The Hardware Hacker: Adventures in Making and Breaking Hardware


Posted on by Ben Rothke

Trying to place The Hardware Hacker: Adventures in Making and Breaking Hardware (No Starch Press 978-1593277581) into a specific category is a challenge. This superb book covers a multitude of topics, from hardware engineering, software design, Chinese manufacturing, to hardware hacking, product development, intellectual property law and more.

In the book, author Andrew 'bunnie' Huang details his escapades and exploits in getting his electronics product from design to market. For readers of Huang’s blog, there will be some repetition here.

For anyone looking to use Chinese manufacturing, Huang writes of his successes and failures, and informs the reader of how to avoid the many potential snags that come with the turf. He details the myriad nuances that can make the difference between shipping a product on-time, and those that cause costly delays. Manufacturing in China requires its own book, but here he provides the reader with an introduction of how to deal with the many things that can derail a project. Huang moved to China to be close to the makers of the Chumby device, for which he was lead engineer.

Perhaps the most interesting section is where Huang details the Chinese approach to intellectual property. To an American patent lawyer, China is the devil incarnate. To the Chinese, American patent lawyers do nothing but stifle innovation and increase costs.

Huang details the Chinese concepts of shanzhai and gongkai. Shanzhai refers to those who make fake products that look just like the original. Sometimes they are exact replicas, but often are very low-quality. Gongkai is the Chinese approach to open source and licensing, which takes on a very different meaning in China. The two approaches are at loggerheads to how things work in the United States and never the twain shall meet. But Huang does a fantastic job of explaining how these concepts work. While his explanations certainly won’t placate an IP lawyer in the states; it does provide excellent context to the Chinese mindset for the rest of the world.

Huang is quite forthright and details the many mistakes he made along the way. But he also writes of the hard work involved he did in getting things produced in China. Much of the book is the lessons he learned along the way. This is an invaluable guide for anyone who plans to produce things in China.

The book lives up to its title in part 4 where Huang details his escapades in hacking SD cards and other hardware. From a security perspective, his research into how memory cards work shows they run code that if modified, could perform a man in the middle attack that would be quite hard to detect. An important point he makes is that if you are using SD cards in a high-risk, hi-sensitivity situation, don’t assume that running a secure erase command will guarantee the complete erasure of sensitive data. He suggests for those that truly need to be certain their data is gone, to use a physical destruction method.

Huang has a PhD in electrical engineering from the Massachusetts Institute of Technology. That plus his real-world business and manufacturing expertise, make this a rare book that has so much good advice from so many different angles.

For those looking to understand how to design and manufacture in China, The Hardware Hacker provides insights that could make the difference between success and failure. Taking Huang’s advice to heart can mean the difference between a manufacturing misadventure and adventure. 


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs

Datasource is null?