WEBVTT - Hack That Auto 2.0 0:00:04.240 --> 0:00:12.479 Get in touch with technology with tech Stuff from Hey 0:00:12.520 --> 0:00:15.320 there and welcome to tech Stuff. I'm Jonathan Strickland and 0:00:15.400 --> 0:00:19.279 joined me in the studio today is Joe McCormick. Hey, Joe, 0:00:19.400 --> 0:00:22.400 Hey Jonathan. I'm doing great. How are you? I am 0:00:22.480 --> 0:00:26.720 quite well and Joe very graciously agreed to join me 0:00:26.840 --> 0:00:29.760 on this episode where we're going to update a topic 0:00:29.960 --> 0:00:33.559 that I covered with Ben Boland's back on November ten, 0:00:33.680 --> 0:00:36.760 two thousand and fourteen. The episode came out called Hack 0:00:36.880 --> 0:00:39.400 That Auto. So this is Hacked that Auto two point oh. 0:00:39.600 --> 0:00:41.800 So wait a minute. This was about the technology of 0:00:41.840 --> 0:00:46.159 like hatchets that you used to mutilate and destroy automobiles. No, 0:00:46.560 --> 0:00:50.040 just people named auto. Oh no, like Vondas Mark. That 0:00:50.040 --> 0:00:53.280 sounds horribly violent. It was pretty violent. Ben is a 0:00:53.360 --> 0:00:55.920 Ben is just a ticking time bomb. Wait a minute, 0:00:56.000 --> 0:00:58.920 Hold on a second. I'm remembering that in the world 0:00:58.960 --> 0:01:02.920 of tech mala gea hack means something different than what 0:01:03.000 --> 0:01:05.880 I do to would it? Does it? Does? It generally 0:01:05.959 --> 0:01:10.360 means that you are, you know, hacking together something to 0:01:10.560 --> 0:01:13.679 accomplish a particular goal, and hacking can mean anything, right 0:01:13.720 --> 0:01:18.560 like it doesn't necessarily the connotation we typically assigned to 0:01:18.600 --> 0:01:22.600 it is someone is trying to gain unauthorized access to something, 0:01:23.080 --> 0:01:27.520 which really is a subset of hacking exactly. Hacking really 0:01:27.560 --> 0:01:30.399 could mean that you are building stuff, like you could 0:01:30.440 --> 0:01:34.039 be a maker. You're trying to create a device that 0:01:34.120 --> 0:01:36.440 does a very specific thing, and it maybe to do 0:01:36.480 --> 0:01:38.800 it in a way that no one has done before. 0:01:38.920 --> 0:01:42.520 It maybe to increase efficiency, efficiency, maybe the furthest thing 0:01:42.520 --> 0:01:44.919 from your mind. It might just be to do something creatively. 0:01:45.319 --> 0:01:47.760 And in that previous episode of Hack that Auto, Ben 0:01:47.760 --> 0:01:50.600 and I covered lots of ways where you could use 0:01:51.000 --> 0:01:54.600 technology to alter a vehicle in order to make it 0:01:54.680 --> 0:01:57.440 do something that it was either not intended to do 0:01:57.960 --> 0:02:01.080 or that had been limitation that have been placed upon 0:02:01.080 --> 0:02:03.640 it at the manufacturing stage. WHOA, WHOA. So you mean 0:02:03.720 --> 0:02:06.480 like you could overclock your car the same way you 0:02:06.520 --> 0:02:09.160 can overclock your CPU. Well, maybe not the same way, 0:02:09.200 --> 0:02:12.200 but getting a very similar response, because there are governors 0:02:12.200 --> 0:02:15.400 and speed limitters on vehicles right where it is set 0:02:16.000 --> 0:02:19.040 so that the engine might be capable of producing enough 0:02:19.080 --> 0:02:23.480 power to get you to a speed above the quote 0:02:23.520 --> 0:02:26.600 unquote top speed of your vehicle, but there are are 0:02:26.639 --> 0:02:30.280 elements inside the vehicle that limit those speeds. Like you 0:02:30.360 --> 0:02:34.200 can't go beyond them because they essentially cut the power, 0:02:34.280 --> 0:02:35.760 so you're not going to be able to get more 0:02:35.800 --> 0:02:38.919 out of it. But if you hack your vehicle, you could, 0:02:39.000 --> 0:02:44.120 in theory, remove said limitations at your own peril and 0:02:44.440 --> 0:02:48.480 be able to go faster than what the vehicle's manufacturer 0:02:48.520 --> 0:02:51.080 had intended, you know, at the risk of sounding like 0:02:51.120 --> 0:02:53.720 a gullible sheep, I bet those limitations are there for 0:02:53.760 --> 0:02:57.000 a decent reason. They tend to be. Yeah, like, I 0:02:57.000 --> 0:03:00.080 could probably damage your vehicle or do something unsafe if 0:03:00.080 --> 0:03:01.880 you exceed them. I don't know if you have you 0:03:01.919 --> 0:03:04.400 ever been in a car where it reached a certain 0:03:04.440 --> 0:03:06.600 speed and the car was beginning to feel like it 0:03:06.680 --> 0:03:10.680 was not enjoying that experience. Yeah, the first car I had, 0:03:10.760 --> 0:03:12.600 if you got up to about fifty five or so, 0:03:12.680 --> 0:03:15.480 it felt like it was about to come apart. Yeah. Yeah. 0:03:15.600 --> 0:03:18.280 And there are some cars where, even right off the lot, 0:03:18.320 --> 0:03:21.120 if you are pushing it at towards the top speed, 0:03:21.560 --> 0:03:24.160 you start to feel like, yeah, this vehicle is not 0:03:24.240 --> 0:03:26.720 really meant to maintain this for any length of time. 0:03:27.120 --> 0:03:29.360 But there are people who want to have that full 0:03:29.400 --> 0:03:31.960 control of their vehicle and they want to be able 0:03:32.000 --> 0:03:34.840 to do things with their vehicle that perhaps the manufacturer 0:03:34.840 --> 0:03:38.880 had put limitations on, and they will hack their their cars. 0:03:38.920 --> 0:03:42.480 And this is made possible by well a couple of things. 0:03:42.480 --> 0:03:44.760 If you have a car that's more than twenty years old, 0:03:45.240 --> 0:03:49.600 then you might be able to mechanically alter that vehicle, right. 0:03:50.000 --> 0:03:53.280 But as vehicles have become more and more complex, more 0:03:53.280 --> 0:03:58.200 and more of those uh, those those systems have become computerized, 0:03:59.000 --> 0:04:02.880 and it's falling into what some people call the black 0:04:02.960 --> 0:04:05.800 box problem, which is where you have a system that 0:04:05.920 --> 0:04:08.360 is essentially contained within a black box and it is 0:04:08.480 --> 0:04:12.360 very difficult, if not impossible, to get access inside that 0:04:12.400 --> 0:04:16.680 black box. You can alter what happens once this is 0:04:16.760 --> 0:04:18.960 what what whatever the output is of that system, you 0:04:19.000 --> 0:04:22.960 can alter that, and you can alter the arrangement of 0:04:23.120 --> 0:04:25.760 various black box systems. But if you don't have that 0:04:25.800 --> 0:04:30.279 special diagnostic computer right or any other means of tapping 0:04:30.320 --> 0:04:33.560 into it, then you're kind of stuck. And and the 0:04:33.680 --> 0:04:36.200 argument is that the technology is reaching a level of 0:04:36.240 --> 0:04:42.120 complexity where the tinker is becoming more and more rarefied, 0:04:42.240 --> 0:04:45.200 Like it's it's harder to be a tinker in that 0:04:45.240 --> 0:04:48.320 world because things are getting so specialized and so advanced 0:04:48.680 --> 0:04:51.599 that it requires a good deal of specialization just to 0:04:51.680 --> 0:04:54.960 alter one thing, let alone all the other related systems. 0:04:55.080 --> 0:04:57.279 I feel like we talked about this in an early 0:04:57.360 --> 0:05:00.719 episode of the Forward Thinking podcast. This is very familiar. 0:05:00.760 --> 0:05:03.320 But okay, so that's how you hack your own vehicle 0:05:03.440 --> 0:05:08.119 to improve or maybe not improve but change it. Sure, 0:05:08.760 --> 0:05:11.400 but what about the more, you know, the more popular 0:05:11.480 --> 0:05:14.960 sense of hacking these days, where you're talking about violating 0:05:15.000 --> 0:05:19.279 a supposedly secure system making it work for you. So 0:05:19.880 --> 0:05:23.560 Ben and I talked about this as well, and overwhelmingly 0:05:24.520 --> 0:05:28.799 the most prevalent version of that kind of hacking required 0:05:28.839 --> 0:05:32.000 physical access to the vehicle and that you would have 0:05:32.080 --> 0:05:34.800 a laptop that you would plug in with a an 0:05:34.839 --> 0:05:39.760 adapter to your your cars computer system, and with that 0:05:39.839 --> 0:05:43.520 laptop you could alter things with the vehicle. In fact, 0:05:43.560 --> 0:05:45.240 you could even set it up so that you could 0:05:45.240 --> 0:05:49.000 have remote control of the vehicle through the laptop that's 0:05:49.000 --> 0:05:52.120 still physically attached to the car. Oh wow, I wouldn't 0:05:52.240 --> 0:05:54.440 I wouldn't really expect that with I mean, I could 0:05:54.480 --> 0:05:57.479 see how that could be coming with autonomous cars. But 0:05:57.520 --> 0:06:00.880 I'm so you could control like gas and brake and steering. 0:06:01.200 --> 0:06:04.360 You could certainly control things like brakes and steering. Uh, 0:06:04.400 --> 0:06:08.440 not necessarily acceleration, although you could do that too, I assume, 0:06:08.520 --> 0:06:12.640 but you could certainly alter things like you could you 0:06:12.680 --> 0:06:15.760 could make the brakes stop working, and in fact, there 0:06:15.800 --> 0:06:18.400 have been demonstrations where people have done that, where it 0:06:18.520 --> 0:06:21.520 was done in a safe way, but to show that, 0:06:21.680 --> 0:06:24.720 like the anti lock brake system would be disconnected so 0:06:24.760 --> 0:06:27.840 that hitting the brake would do nothing and the car 0:06:27.880 --> 0:06:29.920 would continue on as if you hadn't hit the brake 0:06:29.960 --> 0:06:32.560 at all. Just kind of terrifying to think about. But 0:06:33.080 --> 0:06:36.600 there was a laptop computer sitting right there, plugged into 0:06:36.720 --> 0:06:40.240 the dashboard. It was just that the commands. Like, think 0:06:40.279 --> 0:06:41.960 of it this way, it's the same thing as if 0:06:41.960 --> 0:06:44.960 someone were sitting in the passenger seat sending the commands 0:06:45.000 --> 0:06:48.039 from the laptop directly to your car's computer. Only you 0:06:48.080 --> 0:06:50.239 have removed the need for a person to be sitting 0:06:50.279 --> 0:06:52.799 there because you have a remote system sitting the commands 0:06:52.800 --> 0:06:55.000 to the laptop, which then send the commands to the 0:06:55.000 --> 0:06:57.640 car computer. Well, if you're gonna do that, you might 0:06:57.640 --> 0:06:59.880 as well just say, well, somebody sitting in the passenger 0:07:00.080 --> 0:07:02.440 he could reach over and grab the steering wheel, right, 0:07:02.440 --> 0:07:04.080 and that was the point, right, That was the point 0:07:04.120 --> 0:07:06.040 that allot of the car manufacturers were making, that a 0:07:06.080 --> 0:07:10.120 lot of security experts were making. They said, these examples 0:07:10.280 --> 0:07:14.280 require somebody to have physical access to your vehicle in 0:07:14.400 --> 0:07:18.119 order for them to make these alterations, and therefore it's 0:07:18.280 --> 0:07:21.880 not necessarily something to go out and panic over. Yeah, 0:07:21.880 --> 0:07:24.800 so that doesn't really bother me. What would really bother me? 0:07:24.880 --> 0:07:27.080 And and a quick digression, I think you and I 0:07:27.120 --> 0:07:30.560 are both on the record as being pretty pro autonomous vehicle. 0:07:31.120 --> 0:07:35.160 I am it would be harder for me to be 0:07:35.240 --> 0:07:38.920 more pro autonomous vehicle. I am also very pro autonomous 0:07:39.000 --> 0:07:42.520 vehicle despite all these concerns. And one of these concerns 0:07:42.640 --> 0:07:46.760 is what if somebody could wirelessly hack an autonomous vehicle? 0:07:46.840 --> 0:07:49.840 And that seems like, I mean, hopefully the industry will 0:07:49.840 --> 0:07:52.720 take all the proper steps to prevent that from happening. 0:07:52.840 --> 0:07:56.720 But autonomous vehicles do need to be able to communicate 0:07:56.760 --> 0:08:00.520 with each other, so it seems like they may possibly 0:08:00.560 --> 0:08:05.360 have some wireless based vulnerabilities. And there are cars out 0:08:05.400 --> 0:08:09.680 there right now that have wireless vulnerabilities, and we'll talk 0:08:09.720 --> 0:08:13.040 more about specifics in a little bit. So you are 0:08:13.080 --> 0:08:16.280 absolutely right that autonomous cars will have these because we 0:08:16.360 --> 0:08:20.040 have cars right now that have these these wireless vulnerabilities 0:08:20.080 --> 0:08:24.000 from from various systems. Uh, there have been examples of 0:08:24.040 --> 0:08:28.440 people using the entertainment systems within certain cars to hack 0:08:28.560 --> 0:08:32.000 into the rest of the vehicle. Now, you would think 0:08:32.040 --> 0:08:36.600 that these should be networks within a car that are 0:08:36.600 --> 0:08:39.560 completely separate, that don't have anything to do with one another, 0:08:40.360 --> 0:08:44.520 But there are times where, either because the design is 0:08:44.559 --> 0:08:48.800 simpler or because of well intentioned reasons, the they are 0:08:48.880 --> 0:08:52.200 coupled more closely. Like imagine that you have an entertainment 0:08:52.200 --> 0:08:55.080 system that is wired in such a way where the 0:08:55.200 --> 0:08:59.720 volume of the system will automatically adjust based upon your 0:08:59.720 --> 0:09:03.800 ex leuration. So if you accelerate more, the volume goes 0:09:03.880 --> 0:09:05.959 up because it figures, hey, now it's going to be 0:09:06.000 --> 0:09:08.440 a noisier environment, so I need to balance out by 0:09:08.480 --> 0:09:10.959 becoming louder so that the person can continue to have 0:09:11.080 --> 0:09:14.600 the same experience listening to whatever they're listening to, whether 0:09:14.640 --> 0:09:17.880 they're going slowly or quickly. Well, that means that there 0:09:17.920 --> 0:09:20.959 needs to be some data coming from the drive system 0:09:21.120 --> 0:09:22.760 of the vehicle, and it may just be data and 0:09:22.760 --> 0:09:24.880 it may just flow one way, which would be the 0:09:24.920 --> 0:09:28.320 best way to implement that, but it may mean that 0:09:28.360 --> 0:09:31.160 these systems are more connected than you had first imagined, 0:09:31.640 --> 0:09:36.840 So as we get into more WiFi based entertainment systems, 0:09:37.320 --> 0:09:41.320 that is a potential point of vulnerability for vehicles. Yeah, 0:09:41.320 --> 0:09:43.400 and a thing that just occurs to me is that 0:09:43.520 --> 0:09:48.000 hopefully anybody who made these would sort of have entertainment 0:09:48.040 --> 0:09:51.319 systems running on what's essentially a different computer than the 0:09:51.400 --> 0:09:54.760 computer that controls the engine. Otherwise it seems like it 0:09:54.800 --> 0:09:57.680 could be vulnerable to the kind of buffer overflow attack 0:09:57.840 --> 0:10:01.080 or something where you h you have some kind of 0:10:01.240 --> 0:10:03.800 like you max out the memory on something and then 0:10:03.840 --> 0:10:06.760 you start and then once you've maxed out that area, 0:10:06.800 --> 0:10:09.439 it overflows into a place where you can just execute 0:10:09.440 --> 0:10:12.280 some code. Right. Yeah, that's a good example. I mean 0:10:12.320 --> 0:10:14.640 that that's certainly something that that needs to be thought 0:10:14.640 --> 0:10:17.920 about when designing these systems. And to make this more complicated, 0:10:18.400 --> 0:10:20.680 we have things like, you know, the wireless entry systems, 0:10:20.800 --> 0:10:24.880 which can be spoofed, although it's not easy to do so. 0:10:24.880 --> 0:10:27.160 So wireless obviously that's when you've got you know, your 0:10:27.160 --> 0:10:28.920 little key fob and you push a button and it 0:10:29.000 --> 0:10:32.359 unlocks the door so you can get into your car. Uh. 0:10:32.640 --> 0:10:37.199 Those work on little radio signals, and it is possible 0:10:37.440 --> 0:10:42.960 to broadcast radio signals at a car and activate it's 0:10:43.360 --> 0:10:46.640 unlocking mechanism. It's not easy, and the reason it's not 0:10:46.720 --> 0:10:50.239 easy is that you need to know generally what frequency 0:10:50.520 --> 0:10:54.160 this thing is broadcasting over, so it may require you 0:10:54.200 --> 0:10:56.320 to be in the presence of the key fob being 0:10:56.440 --> 0:10:58.960 used in order to pick up on this frequency. You 0:10:59.000 --> 0:11:01.720 really need to know probably the beginning of the code, 0:11:01.760 --> 0:11:05.920 which again you can sometimes glean by listening in essentially 0:11:06.000 --> 0:11:09.400 on that key fob um and then you have to 0:11:10.520 --> 0:11:13.280 brute force attack because the way key fobs work is 0:11:13.280 --> 0:11:15.880 it works with a rolling algorithm, so every time you 0:11:15.960 --> 0:11:20.000 press that button, it changes the code, so the cook 0:11:20.080 --> 0:11:22.720 but it's changed based upon an algorithm, so it's based 0:11:22.760 --> 0:11:26.400 upon specific rules. It's not random because if it were random, 0:11:26.520 --> 0:11:28.920 no car would ever know when it's key is being used, 0:11:29.000 --> 0:11:32.000 right but it But that means that if you are 0:11:32.120 --> 0:11:34.800 using a remote attack to try and get access to 0:11:34.840 --> 0:11:36.760 a vehicle, then you have to do a brute force 0:11:36.800 --> 0:11:40.640 so this can take minutes up to hours, depending upon 0:11:41.480 --> 0:11:45.560 uh the system and depending upon your luck based upon 0:11:45.600 --> 0:11:49.480 where you're starting from the code. And also it means 0:11:49.520 --> 0:11:52.760 that if you have a keyless entry and you go 0:11:52.840 --> 0:11:55.200 to your car and you try and use it and 0:11:55.280 --> 0:11:58.480 someone has remotely accessed your vehicle. One of the only 0:11:58.520 --> 0:12:00.560 ways you might be able to tell, assuming that your 0:12:00.640 --> 0:12:03.720 vehicle is still there, is that is that it takes 0:12:03.720 --> 0:12:06.400 a couple of presses before anything works, because it will 0:12:06.400 --> 0:12:08.800 take a while for the the code on your key 0:12:08.840 --> 0:12:12.480 fob to match up with the code that's in the car. So, 0:12:12.679 --> 0:12:14.199 in other words, if you press it and you're like, oh, 0:12:14.280 --> 0:12:16.160 nothing's happening, and you press a couple more times, then 0:12:16.200 --> 0:12:19.720 it it'll synchronize up again and then you can have access. Uh. 0:12:19.760 --> 0:12:23.040 This is something that has been done already. Security experts 0:12:23.080 --> 0:12:26.560 have shown. There's one in particular who used his own 0:12:26.760 --> 0:12:31.240 vehicle to demonstrate that you could gain access. But it 0:12:31.240 --> 0:12:34.400 could take hours and it takes a huge amount of effort, 0:12:34.760 --> 0:12:37.600 So it's not something that is is probably easier to 0:12:37.600 --> 0:12:39.480 just get a brick and bash the window. Yeah, it's 0:12:39.480 --> 0:12:41.920 definitely not likely to happen, right, I get like the 0:12:41.960 --> 0:12:45.240 likelihood of it happening is incredibly low because there are 0:12:45.320 --> 0:12:48.000 other ways of getting access to a vehicle that require 0:12:48.120 --> 0:12:51.800 far less work and far less access to set vehicle. 0:12:51.880 --> 0:12:56.400 For a given length of time. Um, there are other 0:12:56.440 --> 0:13:00.480 examples of someone having a remote control of a vehicle, 0:13:00.960 --> 0:13:04.160 but it was it was by exploiting a system that 0:13:04.240 --> 0:13:08.880 was intended to have this remote shutdown feature. So you 0:13:09.240 --> 0:13:12.559 you know that a lot of vehicles have this ability 0:13:12.679 --> 0:13:17.200 for for a an entity to either remotely shut down 0:13:17.200 --> 0:13:20.000 the engine or do things like hawk the horn, right, yeah, 0:13:20.040 --> 0:13:22.560 I think, Uh, well, I know one scenario in which 0:13:22.600 --> 0:13:26.880 this occurs would be like, so let's say you take 0:13:26.920 --> 0:13:30.320 out a loan on a car and the person who 0:13:30.400 --> 0:13:32.959 sells you the car is not very confident that you 0:13:32.960 --> 0:13:36.440 will pay back that loan. They can put equipment on 0:13:36.480 --> 0:13:39.400 the car that prevents it from starting up, right, so 0:13:39.440 --> 0:13:42.240 they can say, this person isn't paying on their financing, 0:13:42.480 --> 0:13:45.040 we need to shut down the car's ability to run. Yeah, 0:13:45.080 --> 0:13:47.800 it's essentially a remote kill switch and your car will 0:13:47.840 --> 0:13:51.320 not start at that point. And uh, yeah, it could 0:13:51.320 --> 0:13:53.400 be hopefully they wouldn't be able to turn off the 0:13:53.440 --> 0:13:57.640 engine while you're driving. No, I don't think that's that's 0:13:57.840 --> 0:14:00.559 a possibility, but they could certainly do it, you know, 0:14:00.760 --> 0:14:02.680 so that the next time you try to start up 0:14:02.679 --> 0:14:05.560 your car it doesn't work. And uh, it can be 0:14:05.640 --> 0:14:08.120 used in that case where someone's not keeping up with 0:14:08.160 --> 0:14:09.760 their payments. It can also be used in the case 0:14:09.760 --> 0:14:12.200 of a stolen car. So if your car stolen, you 0:14:12.200 --> 0:14:14.880 report it to the police, you work with the dealership, 0:14:14.920 --> 0:14:18.040 you explain, hey, my vehicle was stolen. They can actually 0:14:18.120 --> 0:14:21.080 activate this remote kill switch so that the criminals who 0:14:21.120 --> 0:14:22.960 have possession of your car are no longer able to 0:14:23.040 --> 0:14:26.280 drive it, and then the police can hopefully locate your 0:14:26.360 --> 0:14:29.400 vehicle and you get it back. Uh Right. So there 0:14:29.440 --> 0:14:32.280 are legitimate reasons why you would want that technology install 0:14:32.400 --> 0:14:35.360 on your vehicle. However, there was at least one case 0:14:35.480 --> 0:14:40.880 where a person who had access to said system, uh, 0:14:41.040 --> 0:14:47.360 accessed it for personal reasons and out of vindictiveness, was 0:14:47.560 --> 0:14:51.720 essentially harassing somebody using the system to mess with their vehicle. 0:14:52.160 --> 0:14:56.160 So if you look at a discussions about car hacking, 0:14:56.360 --> 0:14:59.600 and they always say, like, what are the examples of 0:14:59.680 --> 0:15:02.120 Mali Shiss car hacking, they said, well, outside of research 0:15:02.120 --> 0:15:05.640 and development, where where security researchers are trying their best 0:15:05.800 --> 0:15:09.560 to do this to to see if it's viable, there's 0:15:09.600 --> 0:15:12.360 only one example of it ever actually happening, and in 0:15:12.400 --> 0:15:15.520 that case, it wasn't hacking in the sense of someone 0:15:15.560 --> 0:15:17.320 setting down at their computer and trying to get access 0:15:17.320 --> 0:15:20.880 to a vehicle, someone exploiting an existing system that was 0:15:20.920 --> 0:15:26.200 already attached to that vehicle. But that being said, with 0:15:26.280 --> 0:15:32.080 all those caveats laid out, the issue of wireless hacking 0:15:32.240 --> 0:15:35.920 a vehicle, of remotely accessing a vehicle is by no 0:15:36.040 --> 0:15:41.440 means a dead issue. It is something that is continuously 0:15:41.560 --> 0:15:44.800 brought up, and as of the time that we're recording 0:15:44.800 --> 0:15:50.640 this podcast, which is in May of twenty, there's increasing 0:15:50.760 --> 0:15:54.280 interest in this because of a pair of researchers and 0:15:54.440 --> 0:15:56.960 what they claim they are able to do and what 0:15:57.040 --> 0:16:01.840 they will show off at the black At Conference in August. 0:16:02.600 --> 0:16:05.640 What is that? Well, first I should explain what the 0:16:05.640 --> 0:16:09.280 black Hat Conference is, So it's a um it's essentially 0:16:09.440 --> 0:16:13.760 it's a hacker convention. It's all about discussing security vulnerabilities 0:16:14.240 --> 0:16:19.440 and uh, the ways to exploit them. Now, in hacker circles, 0:16:19.600 --> 0:16:22.040 you have white hats and black hats, and sometimes you 0:16:22.040 --> 0:16:25.480 can argue gray hats. White hat hackers are people who 0:16:25.720 --> 0:16:29.080 are looking for security vulnerabilities with the intent to have 0:16:29.120 --> 0:16:33.680 those security vulnerabilities patched so that they are no longer vulnerable. 0:16:34.360 --> 0:16:38.560 Black hat hackers UH tend to be the folks who 0:16:38.600 --> 0:16:42.120 find security vulnerabilities in order to exploit them, whether that 0:16:42.240 --> 0:16:44.560 is to exploit them directly or to exploit them by 0:16:44.600 --> 0:16:48.880 selling that information to other interested parties. And whether they're 0:16:48.880 --> 0:16:51.560 doing it for cash or for leverage over somebody, or 0:16:51.640 --> 0:16:54.280 just for fun, Yeah, just to build their own reputation, 0:16:54.480 --> 0:16:56.960 as opposed to, you know, a genuine desire to help 0:16:57.000 --> 0:16:59.600 other folks. So even though it's called the black Hat Conference, 0:16:59.600 --> 0:17:01.560 it doesn't necessarily mean that these are all people who 0:17:01.560 --> 0:17:03.800 are gathering around trying to figure out how to control 0:17:03.840 --> 0:17:06.840 the world through their laptops. Often its actual discussions about 0:17:07.560 --> 0:17:10.399 these are serious concerns that we need to address in 0:17:10.520 --> 0:17:14.560 order to make sure that they don't become huge problems 0:17:14.680 --> 0:17:18.960 go beyond concern to an enormous problem. So the the 0:17:19.000 --> 0:17:22.239 researchers were talking about, actually, I think Ben and I 0:17:22.320 --> 0:17:26.920 mentioned them to Charlie Miller and Chris valisek Uh, their 0:17:27.000 --> 0:17:32.119 two security experts who had talked about hacking cars previously. 0:17:32.240 --> 0:17:35.720 They had UH shown in two thousand thirteen and two 0:17:35.720 --> 0:17:39.959 thousand and fourteen various ways to hack vehicles. UH, and 0:17:40.040 --> 0:17:43.400 now they are talking that. In the two thousand fifteen 0:17:43.400 --> 0:17:47.879 conference in August, they will reveal a way of remotely 0:17:48.040 --> 0:17:51.040 gaining access to a vehicle. It does not require you 0:17:51.200 --> 0:17:54.600 to plug a laptop into a computer. They say that 0:17:54.920 --> 0:17:57.920 you could do this with an unmodified vehicle as soon 0:17:57.960 --> 0:18:04.080 as it rolls off the dealership. Scary, very scary. Um, 0:18:04.160 --> 0:18:07.199 that's an excellent question. I think that I'm sure that 0:18:07.240 --> 0:18:12.360 they have something. The extent of that. Yeah, no, no, no, 0:18:12.640 --> 0:18:16.480 the extent of what they have I do not know now. Previously, 0:18:16.520 --> 0:18:19.560 they have published lists of vehicles that they have looked 0:18:19.560 --> 0:18:25.480 at that they say represent, you know, the most hackable 0:18:25.840 --> 0:18:27.960 kind of vehicles, and the very top of the list, 0:18:27.960 --> 0:18:32.719 where the Jeep Cherokee was number one. That's the most table, 0:18:32.920 --> 0:18:38.640 most tackable, most tackical. But they had identified three different 0:18:38.640 --> 0:18:44.720 criteria for hackability, including things like are the systems interconnected 0:18:44.760 --> 0:18:47.480 with one with one another? How many wireless points of 0:18:47.720 --> 0:18:52.440 entry are are potentially there? That sort of stuff, and 0:18:52.720 --> 0:18:55.520 out of the various criteria, the Jeep Cherokee had the 0:18:55.560 --> 0:18:59.040 most of them, the most examples. Uh. The Infinity Q 0:18:59.280 --> 0:19:03.400 fifty was also up there in the catalacic esconade as 0:19:03.480 --> 0:19:08.439 a as the the SNL Southern character would say was 0:19:08.760 --> 0:19:12.960 also up there, and uh, when we're talking about wireless 0:19:13.000 --> 0:19:17.560 points of vulnerability, really you're talking about any system that 0:19:17.720 --> 0:19:23.639 has that wireless communication capability. So one example, which is 0:19:23.760 --> 0:19:27.840 perfectly innocent in of itself is the tire monitoring system, 0:19:27.920 --> 0:19:30.320 the tire pressure monitoring system. So if you have a 0:19:30.400 --> 0:19:33.320 vehicle that has this, then like you get in your car, 0:19:33.440 --> 0:19:35.520 you turn your you know, you put the key in 0:19:35.520 --> 0:19:38.560 the ignition you or if it's key less ignition, you 0:19:38.600 --> 0:19:41.199 turn on your car, however that may be. And there 0:19:41.240 --> 0:19:44.200 might be an indicator on your dashboard that tells you, 0:19:44.200 --> 0:19:47.159 you know, if your tires are overinflated, underinflated, what the 0:19:47.359 --> 0:19:50.159 you know, how the pressure is? Uh, which is kind 0:19:50.160 --> 0:19:52.320 of cool. You're like, oh, awesome, I don't need to 0:19:52.359 --> 0:19:54.679 get out of my vehicle, you know, pull over to 0:19:54.680 --> 0:19:57.800 a gas station or whatever and get the air pressure 0:19:57.840 --> 0:20:01.520 gauge out and see how it's doing. It's telling right here, um, 0:20:01.560 --> 0:20:04.840 which is useful. But it's doing so with wireless sensors 0:20:04.880 --> 0:20:09.280 that communicate back to the the computer system that is 0:20:09.400 --> 0:20:12.000 governing all the other systems in the car. Yeah. I 0:20:12.040 --> 0:20:16.520 can see why you wouldn't want wires going to the tires. Yeah, yeah, no, 0:20:16.600 --> 0:20:20.960 it would it would be problematic. Right, So the the 0:20:21.119 --> 0:20:24.119 wireless system is likely communicating with the what's called the 0:20:24.119 --> 0:20:29.360 controller area network bus or can bus, which is kind 0:20:29.400 --> 0:20:32.480 of like the traffic controller of all the different systems 0:20:32.480 --> 0:20:36.240 that feed information into the cars computer, the master control program. 0:20:37.280 --> 0:20:39.680 If not the master control program, it's got to be 0:20:39.800 --> 0:20:47.400 like the master control programs Uh executive assistant, Right, yeah, yeah, 0:20:47.680 --> 0:20:50.480 it's a it's good old David Uh not Yeah Stark 0:20:50.760 --> 0:20:53.560 controlling this. So yeah, exactly, it's it's this this traffic 0:20:53.560 --> 0:20:57.159 controller that sends the information to the computer. Well, you know, 0:20:57.440 --> 0:21:00.560 that's a potential point of vulnerability. And there have been 0:21:00.600 --> 0:21:05.200 examples of being able to track a vehicle based upon 0:21:05.359 --> 0:21:12.640 tracking the unique monitoring frequency for that that tire pressure system. 0:21:12.680 --> 0:21:15.960 So you could potentially track where a vehicle has gone 0:21:16.160 --> 0:21:23.280 by keeping note of this particular this particular wireless communication system, 0:21:23.320 --> 0:21:26.760 if you could, can you get access to more critical 0:21:27.280 --> 0:21:31.520 systems like breaking or steering through that? That remains to 0:21:31.560 --> 0:21:36.800 be seen. So Miller and Uh and Valask have said 0:21:37.560 --> 0:21:43.760 that they have found some interesting stuff through their experiments. Um, 0:21:43.800 --> 0:21:47.000 they haven't had this discussion, so we can't say exactly 0:21:47.040 --> 0:21:49.600 what they revealed. But they have said that uh, or 0:21:49.640 --> 0:21:53.400 at least the black Hat website says that the presentation 0:21:53.480 --> 0:21:57.080 will include starting with remote exploitation, we will show how 0:21:57.119 --> 0:22:00.800 to pivot through different pieces of the v vehicles hardware 0:22:00.840 --> 0:22:03.040 in order to be able to send messages on the 0:22:03.160 --> 0:22:08.200 can bus to critical electronic control units e c us. 0:22:08.720 --> 0:22:12.120 We will conclude by showing several can messages that affect 0:22:12.119 --> 0:22:16.360 physical systems of the vehicle. So that that's pretty vague, right. 0:22:16.520 --> 0:22:20.680 It doesn't specifically say that it could do something like 0:22:21.800 --> 0:22:24.920 break the car as it b R A K E 0:22:25.119 --> 0:22:28.680 the car like apply the brakes. Doesn't say that, uh, 0:22:28.800 --> 0:22:33.240 you know, explicitly, so maybe their methodology will be limited. 0:22:33.880 --> 0:22:36.440 And in fact, they say that they plan on showing 0:22:37.080 --> 0:22:41.359 both the reality and the limitations of remote hacking on vehicles. 0:22:41.960 --> 0:22:46.440 So a lot of security experts have said, listen, this 0:22:46.520 --> 0:22:49.520 is something to be concerned about, yes, but not something 0:22:49.520 --> 0:22:53.439 to panic over because one, they have not indicated how 0:22:53.480 --> 0:22:57.840 extensive these these messages can go, like what what the 0:22:57.880 --> 0:23:01.320 effects can be. Two, they haven't discussed their methodology of 0:23:01.400 --> 0:23:04.480 coming up with the ability, the way of doing it, 0:23:04.680 --> 0:23:07.600 or if whether or not they plan on sharing in 0:23:07.720 --> 0:23:12.400 detail how it's done. And three, it may require so 0:23:12.520 --> 0:23:17.240 much effort to do this that, just like the keyless entry, 0:23:17.359 --> 0:23:19.760 no one would ever bother to do it, because they 0:23:19.800 --> 0:23:22.680 are easier ways to sabotage a vehicle than going through 0:23:22.680 --> 0:23:27.879 these processes. But showing that it's possible means that further, 0:23:28.160 --> 0:23:32.959 like the future generations of vehicles could be built and 0:23:33.040 --> 0:23:37.439