1 00:00:04,240 --> 00:00:12,479 Speaker 1: Get in touch with technology with tech Stuff from Hey 2 00:00:12,520 --> 00:00:15,320 Speaker 1: there and welcome to tech Stuff. I'm Jonathan Strickland and 3 00:00:15,400 --> 00:00:19,279 Speaker 1: joined me in the studio today is Joe McCormick. Hey, Joe, 4 00:00:19,400 --> 00:00:22,400 Speaker 1: Hey Jonathan. I'm doing great. How are you? I am 5 00:00:22,480 --> 00:00:26,720 Speaker 1: quite well and Joe very graciously agreed to join me 6 00:00:26,840 --> 00:00:29,760 Speaker 1: on this episode where we're going to update a topic 7 00:00:29,960 --> 00:00:33,559 Speaker 1: that I covered with Ben Boland's back on November ten, 8 00:00:33,680 --> 00:00:36,760 Speaker 1: two thousand and fourteen. The episode came out called Hack 9 00:00:36,880 --> 00:00:39,400 Speaker 1: That Auto. So this is Hacked that Auto two point oh. 10 00:00:39,600 --> 00:00:41,800 Speaker 1: So wait a minute. This was about the technology of 11 00:00:41,840 --> 00:00:46,159 Speaker 1: like hatchets that you used to mutilate and destroy automobiles. No, 12 00:00:46,560 --> 00:00:50,040 Speaker 1: just people named auto. Oh no, like Vondas Mark. That 13 00:00:50,040 --> 00:00:53,280 Speaker 1: sounds horribly violent. It was pretty violent. Ben is a 14 00:00:53,360 --> 00:00:55,920 Speaker 1: Ben is just a ticking time bomb. Wait a minute, 15 00:00:56,000 --> 00:00:58,920 Speaker 1: Hold on a second. I'm remembering that in the world 16 00:00:58,960 --> 00:01:02,920 Speaker 1: of tech mala gea hack means something different than what 17 00:01:03,000 --> 00:01:05,880 Speaker 1: I do to would it? Does it? Does? It generally 18 00:01:05,959 --> 00:01:10,360 Speaker 1: means that you are, you know, hacking together something to 19 00:01:10,560 --> 00:01:13,679 Speaker 1: accomplish a particular goal, and hacking can mean anything, right 20 00:01:13,720 --> 00:01:18,560 Speaker 1: like it doesn't necessarily the connotation we typically assigned to 21 00:01:18,600 --> 00:01:22,600 Speaker 1: it is someone is trying to gain unauthorized access to something, 22 00:01:23,080 --> 00:01:27,520 Speaker 1: which really is a subset of hacking exactly. Hacking really 23 00:01:27,560 --> 00:01:30,399 Speaker 1: could mean that you are building stuff, like you could 24 00:01:30,440 --> 00:01:34,039 Speaker 1: be a maker. You're trying to create a device that 25 00:01:34,120 --> 00:01:36,440 Speaker 1: does a very specific thing, and it maybe to do 26 00:01:36,480 --> 00:01:38,800 Speaker 1: it in a way that no one has done before. 27 00:01:38,920 --> 00:01:42,520 Speaker 1: It maybe to increase efficiency, efficiency, maybe the furthest thing 28 00:01:42,520 --> 00:01:44,919 Speaker 1: from your mind. It might just be to do something creatively. 29 00:01:45,319 --> 00:01:47,760 Speaker 1: And in that previous episode of Hack that Auto, Ben 30 00:01:47,760 --> 00:01:50,600 Speaker 1: and I covered lots of ways where you could use 31 00:01:51,000 --> 00:01:54,600 Speaker 1: technology to alter a vehicle in order to make it 32 00:01:54,680 --> 00:01:57,440 Speaker 1: do something that it was either not intended to do 33 00:01:57,960 --> 00:02:01,080 Speaker 1: or that had been limitation that have been placed upon 34 00:02:01,080 --> 00:02:03,640 Speaker 1: it at the manufacturing stage. WHOA, WHOA. So you mean 35 00:02:03,720 --> 00:02:06,480 Speaker 1: like you could overclock your car the same way you 36 00:02:06,520 --> 00:02:09,160 Speaker 1: can overclock your CPU. Well, maybe not the same way, 37 00:02:09,200 --> 00:02:12,200 Speaker 1: but getting a very similar response, because there are governors 38 00:02:12,200 --> 00:02:15,400 Speaker 1: and speed limitters on vehicles right where it is set 39 00:02:16,000 --> 00:02:19,040 Speaker 1: so that the engine might be capable of producing enough 40 00:02:19,080 --> 00:02:23,480 Speaker 1: power to get you to a speed above the quote 41 00:02:23,520 --> 00:02:26,600 Speaker 1: unquote top speed of your vehicle, but there are are 42 00:02:26,639 --> 00:02:30,280 Speaker 1: elements inside the vehicle that limit those speeds. Like you 43 00:02:30,360 --> 00:02:34,200 Speaker 1: can't go beyond them because they essentially cut the power, 44 00:02:34,280 --> 00:02:35,760 Speaker 1: so you're not going to be able to get more 45 00:02:35,800 --> 00:02:38,919 Speaker 1: out of it. But if you hack your vehicle, you could, 46 00:02:39,000 --> 00:02:44,120 Speaker 1: in theory, remove said limitations at your own peril and 47 00:02:44,440 --> 00:02:48,480 Speaker 1: be able to go faster than what the vehicle's manufacturer 48 00:02:48,520 --> 00:02:51,080 Speaker 1: had intended, you know, at the risk of sounding like 49 00:02:51,120 --> 00:02:53,720 Speaker 1: a gullible sheep, I bet those limitations are there for 50 00:02:53,760 --> 00:02:57,000 Speaker 1: a decent reason. They tend to be. Yeah, like, I 51 00:02:57,000 --> 00:03:00,080 Speaker 1: could probably damage your vehicle or do something unsafe if 52 00:03:00,080 --> 00:03:01,880 Speaker 1: you exceed them. I don't know if you have you 53 00:03:01,919 --> 00:03:04,400 Speaker 1: ever been in a car where it reached a certain 54 00:03:04,440 --> 00:03:06,600 Speaker 1: speed and the car was beginning to feel like it 55 00:03:06,680 --> 00:03:10,680 Speaker 1: was not enjoying that experience. Yeah, the first car I had, 56 00:03:10,760 --> 00:03:12,600 Speaker 1: if you got up to about fifty five or so, 57 00:03:12,680 --> 00:03:15,480 Speaker 1: it felt like it was about to come apart. Yeah. Yeah. 58 00:03:15,600 --> 00:03:18,280 Speaker 1: And there are some cars where, even right off the lot, 59 00:03:18,320 --> 00:03:21,120 Speaker 1: if you are pushing it at towards the top speed, 60 00:03:21,560 --> 00:03:24,160 Speaker 1: you start to feel like, yeah, this vehicle is not 61 00:03:24,240 --> 00:03:26,720 Speaker 1: really meant to maintain this for any length of time. 62 00:03:27,120 --> 00:03:29,360 Speaker 1: But there are people who want to have that full 63 00:03:29,400 --> 00:03:31,960 Speaker 1: control of their vehicle and they want to be able 64 00:03:32,000 --> 00:03:34,840 Speaker 1: to do things with their vehicle that perhaps the manufacturer 65 00:03:34,840 --> 00:03:38,880 Speaker 1: had put limitations on, and they will hack their their cars. 66 00:03:38,920 --> 00:03:42,480 Speaker 1: And this is made possible by well a couple of things. 67 00:03:42,480 --> 00:03:44,760 Speaker 1: If you have a car that's more than twenty years old, 68 00:03:45,240 --> 00:03:49,600 Speaker 1: then you might be able to mechanically alter that vehicle, right. 69 00:03:50,000 --> 00:03:53,280 Speaker 1: But as vehicles have become more and more complex, more 70 00:03:53,280 --> 00:03:58,200 Speaker 1: and more of those uh, those those systems have become computerized, 71 00:03:59,000 --> 00:04:02,880 Speaker 1: and it's falling into what some people call the black 72 00:04:02,960 --> 00:04:05,800 Speaker 1: box problem, which is where you have a system that 73 00:04:05,920 --> 00:04:08,360 Speaker 1: is essentially contained within a black box and it is 74 00:04:08,480 --> 00:04:12,360 Speaker 1: very difficult, if not impossible, to get access inside that 75 00:04:12,400 --> 00:04:16,680 Speaker 1: black box. You can alter what happens once this is 76 00:04:16,760 --> 00:04:18,960 Speaker 1: what what whatever the output is of that system, you 77 00:04:19,000 --> 00:04:22,960 Speaker 1: can alter that, and you can alter the arrangement of 78 00:04:23,120 --> 00:04:25,760 Speaker 1: various black box systems. But if you don't have that 79 00:04:25,800 --> 00:04:30,279 Speaker 1: special diagnostic computer right or any other means of tapping 80 00:04:30,320 --> 00:04:33,560 Speaker 1: into it, then you're kind of stuck. And and the 81 00:04:33,680 --> 00:04:36,200 Speaker 1: argument is that the technology is reaching a level of 82 00:04:36,240 --> 00:04:42,120 Speaker 1: complexity where the tinker is becoming more and more rarefied, 83 00:04:42,240 --> 00:04:45,200 Speaker 1: Like it's it's harder to be a tinker in that 84 00:04:45,240 --> 00:04:48,320 Speaker 1: world because things are getting so specialized and so advanced 85 00:04:48,680 --> 00:04:51,599 Speaker 1: that it requires a good deal of specialization just to 86 00:04:51,680 --> 00:04:54,960 Speaker 1: alter one thing, let alone all the other related systems. 87 00:04:55,080 --> 00:04:57,279 Speaker 1: I feel like we talked about this in an early 88 00:04:57,360 --> 00:05:00,719 Speaker 1: episode of the Forward Thinking podcast. This is very familiar. 89 00:05:00,760 --> 00:05:03,320 Speaker 1: But okay, so that's how you hack your own vehicle 90 00:05:03,440 --> 00:05:08,119 Speaker 1: to improve or maybe not improve but change it. Sure, 91 00:05:08,760 --> 00:05:11,400 Speaker 1: but what about the more, you know, the more popular 92 00:05:11,480 --> 00:05:14,960 Speaker 1: sense of hacking these days, where you're talking about violating 93 00:05:15,000 --> 00:05:19,279 Speaker 1: a supposedly secure system making it work for you. So 94 00:05:19,880 --> 00:05:23,560 Speaker 1: Ben and I talked about this as well, and overwhelmingly 95 00:05:24,520 --> 00:05:28,799 Speaker 1: the most prevalent version of that kind of hacking required 96 00:05:28,839 --> 00:05:32,000 Speaker 1: physical access to the vehicle and that you would have 97 00:05:32,080 --> 00:05:34,800 Speaker 1: a laptop that you would plug in with a an 98 00:05:34,839 --> 00:05:39,760 Speaker 1: adapter to your your cars computer system, and with that 99 00:05:39,839 --> 00:05:43,520 Speaker 1: laptop you could alter things with the vehicle. In fact, 100 00:05:43,560 --> 00:05:45,240 Speaker 1: you could even set it up so that you could 101 00:05:45,240 --> 00:05:49,000 Speaker 1: have remote control of the vehicle through the laptop that's 102 00:05:49,000 --> 00:05:52,120 Speaker 1: still physically attached to the car. Oh wow, I wouldn't 103 00:05:52,240 --> 00:05:54,440 Speaker 1: I wouldn't really expect that with I mean, I could 104 00:05:54,480 --> 00:05:57,479 Speaker 1: see how that could be coming with autonomous cars. But 105 00:05:57,520 --> 00:06:00,880 Speaker 1: I'm so you could control like gas and brake and steering. 106 00:06:01,200 --> 00:06:04,360 Speaker 1: You could certainly control things like brakes and steering. Uh, 107 00:06:04,400 --> 00:06:08,440 Speaker 1: not necessarily acceleration, although you could do that too, I assume, 108 00:06:08,520 --> 00:06:12,640 Speaker 1: but you could certainly alter things like you could you 109 00:06:12,680 --> 00:06:15,760 Speaker 1: could make the brakes stop working, and in fact, there 110 00:06:15,800 --> 00:06:18,400 Speaker 1: have been demonstrations where people have done that, where it 111 00:06:18,520 --> 00:06:21,520 Speaker 1: was done in a safe way, but to show that, 112 00:06:21,680 --> 00:06:24,720 Speaker 1: like the anti lock brake system would be disconnected so 113 00:06:24,760 --> 00:06:27,840 Speaker 1: that hitting the brake would do nothing and the car 114 00:06:27,880 --> 00:06:29,920 Speaker 1: would continue on as if you hadn't hit the brake 115 00:06:29,960 --> 00:06:32,560 Speaker 1: at all. Just kind of terrifying to think about. But 116 00:06:33,080 --> 00:06:36,600 Speaker 1: there was a laptop computer sitting right there, plugged into 117 00:06:36,720 --> 00:06:40,240 Speaker 1: the dashboard. It was just that the commands. Like, think 118 00:06:40,279 --> 00:06:41,960 Speaker 1: of it this way, it's the same thing as if 119 00:06:41,960 --> 00:06:44,960 Speaker 1: someone were sitting in the passenger seat sending the commands 120 00:06:45,000 --> 00:06:48,039 Speaker 1: from the laptop directly to your car's computer. Only you 121 00:06:48,080 --> 00:06:50,239 Speaker 1: have removed the need for a person to be sitting 122 00:06:50,279 --> 00:06:52,799 Speaker 1: there because you have a remote system sitting the commands 123 00:06:52,800 --> 00:06:55,000 Speaker 1: to the laptop, which then send the commands to the 124 00:06:55,000 --> 00:06:57,640 Speaker 1: car computer. Well, if you're gonna do that, you might 125 00:06:57,640 --> 00:06:59,880 Speaker 1: as well just say, well, somebody sitting in the passenger 126 00:07:00,080 --> 00:07:02,440 Speaker 1: he could reach over and grab the steering wheel, right, 127 00:07:02,440 --> 00:07:04,080 Speaker 1: and that was the point, right, That was the point 128 00:07:04,120 --> 00:07:06,040 Speaker 1: that allot of the car manufacturers were making, that a 129 00:07:06,080 --> 00:07:10,120 Speaker 1: lot of security experts were making. They said, these examples 130 00:07:10,280 --> 00:07:14,280 Speaker 1: require somebody to have physical access to your vehicle in 131 00:07:14,400 --> 00:07:18,119 Speaker 1: order for them to make these alterations, and therefore it's 132 00:07:18,280 --> 00:07:21,880 Speaker 1: not necessarily something to go out and panic over. Yeah, 133 00:07:21,880 --> 00:07:24,800 Speaker 1: so that doesn't really bother me. What would really bother me? 134 00:07:24,880 --> 00:07:27,080 Speaker 1: And and a quick digression, I think you and I 135 00:07:27,120 --> 00:07:30,560 Speaker 1: are both on the record as being pretty pro autonomous vehicle. 136 00:07:31,120 --> 00:07:35,160 Speaker 1: I am it would be harder for me to be 137 00:07:35,240 --> 00:07:38,920 Speaker 1: more pro autonomous vehicle. I am also very pro autonomous 138 00:07:39,000 --> 00:07:42,520 Speaker 1: vehicle despite all these concerns. And one of these concerns 139 00:07:42,640 --> 00:07:46,760 Speaker 1: is what if somebody could wirelessly hack an autonomous vehicle? 140 00:07:46,840 --> 00:07:49,840 Speaker 1: And that seems like, I mean, hopefully the industry will 141 00:07:49,840 --> 00:07:52,720 Speaker 1: take all the proper steps to prevent that from happening. 142 00:07:52,840 --> 00:07:56,720 Speaker 1: But autonomous vehicles do need to be able to communicate 143 00:07:56,760 --> 00:08:00,520 Speaker 1: with each other, so it seems like they may possibly 144 00:08:00,560 --> 00:08:05,360 Speaker 1: have some wireless based vulnerabilities. And there are cars out 145 00:08:05,400 --> 00:08:09,680 Speaker 1: there right now that have wireless vulnerabilities, and we'll talk 146 00:08:09,720 --> 00:08:13,040 Speaker 1: more about specifics in a little bit. So you are 147 00:08:13,080 --> 00:08:16,280 Speaker 1: absolutely right that autonomous cars will have these because we 148 00:08:16,360 --> 00:08:20,040 Speaker 1: have cars right now that have these these wireless vulnerabilities 149 00:08:20,080 --> 00:08:24,000 Speaker 1: from from various systems. Uh, there have been examples of 150 00:08:24,040 --> 00:08:28,440 Speaker 1: people using the entertainment systems within certain cars to hack 151 00:08:28,560 --> 00:08:32,000 Speaker 1: into the rest of the vehicle. Now, you would think 152 00:08:32,040 --> 00:08:36,600 Speaker 1: that these should be networks within a car that are 153 00:08:36,600 --> 00:08:39,560 Speaker 1: completely separate, that don't have anything to do with one another, 154 00:08:40,360 --> 00:08:44,520 Speaker 1: But there are times where, either because the design is 155 00:08:44,559 --> 00:08:48,800 Speaker 1: simpler or because of well intentioned reasons, the they are 156 00:08:48,880 --> 00:08:52,200 Speaker 1: coupled more closely. Like imagine that you have an entertainment 157 00:08:52,200 --> 00:08:55,080 Speaker 1: system that is wired in such a way where the 158 00:08:55,200 --> 00:08:59,720 Speaker 1: volume of the system will automatically adjust based upon your 159 00:08:59,720 --> 00:09:03,800 Speaker 1: ex leuration. So if you accelerate more, the volume goes 160 00:09:03,880 --> 00:09:05,959 Speaker 1: up because it figures, hey, now it's going to be 161 00:09:06,000 --> 00:09:08,440 Speaker 1: a noisier environment, so I need to balance out by 162 00:09:08,480 --> 00:09:10,959 Speaker 1: becoming louder so that the person can continue to have 163 00:09:11,080 --> 00:09:14,600 Speaker 1: the same experience listening to whatever they're listening to, whether 164 00:09:14,640 --> 00:09:17,880 Speaker 1: they're going slowly or quickly. Well, that means that there 165 00:09:17,920 --> 00:09:20,959 Speaker 1: needs to be some data coming from the drive system 166 00:09:21,120 --> 00:09:22,760 Speaker 1: of the vehicle, and it may just be data and 167 00:09:22,760 --> 00:09:24,880 Speaker 1: it may just flow one way, which would be the 168 00:09:24,920 --> 00:09:28,320 Speaker 1: best way to implement that, but it may mean that 169 00:09:28,360 --> 00:09:31,160 Speaker 1: these systems are more connected than you had first imagined, 170 00:09:31,640 --> 00:09:36,840 Speaker 1: So as we get into more WiFi based entertainment systems, 171 00:09:37,320 --> 00:09:41,320 Speaker 1: that is a potential point of vulnerability for vehicles. Yeah, 172 00:09:41,320 --> 00:09:43,400 Speaker 1: and a thing that just occurs to me is that 173 00:09:43,520 --> 00:09:48,000 Speaker 1: hopefully anybody who made these would sort of have entertainment 174 00:09:48,040 --> 00:09:51,319 Speaker 1: systems running on what's essentially a different computer than the 175 00:09:51,400 --> 00:09:54,760 Speaker 1: computer that controls the engine. Otherwise it seems like it 176 00:09:54,800 --> 00:09:57,680 Speaker 1: could be vulnerable to the kind of buffer overflow attack 177 00:09:57,840 --> 00:10:01,080 Speaker 1: or something where you h you have some kind of 178 00:10:01,240 --> 00:10:03,800 Speaker 1: like you max out the memory on something and then 179 00:10:03,840 --> 00:10:06,760 Speaker 1: you start and then once you've maxed out that area, 180 00:10:06,800 --> 00:10:09,439 Speaker 1: it overflows into a place where you can just execute 181 00:10:09,440 --> 00:10:12,280 Speaker 1: some code. Right. Yeah, that's a good example. I mean 182 00:10:12,320 --> 00:10:14,640 Speaker 1: that that's certainly something that that needs to be thought 183 00:10:14,640 --> 00:10:17,920 Speaker 1: about when designing these systems. And to make this more complicated, 184 00:10:18,400 --> 00:10:20,680 Speaker 1: we have things like, you know, the wireless entry systems, 185 00:10:20,800 --> 00:10:24,880 Speaker 1: which can be spoofed, although it's not easy to do so. 186 00:10:24,880 --> 00:10:27,160 Speaker 1: So wireless obviously that's when you've got you know, your 187 00:10:27,160 --> 00:10:28,920 Speaker 1: little key fob and you push a button and it 188 00:10:29,000 --> 00:10:32,359 Speaker 1: unlocks the door so you can get into your car. Uh. 189 00:10:32,640 --> 00:10:37,199 Speaker 1: Those work on little radio signals, and it is possible 190 00:10:37,440 --> 00:10:42,960 Speaker 1: to broadcast radio signals at a car and activate it's 191 00:10:43,360 --> 00:10:46,640 Speaker 1: unlocking mechanism. It's not easy, and the reason it's not 192 00:10:46,720 --> 00:10:50,239 Speaker 1: easy is that you need to know generally what frequency 193 00:10:50,520 --> 00:10:54,160 Speaker 1: this thing is broadcasting over, so it may require you 194 00:10:54,200 --> 00:10:56,320 Speaker 1: to be in the presence of the key fob being 195 00:10:56,440 --> 00:10:58,960 Speaker 1: used in order to pick up on this frequency. You 196 00:10:59,000 --> 00:11:01,720 Speaker 1: really need to know probably the beginning of the code, 197 00:11:01,760 --> 00:11:05,920 Speaker 1: which again you can sometimes glean by listening in essentially 198 00:11:06,000 --> 00:11:09,400 Speaker 1: on that key fob um and then you have to 199 00:11:10,520 --> 00:11:13,280 Speaker 1: brute force attack because the way key fobs work is 200 00:11:13,280 --> 00:11:15,880 Speaker 1: it works with a rolling algorithm, so every time you 201 00:11:15,960 --> 00:11:20,000 Speaker 1: press that button, it changes the code, so the cook 202 00:11:20,080 --> 00:11:22,720 Speaker 1: but it's changed based upon an algorithm, so it's based 203 00:11:22,760 --> 00:11:26,400 Speaker 1: upon specific rules. It's not random because if it were random, 204 00:11:26,520 --> 00:11:28,920 Speaker 1: no car would ever know when it's key is being used, 205 00:11:29,000 --> 00:11:32,000 Speaker 1: right but it But that means that if you are 206 00:11:32,120 --> 00:11:34,800 Speaker 1: using a remote attack to try and get access to 207 00:11:34,840 --> 00:11:36,760 Speaker 1: a vehicle, then you have to do a brute force 208 00:11:36,800 --> 00:11:40,640 Speaker 1: so this can take minutes up to hours, depending upon 209 00:11:41,480 --> 00:11:45,560 Speaker 1: uh the system and depending upon your luck based upon 210 00:11:45,600 --> 00:11:49,480 Speaker 1: where you're starting from the code. And also it means 211 00:11:49,520 --> 00:11:52,760 Speaker 1: that if you have a keyless entry and you go 212 00:11:52,840 --> 00:11:55,200 Speaker 1: to your car and you try and use it and 213 00:11:55,280 --> 00:11:58,480 Speaker 1: someone has remotely accessed your vehicle. One of the only 214 00:11:58,520 --> 00:12:00,560 Speaker 1: ways you might be able to tell, assuming that your 215 00:12:00,640 --> 00:12:03,720 Speaker 1: vehicle is still there, is that is that it takes 216 00:12:03,720 --> 00:12:06,400 Speaker 1: a couple of presses before anything works, because it will 217 00:12:06,400 --> 00:12:08,800 Speaker 1: take a while for the the code on your key 218 00:12:08,840 --> 00:12:12,480 Speaker 1: fob to match up with the code that's in the car. So, 219 00:12:12,679 --> 00:12:14,199 Speaker 1: in other words, if you press it and you're like, oh, 220 00:12:14,280 --> 00:12:16,160 Speaker 1: nothing's happening, and you press a couple more times, then 221 00:12:16,200 --> 00:12:19,720 Speaker 1: it it'll synchronize up again and then you can have access. Uh. 222 00:12:19,760 --> 00:12:23,040 Speaker 1: This is something that has been done already. Security experts 223 00:12:23,080 --> 00:12:26,560 Speaker 1: have shown. There's one in particular who used his own 224 00:12:26,760 --> 00:12:31,240 Speaker 1: vehicle to demonstrate that you could gain access. But it 225 00:12:31,240 --> 00:12:34,400 Speaker 1: could take hours and it takes a huge amount of effort, 226 00:12:34,760 --> 00:12:37,600 Speaker 1: So it's not something that is is probably easier to 227 00:12:37,600 --> 00:12:39,480 Speaker 1: just get a brick and bash the window. Yeah, it's 228 00:12:39,480 --> 00:12:41,920 Speaker 1: definitely not likely to happen, right, I get like the 229 00:12:41,960 --> 00:12:45,240 Speaker 1: likelihood of it happening is incredibly low because there are 230 00:12:45,320 --> 00:12:48,000 Speaker 1: other ways of getting access to a vehicle that require 231 00:12:48,120 --> 00:12:51,800 Speaker 1: far less work and far less access to set vehicle. 232 00:12:51,880 --> 00:12:56,400 Speaker 1: For a given length of time. Um, there are other 233 00:12:56,440 --> 00:13:00,480 Speaker 1: examples of someone having a remote control of a vehicle, 234 00:13:00,960 --> 00:13:04,160 Speaker 1: but it was it was by exploiting a system that 235 00:13:04,240 --> 00:13:08,880 Speaker 1: was intended to have this remote shutdown feature. So you 236 00:13:09,240 --> 00:13:12,559 Speaker 1: you know that a lot of vehicles have this ability 237 00:13:12,679 --> 00:13:17,200 Speaker 1: for for a an entity to either remotely shut down 238 00:13:17,200 --> 00:13:20,000 Speaker 1: the engine or do things like hawk the horn, right, yeah, 239 00:13:20,040 --> 00:13:22,560 Speaker 1: I think, Uh, well, I know one scenario in which 240 00:13:22,600 --> 00:13:26,880 Speaker 1: this occurs would be like, so let's say you take 241 00:13:26,920 --> 00:13:30,320 Speaker 1: out a loan on a car and the person who 242 00:13:30,400 --> 00:13:32,959 Speaker 1: sells you the car is not very confident that you 243 00:13:32,960 --> 00:13:36,440 Speaker 1: will pay back that loan. They can put equipment on 244 00:13:36,480 --> 00:13:39,400 Speaker 1: the car that prevents it from starting up, right, so 245 00:13:39,440 --> 00:13:42,240 Speaker 1: they can say, this person isn't paying on their financing, 246 00:13:42,480 --> 00:13:45,040 Speaker 1: we need to shut down the car's ability to run. Yeah, 247 00:13:45,080 --> 00:13:47,800 Speaker 1: it's essentially a remote kill switch and your car will 248 00:13:47,840 --> 00:13:51,320 Speaker 1: not start at that point. And uh, yeah, it could 249 00:13:51,320 --> 00:13:53,400 Speaker 1: be hopefully they wouldn't be able to turn off the 250 00:13:53,440 --> 00:13:57,640 Speaker 1: engine while you're driving. No, I don't think that's that's 251 00:13:57,840 --> 00:14:00,559 Speaker 1: a possibility, but they could certainly do it, you know, 252 00:14:00,760 --> 00:14:02,680 Speaker 1: so that the next time you try to start up 253 00:14:02,679 --> 00:14:05,560 Speaker 1: your car it doesn't work. And uh, it can be 254 00:14:05,640 --> 00:14:08,120 Speaker 1: used in that case where someone's not keeping up with 255 00:14:08,160 --> 00:14:09,760 Speaker 1: their payments. It can also be used in the case 256 00:14:09,760 --> 00:14:12,200 Speaker 1: of a stolen car. So if your car stolen, you 257 00:14:12,200 --> 00:14:14,880 Speaker 1: report it to the police, you work with the dealership, 258 00:14:14,920 --> 00:14:18,040 Speaker 1: you explain, hey, my vehicle was stolen. They can actually 259 00:14:18,120 --> 00:14:21,080 Speaker 1: activate this remote kill switch so that the criminals who 260 00:14:21,120 --> 00:14:22,960 Speaker 1: have possession of your car are no longer able to 261 00:14:23,040 --> 00:14:26,280 Speaker 1: drive it, and then the police can hopefully locate your 262 00:14:26,360 --> 00:14:29,400 Speaker 1: vehicle and you get it back. Uh Right. So there 263 00:14:29,440 --> 00:14:32,280 Speaker 1: are legitimate reasons why you would want that technology install 264 00:14:32,400 --> 00:14:35,360 Speaker 1: on your vehicle. However, there was at least one case 265 00:14:35,480 --> 00:14:40,880 Speaker 1: where a person who had access to said system, uh, 266 00:14:41,040 --> 00:14:47,360 Speaker 1: accessed it for personal reasons and out of vindictiveness, was 267 00:14:47,560 --> 00:14:51,720 Speaker 1: essentially harassing somebody using the system to mess with their vehicle. 268 00:14:52,160 --> 00:14:56,160 Speaker 1: So if you look at a discussions about car hacking, 269 00:14:56,360 --> 00:14:59,600 Speaker 1: and they always say, like, what are the examples of 270 00:14:59,680 --> 00:15:02,120 Speaker 1: Mali Shiss car hacking, they said, well, outside of research 271 00:15:02,120 --> 00:15:05,640 Speaker 1: and development, where where security researchers are trying their best 272 00:15:05,800 --> 00:15:09,560 Speaker 1: to do this to to see if it's viable, there's 273 00:15:09,600 --> 00:15:12,360 Speaker 1: only one example of it ever actually happening, and in 274 00:15:12,400 --> 00:15:15,520 Speaker 1: that case, it wasn't hacking in the sense of someone 275 00:15:15,560 --> 00:15:17,320 Speaker 1: setting down at their computer and trying to get access 276 00:15:17,320 --> 00:15:20,880 Speaker 1: to a vehicle, someone exploiting an existing system that was 277 00:15:20,920 --> 00:15:26,200 Speaker 1: already attached to that vehicle. But that being said, with 278 00:15:26,280 --> 00:15:32,080 Speaker 1: all those caveats laid out, the issue of wireless hacking 279 00:15:32,240 --> 00:15:35,920 Speaker 1: a vehicle, of remotely accessing a vehicle is by no 280 00:15:36,040 --> 00:15:41,440 Speaker 1: means a dead issue. It is something that is continuously 281 00:15:41,560 --> 00:15:44,800 Speaker 1: brought up, and as of the time that we're recording 282 00:15:44,800 --> 00:15:50,640 Speaker 1: this podcast, which is in May of twenty, there's increasing 283 00:15:50,760 --> 00:15:54,280 Speaker 1: interest in this because of a pair of researchers and 284 00:15:54,440 --> 00:15:56,960 Speaker 1: what they claim they are able to do and what 285 00:15:57,040 --> 00:16:01,840 Speaker 1: they will show off at the black At Conference in August. 286 00:16:02,600 --> 00:16:05,640 Speaker 1: What is that? Well, first I should explain what the 287 00:16:05,640 --> 00:16:09,280 Speaker 1: black Hat Conference is, So it's a um it's essentially 288 00:16:09,440 --> 00:16:13,760 Speaker 1: it's a hacker convention. It's all about discussing security vulnerabilities 289 00:16:14,240 --> 00:16:19,440 Speaker 1: and uh, the ways to exploit them. Now, in hacker circles, 290 00:16:19,600 --> 00:16:22,040 Speaker 1: you have white hats and black hats, and sometimes you 291 00:16:22,040 --> 00:16:25,480 Speaker 1: can argue gray hats. White hat hackers are people who 292 00:16:25,720 --> 00:16:29,080 Speaker 1: are looking for security vulnerabilities with the intent to have 293 00:16:29,120 --> 00:16:33,680 Speaker 1: those security vulnerabilities patched so that they are no longer vulnerable. 294 00:16:34,360 --> 00:16:38,560 Speaker 1: Black hat hackers UH tend to be the folks who 295 00:16:38,600 --> 00:16:42,120 Speaker 1: find security vulnerabilities in order to exploit them, whether that 296 00:16:42,240 --> 00:16:44,560 Speaker 1: is to exploit them directly or to exploit them by 297 00:16:44,600 --> 00:16:48,880 Speaker 1: selling that information to other interested parties. And whether they're 298 00:16:48,880 --> 00:16:51,560 Speaker 1: doing it for cash or for leverage over somebody, or 299 00:16:51,640 --> 00:16:54,280 Speaker 1: just for fun, Yeah, just to build their own reputation, 300 00:16:54,480 --> 00:16:56,960 Speaker 1: as opposed to, you know, a genuine desire to help 301 00:16:57,000 --> 00:16:59,600 Speaker 1: other folks. So even though it's called the black Hat Conference, 302 00:16:59,600 --> 00:17:01,560 Speaker 1: it doesn't necessarily mean that these are all people who 303 00:17:01,560 --> 00:17:03,800 Speaker 1: are gathering around trying to figure out how to control 304 00:17:03,840 --> 00:17:06,840 Speaker 1: the world through their laptops. Often its actual discussions about 305 00:17:07,560 --> 00:17:10,399 Speaker 1: these are serious concerns that we need to address in 306 00:17:10,520 --> 00:17:14,560 Speaker 1: order to make sure that they don't become huge problems 307 00:17:14,680 --> 00:17:18,960 Speaker 1: go beyond concern to an enormous problem. So the the 308 00:17:19,000 --> 00:17:22,239 Speaker 1: researchers were talking about, actually, I think Ben and I 309 00:17:22,320 --> 00:17:26,920 Speaker 1: mentioned them to Charlie Miller and Chris valisek Uh, their 310 00:17:27,000 --> 00:17:32,119 Speaker 1: two security experts who had talked about hacking cars previously. 311 00:17:32,240 --> 00:17:35,720 Speaker 1: They had UH shown in two thousand thirteen and two 312 00:17:35,720 --> 00:17:39,959 Speaker 1: thousand and fourteen various ways to hack vehicles. UH, and 313 00:17:40,040 --> 00:17:43,400 Speaker 1: now they are talking that. In the two thousand fifteen 314 00:17:43,400 --> 00:17:47,879 Speaker 1: conference in August, they will reveal a way of remotely 315 00:17:48,040 --> 00:17:51,040 Speaker 1: gaining access to a vehicle. It does not require you 316 00:17:51,200 --> 00:17:54,600 Speaker 1: to plug a laptop into a computer. They say that 317 00:17:54,920 --> 00:17:57,920 Speaker 1: you could do this with an unmodified vehicle as soon 318 00:17:57,960 --> 00:18:04,080 Speaker 1: as it rolls off the dealership. Scary, very scary. Um, 319 00:18:04,160 --> 00:18:07,199 Speaker 1: that's an excellent question. I think that I'm sure that 320 00:18:07,240 --> 00:18:12,360 Speaker 1: they have something. The extent of that. Yeah, no, no, no, 321 00:18:12,640 --> 00:18:16,480 Speaker 1: the extent of what they have I do not know now. Previously, 322 00:18:16,520 --> 00:18:19,560 Speaker 1: they have published lists of vehicles that they have looked 323 00:18:19,560 --> 00:18:25,480 Speaker 1: at that they say represent, you know, the most hackable 324 00:18:25,840 --> 00:18:27,960 Speaker 1: kind of vehicles, and the very top of the list, 325 00:18:27,960 --> 00:18:32,719 Speaker 1: where the Jeep Cherokee was number one. That's the most table, 326 00:18:32,920 --> 00:18:38,640 Speaker 1: most tackable, most tackical. But they had identified three different 327 00:18:38,640 --> 00:18:44,720 Speaker 1: criteria for hackability, including things like are the systems interconnected 328 00:18:44,760 --> 00:18:47,480 Speaker 1: with one with one another? How many wireless points of 329 00:18:47,720 --> 00:18:52,440 Speaker 1: entry are are potentially there? That sort of stuff, and 330 00:18:52,720 --> 00:18:55,520 Speaker 1: out of the various criteria, the Jeep Cherokee had the 331 00:18:55,560 --> 00:18:59,040 Speaker 1: most of them, the most examples. Uh. The Infinity Q 332 00:18:59,280 --> 00:19:03,400 Speaker 1: fifty was also up there in the catalacic esconade as 333 00:19:03,480 --> 00:19:08,439 Speaker 1: a as the the SNL Southern character would say was 334 00:19:08,760 --> 00:19:12,960 Speaker 1: also up there, and uh, when we're talking about wireless 335 00:19:13,000 --> 00:19:17,560 Speaker 1: points of vulnerability, really you're talking about any system that 336 00:19:17,720 --> 00:19:23,639 Speaker 1: has that wireless communication capability. So one example, which is 337 00:19:23,760 --> 00:19:27,840 Speaker 1: perfectly innocent in of itself is the tire monitoring system, 338 00:19:27,920 --> 00:19:30,320 Speaker 1: the tire pressure monitoring system. So if you have a 339 00:19:30,400 --> 00:19:33,320 Speaker 1: vehicle that has this, then like you get in your car, 340 00:19:33,440 --> 00:19:35,520 Speaker 1: you turn your you know, you put the key in 341 00:19:35,520 --> 00:19:38,560 Speaker 1: the ignition you or if it's key less ignition, you 342 00:19:38,600 --> 00:19:41,199 Speaker 1: turn on your car, however that may be. And there 343 00:19:41,240 --> 00:19:44,200 Speaker 1: might be an indicator on your dashboard that tells you, 344 00:19:44,200 --> 00:19:47,159 Speaker 1: you know, if your tires are overinflated, underinflated, what the 345 00:19:47,359 --> 00:19:50,159 Speaker 1: you know, how the pressure is? Uh, which is kind 346 00:19:50,160 --> 00:19:52,320 Speaker 1: of cool. You're like, oh, awesome, I don't need to 347 00:19:52,359 --> 00:19:54,679 Speaker 1: get out of my vehicle, you know, pull over to 348 00:19:54,680 --> 00:19:57,800 Speaker 1: a gas station or whatever and get the air pressure 349 00:19:57,840 --> 00:20:01,520 Speaker 1: gauge out and see how it's doing. It's telling right here, um, 350 00:20:01,560 --> 00:20:04,840 Speaker 1: which is useful. But it's doing so with wireless sensors 351 00:20:04,880 --> 00:20:09,280 Speaker 1: that communicate back to the the computer system that is 352 00:20:09,400 --> 00:20:12,000 Speaker 1: governing all the other systems in the car. Yeah. I 353 00:20:12,040 --> 00:20:16,520 Speaker 1: can see why you wouldn't want wires going to the tires. Yeah, yeah, no, 354 00:20:16,600 --> 00:20:20,960 Speaker 1: it would it would be problematic. Right, So the the 355 00:20:21,119 --> 00:20:24,119 Speaker 1: wireless system is likely communicating with the what's called the 356 00:20:24,119 --> 00:20:29,360 Speaker 1: controller area network bus or can bus, which is kind 357 00:20:29,400 --> 00:20:32,480 Speaker 1: of like the traffic controller of all the different systems 358 00:20:32,480 --> 00:20:36,240 Speaker 1: that feed information into the cars computer, the master control program. 359 00:20:37,280 --> 00:20:39,680 Speaker 1: If not the master control program, it's got to be 360 00:20:39,800 --> 00:20:47,400 Speaker 1: like the master control programs Uh executive assistant, Right, yeah, yeah, 361 00:20:47,680 --> 00:20:50,480 Speaker 1: it's a it's good old David Uh not Yeah Stark 362 00:20:50,760 --> 00:20:53,560 Speaker 1: controlling this. So yeah, exactly, it's it's this this traffic 363 00:20:53,560 --> 00:20:57,159 Speaker 1: controller that sends the information to the computer. Well, you know, 364 00:20:57,440 --> 00:21:00,560 Speaker 1: that's a potential point of vulnerability. And there have been 365 00:21:00,600 --> 00:21:05,200 Speaker 1: examples of being able to track a vehicle based upon 366 00:21:05,359 --> 00:21:12,640 Speaker 1: tracking the unique monitoring frequency for that that tire pressure system. 367 00:21:12,680 --> 00:21:15,960 Speaker 1: So you could potentially track where a vehicle has gone 368 00:21:16,160 --> 00:21:23,280 Speaker 1: by keeping note of this particular this particular wireless communication system, 369 00:21:23,320 --> 00:21:26,760 Speaker 1: if you could, can you get access to more critical 370 00:21:27,280 --> 00:21:31,520 Speaker 1: systems like breaking or steering through that? That remains to 371 00:21:31,560 --> 00:21:36,800 Speaker 1: be seen. So Miller and Uh and Valask have said 372 00:21:37,560 --> 00:21:43,760 Speaker 1: that they have found some interesting stuff through their experiments. Um, 373 00:21:43,800 --> 00:21:47,000 Speaker 1: they haven't had this discussion, so we can't say exactly 374 00:21:47,040 --> 00:21:49,600 Speaker 1: what they revealed. But they have said that uh, or 375 00:21:49,640 --> 00:21:53,400 Speaker 1: at least the black Hat website says that the presentation 376 00:21:53,480 --> 00:21:57,080 Speaker 1: will include starting with remote exploitation, we will show how 377 00:21:57,119 --> 00:22:00,800 Speaker 1: to pivot through different pieces of the v vehicles hardware 378 00:22:00,840 --> 00:22:03,040 Speaker 1: in order to be able to send messages on the 379 00:22:03,160 --> 00:22:08,200 Speaker 1: can bus to critical electronic control units e c us. 380 00:22:08,720 --> 00:22:12,120 Speaker 1: We will conclude by showing several can messages that affect 381 00:22:12,119 --> 00:22:16,360 Speaker 1: physical systems of the vehicle. So that that's pretty vague, right. 382 00:22:16,520 --> 00:22:20,680 Speaker 1: It doesn't specifically say that it could do something like 383 00:22:21,800 --> 00:22:24,920 Speaker 1: break the car as it b R A K E 384 00:22:25,119 --> 00:22:28,680 Speaker 1: the car like apply the brakes. Doesn't say that, uh, 385 00:22:28,800 --> 00:22:33,240 Speaker 1: you know, explicitly, so maybe their methodology will be limited. 386 00:22:33,880 --> 00:22:36,440 Speaker 1: And in fact, they say that they plan on showing 387 00:22:37,080 --> 00:22:41,359 Speaker 1: both the reality and the limitations of remote hacking on vehicles. 388 00:22:41,960 --> 00:22:46,440 Speaker 1: So a lot of security experts have said, listen, this 389 00:22:46,520 --> 00:22:49,520 Speaker 1: is something to be concerned about, yes, but not something 390 00:22:49,520 --> 00:22:53,439 Speaker 1: to panic over because one, they have not indicated how 391 00:22:53,480 --> 00:22:57,840 Speaker 1: extensive these these messages can go, like what what the 392 00:22:57,880 --> 00:23:01,320 Speaker 1: effects can be. Two, they haven't discussed their methodology of 393 00:23:01,400 --> 00:23:04,480 Speaker 1: coming up with the ability, the way of doing it, 394 00:23:04,680 --> 00:23:07,600 Speaker 1: or if whether or not they plan on sharing in 395 00:23:07,720 --> 00:23:12,400 Speaker 1: detail how it's done. And three, it may require so 396 00:23:12,520 --> 00:23:17,240 Speaker 1: much effort to do this that, just like the keyless entry, 397 00:23:17,359 --> 00:23:19,760 Speaker 1: no one would ever bother to do it, because they 398 00:23:19,800 --> 00:23:22,680 Speaker 1: are easier ways to sabotage a vehicle than going through 399 00:23:22,680 --> 00:23:27,879 Speaker 1: these processes. But showing that it's possible means that further, 400 00:23:28,160 --> 00:23:32,959 Speaker 1: like the future generations of vehicles could be built and 401 00:23:33,040 --> 00:23:37,439 Speaker 1: designed to counteract this sort of stuff from the from 402 00:23:37,520 --> 00:23:42,480 Speaker 1: the get go so that it doesn't become attempting enough 403 00:23:42,560 --> 00:23:47,199 Speaker 1: target to make further investigation into that that line of attack. 404 00:23:47,359 --> 00:23:50,520 Speaker 1: Right like, if you if you find a vulnerability and 405 00:23:50,560 --> 00:23:53,440 Speaker 1: you find a really hard way that you can exploit 406 00:23:53,440 --> 00:23:56,560 Speaker 1: that vulnerability, that might lead to other people saying maybe 407 00:23:56,600 --> 00:23:59,280 Speaker 1: I can find an easier way to exploit that same vulnerability. 408 00:23:59,320 --> 00:24:01,720 Speaker 1: As long as that sunability exists, and it's a it's 409 00:24:01,720 --> 00:24:04,240 Speaker 1: a target, and if we ever get to a point 410 00:24:04,359 --> 00:24:09,360 Speaker 1: where it's easier to attack the target than other methods 411 00:24:09,560 --> 00:24:13,840 Speaker 1: of messing with a vehicle, then you're in trouble. So 412 00:24:13,880 --> 00:24:18,440 Speaker 1: the hope is that these systems one could be addressed 413 00:24:18,480 --> 00:24:22,800 Speaker 1: by updating firmware on existing vehicles, and two could be 414 00:24:22,840 --> 00:24:28,120 Speaker 1: prevented in future vehicle design. Uh that being said, of course, 415 00:24:28,160 --> 00:24:31,800 Speaker 1: we still don't know what they're gonna say yet. It 416 00:24:31,880 --> 00:24:36,240 Speaker 1: may it may be that this is all uh, you know, largely, 417 00:24:37,000 --> 00:24:39,520 Speaker 1: you know, the speculation that we're having is largely harmless. 418 00:24:39,920 --> 00:24:43,920 Speaker 1: That could be that's best case scenario. Worst case would be, Yeah, 419 00:24:44,000 --> 00:24:46,119 Speaker 1: we figured out that we could with a laptop and 420 00:24:46,160 --> 00:24:48,399 Speaker 1: a wireless transmitter, we can make your card do whatever 421 00:24:48,440 --> 00:24:50,440 Speaker 1: we wanted to do. That would be bad. Well, I 422 00:24:50,480 --> 00:24:53,680 Speaker 1: would say, actually, the best case scenario would be that, um, 423 00:24:54,080 --> 00:24:57,840 Speaker 1: that they actually do turn up whatever are the most 424 00:24:57,840 --> 00:25:02,000 Speaker 1: critical vulnerabilities that exist in that leads manufacturers to take 425 00:25:02,040 --> 00:25:05,360 Speaker 1: better steps to protect their cars. Yeah, assuming that there 426 00:25:05,400 --> 00:25:08,480 Speaker 1: are in fact critical vulnerabilities, that is the best case scenario. 427 00:25:08,960 --> 00:25:11,480 Speaker 1: The true best case scenario is to discover there are 428 00:25:11,520 --> 00:25:15,560 Speaker 1: no critical vulnerabilities. But the likelihood of that, I mean, 429 00:25:15,760 --> 00:25:19,520 Speaker 1: if someone's really determined to get access to a system, 430 00:25:19,560 --> 00:25:23,000 Speaker 1: there hasn't been a system made that is crack proof. 431 00:25:24,000 --> 00:25:30,600 Speaker 1: You know, eventually, given enough time, resources and willpower, any 432 00:25:30,680 --> 00:25:35,040 Speaker 1: system that has been made can will eventually be be breached. 433 00:25:35,320 --> 00:25:41,639 Speaker 1: Speak for yourself. I'm behind seven proxies. I tracked him 434 00:25:41,680 --> 00:25:44,520 Speaker 1: all the all the way to a pub in Ireland. 435 00:25:44,560 --> 00:25:56,400 Speaker 1: It turned out he was at least three more hops away. Uh, well, 436 00:25:56,480 --> 00:25:59,520 Speaker 1: as scary as the idea of somebody hacking the car 437 00:25:59,760 --> 00:26:02,680 Speaker 1: you or driving is, Yeah, about the only thing I 438 00:26:02,720 --> 00:26:06,880 Speaker 1: could imagine scarier than that is somebody hacking the airplane 439 00:26:07,000 --> 00:26:10,000 Speaker 1: you're writing in. Yeah, that would that is a a 440 00:26:10,320 --> 00:26:14,440 Speaker 1: sobering thought right now. Of course, we would hope that 441 00:26:14,800 --> 00:26:18,560 Speaker 1: nothing like that is possible. That airplanes are designed to 442 00:26:18,640 --> 00:26:21,040 Speaker 1: be as secure as possible, and that they don't really 443 00:26:21,080 --> 00:26:24,880 Speaker 1: have any vulnerabilities that you could exploit, like like these, 444 00:26:24,920 --> 00:26:28,159 Speaker 1: you know, tire pressure gauges or anything like that. We 445 00:26:28,240 --> 00:26:32,439 Speaker 1: would hope, but that might not necessarily be the case, 446 00:26:33,280 --> 00:26:37,680 Speaker 1: because this month, in May, if you haven't seen yet, 447 00:26:37,680 --> 00:26:41,440 Speaker 1: some media outlets have been reporting that a security researcher 448 00:26:41,920 --> 00:26:46,240 Speaker 1: named Chris Roberts may have hacked an airplane and send 449 00:26:46,240 --> 00:26:50,199 Speaker 1: it off course. Yeah. Now, the reason why you're building 450 00:26:50,240 --> 00:26:53,359 Speaker 1: so many qualifiers into this statement is because, as it 451 00:26:53,400 --> 00:26:57,080 Speaker 1: turns out, there's there are a lot of differing accounts 452 00:26:57,280 --> 00:27:00,359 Speaker 1: about what exactly was done and or happened. Yeah, well, 453 00:27:00,400 --> 00:27:03,440 Speaker 1: our information is a kind of like he said, he said, 454 00:27:03,600 --> 00:27:07,560 Speaker 1: he said issue, So I'll explain that as we go forward. 455 00:27:07,560 --> 00:27:10,840 Speaker 1: But who is Chris Roberts so for years he has 456 00:27:10,920 --> 00:27:14,119 Speaker 1: been known as a white hat hacker. We talked about 457 00:27:14,240 --> 00:27:16,439 Speaker 1: black hats and white hats earlier. If you're a listener 458 00:27:16,480 --> 00:27:19,000 Speaker 1: to the show, you're probably familiar anyway. But the white 459 00:27:19,000 --> 00:27:23,480 Speaker 1: hat is somebody who at least ostensibly uh goes out 460 00:27:23,560 --> 00:27:27,919 Speaker 1: and looks for vulnerabilities and systems in order to improve security, 461 00:27:27,960 --> 00:27:30,639 Speaker 1: to show you, hey, here's where you're weak. You should 462 00:27:30,640 --> 00:27:34,800 Speaker 1: shore up your defenses in this area. And so Roberts 463 00:27:34,800 --> 00:27:37,879 Speaker 1: for years has been known as a white hat hacker, 464 00:27:38,080 --> 00:27:42,960 Speaker 1: especially in a vionic sort of publicly denouncing alleged security 465 00:27:43,000 --> 00:27:48,600 Speaker 1: problems and vulnerabilities in networks airline manufacturers put into their aircraft. 466 00:27:49,840 --> 00:27:52,280 Speaker 1: So keeping in mind that, you know, as the aircraft 467 00:27:52,320 --> 00:27:56,480 Speaker 1: experience has evolved over time, Roberts would argue it has 468 00:27:56,520 --> 00:28:01,680 Speaker 1: introduced vulnerabilities from an electronics standpoint computer standpoints, So things 469 00:28:01,720 --> 00:28:04,600 Speaker 1: like the in flight entertainment systems, the i f E 470 00:28:04,760 --> 00:28:06,960 Speaker 1: s or the fact that a lot of a lot 471 00:28:07,000 --> 00:28:11,240 Speaker 1: of airlines offer WiFi on their flights. Yeah, that these 472 00:28:11,280 --> 00:28:16,119 Speaker 1: could potentially be vulnerabilities. Yeah, and so you know you 473 00:28:16,119 --> 00:28:19,080 Speaker 1: would just hope that well, I mean, if a plane's 474 00:28:19,600 --> 00:28:23,439 Speaker 1: showing me movies on some central computer system. Surely that 475 00:28:23,520 --> 00:28:27,200 Speaker 1: computer is not linked to the computers that control things 476 00:28:27,280 --> 00:28:32,160 Speaker 1: like I don't know, life support systems inside the airplane. Yeah, 477 00:28:32,200 --> 00:28:36,600 Speaker 1: the the engine, the navigating computer. You would hope that 478 00:28:36,640 --> 00:28:40,680 Speaker 1: there's no involvement there. But I'm gonna tell a little story. Okay, 479 00:28:41,200 --> 00:28:44,920 Speaker 1: So in April, I think it was on April fifteen, 480 00:28:46,000 --> 00:28:50,640 Speaker 1: sometimes in the middle of April. Yeah, Roberts, the same guy, 481 00:28:50,720 --> 00:28:54,320 Speaker 1: Chris Roberts. He was removed from a flight by FBI 482 00:28:54,480 --> 00:28:58,800 Speaker 1: agents after the flight landed in Syracuse, New York. And 483 00:28:59,000 --> 00:29:02,240 Speaker 1: the supposed reason that everybody figured this happened was because 484 00:29:02,400 --> 00:29:07,200 Speaker 1: Roberts had tweeted a joke about hacking an airplane in 485 00:29:07,240 --> 00:29:11,680 Speaker 1: which he was riding earlier that day, and has at 486 00:29:11,720 --> 00:29:15,520 Speaker 1: least on one subsequent occasion said he was essentially poking 487 00:29:15,560 --> 00:29:20,560 Speaker 1: the bear. Yeah. So the tweet read as follows, find 488 00:29:20,560 --> 00:29:24,920 Speaker 1: myself on a seven hundred. Let's see box I F 489 00:29:24,960 --> 00:29:28,360 Speaker 1: E ice st com Shall we start playing with E 490 00:29:28,520 --> 00:29:32,920 Speaker 1: I C A S messages pass oxygen on anyone? Smiley face. 491 00:29:33,880 --> 00:29:37,960 Speaker 1: So he's using some some acronyms there. One of them 492 00:29:38,040 --> 00:29:41,280 Speaker 1: is I F E that's in flight entertainment. Another one 493 00:29:41,360 --> 00:29:44,280 Speaker 1: is E I C a S that's engine indicating and 494 00:29:44,360 --> 00:29:48,920 Speaker 1: crew alerting system at the past oxygen on what it 495 00:29:48,960 --> 00:29:51,960 Speaker 1: seems to be saying there is he's suggesting it would 496 00:29:51,960 --> 00:29:55,280 Speaker 1: be funny to, uh to trigger a command that makes 497 00:29:55,320 --> 00:29:58,880 Speaker 1: the oxygen masks descend on all the passengers, whereupon you 498 00:29:58,920 --> 00:30:02,280 Speaker 1: would uh adjust your own mask before helping others. Yes, 499 00:30:02,360 --> 00:30:05,520 Speaker 1: that's important to remember. Now. Of course, it's important to 500 00:30:05,560 --> 00:30:08,960 Speaker 1: point out that Roberts did not do anything. He was 501 00:30:09,040 --> 00:30:14,000 Speaker 1: just tweeting a joke. Still, one could and probably has 502 00:30:14,080 --> 00:30:16,840 Speaker 1: argued that such a joke was at best in poor 503 00:30:16,880 --> 00:30:21,000 Speaker 1: taste and at worst really dumb. Yeah. Well, especially because 504 00:30:21,160 --> 00:30:25,280 Speaker 1: the FBI acted on it. The FBI agents detained him, 505 00:30:25,400 --> 00:30:29,680 Speaker 1: interrogated him, and confiscated his electronics. He even tweeted out 506 00:30:29,680 --> 00:30:34,280 Speaker 1: a picture of the electronics that were confiscated and said, well, 507 00:30:34,320 --> 00:30:38,880 Speaker 1: they're all encrypted, but they're all gone now. Yeah. So 508 00:30:38,920 --> 00:30:41,880 Speaker 1: that was last month in April. But in May, a 509 00:30:41,960 --> 00:30:45,360 Speaker 1: Canadian news organization published I guess what must have been 510 00:30:45,400 --> 00:30:49,920 Speaker 1: a leaked copy um of a warrant application for the 511 00:30:49,920 --> 00:30:53,640 Speaker 1: search and seizure of Robert's devices. This was written up 512 00:30:53,640 --> 00:30:58,560 Speaker 1: by FBI special agent Mark Hurley. According to this document, 513 00:30:59,120 --> 00:31:02,880 Speaker 1: Roberts had all ready voluntarily spoken with the FBI in 514 00:31:03,000 --> 00:31:06,440 Speaker 1: February and March of so a few months ago to 515 00:31:06,840 --> 00:31:11,200 Speaker 1: inform them about basically what he claimed were security vulnerabilities 516 00:31:11,320 --> 00:31:14,080 Speaker 1: in these in flight entertainment systems that we were talking 517 00:31:14,120 --> 00:31:17,720 Speaker 1: about before. And he identified several aircraft, in particular the 518 00:31:17,760 --> 00:31:22,080 Speaker 1: Boeing seven hundred, the seven thirty seven, nine hundred, the 519 00:31:22,120 --> 00:31:26,120 Speaker 1: seven fifty seven two hundred, and the Airbus A three twenty. Now, 520 00:31:26,160 --> 00:31:29,600 Speaker 1: if you'll notice, he identified in his tweet that he 521 00:31:29,680 --> 00:31:32,480 Speaker 1: was on A seven hundred, one of the ones that 522 00:31:32,560 --> 00:31:37,800 Speaker 1: had these in flight entertainment system vulnerabilities according to him, 523 00:31:37,840 --> 00:31:40,080 Speaker 1: and so that's sort of the joke he was making. 524 00:31:40,120 --> 00:31:42,800 Speaker 1: He was like, Okay, remember these things I've been talking about. 525 00:31:42,920 --> 00:31:46,920 Speaker 1: I'm on one of these planes now. So the document, 526 00:31:47,000 --> 00:31:52,840 Speaker 1: the warrant application, claims that Roberts told FBI agents on 527 00:31:52,920 --> 00:31:58,920 Speaker 1: these earlier conversations that he had exploited these security flaws 528 00:31:58,960 --> 00:32:04,240 Speaker 1: and penetrated in flight entertainment networks in midflight. So he 529 00:32:04,320 --> 00:32:10,920 Speaker 1: claims between he penetrated i FE systems fifteen to twenty times, 530 00:32:11,560 --> 00:32:14,120 Speaker 1: and he said he gained access to these i FE 531 00:32:14,320 --> 00:32:18,040 Speaker 1: systems by physically plugging in. I thought this was interesting. 532 00:32:18,080 --> 00:32:22,160 Speaker 1: So he said he physically plugged in via a modified 533 00:32:22,280 --> 00:32:27,680 Speaker 1: Cat six Ethernet cable into the seat electronics box or SEB, 534 00:32:27,880 --> 00:32:30,880 Speaker 1: and these are found under the seats in some airplanes, 535 00:32:31,280 --> 00:32:33,840 Speaker 1: so you can imagine his process. Basically, what he said 536 00:32:33,840 --> 00:32:36,160 Speaker 1: he did is he reach under the seat in front 537 00:32:36,160 --> 00:32:39,480 Speaker 1: of him and sort of wiggle this box and squeeze 538 00:32:39,520 --> 00:32:44,640 Speaker 1: it until the cover comes off, which is quite the 539 00:32:44,680 --> 00:32:50,640 Speaker 1: feat because many of these are fixed by screws. Yeah, well, 540 00:32:50,680 --> 00:32:54,560 Speaker 1: we'll go into we'll go into potential objections to the story. Yeah, 541 00:32:54,760 --> 00:32:57,120 Speaker 1: oh yeah, yeah. So I've never tried to get into 542 00:32:57,160 --> 00:33:02,600 Speaker 1: a seat electronic box myself. Neither have, uh, nor will I, 543 00:33:02,720 --> 00:33:05,040 Speaker 1: and nor should you, because it's not a good thing 544 00:33:05,080 --> 00:33:06,720 Speaker 1: to try to mess with. But what he said is 545 00:33:06,760 --> 00:33:09,960 Speaker 1: he got the cover off and he'd plug in. It's 546 00:33:10,000 --> 00:33:12,880 Speaker 1: kind of strange that nobody ever seemed to like notice 547 00:33:12,960 --> 00:33:15,920 Speaker 1: him doing this. One of thee to the story. Yeah, 548 00:33:16,040 --> 00:33:19,800 Speaker 1: but uh so, and again, just to reiterate, this is 549 00:33:19,920 --> 00:33:25,040 Speaker 1: what the warrant application claims he told the FBI earlier 550 00:33:25,160 --> 00:33:29,160 Speaker 1: this year. So it's several levels of hearsay. Um, But yeah, 551 00:33:29,480 --> 00:33:31,520 Speaker 1: they said he so he said he would plug in 552 00:33:31,560 --> 00:33:34,720 Speaker 1: with this Cat six ethernet cable and that would give 553 00:33:34,800 --> 00:33:38,160 Speaker 1: him access to the plane's i FE system, the inflight 554 00:33:38,320 --> 00:33:40,920 Speaker 1: entertainment one and then and I'm going to read just 555 00:33:41,000 --> 00:33:44,440 Speaker 1: a direct quote from the warrant application in this next part. 556 00:33:44,600 --> 00:33:48,600 Speaker 1: It claims that Roberts told them he quote connected to 557 00:33:48,640 --> 00:33:52,760 Speaker 1: other systems on the airplane network after he exploited SLASH, 558 00:33:52,840 --> 00:33:57,360 Speaker 1: gained access to or quote hacked the i FE system. 559 00:33:57,440 --> 00:34:00,880 Speaker 1: He stated that he then overwrote code on the airplane's 560 00:34:01,120 --> 00:34:05,360 Speaker 1: thrust management computer. While a board of flight, He stated 561 00:34:05,400 --> 00:34:09,120 Speaker 1: that he successfully commanded the system he had accessed to 562 00:34:09,280 --> 00:34:13,680 Speaker 1: issue the CLB or climb command. He stated that he 563 00:34:13,800 --> 00:34:18,200 Speaker 1: thereby caused one of the airplane engines to climb, resulting 564 00:34:18,200 --> 00:34:21,640 Speaker 1: in a lateral or sideways movement of the plane during 565 00:34:21,680 --> 00:34:24,600 Speaker 1: one of these flights. He also stated that he used 566 00:34:24,719 --> 00:34:30,040 Speaker 1: Vortex software after compromising SLASH, exploiting or quote hacking the 567 00:34:30,160 --> 00:34:34,120 Speaker 1: airplane's networks. He used the software to monitor traffic from 568 00:34:34,160 --> 00:34:40,520 Speaker 1: the cockpit system and if true, this is fascinating. The 569 00:34:40,560 --> 00:34:44,960 Speaker 1: warrant application claims Robert said he used default I d 570 00:34:45,200 --> 00:34:50,520 Speaker 1: s and passwords to compromise the network. That was a 571 00:34:50,520 --> 00:34:56,320 Speaker 1: face palm. There if that's true, people change your passwords. 572 00:34:56,719 --> 00:35:01,480 Speaker 1: I mean, okay, here, here, here's one thing I would argue, 573 00:35:02,400 --> 00:35:04,560 Speaker 1: as far as the changing of the passwords is yes, 574 00:35:04,600 --> 00:35:08,360 Speaker 1: as it should not be default. At the same time, 575 00:35:09,040 --> 00:35:14,719 Speaker 1: this is a difficult, UH scenario because you have multiple 576 00:35:14,760 --> 00:35:19,040 Speaker 1: flight crews all using the same equipment. So how do 577 00:35:19,080 --> 00:35:22,520 Speaker 1: you do I D password management in that case? Like 578 00:35:22,960 --> 00:35:27,120 Speaker 1: assuming that assuming that the idea and password is is 579 00:35:27,200 --> 00:35:31,640 Speaker 1: unique to the vehicle, to the aircraft, and not unique 580 00:35:31,640 --> 00:35:35,120 Speaker 1: to the crew. So if if it's unique to the crew, 581 00:35:35,160 --> 00:35:37,040 Speaker 1: that's one thing. You know, if it's if it's the 582 00:35:37,080 --> 00:35:39,279 Speaker 1: pilot and copilot who have to put in this I 583 00:35:39,360 --> 00:35:41,760 Speaker 1: D and password, and it's the same for whichever aircraft 584 00:35:41,800 --> 00:35:44,920 Speaker 1: are in, that's one thing. But I suspect that's not 585 00:35:44,960 --> 00:35:48,520 Speaker 1: the case. I suspect it's more unique to the aircraft. 586 00:35:49,120 --> 00:35:51,560 Speaker 1: That's more. That's tricky. How do you where do you 587 00:35:51,600 --> 00:35:55,000 Speaker 1: record the information for the aircraft so that the crew 588 00:35:55,160 --> 00:35:58,080 Speaker 1: has access to it? Um? I mean, I don't know. 589 00:35:58,239 --> 00:36:00,600 Speaker 1: I don't know, but you can do better than default. 590 00:36:00,600 --> 00:36:04,320 Speaker 1: I'm sure, I'm sure, And I don't know the answer 591 00:36:04,400 --> 00:36:07,120 Speaker 1: to this question. And I mean I would hesitate to 592 00:36:07,120 --> 00:36:09,640 Speaker 1: ask because I don't think I don't need to know. 593 00:36:09,760 --> 00:36:13,080 Speaker 1: As long as I know that they are practicing good 594 00:36:13,080 --> 00:36:16,040 Speaker 1: security measures, as long as they're not doing the default 595 00:36:16,080 --> 00:36:20,440 Speaker 1: ide and password, Uh, then whatever you know, I'm maybe uh. 596 00:36:20,480 --> 00:36:23,040 Speaker 1: And then of course he claimed he after this that 597 00:36:23,080 --> 00:36:26,000 Speaker 1: he used a virtual environment to build a virtual version 598 00:36:26,080 --> 00:36:28,920 Speaker 1: of the airplane's network that he could then study safely, 599 00:36:29,680 --> 00:36:34,480 Speaker 1: and so to to reiterate this, he according to the 600 00:36:34,520 --> 00:36:39,720 Speaker 1: FBI document, Roberts claimed he steered an airplane, He plugged 601 00:36:39,719 --> 00:36:42,640 Speaker 1: into an airplane from a passenger seat, and caused the 602 00:36:42,640 --> 00:36:49,480 Speaker 1: airplane to briefly divert off course. That's amazing and amazingly 603 00:36:49,560 --> 00:36:52,600 Speaker 1: scary if true. Yeah, that that is that is incredibly 604 00:36:52,640 --> 00:36:55,640 Speaker 1: sobering if in fact it is true. Now, there are 605 00:36:55,680 --> 00:36:57,960 Speaker 1: some things to consider, and we'll get fully into some 606 00:36:58,080 --> 00:37:01,280 Speaker 1: questions about this story later on. One of the things 607 00:37:01,400 --> 00:37:04,480 Speaker 1: is that I think there might be some confusion online 608 00:37:04,480 --> 00:37:06,680 Speaker 1: in reaction to this story, where one of the things 609 00:37:06,719 --> 00:37:09,880 Speaker 1: is that Roberts was not claiming that he did this 610 00:37:10,040 --> 00:37:14,040 Speaker 1: on the day he was arrested. The warrant application is 611 00:37:14,120 --> 00:37:16,560 Speaker 1: saying that he told them he had done this in 612 00:37:16,640 --> 00:37:20,759 Speaker 1: previous years. Yeah, and they just got around to arresting him. Later. Yeah, Well, 613 00:37:20,800 --> 00:37:23,239 Speaker 1: I think they got around to arresting him because of 614 00:37:23,280 --> 00:37:26,759 Speaker 1: this tweet and then because they suspected that he had 615 00:37:26,840 --> 00:37:30,120 Speaker 1: been messing with the flight he was on that day 616 00:37:30,160 --> 00:37:32,560 Speaker 1: and in April, even though he claims I think he 617 00:37:32,600 --> 00:37:35,840 Speaker 1: claims that he didn't mess with it that day. Yeah. Uh, 618 00:37:35,920 --> 00:37:38,479 Speaker 1: And so there's there was. I believe there was. Part 619 00:37:38,520 --> 00:37:43,720 Speaker 1: of the the accusation was that the this this electronics box, 620 00:37:43,719 --> 00:37:48,520 Speaker 1: the seat the CEB had been altered, but Robert says, well, 621 00:37:48,640 --> 00:37:51,520 Speaker 1: I didn't, that wasn't me. Yeah. Yeah, So the FBI 622 00:37:51,600 --> 00:37:54,920 Speaker 1: claimed it showed signs of tampering. The seat, the one 623 00:37:55,040 --> 00:37:56,959 Speaker 1: under the seat in front of him on the flight 624 00:37:57,000 --> 00:37:59,960 Speaker 1: he'd been on that day looked like it had had 625 00:38:00,040 --> 00:38:02,200 Speaker 1: been tampered with, but he claimed he didn't do it. 626 00:38:02,920 --> 00:38:05,239 Speaker 1: And so I don't know what to say about that, 627 00:38:05,280 --> 00:38:09,480 Speaker 1: except that another interesting question that comes out of this 628 00:38:09,600 --> 00:38:13,400 Speaker 1: is about the nature of white hat hacking. Right, So, like, 629 00:38:13,560 --> 00:38:16,719 Speaker 1: if you take this story at face value and just say, 630 00:38:16,800 --> 00:38:20,799 Speaker 1: let's assume it's true, and you are a white hat 631 00:38:20,840 --> 00:38:25,560 Speaker 1: hacker who is aware of a very dangerous, very scary 632 00:38:25,719 --> 00:38:29,120 Speaker 1: security vulnerability, whether it's in a vehicle or a piece 633 00:38:29,120 --> 00:38:32,359 Speaker 1: of software on the internet infrastructure, whatever. It may be 634 00:38:32,600 --> 00:38:35,000 Speaker 1: something that that could really endanger a lot of people, 635 00:38:35,600 --> 00:38:37,799 Speaker 1: and you're aware of how to exploit it, and you 636 00:38:37,840 --> 00:38:40,520 Speaker 1: know that other people could exploit it, and you've been 637 00:38:40,520 --> 00:38:44,080 Speaker 1: trying to warn people about it but getting nowhere. But 638 00:38:44,080 --> 00:38:47,319 Speaker 1: but it's not getting fixed. What do you do? And 639 00:38:47,440 --> 00:38:49,080 Speaker 1: so I know a lot of people would look at 640 00:38:49,080 --> 00:38:51,719 Speaker 1: what he did here if he in fact did do it, 641 00:38:52,120 --> 00:38:55,399 Speaker 1: and they would say, that's that's so reckless. How could 642 00:38:55,400 --> 00:38:57,520 Speaker 1: you gamble with the lives of all the people on 643 00:38:57,600 --> 00:39:00,480 Speaker 1: that plane just to sort of like proves something for 644 00:39:00,520 --> 00:39:04,759 Speaker 1: a little research project. On the other hand, I think, 645 00:39:05,239 --> 00:39:07,360 Speaker 1: you know, you could argue that, well, you know, he 646 00:39:07,400 --> 00:39:09,840 Speaker 1: didn't tell it to like crash into the ground. He 647 00:39:10,239 --> 00:39:14,360 Speaker 1: you know, maybe executed something that it would have seemed 648 00:39:14,360 --> 00:39:18,640 Speaker 1: to him to be an innocuous test. I don't know. Again, 649 00:39:18,840 --> 00:39:21,120 Speaker 1: we have to say, again, this is all sort of 650 00:39:21,200 --> 00:39:23,520 Speaker 1: hypothetical because we don't know what really happen. We don't 651 00:39:23,520 --> 00:39:25,640 Speaker 1: know the real story. Yeah, so a lot of this 652 00:39:25,719 --> 00:39:29,040 Speaker 1: depends upon what really happened, Right, So I think anything 653 00:39:29,040 --> 00:39:33,000 Speaker 1: that would that results in the diverting at all from 654 00:39:33,000 --> 00:39:37,680 Speaker 1: a flight plan is incredibly reckless, Even if even if 655 00:39:37,719 --> 00:39:40,480 Speaker 1: it's too demonstrate, Hey, you really need to pay attention 656 00:39:40,520 --> 00:39:46,400 Speaker 1: to me, these vulnerabilities exist. I think that's taking taking 657 00:39:46,440 --> 00:39:50,080 Speaker 1: that approach where you are potentially putting the lives of 658 00:39:50,120 --> 00:39:52,719 Speaker 1: everyone on board that flight, not just yourself. I mean, 659 00:39:52,760 --> 00:39:55,520 Speaker 1: if it were just yourself and you were just proving it, 660 00:39:56,280 --> 00:39:59,960 Speaker 1: then that's one thing. But you are taking You're taking. 661 00:40:00,880 --> 00:40:08,520 Speaker 1: It's an incredible amount of bravado to say I'm gonna 662 00:40:08,560 --> 00:40:10,760 Speaker 1: put the lives of every single person on this plane 663 00:40:11,000 --> 00:40:15,279 Speaker 1: in danger. I Am potentially going to uh to to 664 00:40:15,560 --> 00:40:19,319 Speaker 1: eliminate the lives of everyone here and forever alter the 665 00:40:19,400 --> 00:40:22,160 Speaker 1: lives of all of their loved ones like that, not 666 00:40:22,239 --> 00:40:25,680 Speaker 1: to mention potentially the lives of people on the ground 667 00:40:25,800 --> 00:40:29,840 Speaker 1: as well. I mean, it's just incredible. Yeah, I totally agree. 668 00:40:29,880 --> 00:40:32,680 Speaker 1: But then on the other hand, you could also make 669 00:40:32,719 --> 00:40:36,040 Speaker 1: the argument, like with this security vulnerability in place and 670 00:40:36,080 --> 00:40:40,160 Speaker 1: them not doing anything to fix it, that that there 671 00:40:40,200 --> 00:40:43,880 Speaker 1: already in danger and you're trying to get something done. 672 00:40:43,920 --> 00:40:46,360 Speaker 1: The best I could say is that there has to 673 00:40:46,440 --> 00:40:50,719 Speaker 1: be some means of getting that message across without physically 674 00:40:50,800 --> 00:40:54,120 Speaker 1: altering the pathway of the aircraft, Like you could send 675 00:40:54,120 --> 00:40:57,879 Speaker 1: a message some other way or you could document what 676 00:40:57,960 --> 00:41:01,520 Speaker 1: you are doing and send that documentation on and say, look, 677 00:41:02,160 --> 00:41:04,680 Speaker 1: this is exactly how it works. If I can do it, 678 00:41:04,760 --> 00:41:08,160 Speaker 1: then potentially other people can do it. And that's why 679 00:41:08,200 --> 00:41:12,520 Speaker 1: you need to address the security vulnerability. I think I 680 00:41:12,560 --> 00:41:14,200 Speaker 1: think there are other ways that would have gotten just 681 00:41:14,280 --> 00:41:18,880 Speaker 1: as much attention from an official standpoint without potentially harming people. 682 00:41:19,200 --> 00:41:21,880 Speaker 1: Assuming that the story that we hear in the affidavit 683 00:41:21,960 --> 00:41:23,799 Speaker 1: is in fact what happened. Yeah, and so now we 684 00:41:23,880 --> 00:41:27,640 Speaker 1: really do need to get to that point what really happened, 685 00:41:27,760 --> 00:41:32,160 Speaker 1: because there are people who have raised serious concerns about 686 00:41:32,239 --> 00:41:34,279 Speaker 1: the version of this story that's come out, and it's 687 00:41:34,360 --> 00:41:37,840 Speaker 1: it's hard to identify if if it's not true, where 688 00:41:37,840 --> 00:41:40,280 Speaker 1: the fault lies. Was there a problem with the FBI? 689 00:41:40,480 --> 00:41:45,640 Speaker 1: Is retelling of u of Robert's supposed story? Did Robert's 690 00:41:45,680 --> 00:41:49,200 Speaker 1: mislead the FBI? Did the FBI not understand what he 691 00:41:49,280 --> 00:41:51,800 Speaker 1: was telling them or did? Or were they misleading in 692 00:41:51,840 --> 00:41:55,360 Speaker 1: their report? But there are places along the line where 693 00:41:55,560 --> 00:41:58,240 Speaker 1: we could have gotten the wrong story from this document. 694 00:41:58,760 --> 00:42:04,000 Speaker 1: So no matter where the fault may lie, there have 695 00:42:04,040 --> 00:42:07,560 Speaker 1: been a lot of people who have pointed out problems 696 00:42:07,719 --> 00:42:11,120 Speaker 1: with the story. So whether it was the original Roberts 697 00:42:11,120 --> 00:42:14,120 Speaker 1: story or was the retelling that's kind of beside the point. 698 00:42:14,480 --> 00:42:16,359 Speaker 1: Here are some of the objections. One of the big 699 00:42:16,400 --> 00:42:18,960 Speaker 1: ones is one that we've raised already, the idea that 700 00:42:19,600 --> 00:42:23,759 Speaker 1: if it requires plugging a modified cable into an electronic 701 00:42:23,840 --> 00:42:30,760 Speaker 1: box that typically is not accessible by a passenger, why 702 00:42:31,560 --> 00:42:36,440 Speaker 1: didn't anyone else notice or comment on it? Or you know, 703 00:42:37,120 --> 00:42:40,360 Speaker 1: because again, it requires some manipulation of the box to 704 00:42:40,400 --> 00:42:43,839 Speaker 1: get access to it, even according to the affidavit story 705 00:42:43,840 --> 00:42:47,080 Speaker 1: of what Roberts was saying, um, and a lot of 706 00:42:47,080 --> 00:42:49,360 Speaker 1: these do have screws that are set in, so you 707 00:42:49,360 --> 00:42:54,719 Speaker 1: would have to unscrew a panel in order to get 708 00:42:54,719 --> 00:42:58,160 Speaker 1: access to the ports that are inside of it. Why 709 00:42:58,200 --> 00:43:02,360 Speaker 1: would no other pastor or flight attendant have noticed this? 710 00:43:02,400 --> 00:43:06,120 Speaker 1: Because it's it's you know, it's fairly disruptive. On one hand, 711 00:43:06,160 --> 00:43:08,200 Speaker 1: I agree with that, but then there's a little part 712 00:43:08,200 --> 00:43:10,640 Speaker 1: of my brain that says, yeah, but what's the easiest 713 00:43:10,680 --> 00:43:13,520 Speaker 1: way to rob a bank? Show up and look like 714 00:43:13,560 --> 00:43:15,720 Speaker 1: you know what you're doing. Just walk into the vault 715 00:43:15,760 --> 00:43:19,280 Speaker 1: like you're somebody who's supposed to be going in. Yeah, 716 00:43:19,320 --> 00:43:21,880 Speaker 1: I mean, there's a certain thing to be said for 717 00:43:22,000 --> 00:43:25,120 Speaker 1: if you just don't act like you're doing anything shady, 718 00:43:25,200 --> 00:43:27,479 Speaker 1: but you've got this sort of like aura of yeah, 719 00:43:27,520 --> 00:43:30,040 Speaker 1: this is what I normally do. People just don't really 720 00:43:30,120 --> 00:43:32,359 Speaker 1: question it. They're like, Okay, I assume me knows what 721 00:43:32,360 --> 00:43:35,600 Speaker 1: he's doing. Well, And I suppose if if someone saying 722 00:43:35,600 --> 00:43:38,520 Speaker 1: next to that person just assumes that what they're doing 723 00:43:38,560 --> 00:43:41,120 Speaker 1: is plugging in a device to charge because some a 724 00:43:41,120 --> 00:43:43,960 Speaker 1: lot of aircraft now have you know, outlets for that 725 00:43:44,000 --> 00:43:46,960 Speaker 1: sort of thing, Maybe that's the assumption. I still think 726 00:43:47,000 --> 00:43:51,960 Speaker 1: that flight attendants would find it interesting. But maybe but 727 00:43:52,040 --> 00:43:54,040 Speaker 1: let's let's all right, let's go ahead and say that 728 00:43:54,040 --> 00:43:56,480 Speaker 1: that's one of the objections. But the other one is 729 00:43:56,520 --> 00:43:59,960 Speaker 1: that you have to you know this. This also assume 730 00:44:00,120 --> 00:44:02,680 Speaker 1: is that the i f E is in fact an 731 00:44:02,719 --> 00:44:08,640 Speaker 1: interconnected network with the same computers that control the flight controls, 732 00:44:09,360 --> 00:44:15,600 Speaker 1: and not two separate networks that have limited or no connectivity. Right. 733 00:44:15,640 --> 00:44:19,320 Speaker 1: So this is the objection that I really hope is correct. 734 00:44:19,760 --> 00:44:23,400 Speaker 1: And the objection is the airplanes do not actually have 735 00:44:23,600 --> 00:44:27,040 Speaker 1: this vulnerability, right, Like, he couldn't have done what he 736 00:44:27,120 --> 00:44:31,040 Speaker 1: said because it's not possible. Yeah, now there are some 737 00:44:31,120 --> 00:44:34,479 Speaker 1: connections that have to be there for most of these 738 00:44:34,560 --> 00:44:38,239 Speaker 1: i FE systems, because if you've ever been on one 739 00:44:38,239 --> 00:44:41,920 Speaker 1: where you have the track my flight, then obviously the 740 00:44:42,080 --> 00:44:45,600 Speaker 1: track my flight uh app or whatever you want to 741 00:44:45,640 --> 00:44:49,240 Speaker 1: call it in the entertainment system, that feature is gaining 742 00:44:49,320 --> 00:44:53,960 Speaker 1: some information from various systems aboard the aircraft. Uh you know, 743 00:44:54,040 --> 00:44:57,520 Speaker 1: things like altitude and air speed and the temperature outside, 744 00:44:57,520 --> 00:45:00,640 Speaker 1: all this kind of stuff, Um, how how far you 745 00:45:00,960 --> 00:45:03,040 Speaker 1: from your point of origin? How far are you from 746 00:45:03,040 --> 00:45:06,920 Speaker 1: your destination? But all that being said, that could totally 747 00:45:06,920 --> 00:45:10,560 Speaker 1: be connected to computer systems that have no other connection 748 00:45:10,600 --> 00:45:13,120 Speaker 1: to anything else, right, Like, there are a lot of 749 00:45:13,200 --> 00:45:16,040 Speaker 1: redundant systems of board aircraft for very good reason. You 750 00:45:16,080 --> 00:45:20,400 Speaker 1: want there to be redundancy for safety. So and it 751 00:45:20,440 --> 00:45:23,160 Speaker 1: could also be that the information that's come across is 752 00:45:23,200 --> 00:45:26,279 Speaker 1: again traveling in a very specific one way path that 753 00:45:26,320 --> 00:45:30,960 Speaker 1: there's no way to go upstream of that information. Um, 754 00:45:31,080 --> 00:45:33,960 Speaker 1: and that would make the most sense. In fact, Boeing says, 755 00:45:34,840 --> 00:45:37,200 Speaker 1: the connections are limited and offer no access to flight 756 00:45:37,200 --> 00:45:41,480 Speaker 1: controls through the i F e uh and that means 757 00:45:41,560 --> 00:45:44,120 Speaker 1: that you wouldn't be able to get access to this 758 00:45:44,200 --> 00:45:47,799 Speaker 1: thrust management control using the i F It would be impossible. 759 00:45:47,880 --> 00:45:50,400 Speaker 1: So you know, you might be able to hack the 760 00:45:50,400 --> 00:45:53,320 Speaker 1: i f and get access to it and maybe require 761 00:45:53,360 --> 00:45:56,960 Speaker 1: everyone to watch biodome, but you wouldn't necessarily be able 762 00:45:57,000 --> 00:46:01,640 Speaker 1: to tear It would be awful, yeah, but not as 763 00:46:01,680 --> 00:46:05,800 Speaker 1: awful as having someone altered the flight path plan. Um. Now, 764 00:46:07,120 --> 00:46:09,239 Speaker 1: there have been some folks who said it's it might 765 00:46:09,280 --> 00:46:11,799 Speaker 1: be possible that the i f E has a direct 766 00:46:11,840 --> 00:46:17,120 Speaker 1: connection to climate control, which matters, Yeah, because if it's 767 00:46:17,160 --> 00:46:19,040 Speaker 1: on the same system as climate control and you shut 768 00:46:19,040 --> 00:46:21,560 Speaker 1: down climate control, then you're going to force that aircraft 769 00:46:21,600 --> 00:46:25,600 Speaker 1: to land. Uh. I don't know how much access to 770 00:46:25,600 --> 00:46:28,560 Speaker 1: climate control the typical i FE has. It may only 771 00:46:28,600 --> 00:46:32,759 Speaker 1: have access to vent control. Then your vent is on 772 00:46:32,920 --> 00:46:34,839 Speaker 1: or off and that's it. It may not have any 773 00:46:34,840 --> 00:46:38,399 Speaker 1: access to the actual climate control part. I don't know. 774 00:46:38,520 --> 00:46:40,640 Speaker 1: But if it does have access to climate control, that 775 00:46:40,640 --> 00:46:42,719 Speaker 1: could potentially be a point of vulnerability that could be 776 00:46:42,760 --> 00:46:47,680 Speaker 1: exploited to force an aircraft to land prematurely. Um. Most 777 00:46:47,719 --> 00:46:51,000 Speaker 1: likely flying to the closest airport that has availability and landing. 778 00:46:51,760 --> 00:46:54,360 Speaker 1: So it's not like it's not like, you know, a 779 00:46:55,600 --> 00:46:59,360 Speaker 1: drastic emergency, but it would require premature landing, which obviously 780 00:46:59,360 --> 00:47:02,680 Speaker 1: would be problematic at best. Yeah. I also remember seeing 781 00:47:02,719 --> 00:47:05,520 Speaker 1: one criticism of the story that that essentially said that 782 00:47:05,760 --> 00:47:09,280 Speaker 1: pilots would have to review any kind of like review 783 00:47:09,320 --> 00:47:12,640 Speaker 1: and approved any incoming change to the flight path or 784 00:47:12,640 --> 00:47:17,480 Speaker 1: flight control. Yeah, that's the aircraft systems are designed for safety. 785 00:47:17,880 --> 00:47:21,680 Speaker 1: And again that redundancy is meant for not just the systems, 786 00:47:21,680 --> 00:47:25,600 Speaker 1: but for commands given to the system, so that you know, 787 00:47:26,120 --> 00:47:28,880 Speaker 1: think of any computer program where you've had, you know, 788 00:47:29,000 --> 00:47:31,600 Speaker 1: something where you you choose a command and it pops 789 00:47:31,640 --> 00:47:34,640 Speaker 1: up and says are you sure and you hit okay. 790 00:47:34,840 --> 00:47:37,359 Speaker 1: Multiply that by a hundred, and that's what we're talking 791 00:47:37,360 --> 00:47:40,319 Speaker 1: about with aircraft systems for good reason that that you know, 792 00:47:40,480 --> 00:47:43,680 Speaker 1: you are meant to review and approve these things, so 793 00:47:43,760 --> 00:47:47,200 Speaker 1: that anything that would affect a key element of the 794 00:47:47,239 --> 00:47:51,640 Speaker 1: aircraft's operation would require approval, review, and approval, and not 795 00:47:51,760 --> 00:47:58,040 Speaker 1: just a command issued by a computer. So that's another objection. Uh, 796 00:47:58,080 --> 00:48:02,440 Speaker 1: there's also a Mashable has an article on this. They 797 00:48:02,480 --> 00:48:05,400 Speaker 1: interviewed a pilot. The pilot requested to remain anonymous in 798 00:48:05,440 --> 00:48:07,799 Speaker 1: the interview, So we don't I trust that it's really 799 00:48:07,800 --> 00:48:11,719 Speaker 1: a pilot. I do too. So the pilot said that 800 00:48:11,920 --> 00:48:15,239 Speaker 1: Roberts claims according to what the FBI said. At any rate, 801 00:48:16,040 --> 00:48:19,240 Speaker 1: we're false because the systems he had claimed to access 802 00:48:19,400 --> 00:48:23,240 Speaker 1: didn't exist aboard the type of aircraft he was on. Now, granted, 803 00:48:23,280 --> 00:48:27,080 Speaker 1: this might have just been been uh limited to the 804 00:48:27,120 --> 00:48:31,160 Speaker 1: seven hundred story, and it could be that it was 805 00:48:31,160 --> 00:48:34,160 Speaker 1: a different aircraft that he claimed he had gained access to, 806 00:48:34,239 --> 00:48:37,359 Speaker 1: but he said the pilot says, if Roberts is saying 807 00:48:37,400 --> 00:48:39,919 Speaker 1: he was on a seven hundred when he did this, 808 00:48:40,400 --> 00:48:43,520 Speaker 1: it's impossible because the system he claims to have taken 809 00:48:43,520 --> 00:48:46,520 Speaker 1: advantage of can't do that. He also points out the 810 00:48:46,640 --> 00:48:49,080 Speaker 1: eye cast system you were talking about earlier, says that 811 00:48:49,080 --> 00:48:52,879 Speaker 1: that just displays messages. It doesn't have any control over 812 00:48:52,960 --> 00:48:56,080 Speaker 1: the aircraft at all. All it does is tell you stuff. 813 00:48:56,400 --> 00:49:01,080 Speaker 1: It's a readoubt essentially. Ah. And trying to compromise a 814 00:49:01,120 --> 00:49:04,840 Speaker 1: computer by issuing print commands. Yeah, yeah, you might be 815 00:49:04,840 --> 00:49:07,960 Speaker 1: able to print some naughty words out, but it's not 816 00:49:08,680 --> 00:49:11,759 Speaker 1: it's not affecting any other part of the computer. Uh. 817 00:49:11,840 --> 00:49:13,759 Speaker 1: And then he also pointed out that the I f 818 00:49:13,800 --> 00:49:17,320 Speaker 1: E and cockpit systems had no point of commonality except 819 00:49:17,400 --> 00:49:19,160 Speaker 1: for the fact that they both drew power from the 820 00:49:19,200 --> 00:49:22,799 Speaker 1: same power source. But that's it. They didn't have any crossover, 821 00:49:22,840 --> 00:49:26,680 Speaker 1: there was no connectivity between the two. So it is 822 00:49:26,880 --> 00:49:31,279 Speaker 1: entirely possible that the this is a big fuss over 823 00:49:31,760 --> 00:49:36,080 Speaker 1: over largely nothing. Um But I mean I certainly hope 824 00:49:36,120 --> 00:49:40,480 Speaker 1: so yeah, But I also hope no matter what the 825 00:49:40,480 --> 00:49:42,520 Speaker 1: true facts of this case, where I hope this is 826 00:49:42,560 --> 00:49:46,800 Speaker 1: at least encouraging airline manufacturers and the people who designed 827 00:49:46,880 --> 00:49:50,400 Speaker 1: their their hardware and software to re examine the security 828 00:49:50,440 --> 00:49:53,239 Speaker 1: of their aircraft, right yeah, and really put it through 829 00:49:53,360 --> 00:49:56,480 Speaker 1: vigorous testing. And I don't mean to suggest that they 830 00:49:56,520 --> 00:50:00,759 Speaker 1: don't already do that. I imagine that the companies, I mean, 831 00:50:01,200 --> 00:50:06,120 Speaker 1: obviously they have a vested interest in making sure those 832 00:50:06,360 --> 00:50:10,920 Speaker 1: those systems are tested vigorously with lots of different attempts 833 00:50:10,920 --> 00:50:14,200 Speaker 1: at intrusion. The various scenarios have to be run about 834 00:50:14,200 --> 00:50:17,960 Speaker 1: how likely or possible is this, because I mean, it's 835 00:50:18,080 --> 00:50:21,440 Speaker 1: it's it's life and death, and a company has to 836 00:50:21,600 --> 00:50:26,160 Speaker 1: be able to rely upon having the reputation of being 837 00:50:26,480 --> 00:50:31,799 Speaker 1: responsible for something as important and potentially as dangerous as 838 00:50:31,840 --> 00:50:37,520 Speaker 1: air travel. Um. So I I'm fairly confident that that 839 00:50:37,600 --> 00:50:41,239 Speaker 1: the the security vulnerabilities are very seriously looked at in 840 00:50:41,280 --> 00:50:46,359 Speaker 1: these cases. Whether the Roberts case is as extreme as 841 00:50:46,400 --> 00:50:49,680 Speaker 1: has been indicated in that affidavit, I don't know. I mean, 842 00:50:50,360 --> 00:50:53,000 Speaker 1: if that is a possibility, then that's certainly warrants a 843 00:50:53,080 --> 00:50:56,200 Speaker 1: re examination of how these network systems are laid out 844 00:50:56,239 --> 00:50:58,879 Speaker 1: within an aircraft. Now let me do let me tell 845 00:50:58,920 --> 00:51:01,520 Speaker 1: you something. This is background, Jonathan. Way before I worked 846 00:51:01,520 --> 00:51:04,680 Speaker 1: for How Stuff Works. Years before I had worked for uh, 847 00:51:04,920 --> 00:51:06,760 Speaker 1: you know, I worked for a couple of consulting firms. 848 00:51:06,760 --> 00:51:08,279 Speaker 1: Is before that. This is way back when I was 849 00:51:08,280 --> 00:51:10,560 Speaker 1: looking for my first job. I landed some contract work 850 00:51:10,600 --> 00:51:15,960 Speaker 1: with an airline and my job was to transcribe audio 851 00:51:16,080 --> 00:51:20,120 Speaker 1: files that were detailing the various systems aboard aircraft into 852 00:51:20,160 --> 00:51:23,240 Speaker 1: text files so that there would be a text copy 853 00:51:23,280 --> 00:51:26,160 Speaker 1: of these audios. As far as I know, they didn't 854 00:51:26,200 --> 00:51:29,360 Speaker 1: have the manuals or the hard copy anywhere. So it 855 00:51:29,400 --> 00:51:35,600 Speaker 1: was my job to transcribe hours of technical documentation about 856 00:51:35,640 --> 00:51:38,799 Speaker 1: these aircraft, which included things like how the cables were 857 00:51:38,840 --> 00:51:40,840 Speaker 1: laid out in the systems. And it was fascinating to 858 00:51:40,960 --> 00:51:44,719 Speaker 1: learn at the time. It was nothing, you know, that 859 00:51:44,960 --> 00:51:47,840 Speaker 1: was exploitable or anything like that. It was just interesting. 860 00:51:48,239 --> 00:51:51,919 Speaker 1: But it really displayed to me the care that goes 861 00:51:51,960 --> 00:51:55,600 Speaker 1: into designing these systems to make certain that this redundancy 862 00:51:55,680 --> 00:51:59,400 Speaker 1: is there. And it actually really reassured me quite a bit. 863 00:52:00,000 --> 00:52:02,680 Speaker 1: All I was doing this like, it removes some of 864 00:52:02,680 --> 00:52:07,880 Speaker 1: the the mystery behind aircraft and also displayed exactly how 865 00:52:07,960 --> 00:52:14,160 Speaker 1: incredibly um detail oriented these designers had to be, which 866 00:52:14,239 --> 00:52:16,080 Speaker 1: you know, makes sense if you think about it for 867 00:52:16,160 --> 00:52:18,640 Speaker 1: more than a second you realize, oh, of course they 868 00:52:18,680 --> 00:52:21,040 Speaker 1: have to be. But it really drove that home. So 869 00:52:21,120 --> 00:52:23,799 Speaker 1: I was very thankful to actually have that experience. It's 870 00:52:23,840 --> 00:52:26,359 Speaker 1: one that not a lot of people have necessarily had. Now. 871 00:52:26,360 --> 00:52:28,480 Speaker 1: I will also say that it was for a lot 872 00:52:28,600 --> 00:52:31,279 Speaker 1: of old aircraft that aren't around anymore, because this was 873 00:52:31,360 --> 00:52:34,400 Speaker 1: many years ago and those aircraft have since been retired 874 00:52:34,440 --> 00:52:38,600 Speaker 1: from various fleets. But I think there's some old aircraft 875 00:52:38,640 --> 00:52:41,400 Speaker 1: still in circulation. Yeah, but you don't see a whole 876 00:52:41,440 --> 00:52:46,000 Speaker 1: lot of these gigantic old war horses. They've been they've 877 00:52:46,040 --> 00:52:52,080 Speaker 1: been replaced by newer more. Um. Yeah, you know, you know, 878 00:52:52,120 --> 00:52:55,520 Speaker 1: back back when uh an aircraft consisted of a giant 879 00:52:55,640 --> 00:52:58,840 Speaker 1: rubber band and a lot of hope, No, it wasn't 880 00:52:58,880 --> 00:53:01,160 Speaker 1: like that. But other thing I wanted to point out 881 00:53:01,239 --> 00:53:04,000 Speaker 1: kind of going back to the car discussion, just briefly, 882 00:53:04,800 --> 00:53:09,319 Speaker 1: is that whether or not these concerns are critical, like 883 00:53:09,360 --> 00:53:11,399 Speaker 1: whether or not these are things that we really need 884 00:53:11,440 --> 00:53:15,680 Speaker 1: to worry about. Most most security experts say right now, 885 00:53:16,040 --> 00:53:18,239 Speaker 1: the trouble you'd have to go through in order to 886 00:53:18,440 --> 00:53:21,239 Speaker 1: exploit any of these so called vulnerabilities would be so 887 00:53:21,320 --> 00:53:26,200 Speaker 1: great as to render them meaningless. That doesn't really matter 888 00:53:26,239 --> 00:53:30,000 Speaker 1: because there's been so much public interest shown on the 889 00:53:30,040 --> 00:53:34,680 Speaker 1: story for obvious reasons. That is, it has prompted politicians 890 00:53:34,680 --> 00:53:38,200 Speaker 1: to get involved. And Congressman Ed Markey sent out a 891 00:53:38,239 --> 00:53:41,960 Speaker 1: letter to twenty automakers after the two thousand thirteen Black 892 00:53:41,960 --> 00:53:46,319 Speaker 1: Hat conference that that are earlier one where uh they 893 00:53:46,440 --> 00:53:50,680 Speaker 1: were demonstrating the ability to hack vehicles by directly hooking 894 00:53:50,719 --> 00:53:56,279 Speaker 1: up computers to the diagnostic system UM and he sent 895 00:53:56,560 --> 00:53:59,960 Speaker 1: these letter to twenty automakers to ask about their secure 896 00:54:00,000 --> 00:54:03,440 Speaker 1: A measures for wireless attacks. Now, all of the automakers 897 00:54:03,480 --> 00:54:07,160 Speaker 1: that responded, and I think sixteen of twenty cent responses 898 00:54:07,680 --> 00:54:10,399 Speaker 1: something like that, But all of the response the ones 899 00:54:10,440 --> 00:54:13,560 Speaker 1: that responded said their vehicles had wireless points of access, 900 00:54:13,800 --> 00:54:16,720 Speaker 1: so at least one wireless point of access that could 901 00:54:16,719 --> 00:54:20,960 Speaker 1: potentially be used to connect to the car, not necessarily 902 00:54:21,000 --> 00:54:25,120 Speaker 1: exploit of vulnerability, but to connect. Seven of the respondents 903 00:54:25,120 --> 00:54:27,480 Speaker 1: said that they used a third party to test their 904 00:54:27,520 --> 00:54:31,160 Speaker 1: systems for security vulnerabilities, so essentially white hat hackers. They 905 00:54:31,160 --> 00:54:35,000 Speaker 1: went outside their own company to hire contractors and say, 906 00:54:35,520 --> 00:54:38,440 Speaker 1: see if you can gain wireless access, remote access to 907 00:54:38,520 --> 00:54:41,680 Speaker 1: these security systems, and if you can or these these 908 00:54:41,880 --> 00:54:44,480 Speaker 1: what are supposed to be secured systems, and if you can, 909 00:54:44,560 --> 00:54:45,960 Speaker 1: let us know how you did it so we can 910 00:54:46,000 --> 00:54:49,560 Speaker 1: address that before we release the vehicle as a production model. 911 00:54:50,480 --> 00:54:55,040 Speaker 1: Very responsible, But only two said that their vehicles had 912 00:54:55,080 --> 00:54:59,040 Speaker 1: countermeasures for hacking attacks on stuff like breaking and steering systems. 913 00:54:59,640 --> 00:55:01,879 Speaker 1: So the story that gets out from this is that 914 00:55:02,000 --> 00:55:06,040 Speaker 1: you know, only a couple of car manufacturers when they 915 00:55:06,040 --> 00:55:10,920 Speaker 1: weren't named, actually have the security measures in place, and 916 00:55:10,960 --> 00:55:15,000 Speaker 1: only seven are using third parties to test their systems. 917 00:55:15,600 --> 00:55:18,400 Speaker 1: The flip side of that argument could be there's no 918 00:55:18,520 --> 00:55:24,319 Speaker 1: demonstrable security issue yet that that would be enough to 919 00:55:24,840 --> 00:55:28,720 Speaker 1: create a concern. However, it is good to be aware 920 00:55:28,760 --> 00:55:31,719 Speaker 1: of it and to perhaps start building in these kind 921 00:55:31,760 --> 00:55:36,040 Speaker 1: of safety features moving forward, knowing that it's not like 922 00:55:36,080 --> 00:55:39,240 Speaker 1: the world's going to get less connected, right we're gonna 923 00:55:39,320 --> 00:55:41,799 Speaker 1: continue to see that trend go, so we need to 924 00:55:41,840 --> 00:55:44,440 Speaker 1: be certain that we're doing so in a responsible way, 925 00:55:44,800 --> 00:55:50,680 Speaker 1: in a safe way. Totally excellent. I'm glad you agree. So, yeah, 926 00:55:50,760 --> 00:55:52,960 Speaker 1: this was this was a fun kind of thing to 927 00:55:53,000 --> 00:55:56,600 Speaker 1: look at. And I mean, ultimately, I would always argue, 928 00:55:57,000 --> 00:56:02,719 Speaker 1: apply critical thinking to the situation. Don't react with your 929 00:56:02,800 --> 00:56:06,160 Speaker 1: initial emotional reaction. I mean, anyone who sees anything like this, 930 00:56:06,280 --> 00:56:09,680 Speaker 1: I'm sure the first emotional reaction is a fear, a 931 00:56:09,719 --> 00:56:13,040 Speaker 1: feeling of unease, if not fear right because I mean, 932 00:56:13,680 --> 00:56:16,920 Speaker 1: when you are behind the wheel of your car, you 933 00:56:16,960 --> 00:56:19,279 Speaker 1: know you want to be in control. You don't get 934 00:56:19,560 --> 00:56:22,160 Speaker 1: the thought of someone else potentially gaining control of the 935 00:56:22,160 --> 00:56:24,520 Speaker 1: situation that you felt you were in control of is 936 00:56:25,200 --> 00:56:29,359 Speaker 1: that's scary. So, I mean it's understandable, but apply critical thinking. 937 00:56:29,440 --> 00:56:32,600 Speaker 1: Know that it is not likely to happen. There are 938 00:56:32,600 --> 00:56:35,480 Speaker 1: other things that are far more likely to happen, and 939 00:56:35,560 --> 00:56:38,560 Speaker 1: as long as you take those precautions against those, you're 940 00:56:38,600 --> 00:56:44,680 Speaker 1: probably okay about these other more remote possibilities. Um And again, 941 00:56:44,719 --> 00:56:47,200 Speaker 1: if you are in a position to make decisions about 942 00:56:47,280 --> 00:56:50,600 Speaker 1: these kind of systems, whether it's you know, from a 943 00:56:50,600 --> 00:56:56,840 Speaker 1: car manufacturer or maybe you do aftermarket stuff then keeping 944 00:56:56,840 --> 00:56:59,200 Speaker 1: that in mind and keeping that as as part of 945 00:56:59,239 --> 00:57:03,680 Speaker 1: your best practices of of testing the security of your systems. 946 00:57:04,160 --> 00:57:07,640 Speaker 1: It's definitely something you should look into. Joe, thank you 947 00:57:07,680 --> 00:57:09,799 Speaker 1: for joining me. Thanks for having me, man, I've been 948 00:57:09,800 --> 00:57:12,520 Speaker 1: wanting to talk about this since I saw the article. Yeah, 949 00:57:12,560 --> 00:57:16,040 Speaker 1: and it was fun to kind of follow up on 950 00:57:16,080 --> 00:57:19,160 Speaker 1: an previous episode that actually, you know, it really did 951 00:57:19,200 --> 00:57:21,800 Speaker 1: warrant this new discussion, and we'll probably end up having 952 00:57:21,800 --> 00:57:27,160 Speaker 1: another follow up once the the August Black Hat conferences over. 953 00:57:27,480 --> 00:57:28,920 Speaker 1: In fact, I think it would be good for me 954 00:57:29,000 --> 00:57:31,720 Speaker 1: to do an episode just kind of following up on 955 00:57:31,760 --> 00:57:34,280 Speaker 1: the stuff that comes out of these things like def 956 00:57:34,280 --> 00:57:37,520 Speaker 1: Con and black Hat, so that folks can know, all right, 957 00:57:38,040 --> 00:57:42,480 Speaker 1: what were the vulnerabilities that were discovered? How bad is it? 958 00:57:42,680 --> 00:57:45,800 Speaker 1: Those are two good questions to answer. So I will 959 00:57:45,840 --> 00:57:48,320 Speaker 1: try to do that this year and and follow up 960 00:57:48,320 --> 00:57:50,600 Speaker 1: on that because I think it'd be really interesting. Uh, 961 00:57:50,600 --> 00:57:52,440 Speaker 1: And I've got buddies who are hackers, so they can 962 00:57:52,440 --> 00:57:54,720 Speaker 1: give me the inside story. Maybe I'll get Snubs to 963 00:57:54,720 --> 00:57:56,640 Speaker 1: come on, Shannon Morris to come on, or or Darren 964 00:57:56,720 --> 00:57:58,840 Speaker 1: Kitchen to come on and talk about it because they're 965 00:57:58,840 --> 00:58:03,800 Speaker 1: both super smart about that stuff, way smarter than I am. Guys, 966 00:58:04,520 --> 00:58:07,080 Speaker 1: I'll listen to that. Yeah, if you'll be fantastic, you know, 967 00:58:07,160 --> 00:58:09,000 Speaker 1: maybe we'll even have a three person show. I mean, 968 00:58:09,040 --> 00:58:11,720 Speaker 1: it's always that we have three microphones in here. There's 969 00:58:11,760 --> 00:58:15,439 Speaker 1: no reason why we can't do that. So, guys, thank 970 00:58:15,480 --> 00:58:18,080 Speaker 1: you so much for listening. You can check out Joe's 971 00:58:18,120 --> 00:58:21,040 Speaker 1: work at other locations. He's one of the hosts and 972 00:58:21,080 --> 00:58:24,720 Speaker 1: writers for Forward Thinking. So we do the Forward Thinking 973 00:58:24,720 --> 00:58:28,280 Speaker 1: podcast twice a week Wednesdays and Fridays, and Joe has 974 00:58:28,320 --> 00:58:31,360 Speaker 1: written for the video series as well, and so you 975 00:58:31,360 --> 00:58:33,320 Speaker 1: can check us out there. Joe, you also write for 976 00:58:33,400 --> 00:58:36,240 Speaker 1: some of the video series and appear occasionally in them. Yeah. 977 00:58:36,240 --> 00:58:39,120 Speaker 1: I write for brain stuff and uh and other house 978 00:58:39,120 --> 00:58:41,680 Speaker 1: stuff Works videos and you can check those out on 979 00:58:41,720 --> 00:58:44,120 Speaker 1: the house stup Works main page on YouTube or at 980 00:58:44,120 --> 00:58:46,840 Speaker 1: the brain Stuff page. Yeah, those are awesome. There are 981 00:58:46,840 --> 00:58:49,840 Speaker 1: a lot of fun. They range all over the map, 982 00:58:49,880 --> 00:58:53,800 Speaker 1: from super cool science two, super scary stuff to really 983 00:58:53,840 --> 00:58:56,960 Speaker 1: just quirky fun facts that you might not have thought about. 984 00:58:57,680 --> 00:58:59,640 Speaker 1: They're always fun to work on, so check those out. 985 00:59:00,040 --> 00:59:02,280 Speaker 1: If you have any suggestions for future guests on the 986 00:59:02,320 --> 00:59:05,480 Speaker 1: show topics. You know, you have questions or comments, You 987 00:59:05,480 --> 00:59:08,840 Speaker 1: have your own insight into things like hacking vehicles, Send 988 00:59:08,880 --> 00:59:11,600 Speaker 1: me a message the email addresses tech stuff at how 989 00:59:11,640 --> 00:59:14,520 Speaker 1: stuff works dot com, or drop me a line on Facebook, 990 00:59:14,560 --> 00:59:17,320 Speaker 1: Twitter or Tumbler to handle it. All three of those 991 00:59:17,440 --> 00:59:20,400 Speaker 1: is tech stuff h s W and I'll talk to 992 00:59:20,480 --> 00:59:28,400 Speaker 1: you again really soon. For more on this and thousands 993 00:59:28,440 --> 00:59:40,160 Speaker 1: of other topics, how stuff works dot com