Breaking In to Break Things: Practical Paths to Hardware Hacking and IoT Security

Transcript

Hash Salehi: If you get a job in engineering, you’ll understand how the company works, you’ll understand how products are designed, you’ll understand where corners are cut, and you’ll understand where you should attack. And so if you learn how to make things, you’ll start to learn how to break things.

Phillip Wylie: In this episode I discuss with Hash Salahi about hardware security research. Hash gave a presentation recently at the Hardwear.io USA conference, and his presentation was very interesting. And in our discussion, we also discussed vulnerability research in hardware, which is kind of one of these areas that’s kind of niche that a lot not a lot of people know about. He kind of shows us how you can take advantage of using that threat actor mentality or malicious hacker mentality to understand the security vulnerabilities of devices. So enjoy this episode of the IoT Security Podcast. Hello, welcome to another episode of the Phosphorus IoT Security Podcast. We’ve got a special guest joining us today, Hash Salahi. He’s one of my friends from the local Dallas hacking and cyber security community, and I was fortunate enough to run into him at Hardwear.io USA last week.

Phillip Wylie: Phosphorus was a sponsor of the CTF there and Hash was speaking. So I was looking for guests to bring on and it made sense to have, you know, someone that has experience with security research and hardware hacking to bring on the channel to bring something a little more interesting to some of the practitioners types, because here recently we’ve had a lot of folks around a management side of things, which is important, but it’s always good to have the practitioner side of things. So welcome to the show, Hash.

Hash Salehi: Thanks for having me.

Phillip Wylie: Yeah, it’s great to have you. So how did you enjoy the conference?

Hash Salehi: Hardwear.io is probably one of my favorite conferences because it’s a smaller group of individuals and I feel like any table you sit down at, anyone you bump into, they’re all doing something interesting. I’ve been two years in a row and that still holds true.

Phillip Wylie: Very cool. So this was your second year attending and speaking there, correct?

Hash Salehi: Yeah, I spoke last year as well and I had such a good time. I always enjoy speaking. It’s a lot of work to put together these presentations and to speak at these events, but you make a lot of friends doing it and people know what you’re up to and so you kind of don’t have to walk around and introduce yourself. People just come up and introduce themselves to you. So that’s the price you pay to, I guess, to make it easy to meet a lot of people. And so, yeah, I really enjoy it.

Phillip Wylie: Yeah, it’s really interesting because, you know, one of the things about these communities, the hardware community seems to be a little smaller in comparison to other areas of cybersecurity, which makes sense because you take any group and distill it down to just the niche audience, you’re going to have a lot less. But it’s kind of interesting to get to see that community and just kind of see what all they had to say and kind of give me an area of folks to connect with and learn from because it’s pretty specialized stuff and you just don’t see, I guess if you don’t look in the right place, you’re not seeing where to find this content. But it just doesn’t seem like it’s really easy to find that type of quality content.

Hash Salehi: Yeah, I mean, I might say it’s really maybe a best kept secret of the security industry, that conference, because even when you talk to people, I mean, I was speaking about some electromagnetic fault injection to extract the memory from a processor and I spoke to another guy who gave a presentation before mine and his presentation was just way more in depth than mine. And just speaking to him for 30 minutes probably advanced my knowledge by six months to a year of what it would have taken me on my own to learn about these coils and how to use them in pulse injection and what really matters and what doesn’t matter. And you just can’t, you know, you can’t get that separately. Like you end up in person with somebody hanging out having a conversation where you really get that. So yeah, I mean, you know, that conference specifically, I’ve had conversations like that. It’s very, it’s the opposite of like a defcon, which is big. You get to run into all your friends, you see people, you catch up. But you have to really focus at DEFCON to find those in depth conversations.

Hash Salehi: I find at Hardwear.io you can’t help but have those conversations even if you’re not trying to. You’re going to, just everybody around you is having them.

Phillip Wylie: Yeah, that’s interesting that you bring that up. And one of the, one of my observations, because you know, DEFCON and a lot of your traditional hacker conferences, you have what they call LobbyCon. And for the listeners, if you’re not familiar, LobbyCon, this is just people hanging out in the lobbies, just chatting and stuff. And you have a lot of conferences in the past that have been sold out so quickly that people will show up and just do lobbyconn, basically just talking in the lobby with other Attendees. But one of the things I noticed is they had the breaks. People would be out there chatting and stuff. As soon as the sessions came back, people were in there and there were a lot of, I mean the technology skill was pretty amazing to me because there were a lot of hardcore researchers attending that conference and people were interested in the conversations. There wasn’t a lot of lobby con going on because people didn’t want to miss out on those sessions.

Hash Salehi: Yeah, and I would say the Capture the Flag is really huge@hardwareio. They put a lot of effort into coming up with a really good Capture the Flag and a lot of teams come there and take that very seriously. Especially kind of different company companies that send their employees there, they’ll all compete and you learn, I mean like everybody knows you learn by doing and the kinds of things they have for people to do. There are real world style attacks where you have to try all the various skill sets from soldering to trying to break into firmware to RF related stuff. Um, and so both times I’ve been there, the teams really take that hardware CTF challenge seriously. Um, and so yeah, a lot of people you see sitting around in the lobby on their computers, they’re all still competing in the CTF even though they’re not in the CTF room. I mean every waking second they’re trying to win that thing.

Phillip Wylie: Yeah, and one of the things for our listeners too, Phosphorus was a, was the sponsor for the ctf. But yeah, it was a pretty amazing ctf, all the equipment they had there. But then you saw some of the people that were pretty hardcore. I think it was Reconnaissance was part of the name of the group, the consulting company. They had a team and they had this table set up. They think they had all their own gear and stuff to be working on this hardware devices. And I thought it was also cool that it wasn’t just virtualized environments, it was actually actual hardware and they had all the different equipment there that was required. People just needed a laptop running Linux on it.

Phillip Wylie: But that was pretty interesting.

Hash Salehi: Yeah, yeah. And they’ve, I mean, you know, hardware AO has been going for quite a while, especially over in the Netherlands, you know, where I believe it began. And so they put a lot of effort into that thing every single year to make it different, to make it challenging. So yeah, I mean when you, when you want to learn about hardware hacking, you know, the trainings they have there before the conference are really good. And then applying what you learned in those trainings at the CTF are really kind of where the rubber meets the road. So I haven’t done the ctfs myself. I like to do my kind of research slow and in my room and over a period of months. But you know, some of those guys, they go there and they really, it really tests you to do it on a constrained timeline like that.

Hash Salehi: So I like watching them compete for sure.

Phillip Wylie: Yeah. That definitely seems like one of the conferences that you want to do the pre conference training. So that’s pretty, pretty amazing. What was it like three days of training before the conference?

Hash Salehi: Yeah, yeah. And all the trainings they have there too are all, they’re all really good. They’re put on by, you know, really interesting individuals. Joe Grand, Thomas Roth, who’s Stack smashing, a number of people. I, I can’t remember the guy’s name that did the software defined radio training, but I chatted with him in the lobby. He had just every. Everything he talked about was a little nugget of wisdom. I was typing as fast as I could in my phone to try to write down what he was telling me.

Hash Salehi: So yeah, I mean there’s no downside to that, to that conference that I’ve seen at least.

Phillip Wylie: Yeah, I was pretty amazed and it was pretty cool that Joe grand was there for the people that are listening to this that you’re not aware of. Joe Grand. Joe grand has been think Kingpin is his hacker handle. So he’s been around for a while. He’s like one of the OG hackers but he helped and it’s probably been several people. But one of the videos that was pretty famous was him helping someone recover their bitcoin wallet or their crypto wallet. Wallet.

Hash Salehi: Yeah, yeah. And that was using an electromagnetic fault injection attack. Similar, a similar type of attack like what, what I spoke about. They had. The keynote speaker was Sammy Kamkar. He’s done a lot of really interesting things as well. So yeah, I mean they, they attract a lot of, a lot of interesting people at that conference for sure.

Phillip Wylie: Yeah, it’s pretty interesting. It seemed like from what I understand and if I’m correct, they seem to have some more beginner level or more entry level training. So you don’t have to be like a hardware guru to attend the training.

Hash Salehi: Yeah, they seem to have, they do a pretty good mix of having stuff across the board. So they have entry level stuff of kind of intro to hardware hacking and then they have stuff that’s. You’re way, way down in the weeds. So you know, kind of almost at any skill set you could take a training there and you’re going to learn something. So it’s just kind of a pick your poison and are you getting started or are you kind of advanced and you’re trying to maybe move into a new skill set that you don’t.

Phillip Wylie: Very cool. So kind of going back to the conference, aside from the training. So if you wouldn’t mind sharing about what your presentation was on.

Hash Salehi: Yeah, so I did a talk about attacking a microprocessor that’s used in automotive ECU’s, so GM cars specifically. And I did it based on some work from a guy named Colin o’ Flynn, who’s very well known in the hardware community. He wrote the Hardware Hacking Handbook. He runs the company New AE which produces the Chip Whisper and all these fault injection style tools. And in 2020 he put out a paper on how to attack one of these microchips using electromagnetic fault injection. And so the short story is some individual reached out to me because of my YouTube presence and wanted me to extract some firmware from a locked device that they had. And so I told the story of that whole process of extracting it and also the process of trying to replicate what was in that paper. And what was in that paper was missing a lot of things you actually needed to do it.

Hash Salehi: Some of them intentionally, I think, like the code that you would need to write a secondary bootloader to extract all the memory. And then some things were just, I think, accidents of information that wasn’t in the paper. So I kind of told, you know, the frustrations of trying to replicate someone’s research when some things are missing and then the stuff you have to write that they kind of already wrote but they didn’t publish for whatever reasons. And then I made all my stuff open source, it’s all on GitHub, all the code I wrote, everything that it took to do it. So hopefully if somebody else wants to do it, they can. And then I just tried to do it with the lowest cost tools I could. So some of the tools used in the paper, you know, were multi thousand dollar tools. And I tried to use stuff that’s like 50 bucks and you know, very, very simple to kind of.

Hash Salehi: Well, I wouldn’t say simple to set up, very low cost and easy to acquire. And so in that it means you have to kind of do a little more manual manipulation. But what I learned were some interesting techniques like monitoring various pins on the processor that would allow you to find the proper position for these electromagnetic pulse heads and things that without having to do the traditional ways that the things are done that you read about. And so almost the constraint of not having the right tools forced me to come up with new creative ways to accomplish the same result. And that was possible because a big part that Colin wrote that paper. So in a sense, like I knew the end was achievable and so then it was, well, can I try a different path to get to that end with lower cost tools where if I didn’t know the end was achievable, maybe I wouldn’t have tried that, wouldn’t have discovered these things and I couldn’t have shared them. So that’s kind of the broad strokes of that research.

Phillip Wylie: Yeah, I think it’s great that you’re trying to find lower cost methods of doing that. So it kind of lowers the barrier of entry because a lot of times you get into stuff when you’re just basic security research. A computer is all you need. But when you start thinking about the hardware stuff, I can see how that could get expensive really quick.

Hash Salehi: Yeah, hardware hacking can get expensive pretty quick. And so what I like to think is, you know, it’s also lowering the barrier to entry for anyone who wants to jump in. You know, like we got kind of, we got adult money. So adult money lets you buy a bunch of toys and you might not have as much time. So you spend a lot of money on the toys and a little time and, and I like to think back to, you know, when I was a kid and I had nothing but time and absolutely no money. And so if I can lower the cost of that, you know, some high school student or some college student, somebody else could probably scrounge up the cash to get this stuff and they might discover something interesting as, and it’s helpful to see that someone else is doing and that it’s possible. And then maybe they try something, you know, because they, they didn’t even, they didn’t even think that was possible because so many things you see are using this high cost equipment.

Phillip Wylie: Yeah, that’s pretty cool. And I imagine you probably learned some stuff along the way too.

Hash Salehi: Yeah, you learn to deal with frustration, that’s for sure. Because that crap was. I thought it would take me five days to break. I quoted someone five days, which is aggressive considering I’d never done anything with electromagnetic pulse injection. And I had some other issues. And the reality is it took me 65 days straight. I did nothing, weekends, nights, all day long. All I did was read data sheets, scour forums, anything I could to try to find information to solve this problem.

Hash Salehi: So yeah, I mean, reverse engineering can Be incredibly frustrating, which is why the reward at the end is so great, you know, which is why I do it over and over.

Phillip Wylie: So what got you interested? How did you get into hardware? Security research, I guess.

Hash Salehi: I’ve always been interested in how things worked ever since I was a kid. And so I would just take apart kind of every single toy that I had and I wanted to learn how it worked. And when I was a kid, it was like the 80s and 90s and so kind of by nature everything was hardware. Like there was just hacking because nothing had software on it like radio controlled cars. Almost everything you bought was just hardware. And so if you could understand all those little components and what they were doing and change them, you could change how the thing reacted. And it wasn’t until later that software and computers started to come in and I started getting access to some of those things. And so as those things came about, I was just always interested in how they worked.

Hash Salehi: How did they work? Could I tweak them to do something different? And so the more I got into it, the more I just kind of wanted to understand. And there was satellite tv, there was cell phones, there was all this technology that was around. And the theme for me for most things was if it was wireless, because I really, it was really interesting to me that all this information’s going across the air. People have no idea. And a lot of times, because they can’t see it and they can’t receive it, they just assume it’s secure somehow. It’s like that, you know, it’s out of sight, out of mind almost. So, you know, if somebody tells you this wireless transmission is secure, how can you argue with them unless you can actually receive that data and decode it? So I did a lot of that trying to look at hardware and understand it and see, you know, what, what was really being sent across the air, how, how did the, the hardware work? And yeah, it was really, it was really just kind of pure curiosity. My channel kind of formed and the focus on smart meters, which I’ve had for a number of years, really around a conversation at the Dallas Hacker association, you know, which we go to, and it was just a random conversation about how they transmit data wirelessly.

Hash Salehi: And I thought, you know, I don’t really know how they’re transmitting data wirelessly. Like, why don’t I try to take a look at it and figure out what would be involved? And that’s probably been going for more, five or six years or more now, maybe even longer than that. Actually, you can look at whatever my earliest YouTube video was. But yeah, that, that whole kind of journey has just always been to answer the question, like, I wonder how this thing really works. You know, there’s what people think, there’s what the manufacturer says. A lot of times there’s even maybe changes engineers made within the manufacturer that they don’t even realize doesn’t even make the spec sheet or the manual. And if you can, if you can figure out how it works, you can, you can a lot of times even understand better than the manufacturer how something works and when encryption is on or not and these, all these kinds of things. So, yeah, a long winded, say a long winded way to say.

Hash Salehi: I’m just very interested in how things work. And, and you just kind of keep asking why, why, how, how, how, and dig, dig, dig, and eventually you just kind of land on something interesting, you know.

Phillip Wylie: Yeah. Because I remember hearing you talk, sharing about your talk and I remember, you know, with the wireless meters and I remember some of the stuff you did. A while after that you made some observations during like the big ice storm. We had February that one year. Because I remember you’d saw some different facts around who had access to power and who didn’t.

Hash Salehi: Yeah, yeah. So like, yeah, so very quickly, I had been doing a lot of research before we had this great power outage of 20, 21 or whatever it was. And, and, and it was a problem for all of us in Texas because it was wintertime. And so when the power goes out, the heater doesn’t work in your house and the whole thing starts freezing. And so people’s pipes were breaking. I mean, it was pretty devastating for a lot of people along with. I was upstairs and in my house in a tent with my family, trying to use our body heat for warmth. So it’s kind of dire at that point.

Hash Salehi: Like your whole house is freezing and you’re gathered in the warmest part of your house trying to stay warm. Um, and so I have been doing research on the data these meters transmit and trying to decode it. And so I have on my. The Rachesum wiki. There’s a whole page devoted to understanding the protocol that these use that was completely reverse engineered by me from scratch. No help from anything other than some people that would kind of contribute, maybe pointers and you know, people that watch trying to help me out. And what I discovered was all the meters in the Dallas area use GPS coordinates to route their data. So their id, their WAN ID is actually, if you can decode it, their GPS coordinates And so they’re broadcasting those in the clear all the time, and they’re also broadcasting all the time the last time they lost power.

Hash Salehi: So they’re uptime, which is valuable information to know. And so I wrote a program that could take all that data if I just drove around the city and plotted on Google Earth live while I drove around and visualize it so these little points that depending on how high they are from the ground, you get to see kind of the last time they lost power and when this outage happened, we could drive around and see, well, did the areas that have high income lose power or was it only the low income areas where they chose to selectively turn power on and off? Now what was really interesting is some people in Austin reporters were asking the power company, how did you choose where to turn off power? You know, were you picking low income? You know, the high income wasn’t. How are these choices made? And the power company told. It’s in the news article, I think it’s the Austin Statesman. The power company said, we can’t tell you anything about that. It’s a matter of national security. And so I remember this reporter reaching out to me that had been talking to them and he says, you know, it’s a matter of national security. They can’t say.

Hash Salehi: And I said, well, if it’s a matter of national security, it’s being broadcasted in the clear all the time. And here it is. And so he goes back to him and they tell them that that’s impossible, they use encryption. And and so he came back to me and he’s like, well, how are you even doing this? Like, they say they use encryption. And so I had to explain to him that, you know, they probably do use encryption somewhere. Like, you know, there’s a lot of points, this data travels. I go, maybe it’s clear here. And then it gets here and it goes across a vpn.

Hash Salehi: Yeah, it is encrypted. I go, so it’s not a lie to say they use encryption. The manufacturer might have told them, hey, we’re using encryption. But the reality is when you actually look at the data in transit, that data isn’t encrypted. And so, you know, and you can see it like, I’m not making it up. Like, here it is. Right. And so, yeah, that was, I think that was eye opening for a lot of individuals.

Hash Salehi: I actually had somebody at the first DEFCON I went to who ran a power company come up to me and thank me for publishing these tools on GitHub to use software defined radios and receive this data because they said they were able to show that their system wasn’t in the secure mode that they thought it was to the manufacturer and force them to enable that secure mode. And without that tool set, they just have to trust that things are the way they are. And I don’t think trust for verify. Right. You shouldn’t have to trust somebody. They should be able to show it, especially with things like this. That was a lot of fun, but that was kind of that whole saga of the smart meters.

Phillip Wylie: Yeah, that’s pretty interesting. You bring that up and one of the things for people listening that need to pay attention to if they got OT environments or some IoT environments and people are managing that that may not work traditionally in IT or different security cybersecurity roles and may be unaware of how to secure things. It just really goes to show that, you know, there may be the capabilities to secure, but maybe it’s not being secured. A lot of the typical hygiene things we see that were big problems for years in IT still can be problems can be fixed in some cases.

Hash Salehi: Yeah. And I should say, I believe here the smart meters encrypt the power usage data. So I have not been able to figure out how the power usage data is sent. So it’s also, you know, kind of critical. Information like that might also be encrypted. But you know, it’s like in hardware hacking and fault injection or looking at things, we talk about side channels, you know, what side channel might exist that’s leaking information about the processor. It’s the same with wireless stuff. You know, you might be using something that’s fully encrypted, but it might be beaconing at some interval that gives you information about the network.

Hash Salehi: It could be sending routing information or something in the clear that gives you a lot of information about the network. So it is very interesting and worthwhile I think to try to get tools, especially when things are wireless that lets you see that very low level traffic and even just look at it like is the entropy look high in this data or does it look like there’s a lot of repeating patterns and what could an attacker do with those repeating patterns? Is it the same all day and night? Could they determine when things are running, when they’re not running? So there’s a lot you can do without even if something is using encryption or if certain data protected. And you don’t know that unless you’re looking at the raw data.

Phillip Wylie: Yeah. So while we’re on the topic of, you know, Securing things. What recommendations would you give folks for encrypting, you know, or securing their hardware, their different connected devices?

Hash Salehi: Yeah, I mean, I would say I focused purely on attck. So I don’t know if I would honestly say myself that I have valuable information to give to someone on how to secure it. What I would say is, to me what’s valuable is look at it to understand whether it’s secure or not at its most basic level. And then I think there’s people that probably know a lot more than me and companies that provide those services that can talk about your options, whether you should be encapsulating the whole thing or the backhaul technology might not quite be right or what’s going on there. But I think you, you don’t have those conversations until you’re really seeing things for how they are. And so you have to, you have to see it for how it is and, and then kind of do those assessments of like, what might I be able to determine? Think like an attacker, you know, which is tough for some people. But just think the evilest thoughts you can possibly think about what you might try to do with something and then think, do I have enough information to accomplish that task? And then if you do, then yeah, it might be time to call in somebody that can provide that information. But I’ve purely focused on how can I exploit things and then share that openly and publish it openly so that other people can use those tools and then hopefully help customers make the right decisions.

Phillip Wylie: Yeah, very fascinating stuff. So since you’ve kind of really worked on, you know, taking the attack approach to research, if someone’s wanting to get into hardware security research, what do you recommend as far as resources to learn?

Hash Salehi: Yeah, so obviously YouTube is a great free resource. There’s a lot of stuff out there and I would say there’s a lot of people you can watch there. I’m a big fan of the. So it depends if you want to do hardware. I focus a lot on hardware and I would say radio software defined radio stuff I think is really interesting. There’s a software defined radio website called pysdr, pysdr.org if you want to. You need to learn digital signal processing at some basic level to attack those kinds of things. That website is amazing.

Hash Salehi: There’s Chip Whisper and New AE for hardware attacks. The guy, Colin o’ Flynn that founded that company, he was a, you know, he still is a college professor. So his training material and buying that hardware, I learned everything on my own sitting kind of in my cave. Trying to do this stuff and you can do it with those tools. They’re really good. There’s a newer website called Hextree. Hextree IO, Stack Smashing and Live Overflow came together. They started this company.

Hash Salehi: They have really good low cost hardware. The faultier, some other tools like that. They have a lot of really good trainings on their website to go through. I would say those are very interesting but at the very, at the very core you have to get some hardware and you have to start playing with it and you have to know you’re going to blow it up probably if you’re getting into hardware hacking and that’s just going to be part of the deal. And so you know, kind of get, get some stuff that is low cost enough that you have five of them and don’t worry when you blow it up. Just learn and move on to the next thing. And there’s a lot of other oscilloscopes, there’s all these kinds of things. My blog, wiki, richesum.com or my wiki, there’s a good section on there and software and hardware, various tools that are interesting.

Hash Salehi: I wouldn’t spend a lot of money on tools. I would try to get the cheapest stuff you can get that can get your feet wet and then you’ll learn as you go kind of which tools add a lot of value. And then various kind of meetups, conferences like Hardware, I O even Def Con. There’s so many things there. You can go sit down and talk with people. They’ll show you how to solder, they’ll show you how to use equipment. And that’s a much cheaper way I would say, to get into stuff and see what might be important. People can usually guide you and those are great conferences to go to where people are just more than happy to give you free advice and chat with you about things.

Phillip Wylie: Very cool. So is there any value in like Raspberry PI? Is any of those type of things helpful?

Hash Salehi: Yeah, well, I like the really low level hardware stuff. I’ve just always been attracted to low level hardware. I mean programming microcontrollers where you kind of completely control everything it does, you’re setting the registers. I feel like even PI Picos, Arduinos, anything like that, where you’re kind of very in control of the hardware and you try to get to the lowest level you can. Don’t use all the abstraction tools. Get to the very basic parts because that’s where you’re kind of, you’re running that machine yourself, you know it’s not. There’s not some abstracted layer between you and the results inside. That’s where the exploits are like the exploits are when people don’t do what was expected, when they don’t run their code the way something was expected or the voltage line doesn’t quite stay where it was and you dip it down at just the right point.

Hash Salehi: And now it skips this conditional if statement that it was going to go through and instead of asking you for the password, it just lets you through instead. So I like those. Yeah, any of those lower cost kind of things are fun to play with.

Phillip Wylie: So what’s next for you research wise? What are you looking into these days?

Hash Salehi: I guess a few things. I want to do more electromagnetic fault injection because it’s non invasive. When you do voltage fault injection or these others you have to wire to the board. Electromagnetic fault injection is just kind of shooting an EMP pulse into a chip. But I also really like silicon. I like decapping chips, which is like using nitric acid to take the top off of the chip and get at to the silicon. When I was at hardware IO, I used a thing called a wire bonding machine, which is to take a bare silicon die, put it on a board and actually attach the wires from the tiny pads on the silicon chip to the circuit board. So I’ve been interested in a lot of silicon stuff.

Hash Salehi: I have tools to build a laser fault injection rig which is really to shoot lasers at the silicon and to cause faults that way. So I’ll probably get closer to the silicon. There’s also a thing called zero to asic and tiny tape out where you can actually make your own ASIC chip, where you design literally the microchip, a portion of it and you send it off and it comes back. So I think the process of learning about that stuff then allows you to look at existing microcontrollers and hardware and know how to attack those. So I like the. I’m going to learn how to make it, and once I learn how to make it, I’ll probably know how to break it. And that’s true for anyone. If you get a job in engineering, you’ll understand how the company works, you’ll understand how products are designed, you’ll understand where corners are cut and you’ll understand where you should attack.

Hash Salehi: And so if you learn how to make things, you’ll. You’ll start to learn how to break things.

Phillip Wylie: Yeah, that’s, that’s some great advice. And one of the things going back to what you said earlier, about reading a lot of white papers and stuff. So anyone that’s wanting to get into any type of hacking or research, do a lot of reading. Some of the best hackers I know will be on a project they run across a new technology that work with and they’ll sit there and read different PDFs and manuals to get a good idea how it works before they start to attack.

Hash Salehi: And sometimes the details, I mean, they might tell you how to attack it in a footnote, they might say in that spec sheet for that product, hey, by the way, make sure the voltage line stays really, really clean. Because if it doesn’t, we don’t know what’s going to happen. And so that’s your thing right there. Perfect. You don’t know what’s going to happen. I’m going to just move that thing all around and we’ll see what happens. Right.

Phillip Wylie: Well, thanks for joining today. It’s really interesting to hear about your presentation and the research you’ve been doing. Look forward to seeing some of your future projects and we’ll share in the show notes the links to your YouTube channel and blog so people can find your content. So thanks, thanks for joining.

Hash Salehi: Yeah, perfect. Thanks for having me, man. It was really fun.

Phillip Wylie: Thanks for listening to this episode of the IoT Security Podcast. If you like the show, make sure to subscribe and you can join us later. While you’re at it, leave us a review. To find out more about IoT security and the podcast, visit us at Phosphorus.io.