BSides Glasgow 2018 - Ken Munro & Andrew Tierney - Code readout Protection Bypass... For Dildos

Talk delivered at BSides Glasgow 2018 on the 27th of April. Abstract - As per BSides Edinburgh, this is a talk of two halves, like a vampire road movie. We’re going to look first at some hardcore methods for extracting firmware when readout protection is set. Unlike the Edinburgh talk, which was about multiple different routes to extract firmware from one device, we’re going to look at the challenges of CRP bypass on multiple different chipsets. AND THEN we’re going to look at using these techniques to recover firmware from a smart sex toy. After that we might show some of the other crazy sex toy security flaws we’ve found since last time, including a dildo that pings your employer. This talk will share some really useful techniques for pulling firmware from embedded systems, some interesting new findings and will undoubtedly feature Andrew’s tonsils (again).