Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Welcome back, Michael Ossmann!
- Mike just got back from DEF CON, Bsides and Blackhat in Vegas.
- Usenix WOOT is an offensive technology with academic members.
- There was a car hacking talk based upon the Jeep Recall (by Chris Vallesec & Charlie Miller). This resulted in a recall of 2.5M vehicles.
- There was also a Tesla Hack but they pushed an Over The Air (OTA) update.
- Movies about hacking: Sneakers (the only one you need)
- Some cars have OnStar, others have Wifi.
- Mike wrote an article about the Toyota unintended acceleration. It contains links to testimony and writeups by Michael Barr.
- Reliability testing is only as good as your tests.
- The tire pressure monitoring sensor lives inside each tire and wirelessly transmits back to a receiver. It does not send any CAN bus packets.
- Dave wonders if cars will be solar flare vulnerable.
- Another new hardware conference is hardwear.io.
- Smart TVs have been proven to have multiple vulnerabilities.
- The Rad1o badge at CCC, discussed a few weeks ago, was designed by the Munich CCC group and distributed to nearly 5000 attendees of CCCamp. It was based upon the HackRF One. Cost was kept down by using chips gifted from some manufacturers.
- Nerds in tents seems to be an interesting way to do a conference. Camping saves on money, which makes the camp very affordable. They need lots of generators though.
- Other conferences coming up:
- Open Hardware Summit
- ORCONF2015 will be in Geneva at CERN. It is run by the OpenRISC group.
- ToorCon – San Diego
- 2016 – ToorCamp / EMFcamp
- Mike now has 9 videos up for his SDR course. He has also been teaching in person a lot.
- The HackRF2 is possibly coming out, but it’s not Mike. If he were to do a v2, he wouldn’t change radio, he’d just change micro.
- Many people use the HackRF with a BBB. Making a “cape” could be an option but it doesn’t have 1GBPS ethernet, precluding high speed streaming of data back to a network.
- The FCC put out a NPRM about their changes to the authorization process. The public comments close Sept 8.
- Mike used to work for the NTIA (other spectrum management gov’t users).
- These changes prevent users from installing programs like OpenWRT, which people want to make their devices more secure.
- You can submit your comment here. If you’re looking for a template for what to include in your letter, check out this reddit comment.
- Chip of the Week: The LPC4300 Family, a dual core Cortex M4… which happens to be in HackRF One. It has configurable state machines, which are similar to theminion cores in the OpenRISC. The chip also has a USB controller with PHY.
After the outro…
- Mike forgot to talk about the YARD Stick One, the product he is releasing next week! A prototype version was used in a DEFCON talk by Samy Kamkar about car hacking.
Thank you to joybot for the picture of the lock
Hi folks,awesome show so far! I am still listening, but you should read the excellent New Yorker article below about the Toyota acceleration and other auto industry recalls/issues.
http://www.newyorker.com/magazine/2015/05/04/the-engineers-lament
Gah. Long. Excellent (and from Malcolm Gladwell) article compared to The Civil War (doc. film by Ken Burns, now 0xdeadbeef% more senseless in…whatever release format it’s ‘remastered’ in now.) Big on Pinto (gas tank legislation garbage) and Cobalt (airbags) eh…forensics. I already saw lament this year anyhow. But with New Yorker comics and links to more excellent stuff…
I came home today from my RF and Digital Systems Labs to find Mike back on the show. This made my week! Thanks Dave, Chris, and Mike for all of your work; it has certainly been an inspiration for this aspiring electrical engineer. Happy Hacking!!
Great show, great guest!
Learning about SDR is still on my TODO list.. I’d be happy to just use SDR as an AM radio, but it would have been interesting to hear a follow-up question on what some of the unusual uses Michael heard about at those late night hacker meetings!
Also, what does Michael think about the HackRF Blue campaign? I haven’t seen many people posting about it (ex. youtube dot com/watch?v=c7tGFUG4FFQ ). Did it go perhaps the way of the TangiBot?
Using remote ham gear to test with in case you don’t have a license?!
http://hackaday.com/2015/09/09/steal-this-ham-radio-technology/
Fsq:
http://appnotes.etherkit.com/2015/09/arduino-fsq-beacon-on-the-si5351a-breakout-board/
freedv does voice-over-ham
https://www.youtube.com/watch?v=wloK_JoqUdQ
there is no way to transmit commands in car via sensors in can bus system, eseyst way to hack can bus is to put anything without your knowledge elm327+arduino+xbee or any sim900 device and some lines of code, i think there is no way to stop this as car manufacturers need to diagnose / firmware updates their cars. sorry for my english
Well, they did some neat groundwork in the tire sensor thing, according to some exegesis in Popular Science…might’ve just been plain Science, which is a pretty different org, but there it is…so it’s easy to think those systems (each a precious snowflake) are not the sensors that one can go expecting to smash the stack with. Maybe if someone decides a powered antenna is cool again…
hi guys! very interesting show, but the fcc sdr thing leaves me with some questions. where is the difference between having one sdr for all frequencies and protocols, and many separate fixed boards for all f&p in fccs concern? does it make a difference if it was “jumper defined radio”? if it was “jdr” what would happen if a robot would set it? as a beginner maybe i missed the point somewhere, i would appreciate someone pointing it out to me. thanks.
when i follow the link in the shownotes it goes to hackaday, and they link to a document with 4 pages.
thats most likely not what the nprm is about. i read into FCC 15-92 but i can only find the first
89 pages. and page 124 “excluded devices” would be interesting. if this is what you were talking about.
however rest assured that i wouldnt bother the fcc with my questions. especially when they want
useful comments.
to answer myself, separate products used separately seem to arouse less concern
as they are each tested and an unsecured sdr is looked at to be able to do harm more
easily. deliberate or not.
I skimmed the FCC NPRM and saw that the new security requirement for grants only applies to U-NII devices (5Ghz). Food for thought if you’re thinking of making a formal comment.
This was in section §2.1033 (b) (10).
Another relevant excerpt is in the Background section A.b. (point #18):
“For a device to be certified as an SDR, in addition to demonstrating that the device complies with the applicable technical requirements, the applicant must also demonstrate that the device contains security features to prevent the loading of software that would allow the radio to operate in violation of the Commission’s rules.”
This seems to imply that software modification is not prohibited outright as long as the function of the radio is protected.
as i understand point 18 you posted, software modification is prohibited. they dont care if you
destroy your device.
In other news
-regulators (and vendors) can’t (prevent the loading etc. etc.) because key lifetime is finite and RF ingenuity is not
-they’re not providing test closure for faking it
-they’re not talking about test closure for compliant operation and test-driven dev.
-fugeddabout it
…left to an ‘accredited test laboratory.’ Lots of cross-notices with NPRM, if not The Joy Of NPRM. So that was neat to see.
Yeah, there are some disclaimers on the datasheet for Cypress’ PRoC (Programmable Radio on Chip) which is the Bluetooth Low Energy bit with an ARM M0 and portends to do beacon and mobile pay things (but also has these neat peripherals…and the radio one isn’t glossed in the er…cover datasheet? per se.) http://www.cypress.com/products/proc-ble-bluetooth-smart
So that one could run off jiggling around in the EM fields around you or a solar cell or what have you, but does *not* promise to run 4 cores of 64bit OS/eBPM/Docker over 4GiB DDR4.
Separately on the show, I note that there are a lot of unglossed pauses creeping into the podcast in lieu of more heavily baked opinions on hand-soldered BGA46 and whatnot on project boards. Call the creative openings as they are or remove the bloc of chatter. These are moments that could have VADs trying to Close on the last of the socketed-magnetics PoE RJ-45 or clustering ARM9, if you can’t declare conformal coat the cure-all of art wave-solder power RF boards.
sorry for the horrible formatting. is there a way to make it better
other than counting characters?
tin foil hats on conferences reminded me of this: https://youtu.be/wx4THCBPNtE?t=2883
aluburka (german) meaning aluminium bourkha
cheers Stefan