"the engineers doing the work are not experts in security and are concerned mostly with enabling functionality" Yes, so true. It's hard enough to develop the product with the right features and on time and on budget. Then the parasites come in, and try to break it, sometimes just so they can break it.
@WarrenM: Thanks for the suggestion. The insulin pump attack was (judging from a quick skim) more of an attack on the wireless control protocol of the device. There was another interesting article recently about possible attacks on automotive controls via the OBD ports. Both of these illustrate (in my opinion) the difficulties in getting protocols and software designed and implemented correctly and robustly, especially when the engineers doing the work are not experts in security and are concerned mostly with enabling functionality.
FYI... There is an oufit called Wave Systems Corp. which is in the Trusted Platform Module ( TPM) business which is, I believe a hardware security approach. perhaps you've heard of them and can comment?
? Have you ever seen a report of a successful side channel attack on a product in the field? I've seen several descriptions of successful attacks, but they have (if I recall correctly) revolved around exploiting implementation errors such as having a poor quality random number generator rather than a direct attack on the cryptography.
I stumbled upon this interesting hack. A guy shows how to let your drone or ground station take over control of another drone by attacking its wireless network. It uses MAC id to find drones in the area.
One design does do remote updates. Replacement files are packaged and sent to the clients who verify the contents and then replace their local files (e.g. python scripts) with new versions in the package.
I am surprised you'd talk about side channel attacks since (in my understanding) they are difficult to exploit. I'd have thought that failure of a security system is much more likely caused by a) poor implementation decisions and b) social engineering. I don't think that you can overstress the importance of a careful implementation and review by experts in the fields.
Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.
Class is set to start in 10 minutes! The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.
You call it reverse engineering. I call it an often necessary part of service for older equipment.
If the manufacturer is no longer available and it is not possible to determine how the product works I am forced to tell the customer to junk it. I also tell them to stick to larger manufacturers that don't tend to mix marketing with design.
BTW: A pox on all printer manufacturers that put chips in the ink cartridge!
Fifty-six-year-old Pasquale Russo has been doing metalwork for more than 30 years in a tiny southern Italy village. Many craftsmen like him brought with them fabrication skills when they came from the Old World to America.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.