Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Welcome back, Joe Grand!
- Joe was one of our earliest guests on episode 60 of The Amp Hour!
- Since we last talked to Joe (10 years ago!) he has moved from SF to Portland.
- Joe still does some media stuff (like on Prototype This), but also does occasional product design and more commonly hardware security training. Different types of companies want to hire Joe, but many of them are government adjacent or large corporations.
- Joe developed and released the JTAGulator back in 2013
- Some of the first electronic conference badges were Joe’s making, including badges at DEF CON 14 through DEF CON 18
- He didn’t think he’d ever do that again but Jeff (the Dark Tangent) who runs DEF CON asked Joe to make the badges for DC China 1.
- Joe also agreed to make the badges for DEF CON 27, which was built with custom gemstones
- Surplus Gizmos
- After a year of working on badges, Joe realized he was burned out. This coincided with the start of the pandemic. Daily meditation and time off helped him recover.
- When Joe started to get interested in electronics again, he created a “pizza compass” for WIRED.
- Joe posted about that and other fun creations on his YouTube Channel
- His most recent video is about reverse engineering a Trezor wallet to recover $2M in crypto currency
- The Trezor uses a STM32F2
- Joe followed other work on reverse engineering wallets by past guests Colin O’Flynn and Wallet.fail (a team made up of Josh Datko, Dmitry Nedospasov, and Thomas Roth)
- He used the ChipWhisperer to do fault injection / glitching
- Thomas Roth has a low cost RP2040 tool
- There was also a Verge article about the hack
- How can engineers make secure products?
- Threat modeling
- Follow guidelines like OWASP and FIPS140
- Joe has a past conference talk about industry standards, best practices, and recommendations for embedded system security called, “Every cloud has a silver lining”
- Looking to get in touch with Joe?
- Contact him on the Grand Idea Studio contact page
- Contact him on the offspec.io page for cryptocurrency recovery specific requests
- Ping him on Twitter (@JoeGrand)