White Hat Hacking of Embedded Systems

White hat hacking is the act of breaking into a protected system or network for the purpose of testing and assessing their security.

Barr Group CTO Michael Barr talks with another computer security expert about white hat hacking of embedded systems and get tips on how to use white hat hacking during the product development process.

Related Courses

Software Reverse Engineering and Security Analysis
Embedded Security Boot Camp
Best Practices for Designing Safe & Secure Embedded Systems
Best Practices for Designing Secure Embedded Devices

Transcript

Michael Barr: Hi, I am Michael Barr, CTO and co-founder of Barr Group and I am here today with Anthony DeRosa.

Anthony DeRosa: Hi, Mike.

Michael: Anthony, one of your specialties is white hat hacking of embedded systems. What is that?

Anthony: White hat hacking is breaking into protected systems to try to test and assess the security of the system. The idea is to find and fix the vulnerabilities before potential attackers have a chance to exploit them.

Michael: That sounds important.

Anthony: Yeah, definitely.

Michael: I understand that recently you've been doing a little white hat hacking of a cryptocurrency wallet device called the "Trezor". What have you been able to learn about that device so far?

Anthony: Well, the Trezor One has a single processor. It's the SD Micro STM F2 family of devices. It's got a megabyte of flash about 128 kilobytes of RAM.  It's got a 128 by 64 bit OLED screen and two buttons. It's a pretty simple device and, yeah, I mean it's a pretty cool little embedded system there.

Michael: Have you been able to put any code on it yet?

Anthony: Yes, so I actually got the Atari classic Pong game running on the wallet here. You can see this and I just used an open-source version of Pong here and ported it to the system but a fun way to learn a little bit about the system about the firmware codebase that comes with the Trezor to kind of understand how the Trezor works.

Michael: Wow, so you learned all that about the processor to memory and these different components, got a port of Pong up and running on it. How long does it take?

Anthony: It took a couple hours and there's a lot of information available online so it required a lot of digging to get this far.

Michael: Okay, so for this particular device you didn't have to you have to come up with everything yourself, you can get stuff online right?

Anthony: No, definitely Treasurer makes their source code available freely on Github, so the source code was there and it uses a lot of open source tools like the new ARM embedded toolchain and so all I did was kind of port the Pong application over and show that I could have it running on the Trezor.

Michael: Still, pretty impressive for a couple of hours.

Anthony: Thanks.

Michael: So, you're saying that this device will just run your game as though it's the Trezor application?

Anthony: So yes and no. When you go to program the device with a new image, the bootloader detects that it's an unsigned image.  So, Trezor actually uses a kind of a secure boot approach where there's a bootloader and it verifies the image of the upgrade image so it detects that it's not signed because I don't have Trezor's private keys.

So, I can't sign it myself, but it lets you kind of click through that and override it and go ahead and put down your own image down but then every time the device boots up it will also verify the image and sees that it's not an authorized image. It alerts the user so every time you boot this up you have to kind of click through “yes, I want to go ahead” and take the risk and run this code.

Michael: Okay, so you were able to put some code that you ported onto this thing and hacker would obviously like to do that too. But it sounds like what you've done so far, the user would be able to tell it not only can they see if they're playing a game but they get a warning.

Anthony: Yes.

Michael: So what kinds of things, if you're researching further, what kinds of things would you be looking for weaknesses that attackers might try to exploit to get into this device?

Anthony: Sure, so there's kind of two scenarios that an attacker might take. One they might be able to get their hands on this device before the customer does.  And in that case what they would really want to do is be able to reprogram the bootloader so that it didn't check for an upgrade image that was signed actually they could have their own code running completely and at that point, they owned the device and they owned anything, any cryptocurrencies anybody tries to put on here so that's really bad.

Michael: As it says on the device now, "game over".

Anthony: You know, Trezor has the bootloader right protected so that, that's not possible but another vector that an attacker might take is to try to exploit the device remotely without actually getting their hands on it but actually if they could redirect the user to their own website and get access to the USB interface of this, they could find potential vulnerabilities there that would allow them to get their own code running and from there they would be trying to gain execution in a way that would allow them to take over the device.

Michael: Okay, so great work. What can designers of other types of embedded systems, you know we're not all making cryptocurrency wallets and if you're making a medical device for example or automotive system what kinds of things can those developers take away from your work?

Anthony: Sure, yeah. I mean secure boot is a great way to go to prevent unauthorized code from executing under device. Getting it right is not always so easy.   You really want to work with security consultants embedded consultants who kind of know the latest chips on the market and the capabilities, the problems with some that you might want to avoid.  So, getting all the information you can up front early in the design process is important and then also once you've kind of implemented your design you'd really like to work with a third party team that can do some penetration testing, look at your implementation and see if there are any holes or problems with your implementation so you can find them and fix them.

Michael: Okay, so it sounds like seeking outside experts is one really important aspects of security.

Anthony: Definitely.

Michael: Okay, well thank you for coming in today and keep up the great work.

Anthony: Sure, Thanks.