Ultimate Hacking Keyboard

A fully programmable, impeccably built, split mechanical keyboard - designed for extreme productivity and ergonomics.

Dec 01, 2015

Project update 12 of 76

Securing Firmware Upgrades

Security Graphic

Security is a serious business, but more often than not it gets overlooked. Ideally, it should be part of the design from the get-go, but people are prone to overlook it, given the huge number of seemingly more urgent issues to be taken care of. That’s why it’s a blessing when you get contacted by a security consultant like Marcus Gustafsson out of the blue.

A while back, Marcus expressed his concern regarding the security of the UHK firmware upgrades, and we exchanged a couple of lengthy emails full of geek talk. I originally planned to copy-paste all of them here so that everybody can see the gory details, but that’d be a very long update so I’d rather just summarize what really matters.

Given his security-conscious mindset, Marcus wanted to have a dedicated physical port to upgrade the firmware. Rather than having to rely on perfect code to protect your security, a hardware level security mechanism is a much better bet. Originally, I couldn’t see a way of making it happen, but Marcus was diligent enough to look into AVR datasheets, find the lock bits, and ultimately, we figured out a way.

We ended up coming up with the following 4 user-selectable security modes:

I think the above mode selections should cover enough ground to satisfy the need of every user, from the least security conscious to the most. There are only a handful of keyboards on the market whose firmware is upgradable, and out of those keyboards every one implements the insecure mode detailed above. I’m excited that we’re the first to address this problem!

Lastly, let me just re-emphasize how much your voice matters. Thanks to Marcus, the UHK can be better than any other keyboard security-wise. Have a great idea, a critique or concern? Please let us know! We’re doing our best to address every potential issue.

If you haven’t pledged yet, we still have some UHKs available at the Early Bird price - so now’s the time to order your keyboard!

If you have any questions, please ask us!

We will keep you posted about twice a week with demos, tear-downs, statistics, and other interesting material, so stay tuned!

Laci, lead developer of the Ultimate Hacking Keyboard

Sign up to receive future updates for Ultimate Hacking Keyboard.

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects