I’m Link Clark, Hacker Success Manager at Bugcrowd and operations lead on Bugcrowd’s College Program. The Bugcrowd College Program supports student hackers at universities around the world who are looking for new and exciting ways to grow their skills. 

The University of New Brunswick Cybersec club is a university in eastern Canada that provides learning resources and opportunities for students to help them enter into the cybersecurity space through weekly meetings, talks, and CTF competitions. Coincidentally, Bugcrowd started a college program in 2022 that supports university ethical hacking clubs through demonstrations with elite hackers. On behalf of Bugcrowd, I reached out to the club president, Matthew, to explain what we offer and how we can help their club mission. Matthew stated that he is always looking for ways to expand their club offerings and asked specifically about hardware hacking opportunities. 

Hardware and IoT hacking is a hot topic right now. The Bugcrowd Hacker Success team spends a lot of time monitoring emerging skills, and we’ve seen a huge increase in customers on our platform seeking to proactively test the security of their hardware and IoT devices. This is an excellent opportunity to train new hackers in this field. 

After talking to Matthew, I had a good feeling that we could foster an excellent opportunity between students, the Canadian Institute for Cybersecurity (CIC), and a top hacker with a passion for teaching. 

The missing piece was the hacker I had in mind—Erik de Jong. Erik is a community-driven hacker and brilliant educator living five thousand miles away in the Netherlands. Not only that, but he is a hardware hacking all-star on the Bugcrowd Platform and a live hacking leader at our Bug Bash events. Erik agreed to help and was excited to help us build out a new hands-on, educational pilot for university organizations. 

The last step was flying me from sunny Texas to a freezing Canada. Don’t worry, I came prepared with a hefty winter jacket and traction shoes.

The event

After a lot of event planning and a couple long flights, we arranged for Erik to join a hands-on hardware hacking demonstration for the UNB Club. The cold weather didn’t deter student participants—over 30 students found new success in a variety of hardware techniques and hopefully built their passion for hands-on cybersecurity solutions. That’s over 30 new faces stepping into the cybersecurity world with hands-on experience and expert lessons from a top hacker.

Erik guided the club through printed circuit board (PCB) reverse engineering, which is a way to identify and analyze the design of a PCB. From there, Erik taught them about flash memory dumping and why it’s an important step in extracting code for analysis. Watch along as Erik shows the students these important steps. 

The skill of flash memory dumping is particularly important in automotive systems and other proprietary environments where manufacturers restrict access to internal software. This technique transforms your approach from working with a “black box” (no visibility into internal operations) to a “grey/white box” level of understanding.

Analyzing the flash dump proved useful in learning to extract firmware when vendors don’t share update files publicly, access code from systems requiring service contracts, obtain encrypted updates to analyze decryption methods, enable static analysis of scripts and binaries to identify potential vulnerabilities, and most importantly, formulate testable theories for further dynamic testing on actual devices.

and some good old fashioned soldering. Soldering is either the most exciting step for the new hardware hackers to learn, or the scariest; depending on your aversion to potential injury 🙂  Erik showed the students how to safely start up their soldering equipment, carefully join various computing, metal bits together and test hardware.

Conclusion

Future hackers hacked. Pizza was eaten. Laughs were had. I got back on a plane and headed back to warmer climate, but as I reflected on my time with the students and Erik, I wondered to myself what future hardware demonstrations will we do next? 

Are you part of an ethical hacking club on a college campus and want to host your own hardware hacking event? We’ve opened up the application process for the next club to apply. Please fill it out here.