Purpose

The purpose of IASG device checkout is to allow IASG members the opportunity to experiment with and explore technology, then share the experience with the rest of the organization.

If you see something cool on the Internet, we want you to learn how to do it and then show it off.

The IASG equipment check-out is intended to allow members to go above and beyond simply attending presentations. Following a presentation, IASG can provide some of the tools needed to try out the activities demonstrated. Additionally, tools can be used in the process of developing presentations to give at future IASG meetings.

Another facet of equipment check-out is target devices. With the advent of the so-called “Internet of Things,” many low-quality, low-cost connected devices are emerging. These consumer products often have security issues, and represent a good opportunity for low-hanging fruit with real-world security impact.

Acquisitions

Preference will be given to devices that can be reused for multiple experiments or presentations. If it is a device that will be hacked, low cost is a priority.

Inventory

A current list of available equipment is maintained on the IASG website.

Policy

Checkout Procedures

Contact the IASG President or Equipment Chair to check out equipment. The Equipment Chair will maintain an inventory and log of what equipment is checked out, the dates, and to whom.

Duration

IASG equipment is checked out for a base two week duration. This can be extended at the
discretion of the Equipment Chair following contact prior to the due date.

Equipment that is due must be turned back in at the first IASG meeting following the due date.

IASG “Hacking Tool” Policy

Do not use any IASG loaner equipment in a way contrary to any university policies.

Stay safe, and stay legal.

Firmware modification

Firmware modification is often a risky operation that has a decent chance of resulting in bricked hardware. Firmware modifications are disallowed as a general rule. However, for some devices, firmware modifications are safe and/or an intended part of normal use. For such devices, firmware modifications will be allowed. This is decided on a device-by-device basis.

Hardware modifications are prohibited as a general rule. Exception can be made with permission from the IASG cabinet.

RF firmware modifications are subject to the transmitter restrictions as well as the IASG tool policy.

IASG Target Device Policy

Some loaner devices are intended to be used as targets to be hacked. This includes IoT devices as well as other consumer products that may be interesting to look into for security topics. Since these devices are basically sacrificial, the rules are more lenient.

  • Firmware hacking is permitted in all circumstances (Subject to RF transmitter limitations)
  • Bricking is understood to be a possibility
  • Hardware modifications are permitted, such as installing debug headers.

IASG Radio Frequency Transmitter Policy

Many devices have wireless capabilities, and experimentation with these capabilities can be very exciting and educational. However, care must be taken to follow the FCC regulations. This is especially true of software-defined radios, but applies to consumer wireless devices as well.

Restrictions

  1. Devices which are subject to these restrictions will have the “RF Restrictions” section filled out on the checkout form, with any exceptions noted.

  2. No IASG member may use any transmit functionality of a checked-out IASG device. This specifically includes software-defined radio transceivers.

  3. No IASG member may modify or replace the antennas of any device with transmit capabilities.

  4. No IASG member may modify the RF functionality of any device firmware.

Exceptions

  1. Off-the-shelf certified devices may be used as intended by the manufacturer. This exception specifically applies to 47 CFR Part 15 devices such as:
  • WiFi access points, routers, dongles, cards, modules, etc.
  • Security-oriented WiFi devices
  • Bluetooth
  • Embedded-class radio modules
  • Other devices containing integrated low-power transceivers

This exception does NOT apply to:

  • WiFi or other low-power transceivers which are not FCC certified, yet still available on the market. (Illegal Chinese transceivers are not permitted for IASG presentations).
  • Part 15 devices for which the manufacturer recommends professional installation, such as back-haul WiFi equipment.
  1. The antennas may be modified or replaced, provided no transmit functionality is used with the modified antennas.

  2. If the IASG member is licensed under 47 CFR Part 97 “Amateur Radio Service” a.k.a. Ham radio, all IASG restrictions are lifted. The member is responsible for operating legally under an appropriate part of 47 CFR. If operating under Part 97, keep in mind that cryptography and steganography are prohibited.