If you need to make sure your computer isn’t being messed with, you’ll have a look at the log files. If something seems fishy, that’s grounds for further investigation. If you run a large network of computers, you’ll probably want to look over all of the logs, but you won’t want to run around to each computer individually. Setting up a central server to analyze the logs exposes an additional attack surface: the logs in transit. How do you make sure that the attackers aren’t also intercepting and sanitizing your log file reports?
The answer to this question, and nearly everything else, is blockchain! Or maybe it’s not, but in this short presentation from the 2019 Hackaday Superconference, Shanni Prutchi, Jeff Wood, and six other college students intend to find out. While Shanni “rolls her eyes” at much of blockchain technology along with the rest of us, you have to admit one thing: recursively hashing your log data to make sure they’re not tampered with doesn’t sound like such a bad idea. Continue reading “Bringing The Blockchain To Network Monitoring”→
Your cellphone is the least secure computer that you own, and worse than that, it’s got a radio. [Jiska Classen] and her lab have been hacking on cellphones’ wireless systems for a while now, and in this talk gives an overview of the wireless vulnerabilities and attack surfaces that they bring along. While the talk provides some basic background on wireless (in)security, it also presents two new areas of research that she and her colleagues have been working on the last year.
One of the new hacks is based on the fact that a phone that wants to support both Bluetooth and WiFi needs to figure out a way to share the radio, because both protocols use the same 2.4 GHz band. And so it turns out that the Bluetooth hardware has to talk to the WiFi hardware, and it wouldn’t entirely surprise you that when [Jiska] gets into the Bluetooth stack, she’s able to DOS the WiFi. What this does to the operating system depends on the phone, but many of them just fall over and reboot.
Lately [Jiska] has been doing a lot of fuzzing on the cell phone stack enabled by some work by one of her students [Jan Ruge] work on emulation, codenamed “Frankenstein”. The coolest thing here is that the emulation runs in real time, and can be threaded into the operating system, enabling full-stack fuzzing. More complexity means more bugs, so we expect to see a lot more coming out of this line of research in the next year.
[Jiska] gives the presentation in a tinfoil hat, but that’s just a metaphor. In the end, when asked about how to properly secure your phone, she gives out the best advice ever: toss it in the blender.
It’s that time of year again here in Germany. The mulled wine flows all night long at the Christmas markets, the Krampus runs wild in the streets, and hackers are perched frantically behind their keyboards and soldering irons, trying to get their last minute projects “finished” for the 36th annual Chaos Communication Congress (36C3) in Leipzig.
We’ll have an assembly for all fans and friends of the Jolly Wrencher, so if you’re coming to Congress, you can come join us or at least stop by and say hi. [Elliot] and [Sven] and a number of Hackaday.io luminaries will be on hand. (Ask us about secret stickers and an as-yet unannounced upcoming Hackaday conference.)
Even if you’re not able to make it, you should keep your eyes on Hackaday from the 27th to the 30th, because we’ll be reporting on the best of Congress. But you don’t have to take our word for it: the Chaos Computer Club makes all of the talks available on livestream during the event, many with simultaneous translation, and final edited versions often appearing just a few hours afterwards.
We’ve looked through the schedule, and it’s going to be a hum-dinger! Gather ’round the glowing box with your friends at your own local hackerspace, or call in sick from work and make yourself some popcorn. This is must-see nerd TV.
Whether you’ve been naughty or nice, swing by our assembly if you’re going to be in Leipzig for the last few days of 2019. See you there!
We’ve all seen the IoT device security trainwrecks: those gadgets that fail so spectacularly that the comment section lights up with calls of “were they even thinking about the most basic security?” No, they probably weren’t. Are you?
Hackaday Contributor and all around good guy Kerry Scharfglass thinks about basic security for a living, and his talk is pitched at the newcomer to device security. (Embedded below.) Of course “security” isn’t a one-size-fits-all proposition; you need to think about what threats you’re worried about, which you can ignore, and defend against what matters. But if you’ve never worked through such an exercise, you’re in for a treat here. You need to think like a maker, think like a breaker, and surprisingly, think like an accountant in defining what constitutes acceptable risks. Continue reading “Kerry Scharfglass Secures Your IoT Things”→
If you hadn’t noticed, we had a bit of an FPGA theme running at this year’s Superconference. Why? Because the open-source FPGA toolchain is ripening, and because many of the problems that hackers (and academics) are tackling these days have become complex enough to warrant using them. A case in point: David Williams is a university professor who just wanted to build a quadruped robotics project. Each leg has a complex set of motors, motor drivers, sensors, and other feedback mechanisms. Centralizing all of this data put real strains on the robot’s network, and with so many devices the microcontrollers were running out of GPIOs. This lead him to become, in his words, “FPGA-curious”.
If you’re looking for a gentle introduction to the state of the art in open-source FPGAs, this is your talk. David covers everything, from a bird’s eye view of hardware description languages, through the entire Yosys-based open-source toolchain, and even through to embedding soft-CPUs into the FPGA fabric. And that’s just the first 18 minutes. (Slides for your enjoyment, and you can watch the talk embedded below the break.) Continue reading “David Williams Is “FPGA-Curious””→
Half of the Hackaday writing staff was at the 2019 Hackaday Supercon this weekend, and our own Kerry Scharfglass took the opportunity to interview everyone. Meanwhile, Elliot wandered around the soldering irons just about two hours before the Badge Hacking Ceremony, collecting stories of projects that worked, and those that didn’t.
Put the two together, and you’ve got an audio collage that gives you a peek into at least one facet of Supercon life, and gives you a chance to put voices to the words you read here every day!
We’ll be back to our normal programming next week.
Tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Hackaday has open-source running deep in our veins — and that goes for hardware as well as software. After all, it’s great to run open-source software, but if it’s running on black-box hardware, the system is only half open. While software has benefited mightily from all of the advantages of community development, the hardware world has been only recently catching up. And so we’ve been following the RISC-V open-source CPU development with our full attention.
Dr. Wachs, making her own wedding ring.
Our keynote speaker for the 2019 Hackaday Superconference is Dr. Megan Wachs, the VP of Engineering at SiFive, the company founded by the creators of the RISC-V instruction-set architecture (ISA). She has also chaired the RISC-V Foundation Debug Task Group, so it’s safe to say that she knows RISC-V inside and out. If there’s one talk we’d like to hear on the past, present, and future of the architecture, this is it.
The RISC-V isn’t a particular chip, but rather it’s a design for how a CPU works, and a standard for the lowest-level language that the machine speaks. In contrast to proprietary CPUs, RISC-V CPUs from disparate vendors can all use the same software tools, unifying and opening their development. Moreover, open hardware implementations for the silicon itself mean that new players can enter the space more easily, bring their unique ideas to life faster, and we’ll all benefit. We can all work together.
It’s no coincidence that this year’s Supercon badge has two RISC-V cores running in its FPGA fabric. When we went shopping around for an open CPU core design, we had a few complete RISC-V systems to pick from, full compiler and development toolchains to write code for them, and of course, implementations in Verilog ready to flash into the FPGA. The rich, open ecosystem around RISC-V made it a no-brainer for us, just as it does for companies making neural-network peripherals or even commodity microcontrollers. You’ll be seeing a lot more RISC-V systems in the near future, on your workbench and in your pocket.
We’re tremendously excited to hear more about the project from the inside, and absolutely looking forward to Megan’s keynote speech!
The Hackaday Superconference is completely sold out, but that doesn’t mean that you have to miss out. We’ll be live-streaming the keynote and all other talks on the Supercon main stage, so subscribe our YouTube channel and you won’t miss a thing.
