The Amp Hour

A Security Update with Michael Ossmann


Listen Later

 

Welcome back, Michael Ossmann!

  • Mike just got back from DEF CONBsides and Blackhat in Vegas.
  • Usenix WOOT is an offensive technology with academic members. 
  • There was a car hacking talk based upon the Jeep Recall (by Chris Vallesec & Charlie Miller). This resulted in a recall of 2.5M vehicles.
  • There was also a Tesla Hack but they pushed an Over The Air (OTA) update.
  • Movies about hacking: Sneakers (the only one you need)
  • Some cars have OnStar, others have Wifi.
  • Mike wrote an article about the Toyota unintended acceleration. It contains links to testimony and writeups by Michael Barr.
  • Reliability testing is only as good as your tests.
  • The tire pressure monitoring sensor lives inside each tire and wirelessly transmits back to a receiver. It does not send any CAN bus packets.
  • Dave wonders if cars will be solar flare vulnerable.
  • Another new hardware conference is hardwear.io.
  • Smart TVs have been proven to have multiple vulnerabilities.
  • The Rad1o badge at CCC, discussed a few weeks ago, was designed by the Munich CCC group and distributed to nearly 5000 attendees of CCCamp. It was based upon the HackRF One. Cost was kept down by using chips gifted from some manufacturers. 
  • Nerds in tents seems to be an interesting way to do a conference. Camping saves on money, which makes the camp very affordable. They need lots of generators though.
  • Other conferences coming up:
    • Open Hardware Summit
    • ORCONF2015 will be in Geneva at CERN. It is run by the OpenRISC group. 
    • ToorCon - San Diego
    • 2016 - ToorCamp / EMFcamp
    • Mike now has 9 videos up for his SDR course. He has also been teaching in person a lot. 
    • The HackRF2 is possibly coming out, but it's not Mike. If he were to do a v2, he wouldn't change radio, he'd just change micro.
    • Many people use the HackRF with a BBB. Making a "cape" could be an option but it doesn't have 1GBPS ethernet, precluding high speed streaming of data back to a network. 
    • The FCC put out a NPRM about their changes to the authorization process. The public comments close Sept 8.
    • Mike used to work for the NTIA (other spectrum management gov't users).
    • These changes prevent users from installing programs like OpenWRT, which people want to make their devices more secure. 
    • You can submit your comment here. If you're looking for a template for what to include in your letter, check out this reddit comment.
    • Chip of the Week: The LPC4300 Family, a dual core Cortex M4... which happens to be in HackRF One. It has configurable state machines, which are similar to theminion cores in the OpenRISC. The chip also has a USB controller with PHY.
    • After the outro...
      • Mike forgot to talk about the YARD Stick One, the product he is releasing next week! A prototype version was used in a DEFCON talk by Samy Kamkar about car hacking.
      • Thank you to joybot for the picture of the lock
        ...more
        View all episodesView all episodes
        Download on the App Store

        The Amp HourBy The Amp Hour (Chris Gammell and David L Jones)

        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        226 ratings


        More shows like The Amp Hour

        View all
        The Changelog: Software Development, Open Source by Changelog Media

        The Changelog: Software Development, Open Source

        289 Listeners

        This Week in Tech (Audio) by TWiT

        This Week in Tech (Audio)

        3,061 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        2,009 Listeners

        Software Engineering Daily by Software Engineering Daily

        Software Engineering Daily

        626 Listeners

        Talk Python To Me by Michael Kennedy

        Talk Python To Me

        583 Listeners

        SpyCast by SpyCast

        SpyCast

        1,534 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        648 Listeners

        Embedded by Logical Elegance

        Embedded

        190 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        317 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,051 Listeners

        Physics World Weekly Podcast by Physics World

        Physics World Weekly Podcast

        77 Listeners

        Practical AI by Daniel Whitenack and Chris Benson

        Practical AI

        208 Listeners

        Hackaday Podcast by Hackaday

        Hackaday Podcast

        64 Listeners

        Latent Space: The AI Engineer Podcast by Latent.Space

        Latent Space: The AI Engineer Podcast

        101 Listeners

        Robinson's Podcast by Robinson Erhardt

        Robinson's Podcast

        265 Listeners