Hardware security keys have been around for a while now. These devices work in conjunction with a password to enable two-factor authentication on websites like Google, Twitter, and GitHub — allowing for a more secure login process. But most popular security keys, like the Yubikey, are closed sourced which limit their usefulness for hackers like myself. So now with the introduction of Somu, an open sourced alternative, tinkers are free to run wild.
The secret behind the Somu security key is — there are no secrets. SoloKeys, the company behind Somu, has released all of their software and hardware files for their devices to the open source community on GitHub. As a security buff, I love this idea because I think it helps to ensure that there is nothing potentially malicious running on their device and that there is a community of individuals keeping the device up to date and safe. It also comes with the added benefit of giving tinkers like me more to play with.
There are tons of features in this nano-sized device to excite any hacker. The Somu has a completely reprogrammable STM32L4 on it, as well as an RGB LED and two buttons. It’s a simple suite of features but combined with the Somu’s small form factor and utilization of FIDO2 authentication, it opens the door to a lot of neat hacks. I’m excited to leverage it to add a secure hardware component to my next web application project, or using the STM32 to Arduino library and RGB LED to show me a quick visual indicator of the security status of an application.
The Somu is currently on Crowd Supply, starting at $30 for a single unit. Delivery is slated for early December.