1 00:00:04,200 --> 00:00:11,640 Speaker 1: Get in touch with technology with tex Stuff from dot com. 2 00:00:12,000 --> 00:00:15,320 Speaker 1: Hey there, and welcome to tech Stuff. I'm Jonathan Strickland 3 00:00:15,360 --> 00:00:20,040 Speaker 1: and joining me once again despite his incredibly busy schedule. 4 00:00:20,160 --> 00:00:23,239 Speaker 1: Possibly the busiest man at how stuff works dot Com 5 00:00:23,560 --> 00:00:27,280 Speaker 1: Ben Bowling, Oh gosh, hey, thank you for having me back, 6 00:00:27,360 --> 00:00:31,000 Speaker 1: and uh good to talk to everyone here in tech Stuff. 7 00:00:31,040 --> 00:00:34,000 Speaker 1: I do have to say I am, at best the 8 00:00:34,120 --> 00:00:37,600 Speaker 1: second or third busiest man. Uh. The dubious privilege of 9 00:00:37,640 --> 00:00:40,600 Speaker 1: the most busy probably goes to our super producer Noel 10 00:00:40,640 --> 00:00:46,040 Speaker 1: Brown Knowles Knowles pretty darn busy. Matt Frederick also really busy. 11 00:00:46,120 --> 00:00:49,280 Speaker 1: That's true. There's probably maybe five or six people that 12 00:00:49,320 --> 00:00:51,960 Speaker 1: you could all claim are the most busy person at 13 00:00:51,960 --> 00:00:54,720 Speaker 1: health stuff Works, and they would themselves be too exhausted 14 00:00:54,760 --> 00:00:57,760 Speaker 1: to argue the point. But Ben, of course, one of 15 00:00:57,800 --> 00:01:01,520 Speaker 1: the many shows that you are of is car Stuff. 16 00:01:01,560 --> 00:01:03,720 Speaker 1: And when I asked you if you would be interested 17 00:01:03,760 --> 00:01:06,600 Speaker 1: to come back onto tech stuff, and you didn't have 18 00:01:06,640 --> 00:01:08,520 Speaker 1: the heart to tell me. No, I said what would 19 00:01:08,560 --> 00:01:10,080 Speaker 1: you like to talk about? And you came up with 20 00:01:10,120 --> 00:01:13,039 Speaker 1: a ton of different suggestions, which really just means that 21 00:01:13,040 --> 00:01:15,880 Speaker 1: you're eventually going to cover all of them. But today 22 00:01:15,920 --> 00:01:18,360 Speaker 1: we're specifically looking at one of the ones I thought 23 00:01:18,360 --> 00:01:22,560 Speaker 1: was the most interesting, hacking a car. And the reason 24 00:01:22,600 --> 00:01:25,160 Speaker 1: why I think it's really fitting that we do this 25 00:01:25,240 --> 00:01:29,600 Speaker 1: is recently I did an episode with Shannon Morse and 26 00:01:29,720 --> 00:01:32,560 Speaker 1: she is one of the hosts of Hack five, and 27 00:01:32,600 --> 00:01:36,520 Speaker 1: she talks a lot about hacking and coding, including hacking 28 00:01:36,640 --> 00:01:39,319 Speaker 1: electronics and and she said, one of the things you 29 00:01:39,360 --> 00:01:42,120 Speaker 1: really wanted to get more into was the idea of 30 00:01:42,120 --> 00:01:46,480 Speaker 1: hacking vehicles and uh. And so I thought, well, this 31 00:01:46,520 --> 00:01:48,880 Speaker 1: is the perfect opportunity for us to expand on this 32 00:01:49,040 --> 00:01:52,800 Speaker 1: because we introduced it with Shannon's interview, and now we 33 00:01:52,840 --> 00:01:55,800 Speaker 1: can really dive into it and look into it. Now. 34 00:01:55,800 --> 00:01:59,560 Speaker 1: The fact that we're talking about this means that we 35 00:01:59,640 --> 00:02:05,440 Speaker 1: have to you confronts some kind of mythical versions of 36 00:02:05,480 --> 00:02:11,320 Speaker 1: the car hacking lifestyle, because we we've all seen depictions 37 00:02:11,360 --> 00:02:15,200 Speaker 1: of this in various like spy movies or television series. 38 00:02:15,480 --> 00:02:18,840 Speaker 1: So Ben, uh, I know that we've got these great 39 00:02:18,919 --> 00:02:22,440 Speaker 1: notes written down. I want to hear you actually read 40 00:02:22,520 --> 00:02:27,480 Speaker 1: out the opening paragraph, all right, in your most dramatic 41 00:02:27,560 --> 00:02:31,040 Speaker 1: kind of approach. Okay, the old inner world, Yes, okay, 42 00:02:31,120 --> 00:02:34,840 Speaker 1: all right. Now, to be fair, Jonathan I when I 43 00:02:34,880 --> 00:02:36,880 Speaker 1: was writing that, it hit me halfway through that I 44 00:02:36,960 --> 00:02:40,800 Speaker 1: wondered who would which of us would this would fall to? Okay, 45 00:02:40,880 --> 00:02:45,640 Speaker 1: so let's set the scene. Imagine that you're in an 46 00:02:45,720 --> 00:02:49,320 Speaker 1: action film driving on a curving road along the side 47 00:02:49,320 --> 00:02:53,000 Speaker 1: of a cliff, and suddenly the breaks don't work, the 48 00:02:53,040 --> 00:02:56,360 Speaker 1: accelerator jams, and as you careem over the side of 49 00:02:56,400 --> 00:02:59,320 Speaker 1: the road, a voice comes on over your radio saying 50 00:03:00,080 --> 00:03:04,919 Speaker 1: you've made a powerful enemy, old friend. The familiar voice 51 00:03:04,960 --> 00:03:08,400 Speaker 1: over your Bluetooth connection is no doubt making a pun. 52 00:03:08,520 --> 00:03:11,320 Speaker 1: Just as your vehicle, now turned into a jet trap, 53 00:03:11,680 --> 00:03:15,160 Speaker 1: hurdles into the abyss. This being a film, the car 54 00:03:15,200 --> 00:03:19,679 Speaker 1: instantly explodes. I have a nice trip. That's not quite right, 55 00:03:19,680 --> 00:03:23,240 Speaker 1: but you know that's I'm the master of the almost 56 00:03:23,280 --> 00:03:27,760 Speaker 1: but not quite appropriate pun. Um. So yeah, this is 57 00:03:27,840 --> 00:03:30,480 Speaker 1: this is something that I have actually seen in movies where, 58 00:03:30,800 --> 00:03:33,120 Speaker 1: you know, the old version of this would just be 59 00:03:33,240 --> 00:03:37,160 Speaker 1: someone's cut the brake line right. But now cars are 60 00:03:37,240 --> 00:03:40,600 Speaker 1: way more complicated than they used to be, and so 61 00:03:41,240 --> 00:03:43,680 Speaker 1: the question is could this actually happen? Could someone take 62 00:03:43,720 --> 00:03:48,440 Speaker 1: control of your car this way? And it's a little complicated, 63 00:03:48,760 --> 00:03:53,440 Speaker 1: and the answer kind of comes out to maybe, Yeah, 64 00:03:53,480 --> 00:03:57,880 Speaker 1: what do you mean by hacking? Yeah, yeah, So you've 65 00:03:57,880 --> 00:04:02,200 Speaker 1: got a great point in the notes. Cars are increasingly computerized. 66 00:04:02,200 --> 00:04:05,920 Speaker 1: There are more and more electronic systems within cars today. 67 00:04:06,280 --> 00:04:10,120 Speaker 1: So they used to be purely mechanical, right. You had 68 00:04:10,160 --> 00:04:13,440 Speaker 1: an engine that you know, a transmission that would transmit 69 00:04:13,560 --> 00:04:17,279 Speaker 1: the the reciprocal power of the engine into rotational force. 70 00:04:17,320 --> 00:04:21,560 Speaker 1: But the tires, you had breakes, you had steering. It 71 00:04:21,600 --> 00:04:24,560 Speaker 1: wasn't even power steering back in the day. These were 72 00:04:24,600 --> 00:04:28,960 Speaker 1: all mechanical systems right down to the windows. Yeah, so 73 00:04:29,000 --> 00:04:32,560 Speaker 1: you didn't have any sort of electronics. But that's not 74 00:04:32,640 --> 00:04:36,240 Speaker 1: the case anymore. Yeah, those are Now a car is 75 00:04:36,560 --> 00:04:41,680 Speaker 1: more like a series of interconnected digital networks and and 76 00:04:41,720 --> 00:04:44,200 Speaker 1: they could have dozens of computers talking to each other, 77 00:04:44,600 --> 00:04:48,520 Speaker 1: or we call these embedded systems often. And here's the thing, Jonathan, 78 00:04:48,720 --> 00:04:53,400 Speaker 1: their proprietary. So that means that these systems are not 79 00:04:53,560 --> 00:04:56,320 Speaker 1: just plug and play things you could stick into any car, 80 00:04:56,440 --> 00:04:59,680 Speaker 1: a GM car and you know, a Toyota would have 81 00:04:59,800 --> 00:05:04,560 Speaker 1: a different approach. Um, they're also not that smart. Yeah, 82 00:05:04,600 --> 00:05:06,760 Speaker 1: as it turns out, the proprietary thing is both a 83 00:05:06,800 --> 00:05:09,119 Speaker 1: good thing and a bad thing. Now often I say 84 00:05:09,320 --> 00:05:11,680 Speaker 1: I don't like the proprietary approach because I want to 85 00:05:11,680 --> 00:05:14,560 Speaker 1: have the choice as a consumer to be able to 86 00:05:14,560 --> 00:05:17,720 Speaker 1: put together a system. However, I like, I don't want 87 00:05:17,720 --> 00:05:20,039 Speaker 1: to be I don't want to be um, you know, 88 00:05:20,160 --> 00:05:25,720 Speaker 1: beholden to one company's approach, which is why I love 89 00:05:25,720 --> 00:05:28,600 Speaker 1: Apple's design. Don't get me wrong, but I'm not an 90 00:05:28,600 --> 00:05:31,680 Speaker 1: Apple guy because Apple products tend to only work with 91 00:05:31,760 --> 00:05:35,880 Speaker 1: other Apple products, or they they in their best implementation, 92 00:05:35,960 --> 00:05:38,440 Speaker 1: they work with Apple products. And if you try and 93 00:05:38,480 --> 00:05:41,200 Speaker 1: mix and match stuff, things start to fall apart pretty quickly, 94 00:05:41,560 --> 00:05:44,719 Speaker 1: and I like to have more of an open approach. However, 95 00:05:44,800 --> 00:05:47,839 Speaker 1: that being said, the experience I might have with that 96 00:05:47,880 --> 00:05:50,800 Speaker 1: open approach may never get to as good a one 97 00:05:50,960 --> 00:05:52,599 Speaker 1: as I would have if I just broke down and 98 00:05:52,600 --> 00:05:56,680 Speaker 1: bought all the Apple stuff. But the other side of 99 00:05:56,680 --> 00:05:58,760 Speaker 1: that is that with the proprietary approach, and we'll go 100 00:05:58,800 --> 00:06:01,599 Speaker 1: into this more later in the pie cast, uh, it 101 00:06:01,680 --> 00:06:04,479 Speaker 1: means that if you're trying to exploit the system, you 102 00:06:04,560 --> 00:06:07,760 Speaker 1: can't take a one one approach, right. One size does 103 00:06:07,800 --> 00:06:10,920 Speaker 1: not fit all, not a cookie cutter type thing, absolutely, uh, 104 00:06:11,080 --> 00:06:13,680 Speaker 1: and it's not. I guess what we're seeing is that 105 00:06:13,760 --> 00:06:18,880 Speaker 1: it's not as easy to you know hack uh multiple 106 00:06:19,000 --> 00:06:21,839 Speaker 1: cars or control of multiple cars. That will see a 107 00:06:21,880 --> 00:06:24,720 Speaker 1: couple exceptions that rule as it is to you know, 108 00:06:25,320 --> 00:06:28,480 Speaker 1: bot net a bunch of computers right right. You can't. 109 00:06:28,880 --> 00:06:32,039 Speaker 1: You can't build a virus that's going to affect the 110 00:06:32,240 --> 00:06:34,679 Speaker 1: entire fleet of cars out there. But you could write 111 00:06:34,680 --> 00:06:38,080 Speaker 1: a virus that exploits a particular vulnerability and an operating system, 112 00:06:38,400 --> 00:06:41,279 Speaker 1: and then any computer using that unpatched version of the 113 00:06:41,320 --> 00:06:44,839 Speaker 1: operating system would become vulnerable to that attack. So it 114 00:06:44,960 --> 00:06:47,960 Speaker 1: is a little different. It's not the same as uh, 115 00:06:48,360 --> 00:06:50,840 Speaker 1: hacking a computer. And keep in mind, hacking a computer 116 00:06:51,000 --> 00:06:53,240 Speaker 1: is not the same as what you'll see in a movie, 117 00:06:53,560 --> 00:06:56,000 Speaker 1: isn't it. It's not like it's not like that nineties 118 00:06:56,040 --> 00:06:59,080 Speaker 1: film Hackers. We can't just reroute the encryption or or 119 00:06:59,160 --> 00:07:01,960 Speaker 1: the or all all the different versions of hacking where 120 00:07:02,000 --> 00:07:04,760 Speaker 1: they show it as a character like suddenly you're an 121 00:07:04,760 --> 00:07:08,080 Speaker 1: avatar navigating through a maze and you actually encounter like 122 00:07:08,120 --> 00:07:11,440 Speaker 1: floating skull and crossbones and oh no, that's the that's 123 00:07:11,480 --> 00:07:14,320 Speaker 1: the firewall. I need to turn around, And that's not 124 00:07:14,400 --> 00:07:17,520 Speaker 1: what hacking is like. It made so many people's first 125 00:07:17,520 --> 00:07:21,560 Speaker 1: computer experience underwhelming. I've got oh, I've got something. This 126 00:07:21,560 --> 00:07:23,440 Speaker 1: a little bit of a sidebar. Do you know that 127 00:07:23,440 --> 00:07:26,960 Speaker 1: show The Strain? Yes, okay, have you watched it? I haven't. 128 00:07:27,040 --> 00:07:29,080 Speaker 1: It's on my list of things to watch, but I 129 00:07:29,120 --> 00:07:30,760 Speaker 1: haven't watched it yet. All Right, this is the one 130 00:07:30,760 --> 00:07:33,640 Speaker 1: with the virus that goes through the eye, right yeah, yeah, yeah, 131 00:07:33,720 --> 00:07:38,480 Speaker 1: it's a it's sort of a paradipe. Yeah, adaptation to 132 00:07:38,560 --> 00:07:41,520 Speaker 1: parasites science. But this is not really a spoiler because 133 00:07:41,520 --> 00:07:44,320 Speaker 1: it's a side note here one of and I mean 134 00:07:44,480 --> 00:07:46,559 Speaker 1: I say this with love because I've watched the show. 135 00:07:46,840 --> 00:07:49,480 Speaker 1: One of the dumbest things that happens and that show 136 00:07:49,920 --> 00:07:53,480 Speaker 1: is that there's a you know, there's a hacker lady character, 137 00:07:53,680 --> 00:07:57,000 Speaker 1: and she's she's crazy in this This billionaire finds her 138 00:07:57,120 --> 00:07:59,120 Speaker 1: and he wants to pay her an exorbitant amount of 139 00:07:59,160 --> 00:08:02,760 Speaker 1: money to get this slow down the internet. It's like 140 00:08:03,720 --> 00:08:07,960 Speaker 1: she's he says, we need you to slow down the internet, 141 00:08:08,080 --> 00:08:11,920 Speaker 1: and she just goes how slow, Like she has the 142 00:08:12,000 --> 00:08:14,320 Speaker 1: dial to the Internet on her a computer, like, well, 143 00:08:14,400 --> 00:08:16,840 Speaker 1: let me just crank this down to three and now 144 00:08:17,000 --> 00:08:20,000 Speaker 1: now everyone's working on a three speed as opposed to eleven. 145 00:08:20,080 --> 00:08:22,200 Speaker 1: It's exactly that and that doesn't even work in a car, 146 00:08:22,600 --> 00:08:26,000 Speaker 1: just for some perspective for people who want to know 147 00:08:26,160 --> 00:08:30,080 Speaker 1: more examples, You've got a pretty good, pretty comprehensive list 148 00:08:30,120 --> 00:08:33,520 Speaker 1: here of the various different things likely run by a 149 00:08:33,640 --> 00:08:36,520 Speaker 1: computer in the average person's car today. Yeah, you've got 150 00:08:36,520 --> 00:08:38,720 Speaker 1: a lot of different systems that are now electronic and 151 00:08:38,760 --> 00:08:41,840 Speaker 1: no longer mechanical. So here's just some that could be 152 00:08:41,920 --> 00:08:46,719 Speaker 1: connected to a microprocessor. Uh, the engine ignition, fuel injection, 153 00:08:47,280 --> 00:08:52,119 Speaker 1: missions controls, that's a big one, breaking steering, transmission controls, 154 00:08:52,200 --> 00:08:56,839 Speaker 1: collision avoidance systems, they definitely have microprocessors. Heating and air 155 00:08:56,880 --> 00:09:03,360 Speaker 1: conditioning systems, navigation systems, communication systems, entertainment systems, safety and 156 00:09:03,480 --> 00:09:06,480 Speaker 1: security systems. So that would include things like a safety 157 00:09:06,480 --> 00:09:09,240 Speaker 1: system might be anything from again, collision avoidance, that kind 158 00:09:09,240 --> 00:09:11,439 Speaker 1: of thing too. And security systems would be things like 159 00:09:11,520 --> 00:09:15,040 Speaker 1: a car alarm or the safety system might be the 160 00:09:15,120 --> 00:09:18,200 Speaker 1: way a dealership is able to track down a vehicle. 161 00:09:18,280 --> 00:09:21,520 Speaker 1: Let's say that you have reported as stolen vehicle. Some dealerships, 162 00:09:21,559 --> 00:09:26,600 Speaker 1: some car companies include systems that allow wherever you bought 163 00:09:26,600 --> 00:09:28,920 Speaker 1: the car from to be able to find where that 164 00:09:29,040 --> 00:09:32,400 Speaker 1: particular receiver is. Well, that receiver has to be able 165 00:09:32,400 --> 00:09:35,680 Speaker 1: to connect and communicate through a system somehow, So that's 166 00:09:35,880 --> 00:09:38,040 Speaker 1: you know, any time you talk about a system that 167 00:09:38,120 --> 00:09:41,959 Speaker 1: communicates to the outside world, that's a potential invasion vector. 168 00:09:43,360 --> 00:09:46,560 Speaker 1: That's where someone can get at your your car. Because 169 00:09:46,600 --> 00:09:48,720 Speaker 1: a lot of car, like a lot of cars, we 170 00:09:48,760 --> 00:09:50,720 Speaker 1: just look at them as closed systems, and a lot 171 00:09:50,720 --> 00:09:52,920 Speaker 1: of them are. A lot of them are totally closed off, 172 00:09:53,200 --> 00:09:57,400 Speaker 1: which means that your your invasion h vectors are limited. 173 00:09:57,640 --> 00:09:59,320 Speaker 1: And we'll talk more about that in a bit, but 174 00:09:59,360 --> 00:10:02,600 Speaker 1: at any rate, your typical car today has probably around 175 00:10:02,679 --> 00:10:05,840 Speaker 1: one hundred micro processors, and it maybe more, and within 176 00:10:05,880 --> 00:10:07,840 Speaker 1: the next few years that's going to double. We're gonna 177 00:10:07,840 --> 00:10:10,560 Speaker 1: see twice. In fact, I am I imagine a lot 178 00:10:10,600 --> 00:10:13,439 Speaker 1: of the cars that are coming out this year, especially 179 00:10:13,480 --> 00:10:16,520 Speaker 1: the high end luxury cars that tend to feature these systems, 180 00:10:16,600 --> 00:10:18,920 Speaker 1: before we see it rolled out to the general fleet, 181 00:10:19,640 --> 00:10:23,880 Speaker 1: they probably already are around two hundred microprocessors. Uh. In fact, 182 00:10:23,960 --> 00:10:26,400 Speaker 1: this this figure of a hundred microprocessors was in an 183 00:10:26,480 --> 00:10:28,480 Speaker 1: article from two thousand eleven, So it may even be 184 00:10:28,559 --> 00:10:31,200 Speaker 1: that your average car has two hundred by now, um 185 00:10:31,320 --> 00:10:35,559 Speaker 1: and and five miles of wiring to connect all those 186 00:10:35,600 --> 00:10:37,680 Speaker 1: systems are in the car. Yeah, that's one of my 187 00:10:37,760 --> 00:10:41,120 Speaker 1: favorite statistics that you're pulled up and and before we 188 00:10:41,160 --> 00:10:44,839 Speaker 1: go aiming further, now we we already i think did 189 00:10:44,840 --> 00:10:47,839 Speaker 1: an okay job of saying that, uh, what you've see 190 00:10:47,840 --> 00:10:50,280 Speaker 1: in hollywood's on what you've see in real life. But 191 00:10:50,480 --> 00:10:54,600 Speaker 1: we should also say that hacking in the way that 192 00:10:54,640 --> 00:10:56,760 Speaker 1: we're using it, which is a little bit more colloquial, 193 00:10:57,040 --> 00:11:00,360 Speaker 1: hacking is not necessarily something that a fee would do 194 00:11:00,400 --> 00:11:03,959 Speaker 1: to your car. Right. It's not necessarily an invasive technique 195 00:11:03,960 --> 00:11:07,480 Speaker 1: to take over a system. Right. Hacking just means that 196 00:11:07,559 --> 00:11:12,240 Speaker 1: you are using techniques to get a specific result, using 197 00:11:12,240 --> 00:11:15,120 Speaker 1: a system that wasn't necessarily intended to get that result. 198 00:11:15,440 --> 00:11:18,840 Speaker 1: So hackers can be of all shapes and sizes. They 199 00:11:18,840 --> 00:11:20,880 Speaker 1: can have all different types of interest. It doesn't have 200 00:11:21,000 --> 00:11:23,480 Speaker 1: to be a computer. You know, we've seen life hacks, 201 00:11:23,480 --> 00:11:26,800 Speaker 1: this idea of you want to achieve a specific outcome, 202 00:11:26,920 --> 00:11:29,520 Speaker 1: here's a cool way to do that. They're not always 203 00:11:29,520 --> 00:11:32,600 Speaker 1: the most elegant approach. It's not always the cleanest or 204 00:11:32,679 --> 00:11:35,920 Speaker 1: the simplest, but sometimes it's it's one that just works. 205 00:11:35,960 --> 00:11:37,800 Speaker 1: That's the goal of the hacker is to find a 206 00:11:37,840 --> 00:11:41,359 Speaker 1: way of making that outcome happen. So early computer programmers 207 00:11:41,360 --> 00:11:44,200 Speaker 1: were called hackers because they were hacking together code to 208 00:11:44,320 --> 00:11:48,040 Speaker 1: make something happen. And sure they might have used, you know, 209 00:11:48,160 --> 00:11:50,400 Speaker 1: twice as many lines of code then we're what was 210 00:11:50,559 --> 00:11:52,800 Speaker 1: strictly necessary, but they were just trying to get it 211 00:11:52,840 --> 00:11:56,720 Speaker 1: done in the time. Well, hackers with cars might be 212 00:11:56,760 --> 00:11:59,720 Speaker 1: hacking their own vehicles. It might not be in order 213 00:11:59,760 --> 00:12:03,040 Speaker 1: to try and sabotage a vehicle, but rather to change 214 00:12:03,120 --> 00:12:07,000 Speaker 1: the parameters that it can work within. So you might 215 00:12:07,120 --> 00:12:11,840 Speaker 1: want to, I don't know, make remove any limiting factors 216 00:12:12,320 --> 00:12:15,079 Speaker 1: and yeah, governors, things like that to to make your 217 00:12:15,080 --> 00:12:20,200 Speaker 1: car um work with greater horsepower or more torque or 218 00:12:20,840 --> 00:12:24,559 Speaker 1: moving a faster top speed. And there are a lot 219 00:12:24,600 --> 00:12:26,360 Speaker 1: of systems that are in place to limit that kind 220 00:12:26,360 --> 00:12:29,679 Speaker 1: of thing so that a car works within safety parameters, right, 221 00:12:29,840 --> 00:12:32,600 Speaker 1: because once you get beyond that, you start to really 222 00:12:32,679 --> 00:12:36,520 Speaker 1: test the strength of the vehicle and maybe that it 223 00:12:36,600 --> 00:12:40,040 Speaker 1: can't hold up to greater speeds over a certain amount. 224 00:12:40,080 --> 00:12:42,840 Speaker 1: And usually once you'll get as a car company that 225 00:12:42,920 --> 00:12:45,360 Speaker 1: will dial that back to within a safe limit and 226 00:12:45,400 --> 00:12:47,800 Speaker 1: say all right, well here's the maximum and it's well 227 00:12:47,920 --> 00:12:52,360 Speaker 1: below that that real top limit, which same sort of 228 00:12:52,360 --> 00:12:57,320 Speaker 1: thing we see with overclocking with microprocessors. So there are 229 00:12:57,360 --> 00:12:59,920 Speaker 1: some car hackers who will go in and they'll reef 230 00:13:00,040 --> 00:13:04,120 Speaker 1: flash the engine engine control unit or electronic control unit 231 00:13:04,160 --> 00:13:06,520 Speaker 1: that's e c U, and they'll go in and they'll 232 00:13:06,520 --> 00:13:09,640 Speaker 1: reflash it, which means that they will essentially start with 233 00:13:09,679 --> 00:13:13,160 Speaker 1: a clean slate and and um change a few of 234 00:13:13,200 --> 00:13:17,199 Speaker 1: the parameters can be really dangerous. By the way, Yeah, 235 00:13:17,280 --> 00:13:21,439 Speaker 1: we're not we are officially not recommending that you do this, 236 00:13:21,559 --> 00:13:24,800 Speaker 1: although it is interesting. Um and in some ways, I 237 00:13:24,800 --> 00:13:28,520 Speaker 1: think there's a very positive note. Statistically speaking, the person 238 00:13:28,720 --> 00:13:31,880 Speaker 1: most likely to hack your car is you. Yeah, that's 239 00:13:31,920 --> 00:13:35,880 Speaker 1: the best news. But it can be really dangerous or 240 00:13:35,960 --> 00:13:39,560 Speaker 1: at the very least, it can damage your vehicle to 241 00:13:39,600 --> 00:13:42,320 Speaker 1: the point where you can't drive it anymore. Or you 242 00:13:42,400 --> 00:13:45,040 Speaker 1: might do something where you're you're tweaking something in the 243 00:13:45,040 --> 00:13:48,560 Speaker 1: e CU, thinking that you're going to squeeze another fifteen 244 00:13:48,640 --> 00:13:51,000 Speaker 1: miles per hour out of the top speed, but turns 245 00:13:51,000 --> 00:13:55,120 Speaker 1: out instead what you've done is have it honking forever 246 00:13:55,720 --> 00:13:58,320 Speaker 1: and you can't stop it. Uh. And you know this 247 00:13:58,400 --> 00:14:02,800 Speaker 1: sort of stuff obvious avoids, warranties. You know there are 248 00:14:02,800 --> 00:14:05,440 Speaker 1: a lot of issues that if if things go wrong, 249 00:14:06,160 --> 00:14:09,719 Speaker 1: you could be stuck with the bill period. There might 250 00:14:09,720 --> 00:14:11,920 Speaker 1: not be any help for you. You might not be 251 00:14:12,000 --> 00:14:14,599 Speaker 1: able to get it covered by insurance or warranties, that 252 00:14:14,679 --> 00:14:17,720 Speaker 1: kind of thing, and you'll have to walk somewhere to pay. Yeah. Yeah, 253 00:14:17,760 --> 00:14:21,440 Speaker 1: So I've seen pictures of stuff like um uh, like 254 00:14:21,680 --> 00:14:25,320 Speaker 1: the the pistons that you would find within an engine, 255 00:14:25,400 --> 00:14:30,160 Speaker 1: just they're unrecognizable because they had been put through such 256 00:14:30,280 --> 00:14:32,920 Speaker 1: speed and force that it beat them out of the 257 00:14:33,560 --> 00:14:36,000 Speaker 1: shape that they were supposed to be in. So bad 258 00:14:36,040 --> 00:14:38,000 Speaker 1: things can happen if you don't know what you're doing, 259 00:14:38,120 --> 00:14:40,400 Speaker 1: and very few people really know what they're doing, and 260 00:14:40,440 --> 00:14:41,920 Speaker 1: in order to get into work you often have to 261 00:14:41,920 --> 00:14:45,240 Speaker 1: do stuff like tweak the fuel injection system, which you know, 262 00:14:45,280 --> 00:14:47,520 Speaker 1: if you don't know your physics and chemistry, you're not 263 00:14:47,560 --> 00:14:50,120 Speaker 1: going to get that mixed right and you could just 264 00:14:50,320 --> 00:14:53,520 Speaker 1: end up making your vehicle undrivable. And there are people, 265 00:14:53,560 --> 00:14:56,760 Speaker 1: of course, especially in the world of racing, who professionally 266 00:14:57,320 --> 00:15:00,680 Speaker 1: tune cars and to a degree hack them. Sure, but 267 00:15:00,920 --> 00:15:04,200 Speaker 1: keep in mind these are cars that are already built 268 00:15:04,200 --> 00:15:07,080 Speaker 1: for racing. They have a much lower lifespan and they're 269 00:15:07,120 --> 00:15:10,000 Speaker 1: only built to do one thing. Yeah, and you know, 270 00:15:10,080 --> 00:15:13,200 Speaker 1: the real issue we're having here is something that's kind 271 00:15:13,200 --> 00:15:15,560 Speaker 1: of you know, we didn't really mention this in the notes, 272 00:15:15,640 --> 00:15:18,440 Speaker 1: but something that we see throughout the industry, which is 273 00:15:18,480 --> 00:15:21,520 Speaker 1: that cars are getting so complicated with all these different 274 00:15:21,520 --> 00:15:25,560 Speaker 1: electronic systems that even people who are experienced mechanics can 275 00:15:25,720 --> 00:15:29,840 Speaker 1: encounter issues because you've got all these different proprietary systems, 276 00:15:30,200 --> 00:15:34,240 Speaker 1: you've got all these different electronic subsystems within the car, 277 00:15:34,920 --> 00:15:38,680 Speaker 1: and uh, you can't necessarily be an expert on everything 278 00:15:38,800 --> 00:15:43,120 Speaker 1: all the time. So yeah, it's it's tough for everybody 279 00:15:43,160 --> 00:15:46,160 Speaker 1: out there, like it's tough for professional mechanics now too. Yeah, 280 00:15:46,200 --> 00:15:47,800 Speaker 1: that's a really good point. I'm glad you made it 281 00:15:47,840 --> 00:15:50,800 Speaker 1: because this maybe is a little bit of a tangent 282 00:15:50,840 --> 00:15:53,280 Speaker 1: for us. But it is very important to note that, 283 00:15:53,400 --> 00:15:56,960 Speaker 1: just as you said, mechanics, especially mechanics who came up 284 00:15:57,080 --> 00:15:59,360 Speaker 1: under what I guess we would call the old school, 285 00:15:59,720 --> 00:16:04,880 Speaker 1: would ways now are increasingly finding that a higher number 286 00:16:04,920 --> 00:16:09,600 Speaker 1: of repairs require shipping to the manufacturer, which is not 287 00:16:09,640 --> 00:16:11,480 Speaker 1: what you want to hear when your car is broken down. Yeah, 288 00:16:11,480 --> 00:16:15,120 Speaker 1: if you're looking at any vehicle post nineteen. It's got 289 00:16:15,160 --> 00:16:17,600 Speaker 1: a lot of electronic systems in it, that's true, and 290 00:16:17,640 --> 00:16:20,360 Speaker 1: some of those are mandated, right. Yeah. In fact, that 291 00:16:20,440 --> 00:16:23,400 Speaker 1: was one of the reasons why the cars are the 292 00:16:23,400 --> 00:16:27,240 Speaker 1: way they are is because you had states like California 293 00:16:27,360 --> 00:16:29,640 Speaker 1: that had to put in emissions controls. I mean, we've 294 00:16:29,680 --> 00:16:32,280 Speaker 1: all seen the pictures of Los Angeles and the haze, 295 00:16:32,320 --> 00:16:35,640 Speaker 1: the pollution that hangs above the city, and so there 296 00:16:35,640 --> 00:16:37,760 Speaker 1: were there was a lot of incentive to try and 297 00:16:37,800 --> 00:16:39,440 Speaker 1: clean up the air as much as possible. Part of 298 00:16:39,480 --> 00:16:43,640 Speaker 1: that was controlling the emissions made from vehicles. So emission 299 00:16:43,640 --> 00:16:47,160 Speaker 1: control systems and emission detection systems became an important part 300 00:16:47,200 --> 00:16:50,560 Speaker 1: of vehicles within that state, and once people started to 301 00:16:50,600 --> 00:16:54,120 Speaker 1: develop onboard diagnostics systems to make sure that a car 302 00:16:54,200 --> 00:16:57,840 Speaker 1: was working within the right legal limits of emissions, that 303 00:16:58,160 --> 00:16:59,920 Speaker 1: rolled out to the rest of the United States and 304 00:17:00,000 --> 00:17:04,119 Speaker 1: became a requirement for all vehicles. And so a lot 305 00:17:04,200 --> 00:17:07,800 Speaker 1: of these were originally electronic systems that were designed to 306 00:17:07,880 --> 00:17:12,040 Speaker 1: make a particular model of car safer than previous models, 307 00:17:12,600 --> 00:17:16,640 Speaker 1: but because of their proved efficacy, they are now required 308 00:17:16,880 --> 00:17:19,399 Speaker 1: in all vehicles, not just you know, the ones that 309 00:17:19,480 --> 00:17:22,879 Speaker 1: they viewed it. So, uh, Scott and I talked about 310 00:17:22,920 --> 00:17:28,160 Speaker 1: how that is also driving the average price of cars up. Yeah. Yeah, 311 00:17:28,160 --> 00:17:30,679 Speaker 1: but they those those cars are getting more and more sophisticated, 312 00:17:30,760 --> 00:17:33,160 Speaker 1: they also get more and more expensive. But it also 313 00:17:33,200 --> 00:17:35,600 Speaker 1: means that, again, we have more and more systems that 314 00:17:35,880 --> 00:17:41,199 Speaker 1: could potentially be exploited. And by potentially we mean that 315 00:17:41,320 --> 00:17:44,800 Speaker 1: your car could be potentially exploited. By exploited, we mean 316 00:17:44,880 --> 00:17:49,280 Speaker 1: that there is proven research, peer reviewed. These guys went 317 00:17:49,320 --> 00:17:51,920 Speaker 1: to def Con. They're not just they're not just you know, 318 00:17:52,040 --> 00:17:55,080 Speaker 1: like you and mean Jonathan hanging out in a garage 319 00:17:55,080 --> 00:17:57,560 Speaker 1: and saying let's see what we can do. Yeah, they're 320 00:17:57,560 --> 00:18:02,639 Speaker 1: not They're not feorizing, right, They have actually done some 321 00:18:02,760 --> 00:18:06,760 Speaker 1: hacking to see how cars can be vulnerable to different 322 00:18:06,760 --> 00:18:11,200 Speaker 1: types of attacks. And you've got a pair of hackers 323 00:18:11,280 --> 00:18:13,640 Speaker 1: that that I think you want to talk about, right, 324 00:18:13,680 --> 00:18:17,440 Speaker 1: Oh yeah, yeah yeah. These would be Miller and Valisc 325 00:18:17,520 --> 00:18:19,719 Speaker 1: There two of the biggest names in the world of 326 00:18:19,760 --> 00:18:23,119 Speaker 1: car hacking research. Charlie Miller Chris Valisac. I want to 327 00:18:23,160 --> 00:18:26,080 Speaker 1: set this up for a quotation that maybe you could read, 328 00:18:26,359 --> 00:18:29,359 Speaker 1: um Miller is a or was at one time a 329 00:18:29,400 --> 00:18:33,720 Speaker 1: security engineer. Twitter valisc director of Security intelligence at a 330 00:18:33,800 --> 00:18:41,280 Speaker 1: Seattle consultancy called IOActive or IOActive, but they they received 331 00:18:41,320 --> 00:18:45,400 Speaker 1: an eighty thousand dollar grant from DARPA to research security 332 00:18:45,480 --> 00:18:49,040 Speaker 1: vulnerabilities of cars. And I think in this context it's 333 00:18:49,080 --> 00:18:51,120 Speaker 1: helpful to think of them as white hat hackers. Yeah, 334 00:18:51,160 --> 00:18:55,080 Speaker 1: they were specifically hired to say, can you can you 335 00:18:55,200 --> 00:18:59,440 Speaker 1: breach this cars systems and exploit it? Because we need 336 00:18:59,480 --> 00:19:01,800 Speaker 1: to know if that's a possibility, and we need to 337 00:19:01,800 --> 00:19:05,320 Speaker 1: know where the vulnerabilities are. That's definitely a white hat approach. Yes, 338 00:19:05,440 --> 00:19:08,480 Speaker 1: So we've got We've got a quotation from a summary 339 00:19:08,480 --> 00:19:12,840 Speaker 1: of their um groundbreaking two thousand eleven paper that if 340 00:19:13,480 --> 00:19:16,280 Speaker 1: absolutely here we go, I made you do the first one. 341 00:19:17,320 --> 00:19:20,080 Speaker 1: Previous research has shown that it is possible for an 342 00:19:20,119 --> 00:19:24,240 Speaker 1: attacker to get remote code execution on the electronic control 343 00:19:24,359 --> 00:19:28,960 Speaker 1: units ECU in automotive vehicles via various interfaces such as 344 00:19:28,960 --> 00:19:32,920 Speaker 1: the Bluetooth interface and the telematics unit. This paper aims 345 00:19:32,960 --> 00:19:35,480 Speaker 1: to expand on the ideas of what such an attacker 346 00:19:35,560 --> 00:19:38,760 Speaker 1: could do to influence the behavior of the vehicle after 347 00:19:38,960 --> 00:19:42,240 Speaker 1: that type of attack. So here's what they did. I 348 00:19:42,280 --> 00:19:45,000 Speaker 1: know that's in some dry language, but they're talking about 349 00:19:45,000 --> 00:19:49,719 Speaker 1: some frankly frightening stuff. They essentially they built the software 350 00:19:49,800 --> 00:19:54,680 Speaker 1: tools to uh enable a Mac laptop, going back to 351 00:19:54,760 --> 00:19:58,880 Speaker 1: Apple uh and and also back to Independence Day. Yeah, yes, 352 00:19:59,040 --> 00:20:01,240 Speaker 1: you're going to explore way to technology. You need to 353 00:20:01,320 --> 00:20:04,240 Speaker 1: use Apple computer in order to insert the code, right, Yeah, 354 00:20:04,359 --> 00:20:07,400 Speaker 1: just reroute the encryptions. That's a little callback for everybody 355 00:20:07,400 --> 00:20:11,000 Speaker 1: who listen to our previous series. Uh. Yeah. They plugged 356 00:20:11,040 --> 00:20:15,399 Speaker 1: into the diagnostic port of the car, which again, um, 357 00:20:15,680 --> 00:20:18,600 Speaker 1: there's an overwhelming chance, unless you're driving a classic car, 358 00:20:18,720 --> 00:20:21,199 Speaker 1: that you have one of these. Yeah. And and this 359 00:20:21,320 --> 00:20:23,280 Speaker 1: was one of those things that was mandated by law 360 00:20:23,440 --> 00:20:27,080 Speaker 1: because it allows a very quick assessment of how a 361 00:20:27,160 --> 00:20:31,160 Speaker 1: vehicle is performing. Yeah, and they they found because they 362 00:20:31,160 --> 00:20:34,480 Speaker 1: are white hat, they presented their software and their findings. 363 00:20:34,480 --> 00:20:37,160 Speaker 1: They want public and transparent with the two thousand thirteen 364 00:20:37,280 --> 00:20:40,600 Speaker 1: def con, and they wanted other researchers in on this 365 00:20:40,640 --> 00:20:43,560 Speaker 1: game to help find and fix the security flaws before 366 00:20:44,240 --> 00:20:50,639 Speaker 1: hackers or you know, incredibly sophisticated car thieves got to them. Usually, 367 00:20:50,760 --> 00:20:53,439 Speaker 1: like when we talk about malicious hackers, we often use 368 00:20:53,520 --> 00:20:57,080 Speaker 1: the term crackers, as in people who cracked the security 369 00:20:57,359 --> 00:21:00,480 Speaker 1: in order to exploit it. Ah, that's all right, you're 370 00:21:00,480 --> 00:21:02,240 Speaker 1: putting me on the game here. You know, it's just 371 00:21:02,359 --> 00:21:05,400 Speaker 1: one of those one of those terms I rarely bust out. 372 00:21:05,440 --> 00:21:08,159 Speaker 1: But that is in fact one because because hacker does 373 00:21:08,200 --> 00:21:11,720 Speaker 1: not necessarily mean malicious exactly, but it often has portrayed 374 00:21:11,760 --> 00:21:13,600 Speaker 1: such in the media. It's a it's a because it's 375 00:21:13,600 --> 00:21:15,720 Speaker 1: a shorthand way of saying, this person who wants to 376 00:21:15,720 --> 00:21:24,040 Speaker 1: get access to your stuff, this is crucial, this kind 377 00:21:24,080 --> 00:21:27,720 Speaker 1: of information. It's crucial because more and more cars have 378 00:21:28,000 --> 00:21:32,879 Speaker 1: onboard WiFi networks, each of which is to a degree proprietary. Know, 379 00:21:33,200 --> 00:21:37,720 Speaker 1: General Motors has on Star, Toyota's got Safety connect etcetera. Um. 380 00:21:37,760 --> 00:21:41,040 Speaker 1: But of course they are not the only researchers in 381 00:21:41,080 --> 00:21:42,920 Speaker 1: the game, and their methods, which we'll talk about in 382 00:21:42,960 --> 00:21:46,320 Speaker 1: a little bit, are not the only options because if 383 00:21:46,359 --> 00:21:50,440 Speaker 1: you recall earlier, ladies and gentlemen, we talked about an 384 00:21:50,480 --> 00:21:54,800 Speaker 1: exception to the rule of multi car hacking. Yeah, so 385 00:21:55,800 --> 00:21:58,680 Speaker 1: car dealerships. You know, I mentioned the idea of having 386 00:21:58,760 --> 00:22:01,120 Speaker 1: those systems in place you to be able to track 387 00:22:01,200 --> 00:22:04,400 Speaker 1: down a vehicle in case it's been stolen, and this 388 00:22:04,520 --> 00:22:07,160 Speaker 1: is becoming a standard feature in a lot of automobiles. 389 00:22:07,200 --> 00:22:11,560 Speaker 1: These days. In two thousand and ten, Omar Or Ramos Lopez, 390 00:22:11,640 --> 00:22:15,520 Speaker 1: who was a former employee of an Austin card dealership, 391 00:22:16,160 --> 00:22:20,480 Speaker 1: used the vehicle tracking system to get revenge. This is 392 00:22:20,480 --> 00:22:26,000 Speaker 1: where we see a well intentioned system, which is, you know, 393 00:22:26,080 --> 00:22:29,359 Speaker 1: designed to do one thing very well, can sometimes be 394 00:22:29,520 --> 00:22:34,200 Speaker 1: put to misuse by someone who has ulterior motives. Reminds 395 00:22:34,200 --> 00:22:35,680 Speaker 1: me of a lot of discussions I've had about the 396 00:22:35,760 --> 00:22:39,800 Speaker 1: n s A. Your your your intentions may have been pure, 397 00:22:39,960 --> 00:22:42,880 Speaker 1: but you've built a tool that humans use, and humans 398 00:22:42,920 --> 00:22:48,920 Speaker 1: have some pretty base desires occasionally. So the system allowed 399 00:22:49,040 --> 00:22:52,320 Speaker 1: the dealer to send wireless reminders about the linquent payments 400 00:22:52,400 --> 00:22:56,760 Speaker 1: to customers and also allowed this particular ex employee to 401 00:22:56,880 --> 00:23:02,080 Speaker 1: remotely hack the vehicles of nearly one people, which, uh 402 00:23:02,160 --> 00:23:04,439 Speaker 1: the result of the hack was that their car horns 403 00:23:04,440 --> 00:23:08,720 Speaker 1: started honking uncontrollably and disabled their the ignissions of their cars. 404 00:23:09,520 --> 00:23:12,040 Speaker 1: So not only was their car honking and honking and honking, 405 00:23:12,080 --> 00:23:15,920 Speaker 1: they could not you know, turn on the car. Wow. 406 00:23:15,960 --> 00:23:19,440 Speaker 1: And that's that's weird because ordinarily those functions which are 407 00:23:19,560 --> 00:23:24,480 Speaker 1: in that existing hardware are I imagine for people who 408 00:23:24,520 --> 00:23:27,280 Speaker 1: are not paying their car payment or their leasing or something, 409 00:23:27,400 --> 00:23:29,600 Speaker 1: or they have their car stolen, and that way, the 410 00:23:29,640 --> 00:23:33,000 Speaker 1: car suddenly becomes inoperable and it's making a nuisance of itself, 411 00:23:33,000 --> 00:23:36,320 Speaker 1: two things that you want if you have, say, police 412 00:23:36,760 --> 00:23:39,800 Speaker 1: out there looking for your stolen vehicle. Yeah, that's a 413 00:23:39,800 --> 00:23:43,679 Speaker 1: really good point. But Omar managed to hack the system. 414 00:23:43,680 --> 00:23:46,520 Speaker 1: Of course, he did later get arrested ladies and gentlemen, 415 00:23:46,560 --> 00:23:49,520 Speaker 1: which is how he knows his name. Yeah, and clearly 416 00:23:49,680 --> 00:23:53,520 Speaker 1: it was a an ultimately unsuccessful attempt because he didn't 417 00:23:53,520 --> 00:23:56,400 Speaker 1: get away clean. It was not a successful exploit. Now, 418 00:23:56,400 --> 00:23:59,080 Speaker 1: in many of the cases that you'll here mentioned about 419 00:23:59,119 --> 00:24:02,359 Speaker 1: car hacking in the news, there's this very important caveat 420 00:24:02,359 --> 00:24:05,080 Speaker 1: the hackers needed some sort of physical access to the 421 00:24:05,160 --> 00:24:08,560 Speaker 1: vehicle through its o b D the onboard diagnostic port. 422 00:24:08,800 --> 00:24:12,200 Speaker 1: And you know that that makes sense. So Valsake and 423 00:24:12,240 --> 00:24:15,639 Speaker 1: Miller plugging in the thing directly to a car or 424 00:24:16,240 --> 00:24:20,320 Speaker 1: Omar using pre existing hardware on the car, so they 425 00:24:20,320 --> 00:24:23,000 Speaker 1: have that access, and they have to have that to 426 00:24:23,040 --> 00:24:30,119 Speaker 1: get there right well mostly okay, So generally speaking, that 427 00:24:30,280 --> 00:24:32,439 Speaker 1: is the surest way to to be able to get 428 00:24:32,480 --> 00:24:35,200 Speaker 1: access to a car subsystems is being able to plug 429 00:24:35,280 --> 00:24:37,480 Speaker 1: physically into that car, which means they already have to 430 00:24:37,520 --> 00:24:40,040 Speaker 1: have physical access to the inside of your car, and 431 00:24:40,440 --> 00:24:43,440 Speaker 1: not to not to do a spoiler. But there's a 432 00:24:43,480 --> 00:24:45,399 Speaker 1: point I think that you make later in the notes 433 00:24:45,680 --> 00:24:48,479 Speaker 1: that it behooves us to bring up. Now, if you're 434 00:24:48,480 --> 00:24:51,040 Speaker 1: gonna go through that much trouble, there's probably other stuff 435 00:24:51,040 --> 00:24:53,680 Speaker 1: you can do to the person you're aiming at that 436 00:24:53,680 --> 00:24:55,440 Speaker 1: that you know, you can save a lot of time 437 00:24:55,440 --> 00:24:58,440 Speaker 1: and effort and not go to the trouble of getting 438 00:24:58,440 --> 00:25:01,280 Speaker 1: access to their vehicle, plugging in secretly without them knowing 439 00:25:01,359 --> 00:25:05,040 Speaker 1: about it, yes, and being redundant there, then inserting whatever 440 00:25:05,119 --> 00:25:08,400 Speaker 1: malicious code you have and and changing all of their 441 00:25:08,400 --> 00:25:12,440 Speaker 1: systems around and then leaving. That's a lot of that's 442 00:25:12,480 --> 00:25:14,879 Speaker 1: a lot of trouble, whereas you could do something like, 443 00:25:15,280 --> 00:25:19,320 Speaker 1: I don't know, disabled their their brake system, like physically 444 00:25:19,359 --> 00:25:23,280 Speaker 1: disabled their brake system. Yeah, so uh yeah, there's certainly 445 00:25:23,480 --> 00:25:26,560 Speaker 1: the possibility and the plausibility are two different things. But 446 00:25:26,600 --> 00:25:31,240 Speaker 1: then the idea of getting at a car without physically 447 00:25:31,280 --> 00:25:35,440 Speaker 1: plugging in is something that people are exploring because, as 448 00:25:35,440 --> 00:25:38,000 Speaker 1: you mentioned, a lot of these have these these various 449 00:25:38,040 --> 00:25:41,119 Speaker 1: communication systems that connect to the outside world. That's a 450 00:25:41,160 --> 00:25:44,360 Speaker 1: possible point of intrusion. Now, it all depends on whether 451 00:25:44,440 --> 00:25:46,960 Speaker 1: or not that system is connected to any other systems 452 00:25:46,960 --> 00:25:49,439 Speaker 1: in the car. Now, if you're talking about safety system, 453 00:25:49,440 --> 00:25:52,160 Speaker 1: it probably is at least on a diagnostic level, because 454 00:25:52,200 --> 00:25:54,320 Speaker 1: it has to be able to send an alert to 455 00:25:54,920 --> 00:25:59,000 Speaker 1: whatever agency is in charge of responding to those Right, So, 456 00:25:59,040 --> 00:26:01,119 Speaker 1: if you have a vehicle has a safety system in 457 00:26:01,160 --> 00:26:04,600 Speaker 1: it that can detect something wrong with your vehicle, send 458 00:26:04,640 --> 00:26:07,919 Speaker 1: that message off to a security firm whatever it may be, 459 00:26:08,040 --> 00:26:10,080 Speaker 1: like on Star is a great example. And then on 460 00:26:10,160 --> 00:26:15,240 Speaker 1: Star response, Well, that that that connection, that wireless communication 461 00:26:15,400 --> 00:26:17,840 Speaker 1: is a possible point of intrusion, and since it can 462 00:26:17,920 --> 00:26:21,800 Speaker 1: at least diagnose problems and systems, it may give people 463 00:26:22,119 --> 00:26:26,080 Speaker 1: the opportunity to mess with those systems. But this is 464 00:26:26,119 --> 00:26:28,800 Speaker 1: a big there's a lot of big ifs. These are 465 00:26:28,880 --> 00:26:31,000 Speaker 1: a lot of big gifts. But the research is there, 466 00:26:31,080 --> 00:26:34,159 Speaker 1: you know. Yeah, So you have the research from the 467 00:26:34,240 --> 00:26:37,600 Speaker 1: University of California and University of Washington hacking the controller 468 00:26:37,680 --> 00:26:42,359 Speaker 1: area network or CAN of an unnamed late model car, 469 00:26:43,440 --> 00:26:46,640 Speaker 1: and they were able to put in malicious commands through 470 00:26:46,680 --> 00:26:50,080 Speaker 1: the cars satellite radio. So I assume they made the 471 00:26:50,119 --> 00:26:54,240 Speaker 1: person listen to Robin Thick or something, right, I guess 472 00:26:54,240 --> 00:26:57,280 Speaker 1: not it's two thousand eleven blurredlines wasn't around yet, but no, 473 00:26:57,720 --> 00:27:03,239 Speaker 1: it was just him just that that's something that no 474 00:27:03,280 --> 00:27:07,760 Speaker 1: one should have to endure except possibly Alan Thick. But yeah, 475 00:27:08,000 --> 00:27:11,520 Speaker 1: So the idea was that they could sneak malicious commands 476 00:27:11,520 --> 00:27:13,840 Speaker 1: and actually it's a satellite radio, WiFi or a CD 477 00:27:14,040 --> 00:27:16,919 Speaker 1: containing the virus, which is interesting. I never would have 478 00:27:16,960 --> 00:27:21,560 Speaker 1: thought that a sound system presumably that's what you're putting 479 00:27:21,560 --> 00:27:24,480 Speaker 1: the CD into, or at least an entertainment system, that 480 00:27:24,480 --> 00:27:27,400 Speaker 1: that would have any kind of access to other important 481 00:27:27,400 --> 00:27:30,040 Speaker 1: systems within the car. But it may very well be 482 00:27:30,200 --> 00:27:33,960 Speaker 1: that it's connected to that same network, and then once 483 00:27:34,000 --> 00:27:35,879 Speaker 1: you have access to the network, you can start to 484 00:27:35,880 --> 00:27:39,080 Speaker 1: try and get access to some of the more critical subsystems, 485 00:27:39,400 --> 00:27:43,000 Speaker 1: things like power steering, which would be you know, catastrophic 486 00:27:43,040 --> 00:27:46,600 Speaker 1: obviously potentially. So yeah. One of the one of the 487 00:27:46,640 --> 00:27:49,000 Speaker 1: professors involved in some of these tests, a guy named 488 00:27:49,040 --> 00:27:53,760 Speaker 1: Stefan Savage Uh, said that these wireless hacks still remain possible. 489 00:27:53,840 --> 00:27:57,160 Speaker 1: Specifically said, the vulnerabilities that we found were the kind 490 00:27:57,200 --> 00:27:59,760 Speaker 1: that existed on PCs in the early to mid nineteen 491 00:27:59,800 --> 00:28:05,240 Speaker 1: hundreds when computers were first getting on the Internet. And uh, 492 00:28:05,600 --> 00:28:10,600 Speaker 1: here's I think the strangest example that I've read so far, 493 00:28:11,359 --> 00:28:15,040 Speaker 1: and maybe maybe readers and maybe you have a different one. Uh, 494 00:28:15,320 --> 00:28:18,960 Speaker 1: what if you could take a car's tire pressure monitoring 495 00:28:19,320 --> 00:28:23,159 Speaker 1: system and use that as a way to monitor the 496 00:28:23,280 --> 00:28:27,200 Speaker 1: movements of a car? To me, that sounds like a 497 00:28:27,359 --> 00:28:31,520 Speaker 1: sci fi writer was running out of ideas and season uh, 498 00:28:31,560 --> 00:28:37,120 Speaker 1: you know six of an anthology show, right, yeah, yeah, 499 00:28:37,280 --> 00:28:40,000 Speaker 1: and they said, let's make this next season six. But 500 00:28:41,240 --> 00:28:46,920 Speaker 1: the researchers from Rutgers University and University South Carolina demonstrated 501 00:28:47,640 --> 00:28:52,080 Speaker 1: in the possibility of this that's pretty incredible and it's 502 00:28:52,280 --> 00:28:55,160 Speaker 1: and they use the wireless seeing signals sent out by 503 00:28:55,160 --> 00:28:59,200 Speaker 1: the pressure monitoring system to to I guess, uh trace 504 00:28:59,320 --> 00:29:03,480 Speaker 1: ping's on. Yeah. Well, let's talk about some of the 505 00:29:03,520 --> 00:29:06,800 Speaker 1: other things that you could do potentially if you were 506 00:29:06,840 --> 00:29:11,040 Speaker 1: able to access a car's computer systems, keeping in mind 507 00:29:11,040 --> 00:29:14,640 Speaker 1: that most of these again are probably due to uh, 508 00:29:14,760 --> 00:29:18,600 Speaker 1: physically connecting with the vehicle and inserting yeah, as opposed 509 00:29:18,640 --> 00:29:20,760 Speaker 1: to you know, it's not like someone whipped out a 510 00:29:21,160 --> 00:29:24,520 Speaker 1: giant remote control and suddenly suddenly they make your car 511 00:29:24,640 --> 00:29:28,600 Speaker 1: feer left. But they could. We've mentioned honking the horn. Uh, 512 00:29:28,680 --> 00:29:33,000 Speaker 1: that's certainly possible. Uh. There was one about the Toyota 513 00:29:33,000 --> 00:29:35,680 Speaker 1: Prius and being able to slam its brakes when the 514 00:29:36,040 --> 00:29:39,960 Speaker 1: car is already traveling at high speed, thus uh, potentially 515 00:29:40,040 --> 00:29:42,600 Speaker 1: leading to a situation where the car gets out of control. 516 00:29:42,840 --> 00:29:44,560 Speaker 1: At the very least, it's going to lead to a 517 00:29:44,600 --> 00:29:46,520 Speaker 1: situation where the car is going to become a hazard 518 00:29:46,560 --> 00:29:48,760 Speaker 1: to anyone who's traveling at that same rate of speed 519 00:29:48,800 --> 00:29:52,760 Speaker 1: behind them. Uh. Then there's the killing the power steering. 520 00:29:52,840 --> 00:29:55,240 Speaker 1: Anyone who's ever driven a vehicle without power steering or 521 00:29:55,240 --> 00:29:58,880 Speaker 1: where the power steering has suddenly become uh inactive, knows 522 00:29:58,920 --> 00:30:01,480 Speaker 1: that that is no Joe. I mean that you really 523 00:30:01,520 --> 00:30:04,560 Speaker 1: don't know how much that power steering helps you until 524 00:30:04,600 --> 00:30:06,840 Speaker 1: you try and drive a vehicle that does not have it. 525 00:30:07,440 --> 00:30:11,200 Speaker 1: Um spoofing the GPS, So this would be a way 526 00:30:11,280 --> 00:30:14,280 Speaker 1: of making a car appear someplace where it's not actually 527 00:30:14,440 --> 00:30:19,280 Speaker 1: used a GPS spoofer for a while. Yeah, Um, I'm 528 00:30:19,320 --> 00:30:21,680 Speaker 1: not proud of it. It was for a really dumb 529 00:30:21,720 --> 00:30:23,800 Speaker 1: reason too. You want to know what it was. Okay, 530 00:30:23,840 --> 00:30:28,040 Speaker 1: So when I say dumb reason, I'm not saying anything like, um, 531 00:30:28,160 --> 00:30:33,400 Speaker 1: like illicit, or or or like salacious. I was using 532 00:30:33,400 --> 00:30:36,760 Speaker 1: a GPS spoofer because I had downloaded an app that 533 00:30:36,920 --> 00:30:41,040 Speaker 1: was a promotional app for a popular science fiction film, 534 00:30:41,120 --> 00:30:43,840 Speaker 1: and part of it would give you achievements for checking 535 00:30:43,920 --> 00:30:47,320 Speaker 1: in at certain physical locations. And some of those physical 536 00:30:47,360 --> 00:30:50,720 Speaker 1: locations because of the particular film I'm talking about, we're 537 00:30:50,720 --> 00:30:54,000 Speaker 1: located in San Francisco. I am not in San Francisco, 538 00:30:54,640 --> 00:30:57,920 Speaker 1: but I wanted those achievements, and so by spoofing my 539 00:30:57,960 --> 00:31:00,760 Speaker 1: GPS I could make it appear as if I were 540 00:31:00,800 --> 00:31:04,120 Speaker 1: in San Francisco at the specific locations, check into those 541 00:31:04,160 --> 00:31:09,120 Speaker 1: locations and get the achievements. It was Star Trek Star Trek, Yeah, 542 00:31:09,120 --> 00:31:11,680 Speaker 1: it was the j J Abrams Star Trek reboot. It 543 00:31:11,760 --> 00:31:15,920 Speaker 1: was actually Star Trek Into Darkness. To be specific. I 544 00:31:15,920 --> 00:31:18,600 Speaker 1: think I finally achieved the rank of captain. My wife 545 00:31:18,680 --> 00:31:22,360 Speaker 1: is an admiral, so that'll tell you. Isn't that against 546 00:31:22,360 --> 00:31:27,520 Speaker 1: Star Trek code. Look, look, if Captain Kirk can cheat 547 00:31:27,600 --> 00:31:30,560 Speaker 1: during the Kobe y Ashi Maru, then I can cheat 548 00:31:31,280 --> 00:31:34,240 Speaker 1: in the check in sport. But anyway, spoofing GPS is 549 00:31:34,360 --> 00:31:37,120 Speaker 1: that's a serious issue because let's say that the GPS 550 00:31:37,200 --> 00:31:40,520 Speaker 1: is tied to again the car monitoring system. If if 551 00:31:40,600 --> 00:31:43,560 Speaker 1: the car appears to be someplace that's not then any 552 00:31:43,600 --> 00:31:46,760 Speaker 1: sort of response physical response sent from say on Star 553 00:31:46,840 --> 00:31:50,000 Speaker 1: again is going to go to the wrong location. So 554 00:31:50,200 --> 00:31:54,160 Speaker 1: that's a real thing. Then there's a falsifying speedometers and odometers. 555 00:31:54,640 --> 00:31:56,720 Speaker 1: I mean it's falsifying an odometer that you can see 556 00:31:56,720 --> 00:32:02,640 Speaker 1: lots of ress. Um. There's violently making the vehicle just 557 00:32:02,920 --> 00:32:09,800 Speaker 1: jerk around not good um. And also they demonstrated that 558 00:32:09,880 --> 00:32:12,840 Speaker 1: they can exploit both of Toyota and Affords self parking 559 00:32:12,880 --> 00:32:16,800 Speaker 1: functions to hijack a vehicle steering, essentially turning it into 560 00:32:17,080 --> 00:32:20,320 Speaker 1: a primitive kind of remote controlled vehicle. And you you 561 00:32:20,360 --> 00:32:22,840 Speaker 1: can sort of see where that would come into play, 562 00:32:22,880 --> 00:32:27,360 Speaker 1: because obviously if you have a parallel parking automated system, 563 00:32:27,400 --> 00:32:29,400 Speaker 1: it has to be able to control the steering and 564 00:32:29,440 --> 00:32:31,360 Speaker 1: breaking of the vehicle in order for that to work. 565 00:32:31,480 --> 00:32:34,160 Speaker 1: So you just give it a new set of instructions. Yeah. Now, 566 00:32:34,280 --> 00:32:36,440 Speaker 1: again this is all stuff that you know, you would 567 00:32:36,480 --> 00:32:38,640 Speaker 1: have to have physical access to the vehicle first before 568 00:32:38,720 --> 00:32:41,640 Speaker 1: you could have introduced these problems. So if you're really 569 00:32:41,640 --> 00:32:44,440 Speaker 1: careful with the way your you know, your vehicle is 570 00:32:44,520 --> 00:32:46,760 Speaker 1: like your your vehicle secure, then you don't need to 571 00:32:46,760 --> 00:32:49,400 Speaker 1: worry about this so much. But yeah, that's that's a 572 00:32:49,440 --> 00:32:53,840 Speaker 1: good point. And before this becomes too uh too scary 573 00:32:53,880 --> 00:32:57,120 Speaker 1: for anybody, let's also keep in mind that when Miller 574 00:32:57,160 --> 00:33:01,360 Speaker 1: and val Sec were demonstrating these things, especially to a 575 00:33:01,360 --> 00:33:05,520 Speaker 1: couple of journalists, one of the guys was literally sitting 576 00:33:05,560 --> 00:33:10,920 Speaker 1: in the car with his laptop plugged in running the code. So, uh, 577 00:33:11,120 --> 00:33:13,360 Speaker 1: I guess if you see someone you don't know in 578 00:33:13,400 --> 00:33:16,120 Speaker 1: the backseat of your co there might be some other 579 00:33:16,200 --> 00:33:18,400 Speaker 1: questions you come up with before you actually get the 580 00:33:18,400 --> 00:33:21,640 Speaker 1: car in motion, right, Yeah, so it's not it's the 581 00:33:22,240 --> 00:33:26,240 Speaker 1: odds of you hopping into your two thousand ten preus 582 00:33:26,320 --> 00:33:29,800 Speaker 1: or escape and then finding that the car is completely 583 00:33:29,840 --> 00:33:34,000 Speaker 1: not under your control are very, very very low. Yeah. 584 00:33:34,120 --> 00:33:37,640 Speaker 1: The the point that these hackers were making was that 585 00:33:37,680 --> 00:33:41,600 Speaker 1: the vulnerabilities existed, and that the vulnerabilities could be addressed 586 00:33:41,880 --> 00:33:44,400 Speaker 1: and sealed up so that it would no longer be 587 00:33:44,440 --> 00:33:47,320 Speaker 1: a point of entry for a hacker. So it was 588 00:33:47,880 --> 00:33:51,040 Speaker 1: you know, they didn't need for the demonstration to be practical, 589 00:33:51,080 --> 00:33:54,080 Speaker 1: They just needed to show that, look, with enough work, 590 00:33:54,160 --> 00:33:58,000 Speaker 1: you can do this, and presumably if you're really determined 591 00:33:58,360 --> 00:34:01,760 Speaker 1: you could create, say a module that plugs into the 592 00:34:01,840 --> 00:34:06,360 Speaker 1: onboard diagnostic system and has a wireless communication with a laptop, 593 00:34:06,600 --> 00:34:08,160 Speaker 1: and then I don't have to be in the back 594 00:34:08,200 --> 00:34:12,200 Speaker 1: seat anymore because I can just send those the communications 595 00:34:12,239 --> 00:34:15,759 Speaker 1: straight through. But not that anyone's developed that, but rather 596 00:34:15,880 --> 00:34:18,920 Speaker 1: that we need to address the vulnerabilities that would make 597 00:34:18,960 --> 00:34:22,839 Speaker 1: such a thing possible. Yeah, exactly, And again just underlining 598 00:34:23,000 --> 00:34:26,800 Speaker 1: that if something is controlled by a computer in your car, 599 00:34:27,320 --> 00:34:31,920 Speaker 1: then another computer can be come involved and and anything 600 00:34:31,960 --> 00:34:34,840 Speaker 1: from your power windows to your breaking that function could 601 00:34:34,880 --> 00:34:38,920 Speaker 1: be hacked. We talked a little bit already about the 602 00:34:38,920 --> 00:34:41,920 Speaker 1: the evolution of the e c U, right. Yeah. The 603 00:34:41,960 --> 00:34:45,400 Speaker 1: whole point about these are these were systems made to 604 00:34:45,480 --> 00:34:50,360 Speaker 1: make either cars safer or to have a smaller environmental impact, 605 00:34:50,800 --> 00:34:53,160 Speaker 1: and that these were things that because they were because 606 00:34:53,200 --> 00:34:57,000 Speaker 1: of their benefits, they ended up being required, you know, 607 00:34:57,280 --> 00:35:00,080 Speaker 1: and you've got some you've got some great notes here 608 00:35:00,120 --> 00:35:04,760 Speaker 1: about the can bus. Ultimately, what what Millar and valis 609 00:35:04,840 --> 00:35:09,319 Speaker 1: act we're doing, is they're analyzing the can bus and 610 00:35:09,400 --> 00:35:12,719 Speaker 1: they're they're using that kind of like their skeleton key 611 00:35:12,800 --> 00:35:15,400 Speaker 1: or their highway. Now you can think of the can 612 00:35:15,560 --> 00:35:19,439 Speaker 1: bus that's sort of its own little maniature network. Uh 613 00:35:19,520 --> 00:35:22,080 Speaker 1: So think of it like, you know, think of the 614 00:35:22,480 --> 00:35:26,120 Speaker 1: Internet in microcosm, except it's all within the context of 615 00:35:26,160 --> 00:35:29,560 Speaker 1: a car. And the can is what pretty much allows 616 00:35:29,800 --> 00:35:35,440 Speaker 1: various uh subsystems to be interconnected, and it can interconnect 617 00:35:35,480 --> 00:35:39,120 Speaker 1: up to forty different systems for the different devices anyway, 618 00:35:39,520 --> 00:35:43,000 Speaker 1: and information travels at about one megabit per second, which is, 619 00:35:43,200 --> 00:35:47,520 Speaker 1: you know, compared to broadband speeds. Well in the United States, 620 00:35:47,520 --> 00:35:49,839 Speaker 1: broadband is defined as four megabits per second, so it's 621 00:35:49,840 --> 00:35:53,719 Speaker 1: really not that far behind, but it's it's uh more 622 00:35:53,840 --> 00:35:57,120 Speaker 1: than sufficient for the kind of data that the vehicle 623 00:35:57,200 --> 00:35:59,640 Speaker 1: tends to work in because it's not you know, it's 624 00:35:59,640 --> 00:36:02,800 Speaker 1: not con scarned with everything. It's concerned with very specific 625 00:36:02,880 --> 00:36:07,360 Speaker 1: systems like fuel injection or spedometer or that sort of stuff. 626 00:36:07,680 --> 00:36:11,080 Speaker 1: So it's definitely sufficient for that kind of thing. But 627 00:36:11,200 --> 00:36:13,840 Speaker 1: that is again, you know, anytime you have a system 628 00:36:13,880 --> 00:36:17,440 Speaker 1: where data is traveling around, then there's the potential of 629 00:36:17,520 --> 00:36:19,840 Speaker 1: exploiting it if you can get that point of entry. 630 00:36:20,040 --> 00:36:23,400 Speaker 1: So when they were defcon they explained this sort of stuff. 631 00:36:23,440 --> 00:36:26,600 Speaker 1: They also said that, uh, part of their process was 632 00:36:26,680 --> 00:36:30,799 Speaker 1: to get these proprietary messages. One of the most base 633 00:36:30,880 --> 00:36:33,360 Speaker 1: ways to think of it is speaking the language of 634 00:36:33,360 --> 00:36:37,120 Speaker 1: the car, right, and so by learning some of those links, 635 00:36:37,400 --> 00:36:41,520 Speaker 1: those phrases uh, in this tortured analogy I painted myself 636 00:36:41,560 --> 00:36:44,600 Speaker 1: into UH, they can replay these on a device that's 637 00:36:44,640 --> 00:36:48,520 Speaker 1: hooked up to the diagnostic connector ports, and then they 638 00:36:48,600 --> 00:36:52,000 Speaker 1: can uh influence the breaking in the steering. And then 639 00:36:52,320 --> 00:36:55,920 Speaker 1: as you said, they can also modify the existing firmware 640 00:36:56,280 --> 00:37:00,880 Speaker 1: so that they can still have this signal interplay without 641 00:37:00,960 --> 00:37:04,000 Speaker 1: having a guy in the back. Um. But to me, 642 00:37:04,239 --> 00:37:08,680 Speaker 1: it's interesting that this is not more of a big 643 00:37:08,719 --> 00:37:12,560 Speaker 1: deal externally with companies. You know, this seems like the 644 00:37:12,719 --> 00:37:15,239 Speaker 1: kind of thing that could easily become alarmist, and I'm 645 00:37:15,520 --> 00:37:20,480 Speaker 1: surprised that there hasn't already been more examination of it. 646 00:37:21,040 --> 00:37:22,560 Speaker 1: I think part of it is that we're still in 647 00:37:22,600 --> 00:37:25,840 Speaker 1: the early days right right now. It's in the hacker culture, 648 00:37:25,960 --> 00:37:30,279 Speaker 1: it's something that's being discussed, and in car culture, where 649 00:37:30,280 --> 00:37:32,680 Speaker 1: you have people who mod and tune their own cards. 650 00:37:32,760 --> 00:37:35,600 Speaker 1: It's being discussed, but usually from the perspective of how 651 00:37:35,640 --> 00:37:37,239 Speaker 1: can I make my car do something it was not 652 00:37:37,320 --> 00:37:39,480 Speaker 1: meant to do? Yeah, without how can I over clock 653 00:37:39,520 --> 00:37:43,319 Speaker 1: without falling apart right right from the hacker culture, it's 654 00:37:43,360 --> 00:37:47,279 Speaker 1: more about what are the potential vulnerabilities and either how 655 00:37:47,320 --> 00:37:49,359 Speaker 1: can I exploit them or how can I prevent them 656 00:37:49,360 --> 00:37:53,160 Speaker 1: from being exploited companies, I mean, bringing attention to it 657 00:37:53,200 --> 00:37:55,200 Speaker 1: is probably not something that most companies want to do. 658 00:37:55,239 --> 00:37:57,439 Speaker 1: They want to sell cars, but a lot of them 659 00:37:57,680 --> 00:38:01,320 Speaker 1: are definitely responding by saying, this is something we really 660 00:38:02,239 --> 00:38:04,160 Speaker 1: are concerned about. We want to make sure that our 661 00:38:04,280 --> 00:38:07,279 Speaker 1: our cars as as safe as possible. We take it 662 00:38:07,360 --> 00:38:11,319 Speaker 1: very seriously. We want to make sure that it's not 663 00:38:11,840 --> 00:38:16,719 Speaker 1: a trivial task to tap into one of these cars. So, yeah, exactly, 664 00:38:16,800 --> 00:38:20,960 Speaker 1: And the statements of various companies, of course, for its 665 00:38:21,040 --> 00:38:23,480 Speaker 1: is to take it very seriously. In other car companies 666 00:38:23,760 --> 00:38:26,759 Speaker 1: are saying that there is a differentiation that needs to 667 00:38:26,800 --> 00:38:31,680 Speaker 1: be made between hacking a car with physical access versus 668 00:38:31,960 --> 00:38:36,920 Speaker 1: remote hacking, and uh, for many car companies, the focus 669 00:38:37,000 --> 00:38:41,600 Speaker 1: is on preventing that kind of exploitation remotely. Well, yeah, 670 00:38:41,600 --> 00:38:44,200 Speaker 1: because that's the one that is more likely to like, 671 00:38:44,320 --> 00:38:47,040 Speaker 1: if it's a possible, that's the more likely vector because 672 00:38:47,080 --> 00:38:49,600 Speaker 1: it's the one that requires less work on the part 673 00:38:49,600 --> 00:38:51,560 Speaker 1: of the person who's trying to get access to the car. 674 00:38:52,040 --> 00:38:54,839 Speaker 1: You know, if if I find out the only way 675 00:38:54,880 --> 00:38:57,920 Speaker 1: that I'm going to be able to sabotage my enemies 676 00:38:58,000 --> 00:39:00,520 Speaker 1: vehicle is if I get physical access to the inside 677 00:39:00,560 --> 00:39:02,080 Speaker 1: of the vehicle, and then I have to be there 678 00:39:02,120 --> 00:39:04,800 Speaker 1: for a couple of hours while I reflashed the engine 679 00:39:04,800 --> 00:39:08,799 Speaker 1: control unit. That's not really that attractive to me. I mean, 680 00:39:08,840 --> 00:39:13,600 Speaker 1: do you have any enemies that, like I was gonna say, 681 00:39:13,600 --> 00:39:16,800 Speaker 1: I would wing man on that wing, but that would 682 00:39:16,800 --> 00:39:19,319 Speaker 1: take all afternoon. See Ben, what I'm telling you now 683 00:39:19,440 --> 00:39:22,319 Speaker 1: is that I didn't use this approach because I'm much 684 00:39:22,360 --> 00:39:25,560 Speaker 1: more efficient. But at any rate, uh the Yeah, if 685 00:39:25,600 --> 00:39:28,080 Speaker 1: you could get access remotely, then clearly that would be 686 00:39:28,120 --> 00:39:31,600 Speaker 1: a big draw for potential hackers. Now, they also point 687 00:39:31,600 --> 00:39:35,040 Speaker 1: out that it's usually a one on one kind of 688 00:39:35,080 --> 00:39:37,520 Speaker 1: thing that the approaches we've seen so far, with the 689 00:39:37,560 --> 00:39:42,920 Speaker 1: exception of exploiting the dealership system, which you know, again, 690 00:39:42,960 --> 00:39:45,120 Speaker 1: then you have to get access to the dealership system, 691 00:39:45,120 --> 00:39:48,359 Speaker 1: which is which is even more difficult at least presumably 692 00:39:48,560 --> 00:39:52,000 Speaker 1: than an individual vehicle. But because these are one on 693 00:39:52,000 --> 00:39:55,160 Speaker 1: one attacks, you would have to be targeted specifically. Now, 694 00:39:55,160 --> 00:39:57,960 Speaker 1: if you own a really high end luxury vehicle. That 695 00:39:58,080 --> 00:40:02,840 Speaker 1: might happen, right but the likelihood of having a vehicle 696 00:40:02,920 --> 00:40:06,560 Speaker 1: stolen if it's a high end luxury vehicle is already increased. 697 00:40:07,400 --> 00:40:10,400 Speaker 1: Right there. There are multiple there are multiple avenues that 698 00:40:10,440 --> 00:40:12,360 Speaker 1: people will go through in order to get hold of 699 00:40:12,400 --> 00:40:16,200 Speaker 1: that vehicle. Some of them might involve electronic hijacking, some 700 00:40:16,280 --> 00:40:18,719 Speaker 1: of them might involve just getting physical access to the 701 00:40:18,760 --> 00:40:21,000 Speaker 1: car and hot wiring the thing. I mean, it's you know, 702 00:40:21,120 --> 00:40:23,239 Speaker 1: that's that's a risk to take with a high end 703 00:40:23,320 --> 00:40:26,840 Speaker 1: luxury vehicle, and you usually will take uh, you know, 704 00:40:27,440 --> 00:40:30,759 Speaker 1: you'll take steps to prevent that from happening, hopefully, you know, 705 00:40:30,880 --> 00:40:34,359 Speaker 1: like possibly hiring a very large person to stand right 706 00:40:34,360 --> 00:40:37,040 Speaker 1: next to the vehicle and uh and discourage people from 707 00:40:37,040 --> 00:40:40,760 Speaker 1: getting too close. But um, yeah, because we're not getting 708 00:40:40,800 --> 00:40:45,640 Speaker 1: this kind of car communication where the cars are constantly 709 00:40:46,560 --> 00:40:53,000 Speaker 1: part of the larger Internet, then it's it's fairly it's 710 00:40:53,040 --> 00:40:57,000 Speaker 1: fairly safe right now from the remote attacks. As cars 711 00:40:57,040 --> 00:41:00,560 Speaker 1: get more and more Internet capable and Internet connected, then 712 00:41:00,600 --> 00:41:02,040 Speaker 1: you have to sit there and say, all right, well, 713 00:41:02,040 --> 00:41:05,319 Speaker 1: how is the car interacting with the Internet. Can that 714 00:41:05,400 --> 00:41:08,400 Speaker 1: be identified from an external source? If it could be identified, 715 00:41:08,440 --> 00:41:12,239 Speaker 1: can it also be exploited. And that's those are the 716 00:41:12,320 --> 00:41:14,720 Speaker 1: questions that are really going to be important to answer. 717 00:41:15,080 --> 00:41:17,600 Speaker 1: And I suspect we're going to see more and more 718 00:41:17,719 --> 00:41:19,839 Speaker 1: cars get this sort of Internet connection. I mean, we're 719 00:41:19,880 --> 00:41:23,319 Speaker 1: already seeing it with entertainment systems again, right, so you 720 00:41:23,520 --> 00:41:27,719 Speaker 1: have cars that have entertainment systems that do connect either 721 00:41:27,800 --> 00:41:31,040 Speaker 1: to the Internet via satellite or through the cellular network. 722 00:41:31,200 --> 00:41:34,960 Speaker 1: You know, however it may be, um, that's again a 723 00:41:35,080 --> 00:41:39,800 Speaker 1: potential point of entry, assuming that the subsystem is designed 724 00:41:39,800 --> 00:41:42,680 Speaker 1: to communicate with other systems. One way to prevent this 725 00:41:42,800 --> 00:41:44,960 Speaker 1: is to say, all right, well, which systems need to 726 00:41:45,000 --> 00:41:47,640 Speaker 1: talk to each other and which ones totally don't need 727 00:41:47,680 --> 00:41:50,720 Speaker 1: to talk to anything, And let's make sure that those 728 00:41:50,840 --> 00:41:53,680 Speaker 1: are boxed away so that if someone gets access to them, 729 00:41:53,719 --> 00:41:55,880 Speaker 1: the worst you're gonna get is they're making me listen 730 00:41:55,960 --> 00:42:00,919 Speaker 1: to I don't know, modern country. That would drive me crazy. Yeah, 731 00:42:01,480 --> 00:42:04,399 Speaker 1: you know, we could do an entirely different show on 732 00:42:04,800 --> 00:42:09,120 Speaker 1: modern country versus classic country. Yeah, okay, like Hank Williams Sr. 733 00:42:09,320 --> 00:42:14,880 Speaker 1: Brilliant man. But you know, okay, you're right, I'm not 734 00:42:14,880 --> 00:42:18,040 Speaker 1: gonna go down. I have I have some questions for 735 00:42:18,080 --> 00:42:22,440 Speaker 1: you as our resident tech expert UM and to ask 736 00:42:22,520 --> 00:42:24,239 Speaker 1: to set up one of these questions. First, I have 737 00:42:24,320 --> 00:42:27,120 Speaker 1: a have a short little anecdote here. In two thousand 738 00:42:27,239 --> 00:42:30,520 Speaker 1: thirteen is reported by the Guardian, there was a scientist 739 00:42:30,719 --> 00:42:34,839 Speaker 1: named Flavio Garcia, which name, which is a wonderful name. 740 00:42:35,160 --> 00:42:37,719 Speaker 1: I I had first assumed he was a name scientist. 741 00:42:37,880 --> 00:42:42,480 Speaker 1: But he had an academic paper that he had written 742 00:42:42,640 --> 00:42:46,680 Speaker 1: with several colleagues revealing the secret codes used to start 743 00:42:46,880 --> 00:42:50,960 Speaker 1: luxury cars out He's Bentley's and so on. And the 744 00:42:51,080 --> 00:42:54,239 Speaker 1: judge in the case, uh, there was there was a 745 00:42:54,280 --> 00:42:58,759 Speaker 1: suppression case right right, Uh to suppress the paper rights 746 00:42:58,800 --> 00:43:02,160 Speaker 1: some car companies wanted to us, and the judge ultimately 747 00:43:02,239 --> 00:43:06,480 Speaker 1: ruled that it should be suppressed. I think specifically this 748 00:43:06,600 --> 00:43:11,200 Speaker 1: was the parent company of Volkswagen, and the idea here 749 00:43:11,520 --> 00:43:16,120 Speaker 1: was um. The the idea was that the scientists, by 750 00:43:16,160 --> 00:43:20,600 Speaker 1: publishing this paper were endangering you know, hundreds of thousands 751 00:43:20,640 --> 00:43:24,799 Speaker 1: of car owners minimum and and even even if you 752 00:43:24,840 --> 00:43:27,880 Speaker 1: don't consider it a danger immediately, let's say that it 753 00:43:27,920 --> 00:43:32,160 Speaker 1: inspires the companies to do a recall, or that all 754 00:43:32,200 --> 00:43:36,080 Speaker 1: those customers go out to have this system changed. That's 755 00:43:36,120 --> 00:43:40,720 Speaker 1: a real monetary impact. Either to the owners or the 756 00:43:40,800 --> 00:43:45,040 Speaker 1: car companies or both to both most likely and uh 757 00:43:45,080 --> 00:43:48,520 Speaker 1: what they found in the course of the investigation was 758 00:43:48,560 --> 00:43:53,759 Speaker 1: that Garcia's team was deriving these codes but by cracking 759 00:43:53,840 --> 00:43:58,919 Speaker 1: the algorithms there. They used complex mathematical models to check 760 00:43:59,000 --> 00:44:02,399 Speaker 1: the software behind in the code. But here's the thing, man, 761 00:44:02,680 --> 00:44:05,879 Speaker 1: the code, they the process they were using in their 762 00:44:05,920 --> 00:44:08,880 Speaker 1: conclusion and stuff like that, we're in some pieces they 763 00:44:08,880 --> 00:44:13,799 Speaker 1: were available and since two thousand nine. So what my 764 00:44:13,920 --> 00:44:16,640 Speaker 1: question is with this, with this dilemma, and I think 765 00:44:16,640 --> 00:44:20,040 Speaker 1: it is, um, where where would you fall? Like professionally, 766 00:44:20,080 --> 00:44:24,120 Speaker 1: what's the idea here? Is this a case? Where is 767 00:44:24,160 --> 00:44:28,399 Speaker 1: this a case where security trump's transparency or I think so? 768 00:44:28,600 --> 00:44:32,080 Speaker 1: I think my my general philosophy and these matters, and 769 00:44:32,120 --> 00:44:34,600 Speaker 1: this goes to all sorts of all types of white 770 00:44:34,600 --> 00:44:40,680 Speaker 1: hat hacking. My general philosophy is that it is the 771 00:44:40,760 --> 00:44:46,080 Speaker 1: responsible thing to do is to alert whatever governing body, 772 00:44:46,160 --> 00:44:51,680 Speaker 1: whether that's a country, a company, uh, some some specific programmers, whatever, 773 00:44:51,760 --> 00:44:55,839 Speaker 1: whoever is responsible for the hacked system, to let them 774 00:44:55,840 --> 00:44:58,520 Speaker 1: know what the vulnerability is and to say, here is 775 00:44:58,560 --> 00:45:02,600 Speaker 1: how I exploited thatulnerability. You need to address this. I 776 00:45:02,680 --> 00:45:06,239 Speaker 1: think that's the responsible thing to do. It's also fair too, 777 00:45:06,600 --> 00:45:09,920 Speaker 1: I think to say that there is a vulnerability, that 778 00:45:10,000 --> 00:45:12,720 Speaker 1: you found a vulnerability, not to say what the vulnerability 779 00:45:12,760 --> 00:45:16,160 Speaker 1: is necessarily or how you exploited it, but that one 780 00:45:16,239 --> 00:45:19,120 Speaker 1: does exist because then it creates the incentive on the 781 00:45:19,200 --> 00:45:22,800 Speaker 1: part of the the person in charge to actually address 782 00:45:22,880 --> 00:45:25,280 Speaker 1: the problem and fix it. I see, So go straight 783 00:45:25,280 --> 00:45:28,919 Speaker 1: to the source, not to USA Today or something. Yeah, 784 00:45:28,920 --> 00:45:31,239 Speaker 1: I mean, go to the source first, and then give 785 00:45:31,280 --> 00:45:33,480 Speaker 1: the source enough time to sit there and at least 786 00:45:33,520 --> 00:45:37,000 Speaker 1: evaluate what you have said, and then go to the 787 00:45:37,080 --> 00:45:39,959 Speaker 1: press and say, all right, here's the deal. There's there's 788 00:45:40,000 --> 00:45:43,920 Speaker 1: this problem and if it's not addressed, then this is 789 00:45:43,960 --> 00:45:46,960 Speaker 1: what could happen. This is the potential outcome. Uh. And 790 00:45:47,040 --> 00:45:49,239 Speaker 1: that was you know, like the heart bleed bug is 791 00:45:49,239 --> 00:45:50,839 Speaker 1: a great example. You know, this is one of those 792 00:45:50,840 --> 00:45:53,359 Speaker 1: things where when you discover it, you kind of, I think, 793 00:45:53,360 --> 00:45:58,560 Speaker 1: have the responsibility to let people know, hey, there's this problem. Here, 794 00:45:58,640 --> 00:46:02,320 Speaker 1: here's how how exploited it, here's what needs to happen, 795 00:46:02,760 --> 00:46:07,040 Speaker 1: and then reveal it to everybody because the potential impact 796 00:46:07,320 --> 00:46:12,280 Speaker 1: is so great. But you don't actually unveil how step 797 00:46:12,320 --> 00:46:16,520 Speaker 1: by step to exploit the vulnerability that is irresponsible as well, 798 00:46:16,920 --> 00:46:19,480 Speaker 1: and that goes from white hat hacking to black hack 799 00:46:19,280 --> 00:46:22,120 Speaker 1: hacking in my mind. So I've seen this over and 800 00:46:22,160 --> 00:46:25,480 Speaker 1: over again in the in the computer world, where an 801 00:46:25,480 --> 00:46:28,800 Speaker 1: operating system comes out and someone or an operate system 802 00:46:28,840 --> 00:46:32,439 Speaker 1: that's been out forever, someone discovers that there's a vulnerability, 803 00:46:32,600 --> 00:46:36,000 Speaker 1: and generally speaking, what they do is they alert the 804 00:46:36,040 --> 00:46:42,040 Speaker 1: operating system, uh, you know, developer, and then after a 805 00:46:42,160 --> 00:46:44,080 Speaker 1: set amount of time, will say, all right, we found 806 00:46:44,120 --> 00:46:47,040 Speaker 1: a vulnerability. Here's what the vulnerability does. I'm not going 807 00:46:47,120 --> 00:46:49,080 Speaker 1: to tell you how to do it, but here's what 808 00:46:49,120 --> 00:46:52,279 Speaker 1: happens if someone exploits it and this company needs to 809 00:46:52,280 --> 00:46:55,279 Speaker 1: fix it, and that again puts that social pressure on 810 00:46:55,280 --> 00:46:57,360 Speaker 1: the company. Yeah, I see what you're seeing, and I 811 00:46:57,360 --> 00:47:00,280 Speaker 1: think that's I think that's a decent compromise. But between 812 00:47:00,320 --> 00:47:03,799 Speaker 1: the two principles and it sounds pretty ethical. And now 813 00:47:03,920 --> 00:47:06,239 Speaker 1: we go to Now we go to the question that 814 00:47:06,320 --> 00:47:11,560 Speaker 1: might be on everybody's mind. Uh so, wait, guys, Jonathan Ben, 815 00:47:11,880 --> 00:47:16,560 Speaker 1: will my car be hacked? Probably not, that's true. There's 816 00:47:16,600 --> 00:47:19,839 Speaker 1: no silver bullet hack. As we've said, and with the 817 00:47:19,840 --> 00:47:22,600 Speaker 1: exception of that dealer fleet. Um, you know, as you 818 00:47:22,680 --> 00:47:25,640 Speaker 1: as you point out Uh, someone would have to the 819 00:47:26,280 --> 00:47:29,560 Speaker 1: whomever would do this to you would have to have 820 00:47:30,120 --> 00:47:32,239 Speaker 1: a lot of time on their hands, a heck of 821 00:47:32,280 --> 00:47:34,719 Speaker 1: a lot of book smarts, right, and a lot of motivation, 822 00:47:35,000 --> 00:47:37,200 Speaker 1: a lot of They would have to have it out 823 00:47:37,239 --> 00:47:41,560 Speaker 1: for you specific must have done something really awful to 824 00:47:41,680 --> 00:47:45,439 Speaker 1: that person, kill their father and gave up fencing. Let's 825 00:47:45,480 --> 00:47:47,879 Speaker 1: let's just look at the the plots for taking one 826 00:47:47,920 --> 00:47:51,800 Speaker 1: through three. You've done something on those plots against Liam Neeson, 827 00:47:51,840 --> 00:47:54,160 Speaker 1: and he has the reason to hack your car now, right. 828 00:47:54,200 --> 00:47:57,600 Speaker 1: The truth of it is, it's just incredibly inconvenient to 829 00:47:57,680 --> 00:48:00,360 Speaker 1: do so. And if we look at I love that 830 00:48:00,400 --> 00:48:03,359 Speaker 1: you said, taken. But because if you look at all 831 00:48:03,440 --> 00:48:06,360 Speaker 1: the stuff we've said now, for something like this to 832 00:48:06,400 --> 00:48:11,480 Speaker 1: have to happen, honestly, those would be like action movie 833 00:48:11,520 --> 00:48:15,120 Speaker 1: problems that most people, uh hopefully don't have. Yeah, it's 834 00:48:15,160 --> 00:48:16,880 Speaker 1: the same sort of thing like if you if you 835 00:48:16,920 --> 00:48:19,160 Speaker 1: are flying back on Christmas and you have to go 836 00:48:19,200 --> 00:48:22,879 Speaker 1: to Naca Tomi Plaza, you're probably not gonna relive die hard. 837 00:48:24,200 --> 00:48:26,279 Speaker 1: You know, it's just it's it's an action movie thing, 838 00:48:26,320 --> 00:48:29,680 Speaker 1: not a real life thing. But uh, you know, it's 839 00:48:29,680 --> 00:48:32,520 Speaker 1: certainly one of the things that awareness is good because 840 00:48:32,560 --> 00:48:36,080 Speaker 1: we're getting into a more uh you know, the trend 841 00:48:36,120 --> 00:48:39,880 Speaker 1: of of computers and electronic systems getting getting more advanced 842 00:48:39,880 --> 00:48:42,560 Speaker 1: in cars is not going to reverse, it's going to continue, 843 00:48:42,560 --> 00:48:45,000 Speaker 1: it's gonna evolve, and we're getting closer and closer to 844 00:48:45,040 --> 00:48:47,839 Speaker 1: autonomous cars. Clearly, when you get to a system where 845 00:48:47,840 --> 00:48:51,399 Speaker 1: the car itself is taken over, then at least the 846 00:48:51,480 --> 00:48:55,040 Speaker 1: idea of the possibility of hacking becomes more realistic to people. 847 00:48:55,280 --> 00:48:58,080 Speaker 1: Keep in mind, the systems we talked about, they can 848 00:48:58,080 --> 00:49:02,080 Speaker 1: affect a manually controlled car. We're not suggesting that if 849 00:49:02,080 --> 00:49:04,040 Speaker 1: you have your hands on the wheel you can prevent 850 00:49:04,120 --> 00:49:06,880 Speaker 1: this from happening. But I think once you get to 851 00:49:06,880 --> 00:49:08,879 Speaker 1: the point where you no longer have to have your 852 00:49:08,880 --> 00:49:10,680 Speaker 1: hands on the wheel that you're on one of those 853 00:49:10,719 --> 00:49:12,880 Speaker 1: Google cars that can that doesn't even have a wheel, 854 00:49:13,560 --> 00:49:19,040 Speaker 1: the mindset is that, oh, computer is controlling this. Someone 855 00:49:19,080 --> 00:49:21,080 Speaker 1: could get control of the computer. It just seems like 856 00:49:21,120 --> 00:49:24,920 Speaker 1: it's more possible in that model, even though even though 857 00:49:24,920 --> 00:49:27,960 Speaker 1: it may not necessarily be more possible, But as we 858 00:49:28,000 --> 00:49:30,880 Speaker 1: get these cars that communicate more and more with the 859 00:49:30,920 --> 00:49:33,400 Speaker 1: outside world, then clearly that's something for us to keep 860 00:49:33,440 --> 00:49:36,560 Speaker 1: in mind. And uh. It also drives home a point 861 00:49:36,600 --> 00:49:40,080 Speaker 1: that Scott Benjamin and I made in our Autonomous Cars episode. 862 00:49:40,320 --> 00:49:43,719 Speaker 1: We talked about how early implementations all imagine that the 863 00:49:43,760 --> 00:49:46,160 Speaker 1: autonomous car was going to be part of a larger 864 00:49:46,200 --> 00:49:49,680 Speaker 1: autonomous system. Right, You're gonna have the the super Highway 865 00:49:49,719 --> 00:49:52,120 Speaker 1: of the future, and that was going to be the infrastructure, 866 00:49:52,360 --> 00:49:54,880 Speaker 1: and the cars were going to be largely passive and 867 00:49:54,920 --> 00:49:58,840 Speaker 1: receive direction from the outside world. Well, in that world, 868 00:49:58,880 --> 00:50:02,279 Speaker 1: you could definitely imagine a system that takes advantage of 869 00:50:02,320 --> 00:50:05,759 Speaker 1: that and sends conflicting commands to the cars that are 870 00:50:05,760 --> 00:50:10,200 Speaker 1: going down the road. But as we've seen this technology mature, 871 00:50:10,800 --> 00:50:13,520 Speaker 1: it turns out that it's all being self contained in 872 00:50:13,560 --> 00:50:17,360 Speaker 1: the vehicle. It's not dependent upon the environment outside the vehicle, 873 00:50:17,840 --> 00:50:20,239 Speaker 1: which means it's harder to get at that system so 874 00:50:20,280 --> 00:50:23,759 Speaker 1: that we benefit from that. So, um, I think that 875 00:50:24,080 --> 00:50:27,120 Speaker 1: because we didn't go in this world where all the 876 00:50:27,160 --> 00:50:30,120 Speaker 1: cars have to talk to each other, and we discovered no, 877 00:50:30,239 --> 00:50:31,759 Speaker 1: they don't really need to talk to each other. If 878 00:50:31,760 --> 00:50:35,160 Speaker 1: they have the sensors to detect each other, that's enough. 879 00:50:35,200 --> 00:50:38,080 Speaker 1: They don't actually have to have two way communication. Well, 880 00:50:38,120 --> 00:50:40,600 Speaker 1: then you start cutting down on those vectors we were 881 00:50:40,600 --> 00:50:44,160 Speaker 1: talking about. So just the way the technology is matured, 882 00:50:44,200 --> 00:50:47,320 Speaker 1: which I don't think has anything necessarily to do with security, 883 00:50:47,760 --> 00:50:51,040 Speaker 1: benefits us in a security way. I see what you're saying. 884 00:50:51,400 --> 00:50:56,439 Speaker 1: And to be completely candid, we know that we are 885 00:50:56,719 --> 00:51:03,520 Speaker 1: on the course of a very very swift evolution, not revolution, 886 00:51:03,880 --> 00:51:09,000 Speaker 1: because the progress made in automotive science, in uh just 887 00:51:09,080 --> 00:51:15,840 Speaker 1: electronic communication means that the cars children born today drive 888 00:51:15,880 --> 00:51:19,279 Speaker 1: are going to be radically different. They might not be driving. Yeah, 889 00:51:19,360 --> 00:51:22,239 Speaker 1: they That's That's where I'm getting at, man, they may 890 00:51:22,360 --> 00:51:25,359 Speaker 1: just not be driving. Henrik Kristensen over at Georgia Tech 891 00:51:25,640 --> 00:51:27,720 Speaker 1: made the prediction on one of my episodes of forward 892 00:51:27,760 --> 00:51:31,120 Speaker 1: thinking that children born today will never have to drive 893 00:51:31,160 --> 00:51:35,080 Speaker 1: a car because the cars of their generation will all 894 00:51:35,160 --> 00:51:37,960 Speaker 1: be like, at least a car that you you could 895 00:51:38,000 --> 00:51:41,480 Speaker 1: buy a car once they reached the driving age that 896 00:51:41,600 --> 00:51:44,960 Speaker 1: does all the driving for you and uh and it's 897 00:51:45,280 --> 00:51:47,000 Speaker 1: that's one of those things that's going to require a 898 00:51:47,000 --> 00:51:49,840 Speaker 1: lot of changes, not just in technology but in policies. 899 00:51:50,440 --> 00:51:52,520 Speaker 1: Um And there are a lot of important questions that 900 00:51:52,560 --> 00:51:55,200 Speaker 1: you have to answer personally. I think that most technologies 901 00:51:55,239 --> 00:51:57,359 Speaker 1: are going to be able to behave more responsibly than 902 00:51:57,400 --> 00:52:00,799 Speaker 1: people do. But that's because you know, I have a 903 00:52:00,800 --> 00:52:03,640 Speaker 1: lot of faith in the reaction time of a computer 904 00:52:03,880 --> 00:52:07,160 Speaker 1: compared to the reaction time of a human being. I've 905 00:52:07,200 --> 00:52:10,759 Speaker 1: seen I mean, look, I've played those games and those 906 00:52:10,800 --> 00:52:15,560 Speaker 1: computer bots that they cheat. Man, they are cheap. They 907 00:52:15,680 --> 00:52:19,200 Speaker 1: juggle you. It's terrible. But anyway, um, yeah, I mean 908 00:52:19,239 --> 00:52:21,839 Speaker 1: this this is one of those things that I'm glad 909 00:52:21,880 --> 00:52:24,240 Speaker 1: you brought it up. I'm glad that this was a 910 00:52:24,280 --> 00:52:29,040 Speaker 1: discussion we could have because, uh, it's it's certainly an 911 00:52:29,080 --> 00:52:31,560 Speaker 1: area that people are getting more and more interested in, 912 00:52:32,000 --> 00:52:35,680 Speaker 1: and there's so little information that the average person has 913 00:52:35,719 --> 00:52:38,960 Speaker 1: access to, and and we've seen so much in the 914 00:52:39,000 --> 00:52:42,560 Speaker 1: hacking world as far as computers go, that it could 915 00:52:42,719 --> 00:52:47,160 Speaker 1: very quickly escalate into a fear, uncertainty, and doubt. Uh 916 00:52:47,200 --> 00:52:51,640 Speaker 1: you know, chaos, right, Because you look and see the 917 00:52:51,760 --> 00:52:54,800 Speaker 1: kinds of exploits people have made with like credit card systems, 918 00:52:54,920 --> 00:52:57,440 Speaker 1: you think, well, what if we apply that same sort 919 00:52:57,480 --> 00:53:00,919 Speaker 1: of exploit system with a car that the results could 920 00:53:00,960 --> 00:53:05,080 Speaker 1: be devastating. Yeah, there was already a huge stink that 921 00:53:05,239 --> 00:53:09,839 Speaker 1: was raised when we in the United States there's this 922 00:53:09,920 --> 00:53:13,799 Speaker 1: mandate that's going to require every car to have the 923 00:53:13,840 --> 00:53:16,080 Speaker 1: equivalent of a black box like you would see on 924 00:53:16,080 --> 00:53:18,960 Speaker 1: a plane, right, just captures all the data. And there 925 00:53:19,040 --> 00:53:21,200 Speaker 1: was this huge stink raised about it when it hit 926 00:53:21,239 --> 00:53:24,359 Speaker 1: the news. Uh, so much of a huge stink that 927 00:53:24,440 --> 00:53:27,160 Speaker 1: people forgot to do their research and find out that 928 00:53:27,680 --> 00:53:31,040 Speaker 1: the vast majority of US cars have had those very 929 00:53:31,120 --> 00:53:34,799 Speaker 1: number of years. So it's I think you're right, uh, 930 00:53:35,280 --> 00:53:38,120 Speaker 1: if you're in the uncertainty, because we have such a 931 00:53:38,160 --> 00:53:41,719 Speaker 1: dichotomy and when we contemplate the future, it's dystopic or 932 00:53:41,760 --> 00:53:47,960 Speaker 1: it's utopian, you know, utopic, Yeah, yeah, exactly. We we 933 00:53:48,320 --> 00:53:51,759 Speaker 1: tend to see things in the the extreme ends of 934 00:53:51,800 --> 00:53:54,520 Speaker 1: the spectrum, and the truth is we're going to live 935 00:53:54,560 --> 00:53:57,239 Speaker 1: somewhere in the middle and if if we're lucky, it's 936 00:53:57,239 --> 00:54:00,960 Speaker 1: gonna be leaning heavier on the utopia side than the dystopia. 937 00:54:01,000 --> 00:54:05,600 Speaker 1: And if we're not observant and responsive, it'll definitely be 938 00:54:05,680 --> 00:54:09,680 Speaker 1: on the second one to dystopia rather than utopia. But um, yeah, 939 00:54:09,719 --> 00:54:13,400 Speaker 1: I think I think it's good to to just you know, 940 00:54:13,640 --> 00:54:16,399 Speaker 1: keep in mind that there are electronic systems in your car. 941 00:54:16,840 --> 00:54:21,600 Speaker 1: Electronic systems can fail just like any other system. Uh, 942 00:54:21,640 --> 00:54:26,160 Speaker 1: they can be sabotaged with the right amount of um 943 00:54:26,320 --> 00:54:30,120 Speaker 1: of vim and vigor and elbow grease. But it's probably 944 00:54:30,520 --> 00:54:34,719 Speaker 1: it's more likely than not it's never gonna happen to you, like, 945 00:54:34,840 --> 00:54:38,600 Speaker 1: far more likely than not um, at least in the 946 00:54:38,600 --> 00:54:43,120 Speaker 1: current iteration of the wave vehicles work. Uh, You're much 947 00:54:43,160 --> 00:54:48,000 Speaker 1: more likely to encounter something that would be a problem, 948 00:54:48,080 --> 00:54:50,560 Speaker 1: like a driver cutting you off in traffic, which happens 949 00:54:50,560 --> 00:54:53,880 Speaker 1: all the time and could lead to really disastrous results, 950 00:54:54,080 --> 00:54:57,759 Speaker 1: then you ever would be with someone hacking your car. Uh. 951 00:54:58,000 --> 00:55:00,799 Speaker 1: So I'm glad we could talk of out it. Uh. 952 00:55:00,840 --> 00:55:05,040 Speaker 1: It's really an interesting topic. Ben People can find your 953 00:55:05,080 --> 00:55:08,760 Speaker 1: work all over the darn place. With how stuff works. 954 00:55:08,840 --> 00:55:11,680 Speaker 1: You are a host of car stuff. Along with Scott Benjamin, 955 00:55:12,080 --> 00:55:13,960 Speaker 1: you are a host of stuff they don't want you 956 00:55:14,000 --> 00:55:16,080 Speaker 1: to know. Along with Matt Frederick, you are one of 957 00:55:16,120 --> 00:55:20,840 Speaker 1: the many hosts of brain stuff. I am also occasionally 958 00:55:20,840 --> 00:55:24,920 Speaker 1: on brain stuff. Are you doing what the stuff? We're 959 00:55:25,000 --> 00:55:28,200 Speaker 1: both on what the stuff? Uh? I don't even know 960 00:55:28,280 --> 00:55:30,799 Speaker 1: what shows I host anymore, so I have to ask 961 00:55:30,840 --> 00:55:34,160 Speaker 1: you which ones you do? Have I missed any you 962 00:55:34,280 --> 00:55:37,840 Speaker 1: will know? We're I think those are most of the 963 00:55:38,480 --> 00:55:42,440 Speaker 1: food science Oh, food stuff stuff your food stuff? Okay, now, 964 00:55:42,600 --> 00:55:46,480 Speaker 1: folks on got another another final little tangent. If you 965 00:55:46,600 --> 00:55:49,840 Speaker 1: have not watched the How Stuff Works Food Stuff episodes, 966 00:55:50,400 --> 00:55:52,799 Speaker 1: you have got to do that, and you need to 967 00:55:52,840 --> 00:55:57,520 Speaker 1: do them in order because there's the narratives from one 968 00:55:57,560 --> 00:56:01,200 Speaker 1: episode to the next, so it does actually progress. And 969 00:56:01,280 --> 00:56:04,319 Speaker 1: you will also see occasionally other people from How Stuff 970 00:56:04,320 --> 00:56:07,800 Speaker 1: Works pop up. Joe McCormick, who is one of the 971 00:56:08,400 --> 00:56:11,799 Speaker 1: hosts of Forward Thinking podcast and also one of the 972 00:56:11,800 --> 00:56:14,600 Speaker 1: writers for Forward Thinking. He pops up in a recent 973 00:56:14,680 --> 00:56:20,520 Speaker 1: episode and they are informative and they really exercise the 974 00:56:20,560 --> 00:56:23,880 Speaker 1: comedic chops of Mr Ben Boland and Ms Kristen Conger, 975 00:56:24,160 --> 00:56:27,480 Speaker 1: both of whom are brilliant improvisers. So you've got to 976 00:56:27,520 --> 00:56:29,800 Speaker 1: treat yourself and go check out the Food Stuff So 977 00:56:29,960 --> 00:56:35,279 Speaker 1: it's they're fantastic. Wow, that's high. That's high. It's I'm 978 00:56:35,320 --> 00:56:37,120 Speaker 1: buttering you up so that you put me on the show. 979 00:56:38,280 --> 00:56:40,960 Speaker 1: I want to be on an episode, but I'll have 980 00:56:41,000 --> 00:56:43,480 Speaker 1: to come up with whatever the topic will be. But anyway, guys, 981 00:56:44,360 --> 00:56:46,719 Speaker 1: check out those shows. Remember you can get in touch 982 00:56:46,719 --> 00:56:49,040 Speaker 1: with tech stuff. Let's know, any suggestions you might have 983 00:56:49,080 --> 00:56:52,160 Speaker 1: for future episodes. Maybe there's another guest that you want 984 00:56:52,160 --> 00:56:54,319 Speaker 1: to have back. Maybe maybe you're thinking, Hey, we gotta 985 00:56:54,360 --> 00:56:56,400 Speaker 1: have Ben back on the show as soon as possible. 986 00:56:56,680 --> 00:56:58,839 Speaker 1: Let me know. Send me an email. My address is 987 00:56:58,880 --> 00:57:01,600 Speaker 1: tech Stuff at how stuff works dot com, or you 988 00:57:01,640 --> 00:57:04,960 Speaker 1: can drop me a line on Facebook, Twitter, or Tumblr. 989 00:57:04,960 --> 00:57:07,840 Speaker 1: The handle it all three is tech stuff H s W. 990 00:57:08,440 --> 00:57:10,719 Speaker 1: And I'll talk to you again, really soon