The Cybersecurity Canon: The Hardware Hacker: Adventures in Making and Breaking Hardware

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Executive Summary

Rarely does a book have so much to offer a diverse set of readers. In this fascinating read, Andrew Huang covers a diverse set of topics, including information security, hardware development, reverse engineering, biology and bioinformatics, hardware hacking, product development in China, and much more.

Huang has myriad stories to share, and while he’s telling you the stories, he’s sharing invaluable technical and manufacturing insights that you’d be hard-pressed to find in other sources.

Huang discusses the common thread, which is hardware: how it’s made, the legal frameworks around it and how it’s unmade. Also, this book shares some of the author’s most recent physical experiences with hardware.

Review

Trying to place The Hardware Hacker: Adventures in Making and Breaking Hardware (No Starch Press 978-1593277581) into a specific category is a challenge. This superb book covers a multitude of topics from hardware engineering, software design, and Chinese manufacturing to hardware hacking, product development, intellectual property law, and more.

In the book, author Andrew “bunnie” Huang details his escapades and exploits in getting his electronics product from design to market. For readers of Huang’s blog, there will be some repetition here.

What’s unique about this book is the vast amount of firsthand experience Huang brings to every chapter. The vast amount of both conceptual material and practical information makes this a one-of-a-kind book.

For anyone looking to use Chinese manufacturing, Huang writes of his successes and failures, and informs the reader on how to avoid the many potential snags that come with the turf. He details the myriad nuances that can make the difference between shipping a product on time and causing costly delays. Manufacturing in China requires its own book, but here, he provides the reader with an introduction to how to deal with the many things that can derail a project. Huang moved to China to be close to the makers of the Chumby device, for which he was lead engineer.

Perhaps the most interesting section is where Huang details the Chinese approach to intellectual property. To an American patent lawyer, China is the devil incarnate. To the Chinese, American patent lawyers do nothing but stifle innovation and increase costs.

Huang details the Chinese concepts of shanzhai and gongkai. Shanzhai refers to those who make fake products that look just like the original. Sometimes they are exact replicas, but often they are very low-quality. Gongkai is the Chinese approach to open source and licensing, which takes on a very different meaning in China. The two approaches are at loggerheads to how things work in the United States, and never the twain shall meet. But Huang does a fantastic job of explaining how these concepts work. While his explanations certainly won’t placate an IP lawyer in the States, he does provide excellent context to the Chinese mindset for the rest of the world.

Huang is quite forthright and details the many mistakes he made along the way, but he also writes of the hard work involved in getting things produced in China. Much of the book is the lessons he learned along the way. This is an invaluable guide for anyone who plans to produce things in China.

The book lives up to its title in Part 4, where Huang details his escapades in hacking SD cards and other hardware. From a security perspective, his research into how memory cards work shows they run code that, if modified, could perform a man-in-the-middle attack that would be quite hard to detect. An important point he makes is that if you are using SD cards in a high-risk, high-sensitivity situation, don’t assume that running a secure erase command will guarantee the complete erasure of sensitive data. He suggests those who truly need to be certain their data is gone use a physical destruction method.

Huang has a PhD in electrical engineering from the Massachusetts Institute of Technology. That, plus his real-world business and manufacturing expertise, makes this a rare book that has so much good advice from so many different angles.

For those looking to understand how to design and manufacture in China, The Hardware Hacker provides insights that could make the difference between success and failure. Taking Huang’s advice to heart can mean the difference between a manufacturing misadventure and adventure.

Conclusion

Not a typical information security title, The Hardware Hacker illustrates the challenges of ensuring security is not only designed correctly but implemented that way also.

For those looking to manufacture their own hardware and understand its security implications, this book is an invaluable and unique reference. As such, it is a worthy candidate for the Cybersecurity Canon.