New Video from @BlackHatOfficialYT Discusses Hardware Security and Supply Chain Trust

The video begins with an introduction to the second day of the event, featuring a discussion on managing chaos in the field of cybersecurity. The speaker emphasizes the importance of diversification and simplification to cope with chaotic environments. He also mentions the use of trusted hardware to secure systems, utilizing Hardware Security Modules (HSMs) to protect sensitive keys.

The speaker then introduces Bunny Hong, a hardware security expert, who shares his insights on trust in hardware supply chains. Bunny starts by explaining the complexity of supply chains, which involve many actors and steps, making the process vulnerable to attacks. He notes that hardware attacks are often simpler and more profitable than software attacks, which is why many malicious actors prefer these methods.

Bunny shares several concrete examples of hardware fraud, including warranty fraud. He explains how repairers can discover manufacturing defects, replicate them with salvaged parts, and return the devices to obtain new replacements. This method is economically viable and difficult to detect, making it a significant threat to manufacturers.

The expert also addresses the different levels of sophistication in hardware attacks, using an analogy with the food supply chain to illustrate his points. He describes level 0 attacks, such as re-labeling components, up to level 3 attacks, which involve subtle and hard-to-detect modifications in chips.

Bunny discusses current detection methods and their limitations. He highlights that most checks are limited to reading labels, which is insufficient for detecting more sophisticated attacks. He introduces an infrared chip verification method that allows for component verification without damaging them, offering a potential solution to improve hardware security.

In conclusion, Bunny Hong emphasizes the importance of collaboration between manufacturers, hardware developers, and end-users to enhance the security of hardware supply chains. He calls for greater transparency and the adoption of advanced verification methods to counter growing threats.

To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=Nv92TuocnwA