Workshop on Embedded Systems Security: Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems

Any channel crossing the perimeter of a system provides an attack surface to the adversary. Standard network interfaces, such as TCP/IP stacks, constitute one such channel, and security researchers and exploit developers have invested much effort into exploring the attack surfaces and defenses there. However, channels such as USB have been overlooked, even though such code is at least as complexly layered as a network stack, and handles even more complex structures; drivers are notorious as a breeding ground of bugs copy-pasted from boilerplate sample code.

Continue reading