The IoT revolution brought us many useful devices, but also leads to strong attacker interest. We first look at the emerging IoT business models and show how these enable and stimulate further growth of physical attacks. While Fault Injection initially seems less attractive than logical attacks, we observe a strong surge in their application and success. Our analysis shows that this can be explained by the abundance of exploitation opportunities in the software. Also, the increased availability of powerful tools contributes to its popularity. We conclude that increased awareness is needed for IoT developers because understanding is the first step towards mitigation.
Marc Witteman has a long track record in the security industry. He has been involved with a variety of security projects for over two decades and worked on applications in mobile communications, payment industry, identification, and pay television. Recent work includes secure programming and mobile payment security issues.
He has authored several articles on smart cards and embedded device security issues. Further, he has extensive experience as a trainer, lecturing security topics for audiences ranging from novices to experts.
As a security analyst, he developed several tools for testing software and hardware security. This includes Inspector, a platform for conducting side-channel analysis and JCworkBench, a logical test tool.
Marc Witteman has an MSc in Electrical Engineering from the Delft University of Technology in the Netherlands. From 1989 till 2001, he worked for several telecom operators, the ETSI standardization body, and a security evaluation facility.
In 2001, he founded Riscure, a security lab based in the Netherlands. Riscure offers test tools and services to manufacturers and issuers of advanced security technology.
At present he is the Chief Executive Officer of Riscure.