Ahh, neat project list - neutering your devices surface is certainly an interesting bent.
I dig efforts to liberate access to embedded devices running flavors of linux - usually you can find a guide to root shells on just about anything that runs the kernel. RTOS, you aren't so lucky. Your bits are much more complicated in physical land - things are just so much easier when a 1 is a 1 and a 0 is a 0, no? -Travis On Wed, Apr 27, 2016 at 4:37 PM, Steve Kinney <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 04/27/2016 03:03 PM, Travis Biehn wrote: > > I'm working on influencing security in embedded, e.g., writing and > > designing secure systems (comprehensively, starting with arch & > > code.) It's an educational effort with embedded ISVs and OEMs at > > every step, you can presume the market, if they're thinking of > > security at all, is currently buying into 'fire-walling' and > > 'obfuscation' approaches. > > > > There are some interesting groups like We Are the Cavalry working > > on that as well. > > > > Some fun uses of Raspberry Pi computers as air-gapped PGP / > > KeyStores and Hardware Tor routers. DIY info-theoretic secure > > communications platforms (opto-isolators and so on.) > > > > On the topic of HWSec, I'm interested in detecting in-sil > > modification, allowing end-users to simply and easily verify their > > hardware in the same way that the OS community has become entranced > > with 'deterministic verifiable builds'. > > > > -Travis > > I was thinking about step by step walk-throughs on things like: > > * Generic and model-specific methods of reversibly (and not) disabling > automotive ECM radio. > > * Positively preventing laptop WiFi signals from being broadcast > before the MAC address has been scrambled. > > * Disabling built in microphones in computers and other network > capable devices > > etc. > > Most of the necessary info is on the networks, IF one knows the > applicable language and which sources to focus searches on. Right now > I don't have the time for a new project but it's on my long term to-do > list until or unless somebody else does it. Field testing - actually > doing the things described - makes a huge usability difference, > especially when writing for end users who do not have a background in > tinkering with electronics. Things technologists take for granted and > would not mention can pop up as unbeatable obstacles when first timers > are trying to follow "simple" instructions. > > A great example: http://www.turnpoint.net/wireless/cantennahowto.html > > :o) > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJXISMcAAoJEECU6c5Xzmuqj0sIAK5BrO1RfW3hJYyYu2V7eqfM > FcuMwRYjWenprNZwyB7CneNX9jSDT7xU0ApmkPzfzBckJfCKqliqQ/4qj6dgoyRr > 2Kc6/AjH7R9oHrsdnaot3wrGvdBfv14TgSPqHBnZnY60qqvl938T0j/lySD1lS05 > EeGixB2MgKQxQbHU4sjDyJyYfyibR37QG8rTYvmnveMRlbZdN9SY02i7+AfzizIp > 3Wo7JYk8nQgAt8fwE3MZnVLsWvz23wq77SaqoTXbKEA/We4oqAN1RiqH2bYCZVHd > UqJjbeuGPEBLUsGJkuPTMylY/KSquhL+LpOecLH/5l2+KNVJgLOHGS4KjwPaCZk= > =zI8b > -----END PGP SIGNATURE----- > -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
