Criptored Talks 2025 | Gabriel Gonzalez | Boot to root: Exploiting U-Boot flexible behaviour | Madrid, Spain

Gabriel Gonzalez, IOActive Director of Hardware Security, will be presenting at this year’s Criptored Talks, taking place in Madrid, Spain, on 29 May, at Universidad Rey Juan Carlos. The abstract of Gabriel’s talk, ‘Boot to root: Exploiting U-Boot flexible behaviour,’ can be found below!

ABSTRACT

U-Boot’s flexible behavior can leave embedded devices wide open even before the OS loads. This talk will zero in on configuration missteps and reveal how simple NAND-glitch tricks can flip those weaknesses into root shells. You’ll see examples of bootcmd hijacking via env-var tweaks and NAND timing faults to bypass write-protection. Finally, take away a concise checklist to lock down U-Boot and stop these pivot points in their tracks.