Difference between revisions of "Hardware Hacking"

From csn
Jump to navigation Jump to search
Line 1: Line 1:
 +
== Responsible and Ethical Disclosure==
 +
 +
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:
 +
 +
"90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix".
 +
 +
== Working Docs ==
  
 
*[[Bus Pirate]]
 
*[[Bus Pirate]]
Line 12: Line 19:
 
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
 
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
 
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/
 
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/
 +
 +
== References ==
 +
*[1] https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure

Revision as of 06:39, 6 December 2022

Responsible and Ethical Disclosure

Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:

"90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix".

Working Docs

Links =

References