Physical Security for Desktop Computers

There’s a truism in the security circles that says physical security is security. It doesn’t matter how many bits you’ve encrypted your password with, which elliptic curve you’ve used in your algorithm, or if you use a fingerprint, retina scan, or face print for a second factor of authentication. If someone has physical access to a device, all these protections are just road bumps in the way of getting your data. Physical access to a machine means all that data is out in the open, and until now there’s nothing you could do to stop it.

This week at Black Hat Europe, Design-Shift introduced ORWL, a computer that provides the physical security to all the data sitting on your computer.

The first line of protection for the data stuffed into the ORWL is unique key fob radio. This electronic key fob is simply a means of authentication for the ORWL – without it, ORWL simply stays in its sleep mode. If the user walks away from the computer, the USB ports are shut down, and the HDMI output is disabled. While this isn’t a revolutionary feature – something like this can be installed on any computer – that’s not the biggest trick ORWL has up its sleeve.

ORWL2The big draw to the ORWL is a ‘honeycomb mesh’ that completely covers every square inch of circuit board. This honeycomb mesh is simply a bit of plastic that screws on to the ORWL PCB and connects dozens of electronic traces embedded in this board to a secure microcontroller. If these traces are broken – either through taking the honeycomb shell off or by breaking it wide open, the digital keys that unlock the computer are erased.

The ORWL specs are what you would expect from a bare-bones desktop computer: Intel Skylake mobile processors, Intel graphics, a choice of 4 or 8GB of RAM, 64 to 512GB SSD. WiFi, two USB C ports, and an HDMI port provide all the connections to the outside world.

While this isn’t a computer for everyone, and it may not even a very large deployment, it is an interesting challenge. Physical security rules over all, and it would be very interesting to see what sort of attack can be performed on the ORWL to extract all the data hidden away behind an electronic mesh. Short of breaking the digital key hidden on a key fob, the best attack might just be desoldering the chips for the SSD and transplanting them into a platform more amenable to reading them.

In any event, ORWL is an interesting device if only for being one of the few desktop computers to tackle the problem of physical security. As with any computer, if you have physical access to a device, you have access to all the data on the device; we just don’t know how to get the data off one of these tiny computers.

Video below.

Continue reading “Physical Security for Desktop Computers”

Compressorhead: Best Robot Band Ever?

We’ve written about Compressorhead before but we’re writing about them again. Why? Because Compressorhead is the most amazing robot band you’ve ever seen, and because they’ve just opened up a Kickstarter to fund building a lead singer robot and recording an album.

And because they’ve released a bunch of new videos, one of which you’ll find below the break.

Continue reading “Compressorhead: Best Robot Band Ever?”

The USB Killer – Now A Crowdfunding Campaign

Kickstarter, Indiegogo, and every other crowdfunding site out there frequently have projects that should never be products. The latest promises to protect you from security breaches and identity theft by blowing up your computer. It’s the USB Killer, and for only $99 USD, you too can destroy the USB port in your computer and everything else attached to it.

The USB Killer is a device that plugs into the USB port on any computer, charges up several caps, and dumps all that voltage back into the computer. The process repeats until something breaks. We’ve seen it used on a poor Thinkpad X60, and from the video evidence it does exactly what it’s designed to do: kill a computer.

The Indiegogo campaign for the USB killer comes with a web page for the campaign that goes over the function of the device in much more detail. Inside the USB killer is a DC/DC converter that charges a few capacitors to -110V. When the caps are charged, that voltage is dumped back into the USB port where something will happen. Somewhat surprisingly, the folks behind the USB Killer have a video of a computer not dying when the USB Killer is plugged in. Only killing the USB port in a computer is not a guaranteed functionality, as the Indiegogo campaign has the following disclaimer: “Please be aware: USB Killer may cause damage to the motherboard, depending on your computer. By making a pre-order you acknowledge that you are aware of this fact.”

SEC Allows Crowdfunding

Kickstarter is not an investment, and no matter how many times this is repeated, you’ll find the phrase ‘my investment’ in the comments section of nearly every failed Kickstarter, Indiegogo, or other crowdfunding campaign. These campaigns are more closely related to group buys, and you’ll never find a Kickstarter offering equity or any sort of return beyond the latest electronic bauble, indie game, or graphic novel. Sure, you may bootstrap a business with that pledge, but don’t expect dividends from Ouya or Pebble.

Now, this may finally change. The US Securities and Exchange Commission approved new rules for crowdfunding, allowing startups to raise money from Jane and Joe Internet.

Previously, angel investments, venture capital, and hedge funds were not for the common man; these were high-risk investments, and only accredited investors could participate in these funding rounds. Accredited investors, at least in the US, are individuals with a net worth of at least $1 Million, or an income greater than $200,000 in each of the previous two years. The reason for only allowing accredited investors – depending on your interpretation – is to protect consumers or to maintain a perverse oligarchy by installing a glass ceiling over the middle class. Either way, normal people couldn’t invest in high-risk investments until now.

Congress has seen fit to create a new class of investor, and pursuant to Title III of the JOBS Act, the SEC recently released the complete rules for crowdfunded investment. In a massive, 600-page tome, all the regulations are laid bare, ready for the next serial entrepreneur who seeks at most $1 Million in investment for their next startup.

Investors and Startups

The rules issued by the SEC immediately place some limitations on what can be done under the new regulations. For startups, a maximum of $1 Million can be raised over a 12-month period.

For investors with an annual income or a net worth of less than $100,000, a maximum of $2,000 or 5% of annual income can be invested, whichever is greater. For investors with an annual income or net worth greater than $100,000, 10% of their income or net worth can be invested, whichever is smaller.

Brokers and Funding Portals

Investors and entrepreneurs are not allowed to keep their transactions to themselves; this is the SEC after all. Transactions will go through registered broker-dealers or something called a ‘funding portal’. These funding portals are forbidden from offering advice, making recommendations, advertising, paying employees a commission, holding securities themselves, and the regulation bars directors, officers, and partners of the funding portal from holding investments using that funding portal’s services.

It’s The Complete Opposite of Kickstarter

Kickstarter was never known for its transparency. While the basic premise of crowdfunding the manufacturing of a few baubles or 3D printers is sound – it’s cheaper per unit to build a hundred of something than to build just one – the reality of actually building something meant Kickstarters failed – it’s exponentially harder to build ten thousand of something than it is to build a hundred. Add to this Kickstarter’s investments in campaigns featured on their website, and you have the recipe for practices that aren’t illegal but certainly don’t pass the sniff test.

The regulations put forth by the SEC turn the most common trope of the Internet economy on their head; companies responsible for bringing startups and investors together are not financially dependant on these startups. Companies can not raise more money than they could handle, and hopefully individual investors won’t take to crowdfunded companies like online poker and day trading.

Traditional crowdfunding has started a lot of great companies so far; the Form1 printer began as a crowdfunding campaign, and Reading Rainbow still lives thanks to a successful Kickstarter. With these new regulations come new possibilities for the latest startups, and more paths to success than a traditional angel investor or VC tycoon.

Amino Wants to Bring Bioengineering to Your Workbench

As the maker movement has exploded in popularity in recent years, there has been a strong push to put industrial tools into the hands of amateur tinkerers and hackers. CNC mills, 3D Printers, and laser cutters were all extremely expensive machines that were far too costly for most people until makers demanded them and hackers found ways to make them affordable. But, aside from the home brewing scene, those advancements haven’t really touched on anything organic. Which is a deficiency that Amino, a desktop bioengineering system, is seeking to address.

Amino, created by [Julie Legault], is currently seeking crowd-funding via Indiegogo. Hackaday readers are more suspicious than most when it comes to crowd-funding campaigns, and with good reason. But, [Julie Legault] has some very impressive credentials that lend her a great deal of credibility. She has four degrees in the arts and sciences, including a Masters of Science at the MIT Media Lab.

It was for that degree at MIT that [Julie] started Amino as her thesis. Her plan is to bring the tools necessary for bioengineering to the masses – tools which are traditionally only available in research labs. Those tools are packaged into a small desktop-sized unit called Amino. Backers will receive this desktop system, along with the supplies for their first project. Those projects are predefined, but the tools are versatile enough to allow users to move on to their own projects in the future. [Julie] thinks that the future is in bioengineering, and that the best way to feed innovation is to make the necessary tools both affordable and accessible.

Continue reading “Amino Wants to Bring Bioengineering to Your Workbench”

Why Starting a Kickstarter Could Kick Your Butt

So you’ve come up with a great idea and now you’re thinking about starting a crowdfunding campaign – and why not, all the cool kids are doing it. Now, let’s say you already have a working prototype, or maybe you even built a small run for friends online. You’ve made 10 here, or 20 there. Sure it took some time, but making 1000, or 10,000 would be so much easier once you get all the orders in, right? Wrong.

Before you even think of setting up something like a Kickstarter, we would like to invite you to have a seat and watch this series of videos covering the things many people don’t know about manufacturing. It’s going to cost you 7 hours of sofa time, but if you’re serious about getting something to production these seven hours will pay in spades. Dragon Innovation has had many notable clients over the years – Pebble, Sphero, Makerbot, to name a few. They help startups find their way through the manufacturing mine-feild, for a fee of course. The founders are former iRobot employees, and have quite a bit of hard fought, yet free knowledge to share.

You’ll learn about how important decisions early on can make huge impacts on the success or failure of a product. There’s quite a bit of raw technical info on injection molding, design for manufacture, testing, pricing and everything under the sun. So do yourself (and everyone else) a favor, and before you click submit on that Kickstarter campaign, sit back and enjoy this free seminar.

We’re really enjoying the manufacturing oriented videos which have been popping up. Just a couple of weeks ago we came across a pair of hardware talks from [Bunnie Huang] that were a pleasure to watch. At 20 minutes this might be a good primer before you take the plunge with the playlist below.

Continue reading “Why Starting a Kickstarter Could Kick Your Butt”

Skarp Laser Razor Kickstarter Suspended, Jumps To Indiegogo

An irritation-free razor that gives a close shave has been a dream for thousands of years. [Gillette] came close, and with multiple blades came even closer, but all razors today are still just sharpened steel dragged across the skin. This is the 21st century, and of course there’s a concept for a laser razor pandering for your moola. We recently covered the Skarp laser razor and its Kickstarter campaign, and today the campaign has been shut down.

The email sent out to all contributors to the Skarp campaign follows:

Hello,

This is a message from Kickstarter’s Integrity team. We’re writing to notify you that the Skarp Laser Razor project has been suspended, and your pledge has been canceled.

After requesting and reviewing additional material from the creator of the project, we’ve concluded that it is in violation of our rule requiring working prototypes of physical products that are offered as rewards. Accordingly, all funding has been stopped and backers will not be charged for their pledges. No further action is required on your part. Suspensions cannot be undone.

We take the integrity of the Kickstarter system very seriously. We only suspend projects when we find evidence that our rules are being violated.

Regards, Kickstarter Integrity Team

It only took eight hours for the Skarp team to relaunch their crowdfunding campaign on Indiegogo. As of this writing, over 900 people (ostensibly from the 20,000 backers of the original Kickstarter campaign) have pledged to the new campaign.

Although we will never know exactly why Kickstarter suspended the original Skarp campaign, the reason given by the Kickstarter Integrity Team points to the lack of a working prototype, one of the requirements for technology campaigns on Kickstarter. Interestingly, Skarp did post a few videos of their razor working. These videos were white balanced poorly enough to look like they were filmed through green cellophane, a technique some have claimed was used to hide the actual mechanism behind the prototype’s method of cutting hair. A few commenters on the Skarp Kickstarter campaign – and here on Hackaday – have guessed the Skarp prototype does not use lasers, but instead a heated length of nichrome wire. While this would burn hair off, the color of the wire would be a dull red when filmed in any normal lighting conditions. It is assumed the poor quality of the Skarp prototype videos is an attempt to hide the fact they do not have a working prototype.

The Skarp laser razor. Source
The Skarp laser razor. Source

Skarp’s move to Indiegogo has been lauded by some – mostly in the comments section of the Indiegogo campaign – and has been derided on every other forum on the Internet. Indiegogo is commonly seen as the last refuge of crowdfunding scam artist, but there are a few legitimate reasons why a campaign would choose to go to Indiegogo. Kickstarter is not available for campaign founders in all countries, and for some, debiting a card immediately, instead of after the campaign end like Kickstarter does, is a legitimate crowdfunding strategy.

But for a crowdfunding campaign to be suspended on Kickstarter and immediately move to Indiegogo? This almost never ends well. One of the most famous examples, the Anonabox, had its Kickstarter campaign suspended after it was found the creator was simply rebadging an off-the-shelf router. The Anonabox then moved over to Indiegogo where it raised over $80,000. Already the campaign for the Skarp Laser Razor has raised $135,000 USD from Indiegogo, after having its Kickstarter campaign raised over $4 Million. No, Skarp won’t be one of the most successful technology Kickstarter campaigns of all time. We can only hope it won’t be one of Indiegogo’s most successful campaigns.