RSAC Cool Thing
This years RSAC was a strange experience. AI and Quantum saturated the expo floor, while talks ranged from IT to OT and everything in between. And weird political overtones stifled the environment.
Regardless of the weirdness, I decided to hit the expo floor and find the weird, the cool, and the special. And I was successful! Two different companies jumped out at me. One, Oasis offered an actual use case for quantum while Sepio offered a new endpoint security product.
Let’s talk about quantum first, Quantinuumpdf created Quantum Origin, a quantum “seed” that can be used to guarantee a random number each time. Beyond the math there’s also some cool science.
As it was explained to me, the chips feature a kind of quantum racetrack where rubidium ions are paired with boron, then the boron is shot with a laser to remove energy from it (removing heat) which causes the rubidium to cool (transfer heat to the boron) without needing to be excited by the laser.
Yeah, it didn’t make much sense to me either. But it sounded really cool. And as a result, you end up with a little quantum seed which can be mixed into software, combined with a second local random number generator, and dropped into a linux kernel at /dev/random to provide verifiably random numbers until the heat death of the universe, or 2^300 times.
This is also the first company to get a NIST-certified quantum random number generator up and running.
The second one made use of something I was much more familiar with, fingerprinting of devices based on electrical impedance and aided by machine learning. I’ve been a big fan of the Sense Home Energy Monitor for some time. The raspberry pi like device hooks up to an unused breaker and attaches a set of CT clamps to the AC Mains coming to your home. As a result, you get live data on how much electricity is being used and which devices are using it.
But how could they possibly know? Its simple once you understand. Electrical devices of all types, shapes, and brands have similar electrical profiles to each other, the way they start, stop, and run aren’t that much different between individual units.
Lets use an example. When I turn on my washing machine, it powers on the computer and sits calmly. This might draw 100watts of power. I then load the clothes, add the liquid, and turn on the Normal cycle. It activates the drum motor 3 times, rocking the drum back and forth to ensure a balanced load. This reflects on the electrical profile of the washer as 3 alternating draws of 300watts. Now we’re starting to build a fingerprint for what it looks like when a Samsung Washing Machine Model No. XYZ powers on. This might be similar to other washing machines, but due to the unique electronics used in Samsung’s machines, compared to say a Logitech, we can now have a pretty good forensic artifact to find other Samsung Washing Machines.
Now lets scale this up, imagine every device in my home can be fingerprinted. Using machine learning and crowdsourcing at scale, I can take a new coffee machine, plug it into the wall and almost immediately get a Sense notification asking if I’ve just plugged in the new Ninja Coffee Machine 5000. And most of the time its right.
Ok, you’ve hung with me long enough. What does a Sense Home Energy monitor have to do with endpoint security products? Well, the great folks over at Sepio Cyber have taken the same idea, fingerprinting devices based on electrical draw, and applied it to USB hardware and Network hardware. Without any training, an admin can quickly find out all the Vendor and Hardware ID’s being used by all the hardware devices in their fleet. Interestingly enough, this quickly defeats BadUSBs, RubberDucks, O.M.G. Cables, and other hardware plants that represent themselves to the operating system as a Logitech Keyboard, or a random printer, etc…
But where the craziest part comes in, CISCO and other network equipment includes electrical data in its debug logs that can be used to distinguish what’s being plugged into the ports. By allowing a Sepio Cyber endpoint to ssh into the router, it can constantly scrape the debug logs and identifying whether that new cable in your switch is another switch or HAK5’s LANturtle among 1000 other things.
Add to this a comprehensive platform for blocking devices based on their actual profile, and not their VID/HID and you have a robust new entry into the hardware security space.
Overall, RSAC 2025 had a rough aura, but I was excited to see two companies that were bringing something new to the table instead of the same marketing drivel.