Introduction - A Journey from Circuits to Cybersecurity
If you’ve been following my blogs, podcasts, or interviews, you might assume that I’ve had an enduring passion for Cyber Security and that I entered the world of ethical hacking because of this passion. However, the truth is that Cyber Security was not my first love; I stumbled into it accidentally, and I look forward to sharing that story in the future to explain how this accidental journey unfolded.
For those who aren’t familiar with my background, I used to have a deep passion for electronics and electrical systems. My childhood was anything but ordinary. Due to certain family circumstances, I attended school at my maternal home in Dhadhing. Since it was a new place where I lacked friends, I dedicated most of my time to repairing electronic devices and unleashing my creativity in this field. I would troubleshoot and fix radios, TVs, and various electrical gadgets. During my time in Dhadhing, I even built inverters from scratch, leaving those around me in awe. My father, an incredibly talented genius and an outstanding electrician, played a significant role in nurturing this passion within me.
After completing my schooling, I returned to Kathmandu and enrolled in college. However, due to my family’s circumstances, I found myself taking up contracts for house wiring as an electrician. I even hired some of my college colleagues as helpers, paying them on a per-day basis. By day, I worked as a full-time electrician, and in the mornings, I attended college. I spent several years working as an electrician, taking on numerous house wiring projects as a contractor.
Later on, due to unforeseen circumstances, my career path shifted towards “Cyber Security.” If not for these events, I might have pursued a career as an “Electronic and Electrical Engineer” today. My passion for electronics and electrical work still burns brightly within me, and I continue to find joy in repairing electronic devices and crafting new creations. Presently, I am equally passionate about both Cyber Security and electronic and electrical work. This is why I started my journey of Hardware Hacking and am now excited to share my experiences exploring Hardware Hacking with all of you. This series will be beginner-friendly, aiming to help anyone start their journey in hardware hacking or at least understand the concept, given the limited resources available in this area.
Demystifying Hardware Hacking
What is Hardware Hacking?
Hardware hacking is the art of modifying or manipulating the physical components of electronic devices to achieve specific goals, which can range from gaining unauthorized access to a system to enhancing device functionality. This practice revolves around making physical alterations to hardware elements like circuit boards, microcontrollers, sensors, various other electronic components and firmware to modify their original functions. It’s important to understand that hardware hacking is a vast and multifaceted field, with numerous aspects and techniques to explore.
In this series, we consider SCADA system hacking, embedded system hacking, and IoT hacking as forms of hardware hacking because they all involve the manipulation or modification of the physical electronic hardware components within their respective systems to some extent. While each of them has its unique emphasis, requiring specific knowledge and techniques, they all share a common foundation: the interaction with the tangible hardware elements that power electronic systems.
Why is Hardware Hacking Crucial?
I firmly believe that Nepal lags far behind other countries in terms of technology adoption. We are still heavily reliant on old technologies, and our shift towards newer technologies is in its early stages. During the implementation phase, we are just beginning to incorporate technologies that have long been in use in developed countries. As a result, the individuals responsible for implementing these technologies are not well-versed in the cybersecurity risks associated with them.
Furthermore, there are no cybersecurity companies in Nepal that offer innovative solutions relevant to these emerging technologies. Instead, they continue to provide the same traditional cybersecurity services. This lack of innovation and specialization significantly increases the cybersecurity risk associated with the newly implemented technologies. For example, when it comes to IoT devices, they are widely used in various Nepali organizations, yet there are no cybersecurity companies that provide IoT security services.
Due to this lack of expertise, these companies often overlook the security aspects of IoT devices and include it in the network penetration testing. Since the penetration tester isn’t an expert in IoT hacking or hardware hacking, they solely focus on identifying vulnerabilities in the open ports and services, leaving the device vulnerable to potential exploitation through hardware hacking.
To truly enhance the security of their systems, organizations should also consider the hardware hacking aspect as a separate scope along with web, mobile, network, and API security, which is often omitted from their penetration testing scope. It is clear that organizations are missing out on this crucial aspect, along with other facets of the penetration testing scope.
The next post in this series will cover how to begin with hardware hacking and the prerequisite knowledge required.