Ahh, neat project list - neutering your devices surface is certainly an interesting bent. I dig efforts to liberate access to embedded devices running flavors of linux - usually you can find a guide to root shells on just about anything that runs the kernel. RTOS, you aren't so lucky. Your bits are much more complicated in physical land - things are just so much easier when a 1 is a 1 and a 0 is a 0, no? -Travis On Wed, Apr 27, 2016 at 4:37 PM, Steve Kinney <admin@pilobilus.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/27/2016 03:03 PM, Travis Biehn wrote:
I'm working on influencing security in embedded, e.g., writing and designing secure systems (comprehensively, starting with arch & code.) It's an educational effort with embedded ISVs and OEMs at every step, you can presume the market, if they're thinking of security at all, is currently buying into 'fire-walling' and 'obfuscation' approaches.
There are some interesting groups like We Are the Cavalry working on that as well.
Some fun uses of Raspberry Pi computers as air-gapped PGP / KeyStores and Hardware Tor routers. DIY info-theoretic secure communications platforms (opto-isolators and so on.)
On the topic of HWSec, I'm interested in detecting in-sil modification, allowing end-users to simply and easily verify their hardware in the same way that the OS community has become entranced with 'deterministic verifiable builds'.
-Travis
I was thinking about step by step walk-throughs on things like:
* Generic and model-specific methods of reversibly (and not) disabling automotive ECM radio.
* Positively preventing laptop WiFi signals from being broadcast before the MAC address has been scrambled.
* Disabling built in microphones in computers and other network capable devices
etc.
Most of the necessary info is on the networks, IF one knows the applicable language and which sources to focus searches on. Right now I don't have the time for a new project but it's on my long term to-do list until or unless somebody else does it. Field testing - actually doing the things described - makes a huge usability difference, especially when writing for end users who do not have a background in tinkering with electronics. Things technologists take for granted and would not mention can pop up as unbeatable obstacles when first timers are trying to follow "simple" instructions.
A great example: http://www.turnpoint.net/wireless/cantennahowto.html
:o)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXISMcAAoJEECU6c5Xzmuqj0sIAK5BrO1RfW3hJYyYu2V7eqfM FcuMwRYjWenprNZwyB7CneNX9jSDT7xU0ApmkPzfzBckJfCKqliqQ/4qj6dgoyRr 2Kc6/AjH7R9oHrsdnaot3wrGvdBfv14TgSPqHBnZnY60qqvl938T0j/lySD1lS05 EeGixB2MgKQxQbHU4sjDyJyYfyibR37QG8rTYvmnveMRlbZdN9SY02i7+AfzizIp 3Wo7JYk8nQgAt8fwE3MZnVLsWvz23wq77SaqoTXbKEA/We4oqAN1RiqH2bYCZVHd UqJjbeuGPEBLUsGJkuPTMylY/KSquhL+LpOecLH/5l2+KNVJgLOHGS4KjwPaCZk= =zI8b -----END PGP SIGNATURE-----
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>