Chill out with good food and great company at the IOActive Summer BBQ—perfect way to kick back and connect!
Join IOActive for our summer BBQ taking place Thursday, July 23, at our Seattle Hardware Lab, 1426 Elliott Avenue W, Seattle, WA 98119. Enjoy delicious food and check out some amazing cybersecurity research. Speaker abstracts can be found below!
WHEN: Thursday, July 23, 11am – 4pm PST
WHERE: 1426 Elliott Avenue W, Seattle, WA 98119
ABSTRACTS:
Extracting Antifuse Secrets from the DEF CON 32 badge (RP2350)
CMOS one-time programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits because they are inexpensive and require no additional mask steps to fabricate. The RP2350 uses an off-the-shelf Synopsys antifuse memory block for storing secure boot keys and other sensitive configuration data.
Despite antifuses being widely considered a “high security” memory – which means they are significantly more difficult for an attacker to extract data from than other types of memory, such as Flash or mask ROM, – we have demonstrated that data bits stored in the RP2350 antifuse memory can be extracted using a well-known semiconductor failure analysis technique: passive voltage contrast (PVC) with a focused ion beam (FIB).
The simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory bitcell rows sharing common metal 1 contacts, however, we believe it is possible for an attacker to separate the even/odd row values with additional effort.
Furthermore, it is highly likely that all products using the Synopsys dwc_nvm_ts40* family of memory IPs on the TSMC 40nm node are vulnerable to the same attack, since the attack is not specific to the RP2350 but rather against the memory itself. We have not yet tested our technique against other vendors’ antifuse IP blocks or on other process node, but we assess it to have broad applicability to antifuse-based memories.
Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers
There’s a long history of cheating in the world of gambling, from hiding aces up your sleeve to developing modern hacks. So it’s no surprise that modern casinos are designed with security in mind; thousands of cameras watch every square inch of the floor, closely monitoring each table and machine. Nevertheless, cheating still occurs and can lead to millions of dollars in losses, not only to casinos but, in some games, to players as well.
The state of AI and trends to look out for in H2 of 2026
Robert E. Lee, IOActive Director of AI Strategy, will discuss his thoughts on the state of AI, what changes we saw in the first half of 2026, and what organizations can expect to face in H2. AI is evolving daily, which means that strategies to protect yourself from AI malicious attacks need to evolve as well. Robert will discuss ways that IOA uses AI to stay on top of cybersecurity trends while also discussing real-world examples that showcase the speed at which AI is changing.
Spots are limited, so please use real contact details when registering to attend!
