Author Archives: admin
What IoT device manufacturers should learn from the “IoT worm”
WESS 2012: Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems
Any channel crossing the perimeter of a system provides an attack surface to the adversary. Standard network interfaces, such as TCP/IP stacks, constitute one such channel, and security researchers and exploit developers have invested much effort into exploring the attack surfaces and defenses there. However, channels such as USB have been overlooked, even though such code is at least as complexly layered as a network stack, and handles even more complex structures; drivers are notorious as a breeding ground of bugs copy-pasted from boilerplate sample code.
This paper maps out the bus-facing attack surface of a modern operating system, and demonstrates that eective and ecient injection of trac into the buses is real and easily aordable. Further, it presents a simple and inexpensive hardware tool for the job, outlining the architectural and computation-theoretic challenges to creating a defensive OS/driver architecture comparable to that which has been achieved for network stacks.
S. Bratus, T. Goodspeed, P. Johnson, S.W. Smith, R. Speers. “Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems.” 7th Workshop on Embedded Systems Security (WESS 2012). October 2012. To appear.
Api-Mote (IEEE 802.15.4/ZigBee Radio Interface)
So why a new device? Almost three years after beginning to work with IEEE 802.15.4 and ZigBee research and security assessments, I’ve gotten tired of the hardware available to interact with these protocols. There are a number of tools out there — but none that I’ve worked with support a few core criteria.
Scapy Support for USB Protocol on Facedancer Boards, MAX2420, etc.
The initial code released in the GoodFET repository by Travis has some great examples, one of which is using the Facedancer to emulate a device using the USB HID (human-interface-device) specification. However, when looking at modifying the code to extend it, or use it for fuzzing, a major issue is determining the meaning of fields and the legitimate (and illegitimate) values for them, as well as the relationships between fields. This information is crucial to both specification-compliant use, or fuzzing. Continue reading
Wireless Security Excuse Bingo
I’d like to gather input from those of you who work or have interaction with this field, and I bet an interesting list may result. I’ll post my suggestions in comments as well, and a running list can be started. Continue reading
USENIX WOOT ’11 Paper: Packets-in-Packets
GoodFET Development on Tmote Sky/TelosB (CC2420 Radio)
Flickr Photo Wrapper
So, all I wanted was to grab a user’s public photos from Flickr (by username) and then allow someone to easily display one (or many). Lets look at how you use the classes:
require_once("photosFlickr.php");
$flickrphotos = new photosFlickr($flickr_username, "YOUR-API-KEY-HERE");
$photos = $flickrphotos->getPhotos();
$photoOfInterest = $photos[array_rand($photos, 1)];
$flickrpic = new photoFlickr($photoOfInterest, "YOUR-API-KEY-HERE");
$flickrpic->setSize($width, $height);
print $flickrpic->getHTML(true);
Before you start, you need to put two PHP files on your server. One is mine (photosFlickr.php) and my code expects to find phpFlickr Class 3.0 (written by Dan Coulter that you can get at http://phpflickr.com/). Download his files, and upload the one called phpFlickr.php to your website (it is easiest to put it in the same folder as you put my code).
First, we include the code I wrote. Make sure to include the full and correct relative path to the file on your server.
require_once("photosFlickr.php");
Second, we instantiate an instance of the class that handles multiple photos. We give the constructor the flickr username (as a string), and also your API key (as a string) which you can get for free from Flickr by clicking here.
$flickrphotos = new photosFlickr($flickr_username, "YOUR-API-KEY-HERE");
Then lets actually use the instance we just created… the simplest way to do so is to ask for all the public photos (Flickr may only return the first 100 due to how their API works. You can easily modify my code to ask for more.). We do this by calling:
$photos = $flickrphotos->getPhotos();
And we have the list of photos in the array called $photos. But if you look at this array, it is a mess! It is all information that makes sense to Flickr, but not as much to you. Don’t worry, I have a class to handle that as well.
For our example, lets pick one photo to deal with. We’ll do this randomly by calling:
$photoOfInterest = $photos[array_rand($photos, 1)];
We now have picked the photo we want to work with. You can do this in many ways, the random method is just an example ($photos[0] would give you the first one image Flickr returned, etc.).
Now lets display this picture. We instantiate a photoFlickr instance (note this is different than the photosFlickr instance we used before:
$flickrpic = new photoFlickr($photoOfInterest, "YOUR-API-KEY-HERE");
This will cause my code to make some sense out of the information returned by Flickr.
Optionally, you can decide the size you want to display the picture at. Just call:
$flickrpic->setSize($width, $height);
This provides it the width and height. For example this may look like $flickrpic->setSize(300, 200); but you can also just give it the width (like $flickrpic->setSize(300); and my code will figure out the correct height based on the dimensions of the image.
It will also intelligently choose the image to load from Flickr’s site. Flickr stores multiple versions of each image (thumbnail, square, medium, large, original) and the code will look through these and pick the smallest one that has dimensions equal or greater than what you need. This means your viewer’s browser has to load as small a file as possible while still not stretching an image and thus making it look bad.
But you still haven’t shown anything to your user! You need to display the HTML code for the image. This is done easily by calling:
print $flickrpic->getHTML();
This will output the image tag, with the sizes you specified (if any, otherwise default), and will automatically link the image to it’s page on Flickr. If you don’t want it to link to Flickr, just use $flickrpic->getHTML(false);.
That is all!
Please feel free to leave feedback. I’ll also consider new feature requests. Please alert me to bugs and I’ll fix and repost ASAP (I know there are some, I just don’t have time to fix all the edge cases right now).
Journal Article Published
A sanitized form of our paper has been published in the Fall 2009 issue of the Dartmouth Undergraduate Journal of Science, and you can read it online here. For ease of reading, I have also posted it in the original PDF format.