Sam. "PANTH13R" Beaumont
As the Director of Transportation, Mobility, and Cyber-Physical Systems at NetSPI, Sam. "PANTH13R" Beaumont is at the forefront of developing and delivering technical strategies and solutions for Hardware and Integrated Systems at NetSPI. With a career spanning 10+ years in cybersecurity, Sam has established a formidable reputation for hacking anything from hardware and embedded systems to all things that “fly, sail, or drive”. Her extensive expertise provides NetSPI customers with unmatched technical leadership, depth, and delivery excellence in advisory and cybersecurity services, ensuring assets existing in physical spaces are fortified against evolving threats.
In previous roles, Sam has served in a technical capacity as an offensive security Principal Consultant, Red Teamer, Exploit Developer, Vulnerability Researcher, and more. She has continually demonstrated a unique ability to bridge the gap between business, regulatory needs, and the most prevalent theoretical vulnerabilities.
Sam’s commitment to the cybersecurity community and approach to tackling cyberphysical systems has cemented her status as a practical thought leader in the field. Through continued research, speaking engagements, and mentorship, Sam is dedicated to pushing the boundaries of what’s possible for women in cybersecurity, ensuring a safer, more diverse future for those who wish to secure technologies.
Session
Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EEPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.
Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect UV.
Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.
This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.