Cybersecurity and Ethical Questions: A Discussion with a PhD Student and Hardware Hacker
Summary
In this article, we discuss the challenges of cybersecurity and the ethical questions surrounding government intervention in other countries. We speak with a PhD student at NYU Tandon School of Engineering who is working on a project that limits executables exposure to bugs in the kernel. We also hear from a hardware hacker who specializes in side-channel analysis and fault injection. The discussion covers topics such as the Rowhammer vulnerability, updating smart devices, ethical concerns regarding the release of vulnerabilities, and the legality of inspecting purchased vehicles.
Table of Contents
- The Rowhammer Vulnerability
- Updating Smart Devices and Legacy Systems
- Ethical Concerns Regarding the Release of Vulnerabilities
- Inspecting Purchased Vehicles
- Ethics and Laws
- Side-Channel Analysis and Fault Injection
- Flipping Bits Within Flash Memory
The Rowhammer Vulnerability
The interviewee discusses the Rowhammer vulnerability, which involves flipping gates in memory devices by storing and retrieving information in a certain way. This exposes security issues and can change the content of memory. The vulnerability is low-level and exploits physics rather than the architecture itself.
Updating Smart Devices and Legacy Systems
The interviewee expresses concern about the difficulty of updating smart devices and the potential risks of legacy systems being made remote due to the pandemic.
Ethical Concerns Regarding the Release of Vulnerabilities
They also discuss ethical concerns regarding the release of vulnerabilities and the legality of inspecting purchased vehicles. The interviewee believes it is their duty to release vulnerabilities to the public and is against laws that prohibit inspecting purchased vehicles.
Inspecting Purchased Vehicles
The discussion centers around the idea of inspecting purchased vehicles. The interviewee believes that people should be allowed to inspect their own vehicles for security vulnerabilities, but there are laws in some states that prohibit it.
Ethics and Laws
The speaker believes that ethics are based on not intentionally harming others, and that laws and ethics are not always the same.
Side-Channel Analysis and Fault Injection
Colin O’Flyn, a hardware hacker, introduces himself and discusses his work on side-channel analysis and fault injection. He gives an example of fault injection on a Bitcoin wallet, where secrets can be recovered by attacking the check at the end instead of the algorithm itself.
Flipping Bits Within Flash Memory
The discussion then shifts to flipping bits within flash memory, which has been done with x-rays. The interviewee and Colin discuss the possibility of intentionally injecting high energy particles to take over a computer, which could be a new area of research.
Conclusion
In conclusion, this discussion highlights the importance of cybersecurity and the ethical questions surrounding it. As technology advances, it is crucial to stay informed about potential vulnerabilities and the best ways to address them. We must also consider the ethical implications of releasing vulnerabilities and inspecting purchased vehicles. By having these conversations, we can work towards a safer and more secure digital world.
