San Francisco-based electrical engineer Joe Grand has spent the last two decades finding security flaws in hardware devices and educating engineers on how to increase the security of their designs. He specializes in inventing, designing, and licensing products and modules for electronics hobbyists. Joe has been on the MAKE technical advisory board since the first issue, and is the author of the longest project (35 pages) to ever run on the pages of MAKE: the Atari 2600PC.
His bio sums up his focus and ethos:
Joe Grand was born as a hacker. In a time when tinkering with computers and electronics was a guarantee for ridicule and torment, Joe (formerly known as Kingpin) pushed back to forge his own path — figuring out how to make free telephone calls as a 7-year-old in 1982, helping set the standard for modern computer security vulnerability research and disclosure with the infamous hacker group L0pht Heavy Industries, bringing engineering to the masses on Discovery Channel’s Prototype This, and running his own product design firm, Grand Idea Studio. Joe strives to make technology accessible to people of all skill levels.
One project youʼre particularly proud of:
1. Though not really a “project” in the traditional sense, Iʼm awfully proud of being a daddy to two young boys (ages 1 and 4). Watching (and supporting) them as mushy, helpless beings turn into curious, independent humans is more satisfying than any other project, product, or prototype Iʼve been involved in. To me, being a parent is the most challenging and inspirational engineering project one can have. You get to learn, teach, try new things, improvise, hack, fail, and succeed. Best of all, you donʼt have to write any documentation!
Joe and his eldest son taking apart a satellite TV receiver.
Two past mistakes youʼve learned the most from:
1. Getting into trouble. In 1992, as a 16-year-old, I was effectively scared straight after some computer-related misdoings. At that time, the hacker community was purely underground. There were very few hackerspaces, meetings/gatherings, or public sharing of information. We were all forging a new path, driven by curiosity to learn as much as possible about technologies we were exposed to and often prevented from learning about through traditional outlets. That experience may have been the single most important turning point in my life, as it helped to redirect my energies in a more positive direction.
2. Offshore manufacturing. I prefer to build prototypes and one-off proof-of-concepts, but occasionally I deal with production manufacturing for things Iʼve designed. While relying on offshore facilities is often praised as the way to go (“Weʼll just send it to China and theyʼll take care of it…”), many times the risks of doing so outweigh the benefits. Things like language barriers, shipping costs, customs delays, travel expenses to visit the facility, and the asynchronous nature of communication due to timezone differences can throw a monkey wrench into even the best of designs. While “brokers” exist that promise to simplify your involvement by serving as the middle man between you (the maker) and the facility, they arenʼt usually as dedicated to the project as you are and may not be technically competent enough to make their engagement worthwhile. Iʼm not saying all offshore manufacturing is bad, but it is not a panacea and warrants a closer look on a project-by-project basis.
Three ideas that have excited you most lately:
1. On-chip debug interfaces. Discovering available on-chip debug (OCD) and/or programming interfaces is a common part of hardware hacking or reverse engineering, as such interfaces are usually left unprotected and can be used to extract memory from or affect the state of a functioning electronic system. I’ve been researching different types of interfaces and have recently released the JTAGulator, which is an open source, Parallax Propeller-based hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device. My hope is that the tool will help new people get involved in hardware hacking and highlight the insecurity of OCD interfaces.
2. Speech synthesis. I’ve always been attracted to talking devices, from playing with Speak & Spell to using S.A.M. (The Software Automatic Mouth) on my Atari 400 to hearing early talking cars (“A door is ajar…”) to hacking with the ubiquitous General Instrument SP0256 speech processor. I thought the maker community (myself included) needed an easy way for projects to talk, so I created the Emic 2 Text-to-Speech module. The module is a self-contained, multi-language voice synthesizer that converts a stream of digital text into natural-sounding speech. It’s based on the Epson S1V30120 TTS IC, which uses the familiar DECtalk engine, and is easy to interface to any microcontroller through a standard serial interface. It can even sing!
3. Technology (mis)use. Iʼve been excited, though not in a good way, about the improper and (sometimes) socially unacceptable use of technology. From cameras at every street corner to mobile devices tracking your every move to Facebook and Google (among others) controlling your personal data, privacy has become something we’re slowly (and willingly?) losing. It’s a slippery slope that I don’t think most people will notice until it’s too late. The problem is largely driven by our society’s mass adoption of technology and taking that technology for granted. As an engineer and hacker, I strive to educate others about the unintended consequences and can only hope it will foster a change in mindset.
Four tools you canʼt live without:
1. Agilent DSO7054. I often say that Iʼm in love with my digital oscilloscope — and it’s only partially a joke. I’m a visual learner, so nothing beats being able to see what signals are actually doing at a given point in time. Since I work a lot with embedded systems and digital communications, I rely heavily on my scope’s serial decoding functionality and advanced triggering. It’s by far my most useful and coveted tool in the lab.
2. T-Tech Quick Circuit 5000. Ever since I was a teenager, Iʼve lusted over the possibility of acquiring a PCB prototyping machine. I spent years making my own circuit boards with traditional homebrew etching techniques and was too familiar with the dangers of ferric chloride. While we now all have access to PCB fabrication facilities around the world at reasonable pricing, nothing beats the instant gratification of getting boards back within minutes instead of days. I use the QuickCircuit mostly for single sided prototypes and interface boards, but also for fun art-related projects with my kids, like milling name plates and making airplane-shaped circuit boards. As a bonus, itʼs mesmerizing to watch as it drills and routes.
3. Chip Quik SMD Removal Kit. Chip Quik is a low temperature alloy that aids in the removal of surface mount components. When the alloy is melted into the target componentʼs existing solder connections, the overall melting temperature is reduced, which will let you just lift or slide the component right off the board. I use this stuff by the case for PCB rework, reverse engineering, and in my hardware hacking classes.
4. #tymkrs IRC channel. Hosted by Whisker and Addie, two geeky people from Rochester, Minn., #tymkrs is like a virtual hackerspace. Joined by a wide range of folks from all over the world and active around the clock, itʼs a great place to discuss current projects, help out with technical problems, or just talk about day-to-day things. As I generally work alone, leaving the IRC window open gives me a modicum of connection to the outside world.
Joe (center) riding an omnidirectional, remote controlled couch on Prototype This.
Five people/things that have inspired your work:
1. The L0pht. In the early 1990s, I joined a group called L0pht Heavy Industries. The L0pht was a clubhouse for Boston-area hackers that had met on local bulletin board systems and was one of the first publicly known hackerspaces. Along with just hanging out and tinkering with technology, we would examine networks, software applications, and hardware devices for security flaws. If we discovered a vulnerability, we would challenge the vendor to not only acknowledge the problem, but to fix it — this is now common practice, but back then it was a feat practically unheard of and needed some real cojones!
The other six guys in the group were all older than me and became my mentors (whether they knew it or not) for nearly the next decade. They helped to reinforce my hacker mindset — that is, not being afraid to try unconventional solutions to problems, pushing the limits of technology, dedication to learning through constant experimentation, and sharing my passion with others.
2. Running. Some people solve problems in the shower or during a dream. I solve my problems while running. While Iʼd secretly love to spend all waking hours in the lab, I do try to have some balance of technical and non-technical endeavors. Running forces me out of the lab and into the sunlight. Itʼs usually those times where Iʼm so obsessed with fixing a design or overcoming some issue that I donʼt want to go run, but once I hit the streets, I feel like I can process things more clearly.
3. My grandfather, a mathematician, baseball fanatic, and teacher. When I was a kid, I remember reading through his review forms after one of his lectures and was amazed at how good they were. I wasnʼt even quite sure of what he talked about, but whatever it was the students sure liked him! Now every time I give a talk or teach a class, I think about those review forms and always strive to get the same high marks.
4. Ralph Baer. Also known as the Father of Home Video Games, Ralph Baer is an engineerʼs engineer. He has invented hundreds of games and toys that many of us grew up with, including the Magnavox Odyssey, Simon, and Computer Perfection. I met Ralph nearly 10 years ago through a mutual friend and we have worked on a few projects together. It amazes me that, even at 93, heʼs continually tinkering and building prototypes. He once said, “I have fun by making things work,” and itʼs his passion for the act of engineering thatʼs so inspiring to me.
5. Hardcore/Punk. After being introduced to the genre by my older brother and his friends, I spent many years of Saturday and Sunday afternoons packed into dingy Boston clubs listening to bands and supporting the scene. I identified strongly with the anger, passion, and ideals, and discovered that it had some surprising parallels to my burgeoning hacker convictions. The music continues to be my daily soundtrack — it has helped me to be comfortable with who I am and to not be swayed by outside influences or pressures.
Joe checks the weather with his helmet-mounted weather station on Prototype This.