Difference between revisions of "Hardware Hacking"

From csn
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
== Responsible and Ethical Disclosure==
 +
 +
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:
 +
 +
90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix
 +
 +
== Isolated Skills ==
  
 
*[[Bus Pirate]]
 
*[[Bus Pirate]]
Line 12: Line 19:
 
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
 
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
 
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/
 
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/
 +
 +
== References ==
 +
*[1] https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure

Latest revision as of 06:41, 6 December 2022

Responsible and Ethical Disclosure

Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:

90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix

Isolated Skills

Links =

References