SparkFun Electronics Commentsurn:uuid:214d0e4e-f1b1-d287-ce26-ac5b4c9f82492024-03-29T05:33:38-06:00SparkFun ElectronicsCustomer #644807 on Enginursday: InfoSec for Hardware GeeksCustomer #644807urn:uuid:4548d8d2-c5ee-7a23-1104-9a44e4a303f72015-01-30T15:42:04-07:00<p>A perfect example is, I worked for a phone manufacturer. The phones have an SOC that runs Linux with an undocumented ssh service and all of them have the same easy to bruit force root password. The company is a hardware manf and a software manf so they have no security experts. In regards to patching and upgrades , They would only be updated when a new version of the phone system was updated on the main system which would only happen if the customer wanted a new feature or expected a fix. Technician would also have to take the time to force reboot all the phones to get the update which doesn't always happen. The phone is used by fortune 100 companies.</p>
DemolishManta on Enginursday: InfoSec for Hardware GeeksDemolishMantaurn:uuid:f075b3d3-6b6a-c4e0-f1af-9e6afcc0b4722015-01-30T13:05:56-07:00<p>I never wanted a Pi before, but now after seeing it used as a low cost server for "whatever" use I want one. I have an idea for a project that involves creating bogus traffic on the internet to foil some not so secret information collection systems. It would require millions of devices, but could make all the data collected hard to decipher.</p>
DemolishManta on Enginursday: InfoSec for Hardware GeeksDemolishMantaurn:uuid:da00d73b-90f1-4aec-1e4e-63fbaf68d0492015-01-30T13:03:54-07:00<p>I have seen this in telecom via a cellphone. They kept on putting garbage on my phone that would eat battery life. So I rooted and changed firmware. The phone worked just fine. They never complained that I had changed it. The phone outlasted my service with them and continues to work better than my new phone with a different telecom. I use it a general purpose computing device now. Alarm clock, MP3 player, etc. At least in the cell phone arena they seem to understand why security patching is important.</p>
MichaelShimniok on Enginursday: InfoSec for Hardware GeeksMichaelShimniokurn:uuid:c782ee50-cbc7-d863-85c0-a56d512b133c2015-01-30T09:31:51-07:00<p>Love the article and probably will more so when I have time to read in depth.<p>Coming at this from a defender perspective, there's a big opportunity to stop forgetting embedded tech.</p><p>I've seen embedded systems running OSes years behind on patches or upgrades; vendors actually won't support updated systems. Yes. Really. I've seen it in telecom and other dedicated gear. It's maddening.</p><p>Hm, if only I could think of just one example of, oh, I don't know, a major retail breach where an out-of-date operating systems played a major role in stealing millions of credit cards... :]</p></p>
wpmcnamara on Enginursday: InfoSec for Hardware Geekswpmcnamaraurn:uuid:894cee60-40f5-05f7-8057-e1a82bd3d3162015-01-30T09:08:16-07:00<p>I have to say that MicroCorruption is a really cool idea. I actually use the MSP430 for projects and it is neat to see the simulated environment they have put together. I've only gone through the tutorial and the first two challenges and... well, its pretty addictive.</p>
a_cavis on Enginursday: InfoSec for Hardware Geeksa_cavisurn:uuid:6d703f44-8db5-0ad8-fc11-7b1cd3f37cf92015-01-29T12:31:45-07:00<p>It was a 2600Hz whistle so I'm stealing your long distance now.</p>
MikeGrusin on Enginursday: InfoSec for Hardware GeeksMikeGrusinurn:uuid:9ca9b70f-ee57-c895-5fae-e571003effcf2015-01-29T12:30:43-07:00<p>Just reading your comment put something on my machine, didn't it.</p>
a_cavis on Enginursday: InfoSec for Hardware Geeksa_cavisurn:uuid:ea6dda1d-6a51-b65e-e24f-c12e47b412352015-01-29T12:08:44-07:00<p>... <em>whistles innocently</em></p>