Events

hardwear.io: Conference Day 1

During my stay in The Hague I needed to print something, so I asked for a Copy shop and this is where they sent me:

coffeeshop

Against the common rule to just talk about the personal favorites, I will cover all talks in one, two or more sentences (arbitrarily decided while writing). This also gives you a broader picture of the conference.

Jumping right in with the keynote of Day 1 by Jon Callas and my favorite quote “Make your devices fixable”. Enough said.

Gunnar Alendal and Christian Kison gave us an interesting wrap up of their work on Self-Encrypting Drives. Well, they wouldn’t be at a security conference if they hadn’t found something. On some of the devices they were able to completely bypass the authentication scheme, others had just a bad key-management.

After a short break our own Stefan Kiese gave us an introduction on Software Defined Radio. He stared at a few low-budget alarm systems and was able, by simply replaying the signal, to disarm them and rob the inventory. Just kidding, he stole the house.

Omer Yuksel showed us his approach on Semantics-aware Intrusion Detection for Industrial Control Systems. Which reminded me of my statistics lecture and how to lower false-positive rates.

Joe FitzPatrick, Dominic Spill and Jeremy Richards gave us an introduction on Hardware Hacking with the Beaglebone (Bl|H)ack. Believe me you can do everything with it. Talking I2C or dumping firmware via SPI is no problem at all, even I was able to do so the day before. Turning it into a Logic-Analyzer is also possible, but only with some additional magic. Nonetheless the results seem impressive for such a small device.

Marcus Janke and Dr. Peter Laackmann, these two guys topped everything with “Advanced Attack Methodologies against Security Microcontrollers”. The DIY-Wizards in the chip reversing scene. Back in the days when there was not even expensive hardware around to mess with chips – they just built it themselves. Logic-Analyzer? Here, a box, LEDs, a few cables, paper and pen. How to do fault injection? Just take some radiated materials and point them (for weeks) at the chip. Scanning Electron Microscope? Okay, this they actually bought – but still insane enough.

That’s so far all I have to say about the first day. Stay tuned there is one more pun to come.