Forgot your password?
typodupeerror
Security Hardware Hacking Hardware Build

Prototyping Boards Make It Easier To Find Flaws in Specialized Hardware 56

Posted by timothy
from the arduino-nuclear-plant dept.
wiredmikey writes "Author Robert Vamosi writes an interesting piece on how security researchers are using open source 'prototyping boards' and other open source tools now available via the Internet for rapid prototyping of tools used in hardware analysis. 'The days of saying it would take the resources of a nation-state to discover or exploit vulnerabilities in a particular piece of hardware in an industrial control system or a healthcare environment are rapidly fading,' he writes. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks."
This discussion has been archived. No new comments can be posted.

Prototyping Boards Make It Easier To Find Flaws in Specialized Hardware

Comments Filter:
  • that's funny, because only a few hours ago there was an article posted on slashdot saying how good "security through obscurity" is, with the author of the paper saying that ignorance of the hardware and software is a "good defense". now someone else is saying that the pace of research into hardware is accelerated, and as a Reverse-Engineer and Security Researcher and an intelligent person whom that "security through obscurity" paper clearly sees as a threat, i feel warm and fuzzy now.

    • by arielCo (995647)
      It's not exactly "X good" then "X bad". More like "X may help" and "it's bad to rely solely on X", which can be said about a LOT of things (vitamins come to mind).
    • by arielCo (995647)

      And of course, "X has its advantages and downside", which regarding obscurity are a) that dedicated attackers will know less about your weaknesses, and b) that you lack the potential "many eyeballs" that _could_ help you if they know what to look for.

      Big projects like Linux and Firefox attract said eyeballs, but smaller open-source projects may attract the eyeballs intent on harming you, while not being popular enough to attract helpful scrutiny.

      • by lkcl (517947)

        ok - i may just be a very strange individual, then, because reverse-engineering, whilst time-consuming, is something that i can do pretty easily. and, just that one "eyeball" ok two i have binocular vision, it really didn't take long to "crack" NT Domains Security Logins - about 30 days - and immediately it was obvious that there was a serious problem (40-bit bottleneck). then, i had to tackle NTLMSSP later on: again, about 40 days, and again, immediately detected a serious problem or two.

        the gnuradio guy

  • by vlm (69642) on Sunday October 02, 2011 @09:55AM (#37583038)

    The article is just another extremely tired "This existed since the 80s, but now that the Arduino supports it, we can act as if it a new invention." And ABSOLUTELY nothing other than the Arduino. "other open source tools"? Not that I saw in the article.

    Which is a pity, because I think a DP bus pirate would be way the heck more useful for this kind of work. I used a DP BP to debug the software for a I2C real time clock, but I'm sure it could be used for reverse engineering or nefarious purposes (much like a screwdriver is multi-purpose)

    http://dangerousprototypes.com/docs/Bus_Pirate [dangerousprototypes.com]

    The days of saying it would take the resources of a nation-state to discover or exploit vulnerabilities in a particular piece of hardware in an industrial control system or a healthcare environment are rapidly fading

    Was anyone technical ever dumb enough to ever believe that? Anyone? Ever? Marketing P.R. BS doesn't count.

    • by Arlet (29997)

      Exactly. Similar hardware that the Arduino uses has been available in different forms for decades. It just took a bit more effort by the user, but anybody skilled enough to reverse engineer existing hardware already has all the knowledge to build their own prototyping board.

    • by drinkypoo (153816)

      Either you believe the "many eyes" theory or you don't. Or in this case, many hands. The reason Arduino is a game-changer is that it has really taken off. We could argue all day about why that is, but I suspect the answer is that it has a combination of features including C programming, open hardware, and pre-made shields that actually do stuff, while also being incredibly inexpensive. You could do all the same stuff with the STK500, but that was thirty bucks more than it will realistically cost you to get

      • by Okian Warrior (537106) on Sunday October 02, 2011 @11:55AM (#37583538) Homepage Journal

        I've been programming microcontrollers professionally for 30 years, and around 30 years ago I started making/using microcontrollers at home for hobby projects.

        At that time I was using 68HC11 micros:

        a) The 68HC11 is roughly equivalent to the arduino chip of today (ie - Atmega 168)
        b) You could buy a 68HC11 dev board for $50, roughly equivalent to the Arduino
        c) The programmer was $100

        This is not a whole lot different from the Arduino of today, yet 68HC11 hobbyist development was rare.

        The difference is in the software. At that time, you could get any number of chips made by several manufacturers. They almost gave away their development boards, because they wanted people to have familiarity with the units. They wanted people to recommend the micros to their employers, which might lead to a big sale.

        The difference is in the software. You could get hardware for around $100, but the cheapest compiler you could get was $350 at the low end, topping out at $10,000. The assembler was free. You had to type assembly language into a text editor, use command-line tools to compile and download it, then debug it instruction-by-instruction.

        The reason Arduino took off was not all because of the low price, it was because of the ease of use. Atmel gave out the IDE for free, and it was almost literally plug-and-play. You could get a "blink the LED" program up and running in under an hour, including installation of software. WinAVR (based on GCC) is a perfectly acceptable C compiler, also for free.

        Atmel gave out the IDE for free, then someone noticed and came out with the Arduino. Bam! Instant market penetration.

        That's why the Arduino became so popular: it's because Atmel took the trouble to make using/tinkering with the unit so easy. There was almost no learning curve associated with using the system - you could concentrate almost immediately on getting your work done.

        • Perhaps, but TFA is talking about hacking SCADA and other high value targets (stuff that 'nation - states' might be interested). Persons so interested are not going to be put off by a compiler or an IDE. Besides, BASIC STAMP and similar have been around for ages, have similar capabilities, dirt cheap boards and software.

          Firstly, I don't see a huge attempt to reprogram every PLC or FPGA in existence. Secondly, much of said behavior is likely script kiddy level. It is now sexy to start talking about hackin

          • by Bassman59 (519820)

            Firstly, I don't see a huge attempt to reprogram every PLC or FPGA in existence. Secondly, much of said behavior is likely script kiddy level. It is now sexy to start talking about hacking at hardware type things, even if not much comes out of it.

            Well, the obvious reason (well, obvious to me, anyway; I'm an EE who does FPGA design for a living) there are very few attempts to reprogram every FPGA in existence is because the FPGAs are always installed on an application-specific circuit board, with application-specific I/O and peripherals. Modifying some product to do something else is a non-starter, simply because of the rework involved.

        • by Nethead (1563)

          I played with the 68HC11 back in the 90s, damn nice chip. Then a friend turned me on to Intel's 8052AH-BASIC and I don't think I ever burned another 68xx chip after that. Put a payphone into production using the 8052, not because it was cheaper (not by a very long shot) but because we were in a rush to market and an integer BASIC is so much faster to develop in than asm and converting the output to S-code.

        • by drinkypoo (153816)

          a) The 68HC11 is roughly equivalent to the arduino chip of today (ie - Atmega 168)
          b) You could buy a 68HC11 dev board for $50, roughly equivalent to the Arduino
          c) The programmer was $100

          This is not a whole lot different from the Arduino of today, yet 68HC11 hobbyist development was rare.

          The difference is in the software.

          $150 in 1980 dollars is $390 in 2010 dollars. But an Arduino is $20 (or less!) and a programmer is $0 (It's USB.) So even putting the software aside, you are just wrong. Even STK500 is only $50 and comes with a device, which is almost only an eighth of the price of a device and programmer for the Motorola solution, back in the day! And then there's the butterfly...

        • by Animats (122034)

          The reason Arduino took off was not all because of the low price, it was because of the ease of use. Atmel gave out the IDE for free, and it was almost literally plug-and-play. You could get a "blink the LED" program up and running in under an hour, including installation of software. WinAVR (based on GCC) is a perfectly acceptable C compiler, also for free.

          I've programmed both the 68HC11 and the Atmel ATMega128, but without the Auduno cult. He's right about the 68HC11 - back in the 1980s, it was really hard to get a C compiler for the thing. At one point I used a commercial Forth interpreter.

          For the ATMega128, which is a reasonably modern low-end microcontroller, the Atmel tool suite is free, and quite straightforward if you're a programmer and an electrical engineer. But if you give someone whose previous experience is limited to Javascript an ATMega dev

        • Atmel gave out the IDE for free, then someone noticed and came out with the Arduino. Bam! Instant market penetration.

          Actually Wiring (http://wiring.org.co/) was first, then Arduino took the code to use it on cheaper chips. And Arduino keeps using code from Wiring, even today, without a proper attribution. It's true they stick to Wiring's license, but it would be nice if they let the world know it wasn't their idea.

      • by zAPPzAPP (1207370)

        The only really good thing about Arduino is the libraries.
        Of course you need to agree to certain hardware standards to build a library around them. Which pin goes where etc. But other than that, it's like using a breadboard with predefined names for connectors...

    • by mikael (484)

      The days of saying it would take the resources of a nation-state to discover or exploit vulnerabilities in a particular piece of hardware in an industrial control system or a healthcare environment are rapidly fading
      Was anyone technical ever dumb enough to ever believe that? Anyone? Ever? Marketing P.R. BS doesn't count.

      I guess you would need to be able to afford that piece of hardware/sensor setup. If you want to replicate the entire control system of chemical plant, nuclear reactor or CAT scanner, that's

    • by mrmeval (662166)

      Lattice sold their Brevia development board which has an instant on FPGA. It also has an I/O system that is remarkable. If there's a specification it can't do it's most likely obsolete. I've been able to use the free development software to hook it up to a 3.3v I/O source and record the digital signals. I bought it for 29.95. Unfortunately the 3.3v is hard wired and I've not checked if I can power the I/O with different voltages.

      FWIW there is an atmega 168 FPGA core but I've not tried to make it work. It co

      • by Bassman59 (519820)

        Lattice sold their Brevia development board which has an instant on FPGA. It also has an I/O system that is remarkable. If there's a specification it can't do it's most likely obsolete. I've been able to use the free development software to hook it up to a 3.3v I/O source and record the digital signals. I bought it for 29.95. Unfortunately the 3.3v is hard wired and I've not checked if I can power the I/O with different voltages.

        FWIW there is an atmega 168 FPGA core but I've not tried to make it work. It comes with Lattice's micro8 core as a demo.

        You do realize that Xilinx, Altera and Actel also offer pretty cheap development/starter kits with FPGAs, I/O headers and some peripherals? And they work with the free (as in beer) tools supplied by the vendors? Digilent also make a series of low-cost FPGA kits.

        • by mrmeval (662166)

          Yes and Lattice has 'faib' tools as well. The IDE is available at no cost though getting the Linux one to work is an interesting chore since they only support RHEL. I don't recall any of the other vendors offering an FPGA development kit for under 50. Digilent does not have favorable pricing unless you meet their rules as a student or other academic all but one is over 100. Is there an Altera board that matches the Brevia board available for under 100? Same for Actel but I'd not saddle anyone with Actel.

  • So there just starting to prototype there designs? Isn't this how every single project is started, you use prototyping boards to test the software, then once it's good to go you actually produce the real thing.
  • There is no justification in the article for the thesis it states so boldly in its title, ergo, the article is completely worthless. Reads like an advertisement. Slow news day?
    • by Whitt83 (723911)
      I'd mod you up if I had points. This headline has absolutely no relation to the article. It's sensationalism at its finest (worst?).
    • by kiwimate (458274)

      Yep. And sucker me, I'm giving /. page views by responding. But I read the "article" because I couldn't believe the summary described it accurately because, if it did, I was left scratching my head wondering why on earth this was posted.

      Unfortunately (and quite remarkably, considering this is Slashdot, after all), the summary was quite accurate. It really is that worthless a story.

    • I think the thesis of the article is that because Arduino and other prototyping boards are so cheap, products based on these chips will become more widespread and popular. Once they are out there, reverse-engineering them will be easier because you can get the same hardware that was used to develop them.

      The same is true for any FPGA or microcontroller, but since some of them had exorbitant costs for the development environment, the average man in the street will not really be able to hack their way through

      • by pinkeen (1804300)
        I skimmed through the article once more. It mentions that some security researchers use tools like arduino. Then there is a lengthy description of the new Arduino Due with no indication as to how you could use it (or how it is being used to such extent) to exploit hardware*. And finally author concludes that developers should test their hardware cause now (supposedly because of arduino due) everyone can try and exploit it.

        Upon closer examination I conclude there is absolutely no thesis stated in the artic
    • by Bassman59 (519820)

      There is no justification in the article for the thesis it states so boldly in its title, ergo, the article is completely worthless. Reads like an advertisement. Slow news day?

      Wish I had mod points. I agree.

  • A few paragraphs about the latest Arduino developments and then a single paragraph bolted on the end talking about vulnerabilities in industrial control systems and healthcare environments. What's the link between the two?

    Ganty

  • ...it makes it easier to get results here and now.

    Sure, I can EAGLE it all, and print a result, 2 weeks later get a PCB and THEN fault find...suuuuure....but it sucks donkeysballs.
    I'm an old guy by kids standards, and I love to get my results here and now, so I use prototyping boards, I've bought a bunch of these from eBay suppliers, and I'm as happy as a kid on christmas or a kid in a candy store about these, it's cheap, it's just solder and go...and I've got instant results here and now!

    Now that...to me..

  • [url=www.kordsoft.com]Rapidshare, Megaupload, Mediafire, HotFile, Uploading, free download, parts, part, portable, full, crack, serial, patch, update, key, antivirus, software, apps, online, find, search, wallpaper, windows, application, episode, episodes, torrents, direct, season, Torrents[/url]
  • The article says nothing. After reading it I am no more aware of how a programmable microcontroller could be used in attacks than I was before. While I would love to either think of or read about how microcontrollers could directly benefit pen testing (as opposed to the current method of using them to control a quadcopter or UAV plane), I still don't have the answer.

    P.S. Of course there have been examples. The malicious mouse which contained a mass storage device and a HID emulator to run malware from

What hath Bob wrought?

Working...