The Amp Hour Electronics Podcast

A weekly show about the trends in the electronic industry.

  • For Us
    • Donate
    • Link Here!
    • Suggest
      • Guest Suggestions
      • Story Suggestions
      • Feature My Workbench!
    • Advertising
  • For You
    • Episode Index
    • Guest Episodes
    • Buy Stuff
  • About
  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube
You are here: Home / Guest Appearance / #346 – An Interview with Joe FitzPatrick

#346 – An Interview with Joe FitzPatrick

Play

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

Welcome, Joe FitzPatrick! (@securelyfitz)

  • Joe got started working at a CPU vendor, analyzing verilog and hardware for vulnerabilities. He moved on to training people in the company to look for these as well.
  • Afterwards, he moved to a private company doing trainings with his company SecuringHardware.com
  • Joe worked on a part of the NSAplayset, specifically the Slot Screamer, which works over PCI express. Ulf Frisk later built a software suite for it that auto ran a bunch of commands.
  • A recent snafu with software behind the mirror…

I woke up and looked in the mirror. My face was the color of television, tuned to a dead channel. pic.twitter.com/LrSpcro0b7

— Joe Fitz (@securelyfitz) June 1, 2017

  • With USB-C, every device needs to be smart. If you want to watch traffic you need to do so with a tool like USB Proxy (Dominic Spill). The other Great Scott Gadget being used for USB analyisis is the Daisho (Jared Boone)
  • Thunderbolt3 converged with USB C.
  • We had previously talked about USB C when Jason Cerundulo was on talking about his EZ Bake Oven.
  • Joe talks about “hardware implants“
  • JTAG, SVF files
  • Oregon professional engineer who was getting sued
  • Bug bounty companies like Bug Crowd
  • There is an ISO standard about security disclosures
  • Joe will be at Recon helping with former guest Dmitry Nedospasov‘s training about using programmable hardware devices to test vulnerabilities.
  • There is a new joint group of trainings happening Nov 6-9 in San Francisco. More info can be found here: HardwareSecurity.training
  • devtty0 on Twitter
  • Joe’s talk about compromising a yubikey and an RSA Token. Slides can be found here.

Joe’s final words: Trust, but verify

Chris is still frightened.

Comments

  1. Simon says

    June 19, 2017 at 2:55 pm

    Great interview. I did not know anything about hardware-level security and this was a good primer and I learned a lot.

Trackbacks

  1. An(other) Interview with Jon Oxer | The Amp Hour Electronics Podcast says:
    June 25, 2017 at 8:42 pm

    […] and Joe scared Chris into thinking about security (among […]

Copyright © 2023