.

Hackers Invited to Break $100 Laptops

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Oct 03, 2006 4:53 pm

Hackers Invited to Break $100 Laptops

San Diego (CA) - Cheap computers for the world's poor could mean big security headaches. The $100 One Laptop Per Child (OLPC) project is inviting hackers to break test out and even break the security on the upcoming computers. Speaking at the Toorcon computer security convention, OLPC representative Ivan Kristić said the OLPC will create the largest monoculture in history and the it will present some "very scary" security problems.

The low-pricedLinux-based computers will be sold to third-world countries and will have a 500 MHz AMD processor along with 128 MB of system memory and 512 MB of Flash storage memory. Standardized hardware along with a standard software image is one reason why the machines will be so cheap, but Kristić explains that this standardization will cause security issues.

If tens of millions of OLPCs are sold, the device could create one of the largest computer monocultures in history, similar to what has happened to the Apple Macintosh. One single exploit could easily wipe out millions of computers.

One huge security risk, according to Kristić, is that new computers will transparently transmit application code from one computer to another. The cheap laptops are meant to operate in a mesh wireless network and if one computer doesn't have an application, then it can acquire it wirelessly from another computer. Kristić calls this scenario "bloody scary".

The OLPC is also designed to be very hackable and Kristić told Toorcon attendees that there was, "a lot of value" from having kids take apart the machine. If something goes wrong, the computer is designed to be easily restored from a server, USB sticks or from the mesh network. But the same easily hackable and easily restorable machine has to be made secure and that's where hackers come into play.

Kristić said, "I want to help you break these machines... before there is a billion of them out in the field."


Original Story:
http://www.tgdaily.com/2006/10/03/toorc ... rityrisks/

OLPC:
http://laptop.org

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Tue Oct 03, 2006 8:10 pm

Re: Hackers Invited to Break $100 Laptops

that's sweet!

i love initiatives that will keep me employed doing computer security stuff!
<<

jimbob

Post Wed Oct 04, 2006 10:50 am

Re: Hackers Invited to Break $100 Laptops

Is anyone else breaking out into a nervous sweat thinking about all those zombied machines once someone does crack them in the wild?

"a great disturbance in the Force, as if millions of voices cried out in terror and were suddenly silenced…"

Jim
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Oct 04, 2006 11:06 am

Re: Hackers Invited to Break $100 Laptops

First of all, great quote.

Second of all, this is no worse than a release of any major OS with holes. And MS is not the only culprit here.

Third, at least these guys are willing to look at this issue before unleashing millions of these machines.

On a separate note, from the picture on their site, the laptops will be running FC5. Right now, this is a good, safe bet. But the Fedora Project is known for quick releases of new versions. What happens to the millions of machines a couple years down the line when FC8 is released, and they decide to end support for the old FC5?

Just a thought.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Wed Oct 04, 2006 6:05 pm

Re: Hackers Invited to Break $100 Laptops

Personally I think that Edubuntu is more fitting, and the spirit of Ubuntu seems more harmonious with the ideals of the OLPC project.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Oct 12, 2006 1:54 pm

Re: Hackers Invited to Break $100 Laptops

Here's an eweek write up on this topic with more details.

http://www.eweek.com/article2/0,1895,20 ... 00906EP14A

Should we as a community contact them and get involved in this? Anyone here up for such a task?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

jimbob

Post Mon Oct 23, 2006 3:51 am

Re: Hackers Invited to Break $100 Laptops

How accessible are these new $100 laptops going to be to those outside of the project? I'm hoping that the value of these laptops will be so low as to keep most of them off the grey markey but the good guys and the bad guys are going to want to get their hands on them for testing.

I think we should ask to get involved from the very start. The logisitcs of updating these machines once they are in the wild will be impossible, especially since many will never see a network connection. Mind you, it's not those ones we need to worry about.

Jim

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software