Difference between revisions of "Hardware Hacking"
Jump to navigation
Jump to search
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | == Responsible and Ethical Disclosure== | ||
+ | |||
+ | Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a: | ||
+ | |||
+ | 90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix | ||
+ | |||
+ | == Isolated Skills == | ||
*[[Bus Pirate]] | *[[Bus Pirate]] | ||
Line 12: | Line 19: | ||
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/ | *http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/ | ||
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ | *https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ | ||
+ | |||
+ | == References == | ||
+ | *[1] https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure |
Latest revision as of 06:41, 6 December 2022
Responsible and Ethical Disclosure
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:
90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix
Isolated Skills
Links =
- https://voidstarsec.com/training.html
- https://www.youtube.com/watch?v=hV8W4o-Mu2o&ab_channel=stacksmashing
- https://hackaday.com/2019/08/15/uncovering-the-echo-dots-hidden-usb-port/
- https://hackaday.com/2019/07/29/taking-a-peek-inside-amazons-latest-dot/
- http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
- https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/