You can register for a free pass to the virtual conference here: https://hardwear.io/netherlands-2020/register.php

Links:

[1] Blog Post: https://research.nccgroup.com/2020/07/22/depthcharge

[2] Project Documentation: https://depthcharge.readthedocs.io

[3] Source Code: https://github.com/nccgroup/depthcharge