Security is Easier Before PCB Assembly: Easy Threat Modeling for Hardware

No ratings

Presented at SecTor 2025 by

Most threat modeling ignores hardware — but hardware problems can be impossible to fix when products have left the factory. The industry has spent decades refining threat modeling processes so they're approachable, organized, and useful; however most of this was done with software security in mind. Three leading experts have performed a threat model of the OpenWRT One. We'll share our complete results, a case study threat modeling document, and our process. We chose it because it's open and attendees may be familiar with it, but also because the scenario mirrors real threat modeling: you don't have to reverse out all the details.Whether we're dealing with IoT/OT devices, hardware security modules, multi-tenant cloud hardware, or specialized compute accelerators, we've seen when and how hardware-specific threats come into play. When is hardware in scope? When is it someone else's problem? When and how do we decide if it is just an acceptable risk?We'll explain when, why and how your next model should consider hardware threats, even if you don't think you have hardware to worry about or you think it's out of scope. We'll call out a number of assumptions you should keep in mind and share the process for you to assess mixed hardware/software systems yourself.Attendees will learn how to develop a better understanding of what hardware you're already working with, what can go wrong with it, and what you can do about it. Hopefully this, combined with a fully worked example of how that all comes together, will help you do a good job of incorporating hardware concerns into your threat model to make long term product security easier.