[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Needs more hardware hacking dox



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 04/27/2016 03:03 PM, Travis Biehn wrote:
> I'm working on influencing security in embedded, e.g., writing and 
> designing secure systems (comprehensively, starting with arch &
> code.) It's an educational effort with embedded ISVs and OEMs at
> every step, you can presume the market, if they're thinking of
> security at all, is currently buying into 'fire-walling' and
> 'obfuscation' approaches.
> 
> There are some interesting groups like We Are the Cavalry working
> on that as well.
> 
> Some fun uses of Raspberry Pi computers as air-gapped PGP /
> KeyStores and Hardware Tor routers. DIY info-theoretic secure
> communications platforms (opto-isolators and so on.)
> 
> On the topic of HWSec, I'm interested in detecting in-sil
> modification, allowing end-users to simply and easily verify their
> hardware in the same way that the OS community has become entranced
> with 'deterministic verifiable builds'.
> 
> -Travis

I was thinking about step by step walk-throughs on things like:

* Generic and model-specific methods of reversibly (and not) disabling
automotive ECM radio.

* Positively preventing laptop WiFi signals from being broadcast
before the MAC address has been scrambled.

* Disabling built in microphones in computers and other network
capable devices

etc.

Most of the necessary info is on the networks, IF one knows the
applicable language and which sources to focus searches on.  Right now
I don't have the time for a new project but it's on my long term to-do
list until or unless somebody else does it.  Field testing - actually
doing the things described - makes a huge usability difference,
especially when writing for end users who do not have a background in
tinkering with electronics.  Things technologists take for granted and
would not mention can pop up as unbeatable obstacles when first timers
are trying to follow "simple" instructions.

A great example:  http://www.turnpoint.net/wireless/cantennahowto.html

:o)






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXISMcAAoJEECU6c5Xzmuqj0sIAK5BrO1RfW3hJYyYu2V7eqfM
FcuMwRYjWenprNZwyB7CneNX9jSDT7xU0ApmkPzfzBckJfCKqliqQ/4qj6dgoyRr
2Kc6/AjH7R9oHrsdnaot3wrGvdBfv14TgSPqHBnZnY60qqvl938T0j/lySD1lS05
EeGixB2MgKQxQbHU4sjDyJyYfyibR37QG8rTYvmnveMRlbZdN9SY02i7+AfzizIp
3Wo7JYk8nQgAt8fwE3MZnVLsWvz23wq77SaqoTXbKEA/We4oqAN1RiqH2bYCZVHd
UqJjbeuGPEBLUsGJkuPTMylY/KSquhL+LpOecLH/5l2+KNVJgLOHGS4KjwPaCZk=
=zI8b
-----END PGP SIGNATURE-----