Frequent Boing Boing contributor Sean O'Brien and his colleagues Laurin Weissinger and Scott J Shapiro built a Raspberry Pi-enabled smart pumpkin and then challenged their Yale cybersecurity students to hack it.
The exercise looks like lots of fun, and the instructors have documented their process on Github, along with sourcecode for your own "Pumpkin Pi."
The Pumpkin sat on a table in class, with the red and yellow LEDs simulating a candle. The objective I gave to students was to trigger the green lights, rather than just shutting the LEDs / the Pumpkin down (someone did anyway, which was interesting and followed by an explanation about objectives in hacking and security research...) Physical access was not allowed.
The first step was to figure out what we were trying to hack. Using "nmap", we tried to detect the operating system and other useful details. The students were then tasked to evaluate their target.
They quickly realised that this was a Raspberry Pi (MAC matching) running an up-to-date Linux. Therefore, it would be difficult to exploit.
As we all know, many administrators do use weak credentials, and luckily, the PumpkinPi administrator set a very weak and seasonal password. Using "hydra" and a wordlist, the students were able to brute force the password and gain access to the device.
However, this was not enough! As mentioned before, I set a specific objective while not denying the root user any rights. Indeed, one student just used the "shutdown" command and turned off the Pi. I then explained that in hacking and security research, it is important to know one's objectives and not simply "break things", while restarting the PumpkinPi.
The Pumpkin Pi Project [Sean O'Brien/Github]
We’ve been writing about Lea Redmond since 2009 here on Boing Boing. She’s just one of those kind of people who consistently makes neat things — a real Happy Mutant! Well, her latest creative venture is Home Sweet Home, an activity deck for kids (and the young at heart). It offers inspiring prompts for whimsical, […]
Listed at $159,900 this 1,075 square-foot home in Pittsburgh, Pennsylvania is bland on the outside but features rooms with outer space, submarine, tropical island, and moonbase motifs. The owners put a lot of work into it!
The “transient bazaar” known as Lost Horizon Night Market is a covert operation. Worlds are imagined and then built inside the blank canvasses of empty box trucks. For the event, all the “proprietors,” and their appointed box trucks, convene in an unsanctioned, though discreet, location. This location is disclosed to would-be “shoppers” via text just […]
Promoting products is almost nothing like it was back in the Mad Men days. In fact, the digital landscape has changed the ad game so much that it barely even resembles early Grey’s Anatomy days anymore. Marketing a product digitally isn’t about the right ad slogan or color scheme. It’s about crafting the narrative around […]
Every once in a while, we see a new product come along that’s so versatile and elegantly simple that it’s strange no one’s ever gone there before. Portable lights themselves aren’t new, but there’s something about the MOGICS Coconut Light that’s so seamlessly well-designed and adaptable that it feels startlingly original. The Coconut is basically […]
With the U.S. cautiously reopening, it’s probably time to take stock of where you’re at. After spending all these weeks in the house, you’ve likely already assembled a little list of items you either realized you were missing or need to replace. And those kinds of revelations probably apply to nearly every room. We got […]