INTELLIGENT BRANDS // Enterprise Security

Giving us a view of security from an alternate angle , ethical hacker , Alexander Pick , highlights the methods , challenges and trends in device hacking .

What inspired you to start exploring and hacking hardware ?

I began in the early 2000s , at a time when making money from security was rare , so it was more of a hobby . I published and reported findings on mailing lists and later transitioned into software development , maintaining an interest in security . Eventually , I moved into management but didn ’ t enjoy it , so I returned to technical roles . Hardware always intrigued me because it ’ s a crossover field combining software , electronics , and different types of systems , which not everyone is doing . The diversity of high-level and low-level devices , and the unique challenges of working with both hardware and software , kept me engaged .

What are the biggest challenges you face when reverse engineering devices ?

Reverse engineering hardware comes with several challenges , especially around cryptography . Increasingly , firmware is being encrypted to prevent dumping , making it harder to extract and analyse . Hardware protections , like read-out and tamper protections , are also becoming more common , with some highend devices even breaking when opened . These measures slow the process , but with enough patience , it ’ s still possible to dump firmware and reverse engineer devices . Over time , I ’ ve grown accustomed to working around these obstacles , but they ’ re certainly a challenge that requires persistence . with hardware and other times with software , but the goal is always to gain access .

What trends are you seeing in hardware security and where is the industry heading ?

There ’ s a clear trend toward more sophisticated security measures . Hardware engineers are increasingly introducing read-out protections and tamper safeguards . Firmware is now often cryptographically secured , either by encrypting the entire firmware or signing binaries to ensure only authorised code runs . Companies have become much better at removing leftover development files from firmware , a common vulnerability a few years ago . Overall , the industry is moving toward cleaner , more secure systems .

What advice would you give to beginners who want to get into hardware hacking ?

To start , it ’ s important to have a strong understanding of software development and the software development process . This knowledge helps you understand how hardware is developed and how to spot potential vulnerabilities . You ’ ll also need some familiarity with electronics , as this will be essential for hardware hacking . Proficiency in soldering is critical too , since you often need to attach tiny wires to a PCB . Learning about classic hardware design patterns and getting comfortable with reading data sheets is key ; much of hardware hacking involves analysing and interpreting these sheets . p

How do you approach finding vulnerabilities in hardware systems ?

There are different approaches , but I generally look for poor physical design choices or overlooked security flaws . For high-level devices , I focus on finding leftover debug interfaces , which are often helpful for developers but can also provide a way in for hackers . From my software development experience , I know that if something is useful for a developer , it ’ s useful for a hacker . I look for debug ports or hardware-level interfaces , like JTAG , which can give access to the system . The approach depends on the device , and sometimes I start

62 INTELLIGENTCIO EUROPE www . intelligentcio . com