Hackable Security Modules - Reversing and Exploiting a FIPS 140-2 Lvl 3 HSM Firmware

Explore the security vulnerabilities of Hardware Security Modules (HSMs) in this conference talk from Recon 2017. Delve into the evaluation of the Utimaco SecurityServer, focusing on its Texas Instruments TMS320C64x DSP architecture. Learn about the unique features of this exotic architecture, including multiple functional units and parallel command execution. Discover the challenges in disassembling the firmware and how the capstone disassembler was extended to address these issues. Follow the methodology used to uncover a vulnerability in the HSM's firmware, gaining insights into reverse engineering techniques for specialized hardware. Understand the critical role of HSMs in web security, digital signatures, and DNSSEC, and the potential implications of their vulnerabilities.

Recon 2017 Brx - Hackable Security Modules Reversing and exploiting a FIPS 140-2 lvl 3 HSM firmware