WEBVTT - TechStuff Classic: Hack That Auto 2.0 0:00:04.440 --> 0:00:07.840 Welcome to tech Stuff, a production from I Heart Radio. 0:00:11.720 --> 0:00:14.319 Hey there, and welcome to tech Stuff. I'm your host, 0:00:14.400 --> 0:00:17.520 Jonathan Strickland. I'm an executive producer with I Heart Radio 0:00:17.720 --> 0:00:21.119 and how the tech are you? It's time for a 0:00:21.239 --> 0:00:26.840 tech Stuff classic episode. This episode originally published May two 0:00:26.920 --> 0:00:31.240 thousand fifteen. It is called Hack That Auto two point 0:00:31.320 --> 0:00:34.360 oh and I had a special guest co host on 0:00:34.400 --> 0:00:37.879 that show, Joe McCormick. Joe is one of the co 0:00:38.000 --> 0:00:41.400 hosts of Stuff to Blow Your Mind. He was also 0:00:41.479 --> 0:00:45.400 one of my co hosts on Forward Thinking, the audio podcast, 0:00:45.440 --> 0:00:47.680 and he was also a writer on the video series 0:00:47.720 --> 0:00:52.639 Forward Thinking. Joe is one incredibly intelligent person, even if 0:00:52.680 --> 0:00:57.080 he doesn't recognize Douglas Adams quotes. And let's have them 0:00:57.080 --> 0:01:00.600 take it away. Hacking can mean any thing, right like, 0:01:01.720 --> 0:01:05.839 it doesn't necessarily the connotation we typically assigned to it 0:01:05.920 --> 0:01:09.320 is someone is trying to gain unauthorized access to something, 0:01:09.800 --> 0:01:14.240 which really is a subset of hacking exactly. Hacking really 0:01:14.240 --> 0:01:17.119 could mean that you are building stuff, like you could 0:01:17.160 --> 0:01:20.760 be a maker. You're trying to create a device that 0:01:20.840 --> 0:01:23.080 does a very specific thing, and it maybe to do 0:01:23.200 --> 0:01:25.720 it in a way that no one has done before it, 0:01:25.760 --> 0:01:29.399 maybe to increase efficiency efficiency maybe the furthest thing from 0:01:29.440 --> 0:01:31.640 your mind. It might just be to do something creatively. 0:01:32.040 --> 0:01:34.479 And in that previous episode of Hack that Auto, Ben 0:01:34.480 --> 0:01:37.319 and I covered lots of ways where you could use 0:01:37.720 --> 0:01:41.319 technology to alter a vehicle in order to make it 0:01:41.400 --> 0:01:44.160 do something that it was either not intended to do 0:01:44.680 --> 0:01:47.800 or that had been limitations that have been placed upon 0:01:47.800 --> 0:01:50.560 it at the manufacturing stage. WHOA, So you mean like 0:01:50.600 --> 0:01:53.360 you could overclock your car the same way you can 0:01:53.440 --> 0:01:55.960 overclock your CPU. Well, maybe not the same way, but 0:01:56.240 --> 0:01:59.000 getting a very similar response. Because there are governors and 0:01:59.040 --> 0:02:03.280 speed limitters vehicles right where it is set so that 0:02:03.440 --> 0:02:06.480 the engine might be capable of producing enough power to 0:02:07.480 --> 0:02:10.920 get you to a speed above the quote unquote top 0:02:10.919 --> 0:02:14.360 speed of your vehicle, but there are are elements inside 0:02:14.400 --> 0:02:17.600 the vehicle that limit those speeds, like you can't go 0:02:17.680 --> 0:02:21.280 beyond them because they essentially cut the power, so you're 0:02:21.280 --> 0:02:23.280 not going to be able to get more out of it. 0:02:23.320 --> 0:02:26.280 But if you hack your vehicle, you could, in theory, 0:02:26.400 --> 0:02:31.760 remove said limitations at your own peril and be able 0:02:31.880 --> 0:02:36.040 to go faster than what the vehicle's manufacturer had intended, 0:02:36.240 --> 0:02:38.680 you know, at the risk of sounding like a gullible sheep. 0:02:38.760 --> 0:02:41.320 I bet those limitations are there for a decent reason. 0:02:41.560 --> 0:02:44.680 They tend to be yeah, like I could probably damage 0:02:44.720 --> 0:02:47.440 your vehicle or do something unsafe if you exceed them. 0:02:47.520 --> 0:02:49.160 I don't know if you have you ever been in 0:02:49.200 --> 0:02:51.720 a car where it reached a certain speed and the 0:02:51.760 --> 0:02:54.320 car was beginning to feel like it was not enjoying 0:02:54.360 --> 0:02:57.680 that experience. Yeah, the first car I had, if you 0:02:57.720 --> 0:02:59.760 got up to about fifty five or so, it felt 0:02:59.800 --> 0:03:02.440 like it was about to come apart. Yeah. Yeah. And 0:03:02.480 --> 0:03:04.880 there are some cars where, even right off the lot, 0:03:05.040 --> 0:03:07.840 if you are pushing it at towards the top speed, 0:03:08.280 --> 0:03:10.880 you start to feel like, yeah, this vehicle is not 0:03:10.960 --> 0:03:13.440 really meant to maintain this for any length of time. 0:03:13.800 --> 0:03:16.080 But there are people who want to have that full 0:03:16.120 --> 0:03:18.680 control of their vehicle, and they want to be able 0:03:18.720 --> 0:03:21.560 to do things with their vehicle that perhaps the manufacturer 0:03:21.560 --> 0:03:25.600 had put limitations on, and they will hack their their cars. 0:03:25.639 --> 0:03:29.200 And this is made possible by well a couple of things. 0:03:29.200 --> 0:03:31.480 If you have a car that's more than twenty years old, 0:03:31.960 --> 0:03:36.320 then you might be able to mechanically alter that vehicle. Right. 0:03:36.720 --> 0:03:40.000 But as vehicles have become more and more complex More 0:03:40.000 --> 0:03:44.920 and more of those uh, those those systems have become computerized, 0:03:45.720 --> 0:03:49.600 and it's falling into what some people call the black 0:03:49.640 --> 0:03:52.520 box problem, which is where you have a system that 0:03:52.640 --> 0:03:55.080 is essentially contained within a black box, and it is 0:03:55.200 --> 0:03:59.080 very difficult, if not impossible, to get access inside that 0:03:59.120 --> 0:04:03.400 black box. You can alter what happens once this is 0:04:03.440 --> 0:04:05.680 what what whatever the output is of that system, you 0:04:05.680 --> 0:04:09.680 can alter that, and you can alter the arrangement of 0:04:09.840 --> 0:04:12.480 various black box systems. But if you don't have that 0:04:12.520 --> 0:04:17.000 special diagnostic computer right or any other means of tapping 0:04:17.040 --> 0:04:20.240 into it, then you're kind of stuck. And and the 0:04:20.360 --> 0:04:22.919 argument is that the technology is reaching a level of 0:04:22.960 --> 0:04:28.800 complexity where the tinker is becoming more and more rarefied, 0:04:28.960 --> 0:04:31.920 Like it's it's harder to be a tinker in that 0:04:31.960 --> 0:04:35.000 world because things are getting so specialized and so advanced 0:04:35.400 --> 0:04:38.320 that it requires a good deal of specialization just to 0:04:38.400 --> 0:04:41.680 alter one thing, let alone all the other related systems. 0:04:41.800 --> 0:04:44.000 I feel like we talked about this in an early 0:04:44.040 --> 0:04:47.440 episode of the Forward Thinking podcast. This sounds very familiar. 0:04:47.480 --> 0:04:50.040 But okay, so that's how you hack your own vehicle 0:04:50.120 --> 0:04:54.839 to improve or maybe not improve but change it. Sure, 0:04:55.440 --> 0:04:58.120 but what about the more you know. The more popular 0:04:58.160 --> 0:05:01.800 sense of hacking these days where talking about violating a 0:05:02.160 --> 0:05:06.800 supposedly secure system making it work for you. So Ben 0:05:06.839 --> 0:05:11.880 and I talked about this as well, and overwhelmingly the 0:05:11.960 --> 0:05:16.000 most prevalent version of that kind of hacking required physical 0:05:16.040 --> 0:05:18.840 access to the vehicle and that you would have a 0:05:18.960 --> 0:05:22.680 laptop that you would plug in with an adapter to 0:05:22.880 --> 0:05:27.120 your your cars computer system, and with that laptop you 0:05:27.160 --> 0:05:30.520 could alter things with the vehicle. In fact, you could 0:05:30.560 --> 0:05:32.479 even set it up so that you could have remote 0:05:32.480 --> 0:05:36.520 control of the vehicle through the laptop that's still physically 0:05:36.520 --> 0:05:39.360 attached to the car. Oh wow, I wouldn't. I wouldn't 0:05:39.400 --> 0:05:41.400 really expect that with it. I mean, I could see 0:05:41.440 --> 0:05:44.400 how that could be coming with autonomous cars. But I'm 0:05:44.839 --> 0:05:47.560 so you could control like gas and break and steering. 0:05:47.920 --> 0:05:51.080 You could certainly control things like brakes and steering. Uh, 0:05:51.120 --> 0:05:55.160 not necessarily acceleration, although you could do that too, I assume, 0:05:55.240 --> 0:05:59.360 but you could certainly alter things like you could you 0:05:59.360 --> 0:06:02.480 could make the brakes stopped working, and in fact, there 0:06:02.480 --> 0:06:05.120 have been demonstrations where people have done that where it 0:06:05.200 --> 0:06:08.320 was done in a safe way. But to show that, 0:06:08.360 --> 0:06:11.440 like the anti lock brake system would be disconnected, so 0:06:11.480 --> 0:06:14.560 that hitting the brake would do nothing and the car 0:06:14.600 --> 0:06:16.640 would continue on as if you hadn't hit the brake 0:06:16.680 --> 0:06:19.280 at all. Just kind of terrifying to think about. But 0:06:19.800 --> 0:06:23.320 there was a laptop computer sitting right there, plugged into 0:06:23.440 --> 0:06:27.000 the dashboard. It was just that the commands. Like, think 0:06:27.000 --> 0:06:28.680 of it this way, it's the same thing as if 0:06:28.680 --> 0:06:31.680 someone were sitting in the passenger seat sending the commands 0:06:31.720 --> 0:06:34.719 from the laptop directly to your car's computer. Only you 0:06:34.800 --> 0:06:36.960 have removed the need for a person to be sitting 0:06:36.960 --> 0:06:39.480 there because you have a remote system sitting the commands 0:06:39.520 --> 0:06:41.680 to the laptop, which then send the commands to the 0:06:41.720 --> 0:06:44.360 car computer. Well, if you're gonna do that, you might 0:06:44.360 --> 0:06:46.600 as well just say, well, somebody sitting in the passenger 0:06:46.680 --> 0:06:49.120 seat could reach over and grab the steering wheel, right, 0:06:49.160 --> 0:06:50.800 And that was the point, right, That was the point 0:06:50.839 --> 0:06:52.800 that allot of the car manufacturers were making, that a 0:06:52.800 --> 0:06:56.840 lot of security experts were making. They said, these examples 0:06:57.000 --> 0:07:00.960 require somebody to have physical access to your vehicle in 0:07:01.120 --> 0:07:04.800 order for them to make these alterations, and therefore it's 0:07:05.000 --> 0:07:08.600 not necessarily something to go out and panic over. Yeah, 0:07:08.600 --> 0:07:11.520 so that doesn't really bother me? What would really bother me? 0:07:11.600 --> 0:07:13.760 And and a quick digression, I think you and I 0:07:13.800 --> 0:07:17.240 are both on the record as being pretty pro autonomous vehicle. 0:07:17.840 --> 0:07:21.600 I am on it would be harder for me to 0:07:21.760 --> 0:07:24.920 be more pro autonomous vehicle. I am also very pro 0:07:25.000 --> 0:07:28.680 autonomous vehicle despite all these concerns, And one of these 0:07:28.680 --> 0:07:33.480 concerns is what if somebody could wirelessly hack an autonomous vehicle? 0:07:33.560 --> 0:07:36.560 And that seems like, I mean, hopefully the industry will 0:07:36.560 --> 0:07:39.440 take all the proper steps to prevent that from happening, 0:07:39.560 --> 0:07:43.440 But autonomous vehicles do need to be able to communicate 0:07:43.480 --> 0:07:47.200 with each other, so it seems like they may possibly 0:07:47.240 --> 0:07:52.080 have some wireless based vulnerabilities. And there are cars out 0:07:52.120 --> 0:07:56.360 there right now that have wireless vulnerabilities, and we'll talk 0:07:56.440 --> 0:07:59.720 more about specifics in a little bit. So you are 0:07:59.760 --> 0:08:02.880 at slutely right that autonomous cars will have these because 0:08:02.920 --> 0:08:05.840 we have cars right now that have these these wireless 0:08:05.960 --> 0:08:10.200 vulnerabilities from from various systems. Uh, there have been examples 0:08:10.440 --> 0:08:14.640 of people using the entertainment systems within certain cars to 0:08:14.880 --> 0:08:18.480 hack into the rest of the vehicle. Now you would 0:08:18.520 --> 0:08:23.120 think that these should be networks within a car that 0:08:23.160 --> 0:08:25.720 are completely separate that don't have anything to do with 0:08:25.760 --> 0:08:30.640 one another. But there are times where, either because the 0:08:30.720 --> 0:08:35.200 design is simpler or because of well intentioned reasons, the 0:08:35.200 --> 0:08:37.720 they are coupled more closely. Like imagine that you have 0:08:37.920 --> 0:08:41.400 an entertainment system that is wired in such a way 0:08:41.440 --> 0:08:45.680 where the volume of the system will automatically adjust based 0:08:45.760 --> 0:08:50.280 upon your acceleration. So if you accelerate more, the volume 0:08:50.320 --> 0:08:52.599 goes up because it figures, hey, now it's going to 0:08:52.640 --> 0:08:54.960 be a noisier environment, so I need to balance out 0:08:55.000 --> 0:08:57.320 by becoming louder so that the person can continue to 0:08:57.520 --> 0:09:00.480 have the same experience listening to whatever they're listening to, 0:09:01.040 --> 0:09:04.320 whether they're going slowly or quickly. Well, that means that 0:09:04.400 --> 0:09:07.120 there needs to be some data coming from the drive 0:09:07.280 --> 0:09:09.400 system of the vehicle, and it may just be data, 0:09:09.440 --> 0:09:11.440 and it may just flow one way, which would be 0:09:11.480 --> 0:09:14.839 the best way to implement that, but it may mean 0:09:14.920 --> 0:09:17.880 that these systems are more connected than you had first imagined. 0:09:18.360 --> 0:09:23.559 So as we get into more WiFi based entertainment systems, 0:09:24.040 --> 0:09:28.000 that is a potential point of vulnerability for vehicles. Yeah, 0:09:28.040 --> 0:09:30.120 and a thing that just occurs to me is that 0:09:30.240 --> 0:09:34.719 hopefully anybody who made these would sort of have entertainment 0:09:34.760 --> 0:09:38.080 systems running on what's essentially a different computer than the 0:09:38.120 --> 0:09:41.480 computer that controls the engine. Otherwise it seems like it 0:09:41.520 --> 0:09:44.400 could be vulnerable to the kind of buffer overflow attack 0:09:44.559 --> 0:09:47.800 or something where you, uh, you have some kind of 0:09:47.960 --> 0:09:50.520 like you max out the memory on something and then 0:09:50.559 --> 0:09:53.480 you start and then once you've maxed out that area, 0:09:53.520 --> 0:09:56.120 it overflows into a place where you can just execute 0:09:56.160 --> 0:09:59.240 some code. Right. Yeah, that's a good example. I mean that, 0:09:59.240 --> 0:10:01.319 that's certainly so something that that needs to be thought 0:10:01.360 --> 0:10:04.640 about when designing these systems. And to make this more complicated, 0:10:05.120 --> 0:10:07.400 we have things like, you know, the wireless entry systems 0:10:07.520 --> 0:10:11.200 which can be spoofed, although it's not easy to do so. 0:10:11.559 --> 0:10:13.880 So wireless obviously that's when you've got, you know, your 0:10:13.880 --> 0:10:15.640 little key fob and you push a button and it 0:10:15.679 --> 0:10:19.079 unlocks the door so you can get into your car. Uh. 0:10:19.320 --> 0:10:23.920 Those work on little radio signals, and it is possible 0:10:24.160 --> 0:10:29.680 to broadcast radio signals at a car and activate it's 0:10:30.080 --> 0:10:33.360 unlocking mechanism. It's not easy, and the reason it's not 0:10:33.440 --> 0:10:36.959 easy is that you need to know generally what frequency 0:10:37.240 --> 0:10:40.840 this thing is broadcasting over, so it may require you 0:10:40.920 --> 0:10:43.439 to be in the presence of the key fob being used. 0:10:43.760 --> 0:10:45.960 In order to pick up on this frequency, you really 0:10:45.960 --> 0:10:48.680 need to know probably the beginning of the code, which 0:10:48.679 --> 0:10:52.800 again you can sometimes glean by listening in essentially on 0:10:53.040 --> 0:10:57.520 that key fob um and then you have to brute 0:10:57.559 --> 0:11:00.080 force attack because the way key fobs work is it 0:11:00.120 --> 0:11:02.960 works with a rolling algorithm, So every time you press 0:11:03.000 --> 0:11:06.839 that button, it changes the code, so the cook but 0:11:07.080 --> 0:11:09.640 it's changed based upon an algorithm, so it's based upon 0:11:09.720 --> 0:11:13.120 specific rules. It's not random, because if it were random, 0:11:13.240 --> 0:11:15.880 no car would ever know when it's key is being used, right, 0:11:15.920 --> 0:11:19.080 but it But that means that if you are using 0:11:19.280 --> 0:11:22.080 a remote attack to try and get access to a vehicle, 0:11:22.200 --> 0:11:23.839 then you have to do a brute force so this 0:11:23.880 --> 0:11:28.640 can take minutes up to hours, depending upon uh the 0:11:29.160 --> 0:11:32.760 system and depending upon your luck based upon where you're 0:11:32.800 --> 0:11:37.080 starting from the code. And also it means that if 0:11:37.160 --> 0:11:39.839 you have a keyless entry and you go to your 0:11:39.840 --> 0:11:42.480 car and you try and use it and someone has 0:11:42.520 --> 0:11:45.559 remotely accessed your vehicle, one of the only ways you 0:11:45.640 --> 0:11:47.640 might be able to tell, assuming that your vehicle is 0:11:47.679 --> 0:11:50.840 still there, is that is that it takes a couple 0:11:50.840 --> 0:11:53.400 of presses before anything works, because it will take a 0:11:53.440 --> 0:11:56.280 while for the the code on your key fob to 0:11:56.360 --> 0:11:59.200 match up with the code that's in the car. So 0:11:59.360 --> 0:12:00.920 in other words, of press it and you're like, oh, 0:12:01.000 --> 0:12:02.880 nothing's happening, and you pressed a couple more times, then 0:12:02.920 --> 0:12:06.440 it it'll synchronize up again and then you can have access. Uh, 0:12:06.480 --> 0:12:09.760 this is something that has been done already. Security experts 0:12:09.800 --> 0:12:13.280 have shown. There's one in particular who used his own 0:12:13.480 --> 0:12:17.920 vehicle to demonstrate that you could gain access, but it 0:12:17.960 --> 0:12:21.120 could take hours and it takes a huge amount of effort, 0:12:21.480 --> 0:12:24.280 so it's not something that is is probably easier to 0:12:24.320 --> 0:12:26.160 just get a brick and bash the window. Yeah, it's 0:12:26.200 --> 0:12:28.640 definitely not likely to happen, right, I get like the 0:12:28.679 --> 0:12:31.959 likelihood of it happening is incredibly low because there are 0:12:32.040 --> 0:12:34.720 other ways of getting access to a vehicle that require 0:12:34.840 --> 0:12:38.520 far less work and far less access to set vehicle 0:12:38.600 --> 0:12:42.800 for a given length of time. We'll be back with 0:12:42.840 --> 0:12:45.480 more of this classic episode of tech stuff after this 0:12:45.559 --> 0:12:56.800 quick break. There are other examples of someone having a 0:12:56.880 --> 0:13:01.800 remote control of a vehicle, but was it was by 0:13:01.840 --> 0:13:05.760 exploiting a system that was intended to have this remote 0:13:05.800 --> 0:13:08.840 shutdown feature. So you you know that a lot of 0:13:08.920 --> 0:13:13.559 vehicles have this ability for for a an entity to 0:13:14.400 --> 0:13:17.160 either remotely shut down the engine or do things like 0:13:17.200 --> 0:13:20.000 hawk the horn, right, yeah, I think, uh, well, I 0:13:20.040 --> 0:13:23.520 know one scenario in which this occurs would be like, 0:13:24.200 --> 0:13:27.520 so let's say you take out a loan on a 0:13:27.520 --> 0:13:30.280 car and the person who sells you the car is 0:13:30.360 --> 0:13:33.000 not very confident that you will pay back that loan. 0:13:33.760 --> 0:13:36.640 They can put equipment on the car that prevents it 0:13:36.720 --> 0:13:39.320 from starting up, right, so they can say, this person 0:13:39.400 --> 0:13:42.440 isn't paying on their financing, we need to shut down 0:13:42.480 --> 0:13:44.880 the car's ability to run. Yeah, it's essentially a remote 0:13:45.000 --> 0:13:48.200 kill switch, and your car will not start at that point. 0:13:48.440 --> 0:13:51.200 And uh, yeah, it could be hopefully they wouldn't be 0:13:51.200 --> 0:13:53.880 able to turn off the engine while you're driving. No, 0:13:54.720 --> 0:13:57.800 I don't think that's that's a possibility, but they could 0:13:57.840 --> 0:14:00.679 certainly do it, you know, so that the next time 0:14:00.720 --> 0:14:02.400 you try to start up your car it doesn't work. 0:14:03.000 --> 0:14:05.520 And uh, it can be used in that case where 0:14:05.800 --> 0:14:07.760 someone's not keeping up with their payments. It can also 0:14:07.800 --> 0:14:09.920 be used in the case of a stolen car. So 0:14:09.960 --> 0:14:12.040 if your car stolen, you report it to the police. 0:14:12.559 --> 0:14:15.000 You work with the dealership, you explain, hey, my vehicle 0:14:15.040 --> 0:14:18.360 was stolen, they can actually activate this remote kill switch 0:14:18.480 --> 0:14:20.880 so that the criminals who have possession of your car 0:14:20.920 --> 0:14:23.400 are no longer able to drive it, and then the 0:14:23.400 --> 0:14:26.520 police can hopefully locate your vehicle and you get it back, 0:14:27.120 --> 0:14:29.840 uh Right. So there are legitimate reasons why you would 0:14:29.880 --> 0:14:32.480 want that technology install on your vehicle. However, there was 0:14:32.560 --> 0:14:37.720 at least one case where a person who had access 0:14:37.760 --> 0:14:43.240 to said system uh accessed it for personal reasons and 0:14:43.840 --> 0:14:49.400 out of vindictiveness, was essentially harassing somebody using the system 0:14:49.440 --> 0:14:52.600 to mess with their vehicle. So if you look at 0:14:52.440 --> 0:14:56.760 a discussions about car hacking and they always say, like, 0:14:57.160 --> 0:14:59.960 what are the examples of malicious car hacking, they said, well, 0:15:00.040 --> 0:15:03.280 outside of research and development, where where security researchers are 0:15:03.320 --> 0:15:07.520 trying their best to do this to see if it's viable, 0:15:08.080 --> 0:15:11.000 there's only one example of it ever actually happening. And 0:15:11.040 --> 0:15:14.080 in that case, it wasn't hacking in the sense of 0:15:14.120 --> 0:15:15.800 someone setting down at their computer and trying to get 0:15:15.800 --> 0:15:19.480 access to a vehicle, someone exploiting an existing system that 0:15:19.600 --> 0:15:24.280 was already attached to that vehicle. But that being said, 0:15:24.840 --> 0:15:30.360 with all those caveats laid out the issue of wireless 0:15:30.440 --> 0:15:34.560 hacking a vehicle of remotely accessing a vehicle is by 0:15:34.560 --> 0:15:39.320 no means a dead issue. It is something that is 0:15:39.400 --> 0:15:43.200 continuously brought up, and as of the time that we're 0:15:43.200 --> 0:15:47.720 recording this podcast, which is in May of twenty, there's 0:15:48.520 --> 0:15:52.720 increasing interest in this because of a pair of researchers 0:15:52.800 --> 0:15:55.560 and what they claim they are able to do and 0:15:55.600 --> 0:15:59.720 what they will show off at the black Hat Conference 0:16:00.000 --> 0:16:04.200 in August. What is that? Well, first I should explain 0:16:04.240 --> 0:16:06.720 what the black Hat Conference is, So it's a um 0:16:07.480 --> 0:16:11.000 it's essentially it's a hacker convention. It's all about discussing 0:16:11.040 --> 0:16:16.200 security vulnerabilities and uh the ways to exploit them. Now, 0:16:17.160 --> 0:16:20.080 in hacker circles, you have white hats and black hats, 0:16:20.080 --> 0:16:23.320 and sometimes you can argue gray hats. White hat hackers 0:16:23.400 --> 0:16:27.080 are people who are looking for security vulnerabilities with the 0:16:27.120 --> 0:16:31.040 intent to have those security vulnerabilities patched so that they 0:16:31.080 --> 0:16:36.080 are no longer vulnerable. Black hat hackers UH tend to 0:16:36.160 --> 0:16:39.160 be the folks who find security vulnerabilities in order to 0:16:39.200 --> 0:16:42.480 exploit them, whether that is to exploit them directly or 0:16:42.520 --> 0:16:46.040 to exploit them by selling that information to other interested parties, 0:16:46.600 --> 0:16:49.600 and whether they're doing it for cash or for leverage 0:16:49.600 --> 0:16:52.160 over somebody, or just for fun, Yeah, just to build 0:16:52.160 --> 0:16:54.960 their own reputation, as opposed to, you know, a genuine 0:16:55.000 --> 0:16:57.440 desire to help other folks. So even though it's called 0:16:57.480 --> 0:16:59.680 the black Hat Conference, it doesn't necessarily mean that these 0:16:59.680 --> 0:17:01.680 are all people who are gathering around trying to figure 0:17:01.680 --> 0:17:04.080 out how to control the world through their laptops. Often 0:17:04.160 --> 0:17:08.040 its actual discussions about these are serious concerns that we 0:17:08.119 --> 0:17:10.680 need to address in order to make sure that they 0:17:10.680 --> 0:17:16.320 don't become huge problems go beyond concern to an enormous problem. 0:17:16.400 --> 0:17:20.560 So the the researchers were talking about actually, I think 0:17:20.560 --> 0:17:23.840 Ben and I mentioned them to Charlie Miller and Chris 0:17:24.000 --> 0:17:29.520 valisek Uh, their two security experts who had talked about 0:17:29.520 --> 0:17:33.800 hacking cars previously. They had uh shown in two thousand 0:17:33.840 --> 0:17:37.040 thirteen and two thousand and fourteen various ways to hack 0:17:37.200 --> 0:17:41.199 vehicles UH, and now they are talking that in the 0:17:41.240 --> 0:17:45.199 two thousand fifteen conference in August they will reveal a 0:17:45.280 --> 0:17:48.760 way of remotely gaining access to a vehicle. It does 0:17:48.800 --> 0:17:52.600 not require you to plug a laptop into a computer. 0:17:52.760 --> 0:17:55.400 They say that you could do this with an unmodified 0:17:55.480 --> 0:17:59.760 vehicle as soon as it rolls off the dealership. Scary, 0:18:00.119 --> 0:18:04.920 very scary. Um, that's an excellent question. I think that 0:18:05.320 --> 0:18:11.120 I'm sure that they have something. The extent of that, yeah, no, no, no, 0:18:11.400 --> 0:18:15.280 the extent of what they have I do not know. Now. Previously, 0:18:15.320 --> 0:18:18.359 they have published lists of vehicles that they have looked 0:18:18.359 --> 0:18:24.240 at that they say represent, you know, the most hackable 0:18:24.640 --> 0:18:26.760 kind of vehicles, and the very top of the list, 0:18:26.760 --> 0:18:31.520 where the Jeep Cherokee was number one. That's the most table, 0:18:31.720 --> 0:18:36.960 most tackable, most tackical. But they they had identify three 0:18:37.040 --> 0:18:42.720 different criteria for hackability, including things like are the systems 0:18:42.760 --> 0:18:46.160 interconnected with one with one another? How many wireless points 0:18:46.200 --> 0:18:50.560 of entry are are potentially there? That sort of stuff, 0:18:50.960 --> 0:18:54.199 And out of the various criteria, the Jeep Cherokee had 0:18:54.240 --> 0:18:57.720 the most of them, the most examples. Uh, the Infinity 0:18:57.800 --> 0:19:00.000 Q fifty was also up there in the Cattle I 0:19:00.320 --> 0:19:06.520 Escalade as ah as the the SNL Southern character would say, 0:19:07.119 --> 0:19:11.240 was also up there. And uh, when we're talking about 0:19:11.280 --> 0:19:15.920 wireless points of vulnerability, really you're talking about any system 0:19:16.200 --> 0:19:22.280 that has that wireless communication capability. So one example, which 0:19:22.359 --> 0:19:26.160 is perfectly innocent in of itself, is the tire monitoring 0:19:26.240 --> 0:19:29.000 system the tire pressure monitoring system. So if you have 0:19:29.040 --> 0:19:31.760 a vehicle that has this, then like you get in 0:19:31.760 --> 0:19:34.080 your car, you turn your you know, you put the 0:19:34.119 --> 0:19:37.200 key in the ignition you or if it's key less ignition, 0:19:37.240 --> 0:19:39.840 you turn on your car, however that may be. And 0:19:39.840 --> 0:19:42.960 there might be an indicator on your dashboard that tells you, 0:19:42.960 --> 0:19:45.960 you know, if your tires are overinflated, underinflated, what the 0:19:46.160 --> 0:19:48.960 you know, how the pressure is? Uh, which is kind 0:19:48.960 --> 0:19:51.120 of cool. You're like, oh, awesome, I don't need to 0:19:51.160 --> 0:19:53.439 get out of my vehicle, you know, pull over to 0:19:53.480 --> 0:19:56.600 a gas station or whatever and get the air pressure 0:19:56.640 --> 0:19:58.840 gauge out and see how it's doing. It's telling me 0:19:58.960 --> 0:20:01.679 right here, um, which is useful. But it's doing so 0:20:01.760 --> 0:20:06.840 with wireless sensors that communicate back to the the computer 0:20:06.960 --> 0:20:10.520 system that is governing all the other systems in the car. Yeah. 0:20:10.680 --> 0:20:13.679 I can see why you wouldn't want wires going to 0:20:13.720 --> 0:20:18.200 the tires. Yeah, yeah, no, it would It would be problematic, right. 0:20:18.240 --> 0:20:22.240 So the the wireless system is likely communicating with the 0:20:22.359 --> 0:20:26.280 what was called the controller area network bus or can bus, 0:20:26.880 --> 0:20:30.199 which is kind of like the the traffic controller of 0:20:30.200 --> 0:20:33.080 all the different systems that feed information into the car's 0:20:33.119 --> 0:20:36.800 computer the master control program. Yeah, if not the master 0:20:36.880 --> 0:20:40.320 control program, it's got to be like the master control programs. 0:20:40.720 --> 0:20:47.119 Uh executive assistant, Right, yeah, yeah, it's a it's good 0:20:47.160 --> 0:20:50.960 old David uh not Yeah, Stark controlling this. So yeah, exactly, 0:20:50.960 --> 0:20:53.720 it's it's this this traffic controller that sends the information 0:20:53.760 --> 0:20:57.680 to the computer. Well, you know, that's a potential point 0:20:57.680 --> 0:21:01.840 of vulnerability. And there have been example of being able 0:21:01.880 --> 0:21:05.959 to track a vehicle based upon tracking the unique monitoring 0:21:06.800 --> 0:21:12.280 frequency for that that tire pressure system. So you could 0:21:12.600 --> 0:21:16.879 potentially track where a vehicle has gone by keeping note 0:21:17.000 --> 0:21:22.680 of this particular this particular wireless communication system. If you could, 0:21:22.920 --> 0:21:27.320 can you get access to more critical systems like breaking 0:21:27.600 --> 0:21:31.480 or steering through that? That remains to be seen. So 0:21:32.160 --> 0:21:38.359 Miller and uh and Valask have said that they have 0:21:38.520 --> 0:21:43.760 found some interesting stuff through their experiments. Um, they haven't 0:21:43.800 --> 0:21:46.640 had this discussion, so we can't say exactly what they revealed, 0:21:46.640 --> 0:21:48.960 but they have said that UH or at least the 0:21:49.000 --> 0:21:53.800 black Hat website says that the presentation will include starting 0:21:53.800 --> 0:21:56.640 with remote exploitation, we will show how to pivot through 0:21:56.760 --> 0:22:00.320 different pieces of the vehicle's hardware in order to be 0:22:00.359 --> 0:22:03.760 able to send messages on the can bus to critical 0:22:03.960 --> 0:22:08.320 electronic control units e c U s. We will conclude 0:22:08.320 --> 0:22:12.159 by showing several can messages that affect physical systems of 0:22:12.200 --> 0:22:15.760 the vehicle. So that that's pretty vague, right. It doesn't 0:22:15.800 --> 0:22:21.040 specifically say that it could do something like break the 0:22:21.119 --> 0:22:24.200 car as it b R a k E the car, 0:22:24.280 --> 0:22:28.600 like apply the brakes. Doesn't say that, uh, you know, explicitly, 0:22:28.640 --> 0:22:33.160 so maybe their methodology will be limited. And in fact, 0:22:33.160 --> 0:22:37.000 they say that they plan on showing both the reality 0:22:37.040 --> 0:22:42.520 and the limitations of remote hacking on vehicles. So a 0:22:42.560 --> 0:22:45.840 lot of security experts have said, listen, this is something 0:22:45.840 --> 0:22:48.840 to be concerned about, yes, but not something to panic 0:22:48.920 --> 0:22:53.840 over because one, they have not indicated how extensive these 0:22:54.440 --> 0:22:58.120 these messages can go, like what what the effects can be. Two, 0:22:58.200 --> 0:23:01.760 they haven't discussed their methodology of coming up with the ability, 0:23:01.840 --> 0:23:04.679 the way of doing it, or if whether or not 0:23:04.720 --> 0:23:09.879 they plan on sharing in detail how it's done. And three, 0:23:10.040 --> 0:23:13.760 it may require so much effort to do this that, 0:23:14.600 --> 0:23:17.600 just like the keyless entry, no one would ever bother 0:23:17.720 --> 0:23:19.920 to do it, because they are easier ways to sabotage 0:23:19.920 --> 0:23:23.520 a vehicle than going through these processes but showing that 0:23:24.080 --> 0:23:28.720 it's possible means that further like the future generations of 0:23:28.800 --> 0:23:34.640 vehicles could be built and designed to counteract this sort 0:23:34.640 --> 0:23:38.400 of stuff from the from the get go, so that 0:23:38.560 --> 0:23:44.280 it doesn't become attempting enough target to make further investigation 0:23:44.400 --> 0:23:46.800 into that that line of attack. Right, Like, if you 0:23:47.080 --> 0:23:50.119