Hacking Embedded hardware video

I am trying to learn more about how hackers might be able to compromise factory IoT devices in an attempt to help find ways to prevent these types of attacks and I found this interesting video from a 34C3 presentation.

How to Hack SCADA from 34C3: https://youtu.be/Itgwb3rn7gE

34C3 - SCADA - Gateway to (s)hell

Hacking industrial control gateways

Small gateways connect all kinds of field busses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.

Companies often utilize small gateway devices to connect the different field-busses used in industrial control systems (such as Modbus, RS232 etc) to TCP/IP networks. Under the hood, these devices are mostly comprised of ARM-based mini computers, running  either custom, tiny operating systems or uClinux/Linux. The talk will look at the security aspects of these gateways by examining known and unfixed vulnerabilities like unchangeable default credentials, protocols that do not support authentication, and reverse engineering and breaking the encryption of firmware upgrades of certain gateways.

The talk will consist of a theoretical part, an introduction on how to reverse-engineer and find vulnerabilities in a firmware-blob of unknown format, and a practical part, showcasing a live ICS environment that utilizes gateways, from both the IP and  the field-bus side, to pivot through an industrial control system environment: Demonstrating how to potentially pivot from a station in the field up to the SCADA headquarters, permanently modifying the firmware of the gateways on the way.

Thomas Roth

Got my first blockchain patent

I am excited that I finally received my first patent!

US Patent: 9,855,785

Cool Application on Google AIY Voice Kit

My good friend Yuibi shared his new Github creation that uses Google's AIY Voice kit and machine learning to play back Japanese music on his "Google Home".  Pretty cool project!

https://github.com/yuibi/homemade_pi3

Thanks for sharing Yuibi!

My ESP8266 Notes

The ESP8266 module is one of my favorite IoT modules to play with, because of its low price and ease of use.  Right now you can get one for as low as $2/board with everything you need.  Ordering on Amazon will cost you around $8-$20, but I bought one to experiment with from Amazon before making a bulk order from China on ebay to get better pricing.

http://www.esp8266.com/

http://everythingesp.com/

My favorite board and instructions:
http://www.instructables.com/id/Programming-the-ESP8266-12E-using-Arduino-software/

Get the Serial Driver for Windows!!!

• http://www.arduined.eu/ch340-windows-8-driver-download/
• https://github.com/nodemcu/nodemcu-devkit/tree/master/Drivers

Firmware Flasher for bin files:

• https://github.com/nodemcu/nodemcu-flasher
• https://github.com/espressif/esptool
• https://github.com/marcelstoer/nodemcu-pyflasher/releases (Nice!)
• https://nodemcu.readthedocs.io/en/master/en/flash/

Where do I get the firmware?

• Build your own:
• https://nodemcu-build.com/faq.php
• Find someone else's build and download it or use the default old image from devkit
• https://github.com/nodemcu/nodemcu-devkit-v1.0

What do I flash?

• bin/0x00000.bin to 0x00000
• bin/0x10000.bin to 0x10000
• Your custom firmware using the nodemcu-build.com and pyflasher

Setup Arduino Libraries for ESP8266 and IRController blueprint (source)

1. Install Arduino IDE
2. Install ESP8266 Arduino Core
3. Install the following libraries from the Arduino IDE Library Manager: ESP8266WebServer ESP8266WiFi ArduinoJson WiFiManager NTPClient IRremoteESP8266 as well as Cryptosuite which is not on the IDE
4. Load the IRController.ino blueprint from this repository
5. Upload blueprint to your ESP8266 (the .ino file). Monitor via serial at 115200 baud rate
6. Device will boot into WiFi access point mode initially with SSID IRBlaster Configuration, IP address 192.168.4.1. Connect to this and configure your access point settings using WiFi Manager. If your router supports mDNS/Bonjour you can now access your device on your local network via the hostname you specified (http://hostname.local:port/), otherwise via its local IP address (this IP address is displayed on the serial output)
7. Forward whichever port your ESP8266 web server is running on so that it can be accessed from outside your local network, this is critical since Alexa commands come from Amazon's servers, not locally
8. Download the IR Controller Alexa skill and start creating your devices. Each IR command will require a URL which can be saved. Choose whichever functionality you desire. Information on creating the URLs can be found below

I am posting this great newsletter that I receive from Chris Sandovall monthly.  He does a great job of keeping his ear to the latest trends. 

Some great reads here from his newsletter below:

I hope you find value from this newsletter. If it was forwarded to you and you want on the list, let me know. Don’t want it? I’ll take you off the list, no hard feelings. I’m always open to feedback. Enjoy! – chris sandoval
I’m closing out 2017 (and kicking off 2018) by taking a look back at the most interesting stuff of the last year. Everything in this issue was a MUST READ or MUST WATCH in the second half of 2017. All killer, no filler!! Looking forward to an interesting 2018 – Happy New Year! Trends 'The last free space in America is a parking spot': On the road with a new kind of workforce. “Nearly half of middle-class workers may be forced to live on food budget of as little as $5/day when they retire” The new reality of old age in America “‘I’m going to work until I die,’ says one 74-year-old in a generation finding it too costly to retire.” Dollar General Hits a Gold Mine in Rural America “what the dollar stores are betting on in a large way is that we are going to have a permanent underclass in America” More Trends: Millennials Are Screwed The large parts of America left behind by today's economy I've Fallen Out of Love With Technology No Room for America Left in Those Jeans Have Smartphones Destroyed a Generation? Innovation Stuff Lost Einsteins: The Innovations We’re Missing “Creativity’s broadly distributed. Opportunity isn’t” Internet Stuff The pizza metaphor of net neutrality “The new deregulation of the internet is a loss, but it doesn’t have to be a permanent one, unless we let it.” What the End of Net Neutrality Means for You “Without net neutrality, service providers could easily prioritize their own content over competitors” Think & Work Differently Here's a Crazy Idea: Let's Agree on the Facts “Steve Ballmer is loading volumes of government data onto a website. Maybe divided America will use it to find common ground.” Why Your Brain Hates Other People “We put monkeys to shame when it comes to the psychological vagaries of dividing the world into Us and Them.” Free Money: The Surprising Effects of a Basic Income “providing some of the most compelling evidence yet of the positive effects of bestowing unconditional sums of cash on the poor” The digital native is a myth “The younger generation uses technology the same ways as older people — and no better at multitasking.” What We Get Wrong About Technology “we should be paying as much attention to the cheapest technologies as to the most sophisticated” More Think & Work Differently: Field guide to jerks at work Companies Should Ignore Angry Online Mobs More (via Kathy Babb) The tension between creativity and productivity Here's why your attitude is more important than your intelligence HOWTO: Be a CEO Future of Cars Stuff The death of the internal combustion engine “It had a good run. But the end is in sight for the machine that changed the world” More Future of Cars Stuff: Ride-Hailing Boom Will Mean Decades of Slow Growth for Carmakers Puerto Rico Stuff José Andrés Fed Puerto Rico, and May Change How Aid Is Given “The situation is still some people don’t even have food. He’s all that’s keeping them from starving.” 2 Strangers, 6-Page List And A Plan Hatched To Help Puerto Rico “Ethan and José's arrival felt like a movie” Life Without Power: How Puerto Rico power outage affects citizens after Hurricane Maria “longest and largest major power outage in modern US history” Amazingly well-designed feature. More Puerto Rico Stuff: ‘Like Going Back in Time’: Puerto Ricans Put Survival Skills to Use After first tour of Puerto Rico, top general calls damage ‘worst he’s ever seen’ San Juan mayor: 'There is horror in the streets' Behind the music: Lin-Manuel Miranda on his benefit song for PR Lin-Manuel Miranda brings help, hope to Puerto Rico Security, Privacy & Fraud Stuff Name+DOB+SSN=FAFSA Data Gold Mine “anyone who is applying for federal student aid or has a child who applied should strongly consider taking several steps” Millions Are Hounded for Debt They Don’t Owe. One Victim Fought Back, With a Vengeance “Andrew Therrien wanted payback. He got it—and uncovered a conspiracy.” More Security, Privacy & Fraud Stuff: Framework for improving cybersecurity discussions within organizations US Hires Company With KGB Link to Guard Moscow Embassy The Equifax Hack Started the Wrong Conversation Disruption & Transformation Stuff If traditional products are going, what’s next? “This is going to take a complete, from the ground up, rethink of every product in the business as we re-task it for real-time engagement, and it has already started.” Emerging Technologies Outpacing Digital Banking Transformation “there is a direct correlation between Digital IQ and financial performance” More Disruption & Transformation Stuff: HOWTO: Break through the gravitational pull of your legacy organization Is This Tiny European Nation a Preview of Our Tech Future? New corporate titans are rising faster than ever, but they’re also fading faster, too 8 Lessons from 20yrs of Hype Cycles Customer Experience Stuff Golden Age Of UX Won’t Last. HOWTO: Prepare For What’s Next “To make this transition from UX designer to “product designer,” there are three important things to understand: strategy, growth, and marketing.” Great Product Managers are “Outcome Thinkers” “they build things that deliberately change the world in the way they want it to be changed” Banking Needs An Amazon Prime Mentality “While many believe the success of Amazon Prime revolves around free shipping, it’s the removal of friction and focus on experience that sets it apart.” More Customer Experience Stuff: 'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia Dead-End UX: The Big Problem Facebook, Twitter, Others Need To Solve Two views on how customer experience can better serve veterans Manager’s Guide to Augmented Reality More than a feeling: 10 design practices to deliver business value Facebook Stuff Facebook (Still) Letting Housing Advertisers Exclude Users by Race “Violators can face tens of thousands of dollars in fines. Every single ad was approved within minutes.” Military Stuff Brothers in arms “Four siblings wrote hundreds of letters to each other during WWII. The story they tell of service, sacrifice and trauma was hidden away in an abandoned storage unit — until now.” "Grab your phones" “If you can't treat someone with dignity and respect, then get out” More Military Stuff: Extreme Ownership	TED2017 Stuff ·      How we can face the future without fear, together ·      Courage is contagious ·      Human-robot dance duet ·      What intelligent machines can learn from a school of fish ·      A dance to honor Mother Earth Wildfire Stuff ·      Wine Country fires: Deadly inferno’s first hours ·      After the fires, someone found a burned cat and took it to the vet… Hurricane Stuff ·      Everyone Knew Houston’s Reservoirs Would Flood — Except People Who Bought Homes Inside Them ·      After Harvey hit, one Texas nursing home evacuation began with a gun drawn ·      What it took to keep HEB running in the chaos of Harvey Magic Box ·      I have a message for you… ·      The Case Against Civilization ·      The Last of the Iron Lungs ·      Deliverance From 27,000 Feet ·      11yo girl's reaction after learning she's been adopted BBQ Stuff ·      Podcast: We Seek “Authentic” BBQ 6-Word Movie Reviews ·      Blade Runner 2049 – Vast. Deep. Absolutely stunning. MUST SEE ·      Coco – Amazingly good. Every detail was perfect. ·      The Big Sick – incredibly funny and touching. SEE IT. ·      Atomic Blonde – Maximum intense action. Charlize Theron rules! Universe Stuff ·      Greetings, E.T. (Please Don’t Murder Us.) Blade Runner Stuff ·      Adam Savage Explores the Props of Blade Runner 2049 Animal Stuff ·      Zoos Are Pairing Nervous Cheetahs With Support Dogs: It’s Adorable ·      Summer in the Heartsick Mountains ·      Stick ‘em up! ·      Heart-Wrenching Video: Starving Polar Bear on Iceless Land Game of Thrones Stuff ·      Game of Jones: Leslie Jones and Seth Return to Watch GoT Diversions ·      PAPYRUS!!! ·      Dude can SPIN! ·      QUEEN BABY: Food Critic ·      Short Trip ·      "While My Guitar Gently Weeps" - Tom Petty, et al Nightmare Fuel ·      Survivalist

Classification: Public Information