The Hacktivist, an online documentary about Cyber Security pioneer Andrew Huang

January 2, 2024

Andrew 'Bunnie' Huang unintentionally got his start in the world of cyber security in 2003, after unlocking Microsoft's Xbox. He started just for fun, to make harmless modifications such as changing the color of the game console's power indicator.

Later on, as Huang got deeper and deeper into the guts of what was then Microsoft's first video game console, he began to discover more things, including vulnerabilities. He shared what he learned in the book, 'Hacking the Xbox: An Introduction to Reverse Engineering'.

Huang proved the importance of understanding the vulnerabilities in systems and computer programs and how malicious actors can also exploit and leverage them to their advantage by discovering and exploiting in their benefit.

'The Hacktivist' is a documentary about Andrew Huang, aka Bunnie

Singularity University's short documentary The Hacktivist available on Youtube (35 minutes, in English), explores the history, contributions and philosophy of Andrew "Bunnie" Huang, who became a highly influential hardware hacker for his defense of security in technology and a leading figure in the field of Cyber Security.

The documentary begins precisely with that famous confrontation with Microsoft, an episode that determined Huang's lifelong commitment to security, transparency, and ethics in technology.

We have to recognize that technology is dual-use and that bad people can do bad things with it

Over almost two decades, Huang has been challenging conventional industry norms by exposing vulnerabilities in widely used electronic devices. His focus on identifying and documenting vulnerabilities, which is commonplace today, has been essential to improving security in technology, as the documentary relates.

Another notable work by Huang was related to the security of SD memory cards (including microSD, MMC, smartphone memories or USB) in which he identified vulnerabilities in 2013 that could be fixed to make it difficult for malicious actors to carry out man-in-the-middle (MITM) attacks that compromise both the data stored in those memories and the systems and devices.

🕵️‍♀️ Google Project Zero research team, created in 2014, identifies and discloses vulnerabilities so manufacturers can fix them before malicious actors exploit them.

On right to repair and Cyber Security

The documentary also echoes Huang's advocacy for consumers' "right to repair", an aspect that also has security implications. Huang defends that users should be able to redress and modify their electronic devices instead of being trapped in programmed obsolescence and 'official' or authorized technical services.

“If you can't hack something that belongs to you, you don't own it.” —Bunnie.

Right to repair makes it easier for users to ensure that open and/or technically accessible electronic devices can receive updates and patches. In this way, they remain protected against new cyber threats without relying on scheduled updates or updates that arrive once those vulnerabilities have already been exploited for malicious purposes. Or even repeatedly exploited due to the lack of updates from the manufacturer.

🏴‍☠️ While WannaCry affected up-to-date systems as well, a lack of security updates on many Windows computers played a considerable role in the spread of the attack.

Also, the right to repair also encourages a more sustainable approach to technology: by exercising this right, users can extend the useful life of their devices by avoiding the need to replace them, which also has a positive impact on the environment.

“Precursor”: entertainment and learning in one device

The documentary also explores Huang's "Precursor" project as a representation of his commitment to security, learning, open technology, and ethics in the technology field.

Precursor

This open-source platform aspired, when announced in 2020, to become a reference for learning Cyber Security on mobile devices. It was conceived as a handheld game console that combined cutting-edge hardware features with a focus on programming and electronics exploration, as well as the ability to play retro video games.

The device featured an open and 'hackable' design. Users could have full access to the hardware and software, allowing them to experiment with different configurations and operating systems. Very valuable for anyone who wants to learn about Cyber Security in a practical way.

"Precursor" has a similar approach to a pen-test lab environment, where security professionals can explore vulnerabilities in a secure and controlled environment to develop more robust solutions.

Precursor also aims to raise awareness and teach about the importance of mobile device security, theoretically allowing users to explore and understand potential mobile device security threats and teaching them how to mitigate them.

Precursor at Crowd Suppply.

Although it is currently not widely available, Precursor's underlying philosophy is transparency and ethics. Andrew Huang strongly believes that users should have full control over their devices and systems to explore and understand the technology, thus creating a stronger and more resilient Cyber Decurity culture.

Andrew Huang's contributions in Cyber Security

To a large extent Andrew Huang's work in technology and his contributions in the field of cyber security have driven the debate on the importance of understanding and addressing vulnerabilities in technology. As well as on user rights, security, and sustainability.

With this in mind, Huang founded Bunnie Studios, the hardware consulting firm that he currently heads and from which he helps other companies to design electronic devices in an ethical and secure manner, something essential at a time when security and privacy are priority issues that force us to adopt best security practices as an integral part of any development, digitalization process, or implementation of technology.

Vía Fran Ramírez.