MilSec Meetup: Exploring Microcontroller Code Protection Failures
Details
Please join us this month as Aaron Wasserman, Lead Offensive Security Engineer at Praetorian, presents at the May Milsec. Aaron will be presenting "Breaking the Lock: Exploring Microcontroller Code Protection Failures".
This event will take place at New Berlin Ale House in the Party room, and the workshop will start around 6:10. Park on the west side and head into the Ale House. The host will direct you on where to go. Afterwards, we will head into the bar area to continue networking. Drinks will be provided.
About the talk
Most semiconductor vendors implement code readout protection in their microcontrollers, preventing attackers with physical access from dumping or modifying flash contents. Once an attacker has the firmware, they can reverse engineer proprietary algorithms or extract sensitive data like keys and credentials. The industry has tried many approaches to stop this: software-checked registers, boot-time lockouts, and physically blown fuses. All of them have failed in interesting ways.
This talk surveys code readout protection across major microcontroller platforms, examining how different manufacturers approached the same fundamental problem and why each solution eventually broke. We'll take a practical look at bypassing these controls through software alone, via fault injection, and even invasive attacks requiring the decapsulation of the target chips. Then, we'll look at how you can conduct your own chip-level security research.
Attendees will leave understanding the recurring patterns that make these protections fail, a methodology for researching new targets, and why protecting silicon remains fundamentally difficult.
About Aaron Wasserman
Aaron Wasserman is a Lead Offensive Security Engineer at Praetorian, where he specializes in IoT/hardware penetration testing. He holds a Master's and Bachelor's degree from Georgia Tech's School of Electrical and Computer Engineering, along with offensive security certifications including the OSCP and ACIP.
Aaron is passionate about advancing the security community through education and knowledge sharing. He has delivered IoT/embedded hardware hacking training at HackSpaceCon and DEF CON, and guest lectures on ethical hacking at Marquette University.