idea for a fun little security project

Felix sucotronic at gmail.com
Tue Nov 18 06:55:51 UTC 2014


That was a funny email to read when beginning the day xD I see some
potential on you Werner as secret agent screenwriter:P

I want to ask you Werner what chip (or dev board) you would choose to
develop a quick proof of concept of this idea. I've searched a bit and
found the FTDI Vinculo2, which has usb host and slave dual connections, but
unfortunately the toolchain is closed and only for windows :(

On Tue, Nov 18, 2014 at 12:11 AM, Werner Almesberger <werner at almesberger.net
> wrote:

> hellekin wrote:
> > *** Going a step further, you could have a wireless keyboard that you
> > flash with your firmware,
>
> ... if have access to the necessary information or can reverse-engineer
> it.
>
> >           ____________________
> > _   _____/                    \_   _____.---------.
> >  | |                            | |                \_____
> >  | | USB  Secure Hardware Key   | | USB to Keyboard _____
> > _| |_____                      _| |_____,----------|
> > ^.       \____________________/         `----------'
>
> Nice :-)
>
> > The USB Secure Hardware Key
>
> I.e., something like the critters made by: Ugoos, Rikomagic,
> Tronsmart, FXI (Cotton Candy), Inverse Path (USB Armory), etc.
>
> > would offer 3 functionalities:
> >
> > 1. bootable Tails system
> > 2. wireless keyboard connection
> > 3. cabled keyboard connection
> >
> > Both 2. and 3. would provide the encryption capability.
>
> If the wireless keyboard encrypts, you'd also have it in case 1.
> And yes, that's an entirely feasible scenario. Differences to the
> simple USB-to-USB encryptor I described:
>
> - considerably more complex and harder to make (but you can try to
>   use a pre-built system, see above),
>
> - more expensive,
>
> - does not protect input going to the PC if the "sandbox system"
>   is compromised. But yes, Tails is probably a good deal more
>   secure than the pandemonium the average person keeps on their PC.
>
> The Keyboard -> USB computer -> PC -> Internet -> Secure remote case
> is a bit weaker than the keyboard -> USB-to-USB-encryptor -> PC ->
> Internet -> Secure remote case irrespective of the condition of the
> PC because the USB computer has a much larger attack surface.
>
> > And if you remove the wireless part, and use micro-USB instead, you can
> > have a fully featured encrypted keyboard for your mobile phone, which is
> > probably a good thing to have given that we have more fingers than two
> > thumbs.
>
> May get a bit fumbly, though: smartphone + USB stick + keyboard.
>
> > [ James Bond is after you ]
>
> Here's an easy trick: wait until he lets himself be caught by your
> henchmen. You can count on this happening, it's one of his little
> rituals to never do something that would seriously upset you before
> you had a chance to kill him.
>
> When you have him in your fireproof holding cell, skip the sermon
> and fancy death machines, and surprise him with the sheer simplicity
> of a quick kill by revolver, knife, or a baseball bat, items you will
> not have taken from him or any of his companions, but that you have
> acquired and safely stored well before the occasion.
>
> Then have your henchmen cremate his remains on the spot. Do not leave
> the execution in the hands of your trusted if perverted lieutenant
> but oversee it personally for the whole duration. Bring a large sieve
> and shovels, to make sure no man-sized pieces wrapped in
> fire-resistant bulletproof cloth somehow remain in the ashes.
>
> Since you will be filming this, before uploading to YouTube, make
> sure no blood or soot is seen on the flawlessly white fur of your
> cat. People would never forgive you.
>
> - Werner
>
> _______________________________________________
> Qi Hardware Discussion List
> Mail to list (members only): discussion at lists.en.qi-hardware.com
> Subscribe or Unsubscribe:
> http://lists.en.qi-hardware.com/mailman/listinfo/discussion
>



-- 
Felix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.en.qi-hardware.com/pipermail/discussion/attachments/20141118/99cee4c5/attachment.html>


More information about the discussion mailing list


interactive