Needs more hardware hacking dox

Wed Apr 27 14:07:47 PDT 2016

Ahh, neat project list - neutering your devices surface is certainly an
interesting bent.

I dig efforts to liberate access to embedded devices running flavors of
linux - usually you can find a guide to root shells on just about anything
that runs the kernel. RTOS, you aren't so lucky.

Your bits are much more complicated in physical land  - things are just so
much easier when a 1 is a 1 and a 0 is a 0, no?

-Travis

On Wed, Apr 27, 2016 at 4:37 PM, Steve Kinney <admin at pilobilus.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 04/27/2016 03:03 PM, Travis Biehn wrote:
> > I'm working on influencing security in embedded, e.g., writing and
> > designing secure systems (comprehensively, starting with arch &
> > code.) It's an educational effort with embedded ISVs and OEMs at
> > every step, you can presume the market, if they're thinking of
> > security at all, is currently buying into 'fire-walling' and
> > 'obfuscation' approaches.
> >
> > There are some interesting groups like We Are the Cavalry working
> > on that as well.
> >
> > Some fun uses of Raspberry Pi computers as air-gapped PGP /
> > KeyStores and Hardware Tor routers. DIY info-theoretic secure
> > communications platforms (opto-isolators and so on.)
> >
> > On the topic of HWSec, I'm interested in detecting in-sil
> > modification, allowing end-users to simply and easily verify their
> > hardware in the same way that the OS community has become entranced
> > with 'deterministic verifiable builds'.
> >
> > -Travis
>
> I was thinking about step by step walk-throughs on things like:
>
> * Generic and model-specific methods of reversibly (and not) disabling
> automotive ECM radio.
>
> * Positively preventing laptop WiFi signals from being broadcast
> before the MAC address has been scrambled.
>
> * Disabling built in microphones in computers and other network
> capable devices
>
> etc.
>
> Most of the necessary info is on the networks, IF one knows the
> applicable language and which sources to focus searches on.  Right now
> I don't have the time for a new project but it's on my long term to-do
> list until or unless somebody else does it.  Field testing - actually
> doing the things described - makes a huge usability difference,
> especially when writing for end users who do not have a background in
> tinkering with electronics.  Things technologists take for granted and
> would not mention can pop up as unbeatable obstacles when first timers
> are trying to follow "simple" instructions.
>
> A great example:  http://www.turnpoint.net/wireless/cantennahowto.html
>
> :o)
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJXISMcAAoJEECU6c5Xzmuqj0sIAK5BrO1RfW3hJYyYu2V7eqfM
> FcuMwRYjWenprNZwyB7CneNX9jSDT7xU0ApmkPzfzBckJfCKqliqQ/4qj6dgoyRr
> 2Kc6/AjH7R9oHrsdnaot3wrGvdBfv14TgSPqHBnZnY60qqvl938T0j/lySD1lS05
> EeGixB2MgKQxQbHU4sjDyJyYfyibR37QG8rTYvmnveMRlbZdN9SY02i7+AfzizIp
> 3Wo7JYk8nQgAt8fwE3MZnVLsWvz23wq77SaqoTXbKEA/We4oqAN1RiqH2bYCZVHd
> UqJjbeuGPEBLUsGJkuPTMylY/KSquhL+LpOecLH/5l2+KNVJgLOHGS4KjwPaCZk=
> =zI8b
> -----END PGP SIGNATURE-----
>

-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4373 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160427/28d0610b/attachment-0002.txt>