Methodologies for Hacking Embedded Security Appliances presented at BlackHatUSA 2013

by Rob Bathurst, Mark Carey,

Summary : Security appliances, for everything from firewalls to encrypted SAN devices are a dime a dozen these days. Vendors are throwing jargon into everything they possibly can to make the consumer believe they have the top-of-line device, with every possible feature a person could want. Everyone has heard the sales pitches, but does anyone really take the time to verify the claims, or understand how those devices function?
We’ll go in-depth on the methods we use in breaking down hardened security appliances for analysis, using real world examples where possible. We hope to point out possible failure points within the construction of a security device, so as to better educate purchasers and producers on why products fail. We’ll analyze methods of key management, cryptographic implementation, system recovery, tamper detection, interfaces, and much more.