Using an SD card reader and some soldering savvy, these hackers rooted out a ton of IoT zero days.
Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
Your new post is loading...
Your new post is loading...
Jeff Domansky's curator insight,
October 28, 2015 2:38 PM
Great story about the potential security issues with IoT products. it highlights how did simple it is to hack devices that are poorly or not configured or password-protected. Who'd a thought? Invasion of the connected kettles? |
Jeff Domansky's curator insight,
October 28, 2015 2:33 PM
Here's a look inside the challenge of security for Internet of things products. |
Tinker, Hacker, Solder, Spy: On many devices, all it takes to access everything stored on the flash memory chip is a $10 SD card reader, some wire, and some soldering experience. The researchers focus on a type of memory called eMMC flash, because they can access it cheaply and easily by connecting to just five pins (electrical connections). By soldering five wires to the chip—a command line, a clock line, a data line, a power line, and a ground—they can get read/write access that lets them exfiltrate data and start reprogramming to eventually control the whole device. This process could theoretically work on any digital device that uses flash memory, but most types would require interfacing with more pins than eMMC does, and many necessitate specialized readers and protocols to gain access. "For the most common types of memory, most people don’t want to open things up, solder to them, do all that kind of stuff, because it’s kind of a giant mess," Heres says. "But with eMMC you can do it with five wires. Of course, the soldering is a little difficult, but totally doable. It’s not 40 or 50 wires." Some data recovery services already use that method to help customers retrieve their information from broken devices, but it isn't widely known.