Serafina Brocious | |
|---|---|
| Occupation | Software engineer |
| Employer | Optiv[1][2] |
| Known for | PyMusique,Alky Project,The Hardware Hacker Manifesto,Onity Lock Hack |
Serafina Brocious is an American software engineer best known for her work onPyMusique and her demonstration of Onity HT lock system vulnerabilities in 2012.[3][4][5]
Brocious first saw recognition as founder of thePyMusique project, where she worked withJon Lech Johansen ofDeCSS fame. PyMusique allowedLinux users to purchase music from theiTunes music store without the standardFairPlayDRM implementation in place.[6]
During her employment with MP3Tunes, Brocious also joined forces withBrian Thomason, then an employee of another Michael Robertson company,Linspire Inc., to formFalling Leaf Systems LLC.[7][8] Falling Leaf Systems attempted to commercialize theAlky Project, which was started by Brocious to enableMicrosoft Windows games to run on other platforms.
Falling Leaf Systems sold access to a membership site dubbed the Sapling Program, whereby users could access a build of Alky allowing them to demo the gamePrey on either Linux orMac OS X. Despite attempts to expand their stack by also supporting applications on disparate platforms, Falling Leaf Systems officially closed its doors in early 2008.[9][10]
In 2010, Brocious reverse-engineered the protocol used by theEmotiv EPOC EEG headset, publishing the AES key used for encrypting the sensor data.[11]
The Hardware Hacker Manifesto was published on 21 September 2010. It gives some insight of thepsychology ofhardware hackers. Serafina Brocious goes into an explanation of why it is important for owners to have the right to utilize hardware the way they wish to use it.[12]
At the 2012Black Hat Briefings, Brocious presented several vulnerabilities about the Onity HT lock system, a lock used by the majority of U.S. hotels.[13] The security hole can be exploited using aboutUS$50 worth of hardware, and it potentially affects millions of hotel rooms.[3][14] The device was eventually optimized down to the size of amarker, and was eventually used to perform burglaries.[15]
Onity started rolling out safeguards for the problem in late 2012,[16] which was considered a slow reaction.[17] However, in 2013 it was still reported that some hotels continued to be vulnerable, likely due to the cost of the security upgrade.[18]