Hardware security guru, Defcon badge maker films TV show

Joe Grand, the owner of Grand Idea Studio and one of the former members of the L0pht hacking crew, has carved out a unique niche for himself in the security community. Known as a hardware security wizard, Grand has spent the last few years tinkering with all manner of devices and designing the badges for the annual Defcon conference. Right now, Grand is in the middle of filming for a new show called "Prototype This," which premieres on the Discovery Channel on Oct. 15.

"The goal of the show is to follow the process from concept through this proof-of-concept prototype, and of course we never know if it's actually going to work."
Joe Grand, Hardware Security Researcher, Grand Idea Studio

Where did the idea for the show come from?
The concept for the show has been floating around Discovery and Beyond Productions, the company that's producing the show, for a few years. So I didn't have any involvement in creating the show, but it's something that Discovery has wanted to do for a while and eventually it just came to fruition. So how did you get involved in it at the beginning?
I got involved in it pretty much through word of mouth. When Beyond was looking to cast an electrical engineer as one of the four on the show, they had contacted Make magazine and I'm on the technical advisory board for Make, which is like a do-it-yourself, builder, maker type of magazine. They contacted me and said, "Hey, there's this new TV show, they're looking for an electronics guy, are you interested?" I was like, wow, that sounds sort of interesting and just through discussions, it was like I get to do what I like doing, which is prototyping and electronics and I get to do it on TV so it sounds like a win-win to me. So what are the projects you guys are working on right now?
 

Listen to the interview:

For Joe Grand, hacking isn't just an adventure, it's a job. A former member of the L0pht and owner of Grand Idea Studio, Grand talks about his designs for the Defcon badges, his work on hardware security and his new Discovery Channel show, Prototype This!

Download MP3 | Subscribe to our security podcasts

The one that we're almost done with is two builds, which is rare, but it's for a firefighter technology show. One of them is this thing that we're calling the stairbot, which is essentially this motorized vehicle that will enable a firefighter to haul a lot of gear upstairs, up a high-rise building very quickly. Because normally firefighters have to carry these huge amounts of equipment and tools and they lug all this stuff up the stairs and by the time they get to the person in distress, they're exhausted. So the intent was to have this system that they can just use and there's no learning curve. They can just have this machine and it will follow them up the stairs and they have all the gear and they're ready to fight the fire without being tired. And the second part of the build, which is my favorite part, is something we're calling the pyropack. And that's essentially this high-tech firefighter pack that carries the standard things like oxygen and their oxygen gauge, but then we're implementing all sorts of high-tech features to it. We have a heads-up display that the firefighter will mount to their head and they won't have to futz around with all the gauges that are normally all over their bodies, and we also have a thermal imaging camera so they'll be able to see that image through the heads-up display as well. Because most teams of firefighters, when they go in for a search and rescue, they already have a thermal camera, but that takes up someone's hand. So you head-mount it and when they move their head around they'll see an image of wherever they're looking, so it's super cool. We're pretty much all done with the development, which took us about three weeks, which is a pretty standard turnaround time for the show. It's very cool. It shows off all the different skills of the four of us. For a one-hour episode, how much build and development time are you putting in?
We are essentially filming the entire process. The goal of the show is to follow the process from concept through this proof-of-concept prototype, and of course we never know if it's actually going to work. So we try to schedule two to three weeks of filming and development time per episode, sometimes we go over and sometimes we do it faster, because we never know how the actual process is going to go. Typically we end up going over because we just run into problems, and that's the engineering process, so it's kind of fun. It's a huge challenge to be able to capture the process while we're doing it. Where do the ideas for the projects come from? Do you guys come up with them or are they sent in to you?
Both. Discovery and Beyond have some ideas of stuff they'd like to see on TV. And then we, as the 4 engineers, also have ideas of things we want to build that are cool-looking for TV and ideas we can build in a few weeks. The ideas come internal and external and what I hope is, when the show airs, we get viewer ideas and maybe one out of every one thousand ideas is something that's feasible for us. Is there any chance that the stuff you guys are building is going to see the light of day as actual projects?
It might. That's one of the great things about the show is that we are doing things that have never been done before and some of them we might just do because they're fun. Like giant boxing robots that move off of the movements of players outside the ring. Something like that might just be for fun. How did things evolve from you being a hardware security hacker, to running your own design company, to now this show?
I'm still the same guy I was when I was 16. I'm just a little older. I've always been a hacker, I've always been the hardware hacker, the hardware guy into elec. When I was involved in the L0pht, that was the first scenario for me where I said, wow I can mess around with electronics and do lots of really cool stuff and not necessarily be under someone else's control. Most of my electronics knowledge was self-taught during that time and that kind of shaped my thought processes about how to go about experimenting with products and breaking the security of products. So that was a really important time for me and then of course starting @stake. I got to then see the side of big business and venture capital and what happens when a lot of people get blinded by money. So I got to see both sides of it. And at that point I realized I didn't want to be a consultant, I wanted to design products. So that's when I started my own company, Grand Idea Studio, back in 2000 and then really my whole mission was if I come up with some idea and I think it's cool and I want to just build a prototype of it and throw my biz hat on to try to license it. When you joined the L0pht, you were the youngest guy in the room at that time weren't you?
Yeah, when I kind of formally joined the L0pht I was 16 or 17. The other guys were at least four years older than me. And for me the L0pht was someplace I could go to stay off the streets and stay out of trouble and do things in a safe environment. Because I had been in trouble before then and there were groups of people I was hanging out with. The L0pht was like, wow, I get to do what I like doing and there were all these guys I'd known for years on the bulletin board systems. So it was a great place for me to go and my parents fully supported the rent I had to pay. It was like $50 a month or something. That was all I needed to just get involved with these guys who really were my mentors. What are your thoughts on the security models of some of these embedded devices that are really sophisticated these days?
Any hardware prod out there can be broken and lots of times it can be broken easier than a software application. And the problem with that is that hardware engineers aren't trained to be familiar with security. Their main goal is to get the product out to market and the companies say, "OK, we'll get the product out and if there is a problem we'll patch out." Or they just ignore it and bear the risk. So, most engineers just want to get the products out there. The ones that are security related products, hardware security is still expensive. A lot of companies don't want to pay all that money to try to protect every product if the risk of attack is so low. Tell me about the process of designing the Defcon badges.
The Defcon badges have been an interesting project because the first time that I did it back at Defcon 14, Dark Tangent, the guy that runs Defcon, said let's try to do something different. He had seen some circuit boards that I'd designed that were kind of artistic for a hardware hacking class and said let's try to do something like that. So the initial one was a fairly simple design. Just to gauge people reaction. People went nuts. Defcon 14 took about 70 hours. Defcon 15, I had a few engineering problems after I already got the prototypes back, so that took about 170 hours, and I had to redesign the circuit boards on the first few nights of my honeymoon, which was a total bummer. And then Defcon 16 took 200 hours of development, but then I had a nightmare of supply chain and logistics and everything that ended up probably taking another 40 hours.

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close