Ataques de firmware na cadeia de produção

Abstract

This work is about the process of identifying and corrupting a piece of firmware to attack a supply chain. In it, it is explained what is a supply chain and the relevance and impact of studying its security. Then, it establishes a test environemnt and studies several motherboard components in order to pinpoint one which could be revelant as an attack vector. After a vector is found, the research then takes apart and infects the selected chip in order to do a proof of concept on how this chip could end up being compromised by a malicious supplier. Finally, it reintroduces the chip in the test environment and shows the end result.