Frequent Boing Boing contributor Sean O'Brien and his colleagues Laurin Weissinger and Scott J Shapiro built a Raspberry Pi-enabled smart pumpkin and then challenged their Yale cybersecurity students to hack it.
The exercise looks like lots of fun, and the instructors have documented their process on Github, along with sourcecode for your own "Pumpkin Pi."
The Pumpkin sat on a table in class, with the red and yellow LEDs simulating a candle. The objective I gave to students was to trigger the green lights, rather than just shutting the LEDs / the Pumpkin down (someone did anyway, which was interesting and followed by an explanation about objectives in hacking and security research...) Physical access was not allowed.
The first step was to figure out what we were trying to hack. Using "nmap", we tried to detect the operating system and other useful details. The students were then tasked to evaluate their target.
They quickly realised that this was a Raspberry Pi (MAC matching) running an up-to-date Linux. Therefore, it would be difficult to exploit.
As we all know, many administrators do use weak credentials, and luckily, the PumpkinPi administrator set a very weak and seasonal password. Using "hydra" and a wordlist, the students were able to brute force the password and gain access to the device.
However, this was not enough! As mentioned before, I set a specific objective while not denying the root user any rights. Indeed, one student just used the "shutdown" command and turned off the Pi. I then explained that in hacking and security research, it is important to know one's objectives and not simply "break things", while restarting the PumpkinPi.
The Pumpkin Pi Project [Sean O'Brien/Github]
Last night's book tour event in Toronto was a smashing success! Thanks to everyone who came! I just checked in for my flight to Chicago for a weekend's worth of appearances at C2E2, and then on Monday I'll be at Berkeley Arts & Letters at 7:30PM with Richard Kadrey, then The Revolutionary Reads series at […]
We had a hell of an event last night at The Strand in NYC, and I'm about to head to the airport for my flight to Toronto for tonight's event at the Metro Reference Library, hosted by the Globe & Mail's Barry Hertz; then it's Chicago's C2E2 festival and then to Berkeley for an event […]
Thanks to everyone who came to last night's launch event at San Diego's Mysterious Galaxy! The next stop on my tour is an event at 7PM at The Strand in NYC where I'll be appearing with the award-winning investigative journalist Julia Angwin, who is pinch-hitting for Anand Giridharadas, who has had a family emergency.
Despite government legislation and improving caller ID technology, robocalls and scam artists are rampant on the phone lines – up to 35 billion a year in the US alone. They can be annoying at best and a financial threat at worst, but there’s a way to take security into your own hands. One good example […]
If you’re a Mac user, you thrive on simplicity. Everything in its place and a place for everything. Unsurprisingly, there’s a ton of great organizational apps out there for Mac, and now someone’s had the great idea to bundle them all together. Whether you’re running a demanding business or just getting through the day to […]
Seems like drones are doing a lot of jobs these days, from reconnaissance to delivery. Now, we can add “keeping the Death Star safe” to that list. Whether you’re a drone enthusiast or a Star Wars fan, these Star Wars Propel Drones are undeniably the coolest toy around. Yes, that’s a fully functional drone replica […]