All your devices can be hacked - Avi Rubin
[Music]
[Music]
[Music]
[Applause]
[Applause]
[Applause]
I'm<00:00:16.600> a<00:00:17.119> computer<00:00:17.520> science<00:00:18.000> professor<00:00:19.000> and<00:00:19.240> my
I'm a computer science professor and my
I'm a computer science professor and my
area<00:00:19.640> of<00:00:19.840> expertise<00:00:20.680> is<00:00:21.320> computer<00:00:21.640> and
area of expertise is computer and
area of expertise is computer and
information
information
information
security<00:00:24.000> when<00:00:24.080> I<00:00:24.160> was<00:00:24.279> in<00:00:24.480> graduate<00:00:24.960> school<00:00:25.800> I
security when I was in graduate school I
security when I was in graduate school I
had<00:00:26.080> the<00:00:26.240> opportunity<00:00:26.920> to<00:00:27.119> overhear<00:00:27.679> my
had the opportunity to overhear my
had the opportunity to overhear my
grandmother<00:00:29.000> uh<00:00:29.160> describing<00:00:29.599> to<00:00:29.759> one<00:00:30.080> of<00:00:30.240> her
grandmother uh describing to one of her
grandmother uh describing to one of her
uh<00:00:30.960> fellow<00:00:31.279> senior<00:00:31.800> citizens<00:00:32.800> uh<00:00:32.920> what<00:00:33.040> I<00:00:33.160> did
uh fellow senior citizens uh what I did
uh fellow senior citizens uh what I did
for<00:00:33.440> a
for a
for a
living
living
living
apparently<00:00:37.120> I<00:00:37.200> was<00:00:37.360> in<00:00:37.520> charge<00:00:37.800> of<00:00:38.000> making
apparently I was in charge of making
apparently I was in charge of making
sure<00:00:38.399> that<00:00:38.520> no<00:00:38.640> one<00:00:38.760> stole<00:00:39.040> the<00:00:39.160> computers
sure that no one stole the computers
sure that no one stole the computers
from<00:00:39.719> the
from the
from the
University<00:00:42.399> and<00:00:42.680> you<00:00:42.800> know<00:00:43.360> that's<00:00:43.520> a
University and you know that's a
University and you know that's a
perfectly<00:00:44.239> reasonable<00:00:44.840> thing<00:00:45.120> for<00:00:45.320> her<00:00:45.480> to
perfectly reasonable thing for her to
perfectly reasonable thing for her to
think<00:00:46.039> because<00:00:46.239> I<00:00:46.320> told<00:00:46.520> her<00:00:46.680> I<00:00:46.760> was<00:00:46.879> working
think because I told her I was working
think because I told her I was working
in<00:00:47.239> computer<00:00:47.760> security<00:00:48.760> and<00:00:48.960> it<00:00:49.039> was
in computer security and it was
in computer security and it was
interesting<00:00:49.600> to<00:00:49.760> get<00:00:49.879> her
interesting to get her
interesting to get her
perspective<00:00:52.199> but<00:00:52.879> that's<00:00:53.120> not<00:00:53.280> the<00:00:53.399> most
perspective but that's not the most
perspective but that's not the most
ridiculous<00:00:54.239> thing<00:00:54.399> I've<00:00:54.520> ever<00:00:54.680> heard<00:00:54.879> anyone
ridiculous thing I've ever heard anyone
ridiculous thing I've ever heard anyone
say<00:00:55.440> about<00:00:55.640> my<00:00:55.920> work<00:00:56.920> the<00:00:57.039> most<00:00:57.280> ridiculous
say about my work the most ridiculous
say about my work the most ridiculous
thing<00:00:57.920> I<00:00:58.079> ever<00:00:58.280> heard<00:00:58.840> is<00:00:59.000> I<00:00:59.079> was<00:00:59.199> at<00:00:59.280> a<00:00:59.359> dinner
thing I ever heard is I was at a dinner
thing I ever heard is I was at a dinner
party
party
party
and<00:01:01.519> a<00:01:01.640> woman<00:01:01.960> heard<00:01:02.239> that<00:01:02.359> I<00:01:02.440> work<00:01:02.640> in
and a woman heard that I work in
and a woman heard that I work in
computer<00:01:03.199> security<00:01:04.119> and<00:01:04.280> she<00:01:04.519> asked<00:01:04.839> me<00:01:05.640> if<00:01:06.200> um
computer security and she asked me if um
computer security and she asked me if um
she<00:01:06.520> said<00:01:06.720> her<00:01:06.840> computer<00:01:07.159> had<00:01:07.280> been<00:01:07.439> infected
she said her computer had been infected
she said her computer had been infected
by<00:01:08.000> a<00:01:08.159> virus<00:01:09.080> and<00:01:09.200> she<00:01:09.320> was<00:01:09.560> very<00:01:09.799> concerned
by a virus and she was very concerned
by a virus and she was very concerned
that<00:01:10.840> she<00:01:11.040> might<00:01:11.240> get<00:01:11.400> sick<00:01:11.640> from<00:01:11.840> it<00:01:12.080> that<00:01:12.200> she
that she might get sick from it that she
that she might get sick from it that she
could<00:01:12.520> get<00:01:12.680> this
could get this
could get this
virus<00:01:14.759> and<00:01:15.000> I'm<00:01:15.119> not<00:01:15.240> a<00:01:15.439> doctor<00:01:16.439> but<00:01:17.040> I
virus and I'm not a doctor but I
virus and I'm not a doctor but I
reassured<00:01:17.720> her<00:01:18.080> that<00:01:18.200> it<00:01:18.320> was<00:01:18.640> very<00:01:18.880> very
reassured her that it was very very
reassured her that it was very very
unlikely<00:01:19.600> that<00:01:19.759> this<00:01:19.880> would
unlikely that this would
unlikely that this would
happen<00:01:21.600> but<00:01:21.720> if<00:01:21.840> she<00:01:21.960> felt<00:01:22.200> more<00:01:22.439> comfortable
happen but if she felt more comfortable
happen but if she felt more comfortable
she<00:01:23.119> could<00:01:23.280> be<00:01:23.400> free<00:01:23.640> to<00:01:23.759> use<00:01:24.040> latex<00:01:24.479> gloves
she could be free to use latex gloves
she could be free to use latex gloves
when<00:01:24.920> she<00:01:25.040> was<00:01:25.159> on<00:01:25.280> the<00:01:25.400> computer<00:01:25.720> and
when she was on the computer and
when she was on the computer and
there'll<00:01:26.000> be<00:01:26.159> no<00:01:26.360> harm<00:01:26.840> whatsoever<00:01:27.400> in
there'll be no harm whatsoever in
there'll be no harm whatsoever in
that<00:01:29.200> I'm<00:01:29.280> going<00:01:29.400> to<00:01:29.520> get<00:01:29.680> back<00:01:30.000> to<00:01:30.159> this
that I'm going to get back to this
that I'm going to get back to this
notion<00:01:30.640> of<00:01:30.799> being<00:01:31.000> able<00:01:31.200> to<00:01:31.360> get<00:01:31.479> a<00:01:31.640> virus<00:01:32.200> from
notion of being able to get a virus from
notion of being able to get a virus from
your<00:01:32.560> computer<00:01:33.399> in<00:01:33.520> a<00:01:33.680> serious<00:01:34.119> way<00:01:35.000> what<00:01:35.119> I'm
your computer in a serious way what I'm
your computer in a serious way what I'm
going<00:01:35.320> to<00:01:35.479> talk<00:01:35.640> to<00:01:35.720> you<00:01:35.880> about<00:01:36.119> today<00:01:36.840> are
going to talk to you about today are
going to talk to you about today are
some<00:01:38.119> hacks<00:01:38.640> some<00:01:38.840> real<00:01:39.200> world<00:01:39.600> world<00:01:39.960> cyber
some hacks some real world world cyber
some hacks some real world world cyber
attacks<00:01:41.200> that<00:01:41.360> people<00:01:41.600> in<00:01:41.759> my<00:01:41.960> community<00:01:42.479> the
attacks that people in my community the
attacks that people in my community the
academic<00:01:43.159> research<00:01:43.759> Community<00:01:44.759> have
academic research Community have
academic research Community have
performed<00:01:45.799> which<00:01:46.040> I<00:01:46.119> don't<00:01:46.399> think<00:01:46.799> most
performed which I don't think most
performed which I don't think most
people<00:01:47.320> know<00:01:47.560> about<00:01:48.040> and<00:01:48.159> I<00:01:48.240> think<00:01:48.360> they're
people know about and I think they're
people know about and I think they're
very<00:01:48.840> interesting<00:01:49.520> and
very interesting and
very interesting and
scary<00:01:51.320> and<00:01:51.719> this<00:01:51.920> talk<00:01:52.119> is<00:01:52.240> kind<00:01:52.360> of<00:01:52.479> a
scary and this talk is kind of a
scary and this talk is kind of a
greatest<00:01:53.079> hits<00:01:53.560> of<00:01:53.759> the<00:01:53.960> academic<00:01:54.680> security
greatest hits of the academic security
greatest hits of the academic security
communities<00:01:55.719> hacks<00:01:56.399> none<00:01:56.600> of<00:01:56.719> the<00:01:56.840> work<00:01:57.000> is<00:01:57.200> my
communities hacks none of the work is my
communities hacks none of the work is my
work<00:01:57.759> it's<00:01:57.920> all<00:01:58.159> work<00:01:58.520> that<00:01:58.719> my<00:01:58.920> colleagues
work it's all work that my colleagues
work it's all work that my colleagues
have<00:01:59.439> done<00:02:00.000> and<00:02:00.119> I<00:02:00.240> actually<00:02:00.439> asked<00:02:00.680> them<00:02:00.799> for
have done and I actually asked them for
have done and I actually asked them for
their<00:02:01.159> slides<00:02:01.520> and<00:02:01.719> Incorporated<00:02:02.280> them<00:02:02.399> into
their slides and Incorporated them into
their slides and Incorporated them into
this<00:02:02.840> talk<00:02:03.560> so<00:02:03.719> the<00:02:03.840> first<00:02:04.000> one<00:02:04.159> I'm<00:02:04.240> going<00:02:04.360> to
this talk so the first one I'm going to
this talk so the first one I'm going to
talk<00:02:04.680> about<00:02:05.000> are<00:02:05.200> implanted<00:02:05.719> medical<00:02:06.520> devices
talk about are implanted medical devices
talk about are implanted medical devices
now<00:02:07.680> medical<00:02:08.080> devices<00:02:08.759> have<00:02:08.959> come<00:02:09.119> a<00:02:09.239> long<00:02:09.479> way
now medical devices have come a long way
now medical devices have come a long way
technologically<00:02:10.759> you<00:02:10.879> can<00:02:11.000> see<00:02:11.239> in<00:02:11.400> 1926<00:02:12.400> the
technologically you can see in 1926 the
technologically you can see in 1926 the
first<00:02:12.840> pacemaker<00:02:13.440> was<00:02:13.760> invented<00:02:14.760> 1960<00:02:15.680> the
first pacemaker was invented 1960 the
first pacemaker was invented 1960 the
first<00:02:16.239> internal<00:02:16.720> pacemaker<00:02:17.239> was<00:02:17.400> implanted
first internal pacemaker was implanted
first internal pacemaker was implanted
hopefully<00:02:18.280> a<00:02:18.360> little<00:02:18.560> smaller<00:02:18.920> than<00:02:19.080> that<00:02:19.200> one
hopefully a little smaller than that one
hopefully a little smaller than that one
that<00:02:19.440> you<00:02:19.560> see<00:02:19.959> there<00:02:20.959> and<00:02:21.599> technology<00:02:22.280> has
that you see there and technology has
that you see there and technology has
continued<00:02:22.959> to<00:02:23.080> move<00:02:23.319> forward<00:02:24.280> in<00:02:24.720> 2006<00:02:25.480> we<00:02:25.599> hit
continued to move forward in 2006 we hit
continued to move forward in 2006 we hit
an<00:02:25.959> important<00:02:26.400> Milestone<00:02:27.080> from<00:02:27.239> the
an important Milestone from the
an important Milestone from the
perspective<00:02:28.640> of<00:02:29.640> of<00:02:29.959> computer<00:02:30.400> security<00:02:31.360> and
perspective of of computer security and
perspective of of computer security and
why<00:02:31.640> do<00:02:31.760> I<00:02:31.920> say<00:02:32.200> that<00:02:32.760> because<00:02:33.080> that's<00:02:33.280> when
why do I say that because that's when
why do I say that because that's when
implanted<00:02:34.120> devices<00:02:34.560> inste<00:02:34.959> of<00:02:35.160> people
implanted devices inste of people
implanted devices inste of people
started<00:02:36.080> to<00:02:36.200> have<00:02:36.360> networking
started to have networking
started to have networking
capabilities<00:02:38.440> one<00:02:38.599> thing<00:02:38.840> that<00:02:38.959> brings<00:02:39.200> us
capabilities one thing that brings us
capabilities one thing that brings us
close<00:02:39.640> to<00:02:39.760> home<00:02:39.959> as<00:02:40.120> we<00:02:40.280> look<00:02:40.400> at<00:02:40.599> Dick
close to home as we look at Dick
close to home as we look at Dick
Cheney's<00:02:41.680> uh<00:02:41.840> device<00:02:42.200> he<00:02:42.319> had<00:02:42.400> a<00:02:42.599> device<00:02:43.040> that
Cheney's uh device he had a device that
Cheney's uh device he had a device that
pumped<00:02:43.599> blood<00:02:44.360> from<00:02:44.519> an<00:02:44.680> aorta<00:02:45.400> to<00:02:45.560> another
pumped blood from an aorta to another
pumped blood from an aorta to another
part<00:02:46.040> of<00:02:46.159> the<00:02:46.280> heart<00:02:46.760> and<00:02:46.879> as<00:02:47.000> you<00:02:47.080> could<00:02:47.200> see
part of the heart and as you could see
part of the heart and as you could see
at<00:02:47.480> the<00:02:47.599> bottom<00:02:48.000> there<00:02:48.440> it<00:02:48.560> was<00:02:48.800> controlled<00:02:49.480> by
at the bottom there it was controlled by
at the bottom there it was controlled by
a<00:02:49.800> computer<00:02:50.200> controller<00:02:51.080> and<00:02:51.200> if<00:02:51.280> you<00:02:51.440> ever
a computer controller and if you ever
a computer controller and if you ever
thought<00:02:52.280> that<00:02:52.800> software<00:02:53.239> reliability<00:02:53.920> was
thought that software reliability was
thought that software reliability was
very<00:02:54.319> important<00:02:54.800> get<00:02:54.959> one<00:02:55.080> of<00:02:55.200> these<00:02:55.400> inside
very important get one of these inside
very important get one of these inside
of
of
of
you<00:02:57.519> now<00:02:57.680> what<00:02:57.800> a<00:02:57.959> research<00:02:58.360> team<00:02:58.760> did<00:02:59.519> um<00:02:59.959> was
you now what a research team did um was
you now what a research team did um was
they<00:03:00.440> got<00:03:00.640> their<00:03:00.840> hands<00:03:01.080> on<00:03:01.239> what's<00:03:01.400> called<00:03:01.560> an
they got their hands on what's called an
they got their hands on what's called an
ICD<00:03:02.360> this<00:03:02.440> is<00:03:02.560> a<00:03:02.720> defibrillator<00:03:03.680> and<00:03:03.799> this<00:03:03.920> is
ICD this is a defibrillator and this is
ICD this is a defibrillator and this is
a<00:03:04.239> device<00:03:04.680> that<00:03:04.879> goes<00:03:05.280> into<00:03:06.000> a<00:03:06.200> person<00:03:06.720> to
a device that goes into a person to
a device that goes into a person to
control<00:03:07.640> their<00:03:07.879> heart<00:03:08.080> rhythm<00:03:08.760> and<00:03:08.879> these
control their heart rhythm and these
control their heart rhythm and these
have<00:03:09.159> saved<00:03:09.519> many<00:03:10.040> lives<00:03:11.040> well<00:03:11.519> in<00:03:11.640> order<00:03:11.920> to
have saved many lives well in order to
have saved many lives well in order to
not<00:03:12.319> have<00:03:12.440> to<00:03:12.599> open<00:03:12.840> up<00:03:13.040> the<00:03:13.159> person<00:03:13.519> every
not have to open up the person every
not have to open up the person every
time<00:03:13.840> you<00:03:13.959> want<00:03:14.080> to<00:03:14.239> reprogram<00:03:14.799> their<00:03:15.000> device
time you want to reprogram their device
time you want to reprogram their device
or<00:03:15.799> do<00:03:15.959> some<00:03:16.120> Diagnostics<00:03:16.760> on<00:03:16.920> it<00:03:17.239> they<00:03:17.360> made
or do some Diagnostics on it they made
or do some Diagnostics on it they made
the<00:03:17.680> thing<00:03:17.879> be<00:03:18.000> able<00:03:18.200> to<00:03:18.360> communicate
the thing be able to communicate
the thing be able to communicate
wirelessly<00:03:20.080> and<00:03:20.200> what<00:03:20.319> this<00:03:20.480> research<00:03:20.840> team
wirelessly and what this research team
wirelessly and what this research team
did<00:03:21.400> is<00:03:21.599> they<00:03:21.720> reverse<00:03:22.080> engineered<00:03:22.560> the
did is they reverse engineered the
did is they reverse engineered the
wireless<00:03:23.120> protocol<00:03:23.920> and<00:03:24.040> they<00:03:24.159> built<00:03:24.360> a
wireless protocol and they built a
wireless protocol and they built a
device<00:03:24.799> you<00:03:24.920> see<00:03:25.159> pictured<00:03:25.599> here<00:03:25.799> with<00:03:25.920> a
device you see pictured here with a
device you see pictured here with a
little<00:03:26.280> antenna<00:03:27.200> that<00:03:27.319> could<00:03:27.519> talk<00:03:27.799> the
little antenna that could talk the
little antenna that could talk the
protocol<00:03:28.439> to<00:03:28.599> the<00:03:28.799> device<00:03:30.000> and<00:03:30.599> um<00:03:31.239> and<00:03:31.439> thus
protocol to the device and um and thus
protocol to the device and um and thus
control<00:03:32.480> it<00:03:33.480> in<00:03:33.599> order<00:03:33.879> to<00:03:34.040> make<00:03:34.200> their
control it in order to make their
control it in order to make their
experience<00:03:34.799> real<00:03:35.000> they<00:03:35.080> were<00:03:35.239> unable<00:03:35.519> to<00:03:35.640> find
experience real they were unable to find
experience real they were unable to find
any<00:03:36.040> volunteers<00:03:36.879> and<00:03:37.000> so<00:03:37.239> they<00:03:37.400> went<00:03:38.000> and<00:03:38.080> they
any volunteers and so they went and they
any volunteers and so they went and they
got<00:03:38.360> some<00:03:38.560> ground<00:03:38.879> beef<00:03:39.400> and<00:03:39.560> some<00:03:39.760> bacon<00:03:40.120> and
got some ground beef and some bacon and
got some ground beef and some bacon and
they<00:03:40.319> wrapped<00:03:40.640> it<00:03:40.799> all<00:03:40.959> up<00:03:41.200> to<00:03:41.400> about<00:03:41.640> the<00:03:41.840> size
they wrapped it all up to about the size
they wrapped it all up to about the size
of<00:03:42.239> a<00:03:42.400> human<00:03:42.640> being's<00:03:43.439> uh<00:03:43.599> area<00:03:43.920> where<00:03:44.080> the
of a human being's uh area where the
of a human being's uh area where the
device<00:03:44.519> would<00:03:44.680> go<00:03:44.840> and<00:03:44.920> they<00:03:45.040> stuck<00:03:45.319> the
device would go and they stuck the
device would go and they stuck the
device<00:03:45.760> inside<00:03:46.080> it<00:03:46.280> to<00:03:46.439> perform<00:03:46.760> their
device inside it to perform their
device inside it to perform their
experiment<00:03:47.439> somewhat
experiment somewhat
experiment somewhat
realistically<00:03:49.480> um<00:03:49.879> they<00:03:50.000> launched<00:03:50.480> many<00:03:50.760> many
realistically um they launched many many
realistically um they launched many many
successful<00:03:51.640> attacks<00:03:52.640> uh<00:03:52.840> one<00:03:53.040> that<00:03:53.159> I'll
successful attacks uh one that I'll
successful attacks uh one that I'll
highlight<00:03:53.680> here<00:03:53.840> is<00:03:54.000> changing<00:03:54.319> the<00:03:54.480> patient's
highlight here is changing the patient's
highlight here is changing the patient's
name<00:03:55.400> I<00:03:55.439> don't<00:03:55.599> know<00:03:55.760> why<00:03:55.879> you<00:03:55.959> would<00:03:56.079> want<00:03:56.159> to
name I don't know why you would want to
name I don't know why you would want to
do<00:03:56.480> that<00:03:56.640> but<00:03:56.760> I<00:03:56.840> sure<00:03:57.040> wouldn't<00:03:57.239> want<00:03:57.439> that
do that but I sure wouldn't want that
do that but I sure wouldn't want that
done<00:03:57.720> to<00:03:58.000> me<00:03:59.000> and<00:03:59.280> they<00:03:59.400> were<00:03:59.519> able<00:03:59.920> to<00:04:00.000> change
done to me and they were able to change
done to me and they were able to change
therapies<00:04:01.120> including<00:04:01.599> disabling<00:04:02.159> the<00:04:02.319> device
therapies including disabling the device
therapies including disabling the device
and<00:04:03.040> this<00:04:03.120> is<00:04:03.280> with<00:04:03.400> a<00:04:03.519> real<00:04:03.760> commercial
and this is with a real commercial
and this is with a real commercial
off-the-shelf<00:04:04.760> device<00:04:05.400> simply<00:04:05.799> by
off-the-shelf device simply by
off-the-shelf device simply by
performing<00:04:06.439> reverse<00:04:06.760> engineering<00:04:07.200> and
performing reverse engineering and
performing reverse engineering and
sending<00:04:07.680> Wireless<00:04:08.079> signals<00:04:08.480> to
sending Wireless signals to
sending Wireless signals to
it<00:04:10.920> uh<00:04:11.040> there<00:04:11.120> was<00:04:11.239> a<00:04:11.360> piece<00:04:11.519> on<00:04:11.680> NPR<00:04:12.560> that<00:04:12.840> some
it uh there was a piece on NPR that some
it uh there was a piece on NPR that some
of<00:04:13.200> these<00:04:13.519> icds<00:04:14.319> could<00:04:14.560> actually<00:04:15.120> have<00:04:15.280> their
of these icds could actually have their
of these icds could actually have their
performance<00:04:16.120> disrupted<00:04:16.680> simply<00:04:17.000> by<00:04:17.120> holding
performance disrupted simply by holding
performance disrupted simply by holding
a<00:04:17.519> pair<00:04:17.680> of<00:04:17.759> headphones<00:04:18.199> onto<00:04:19.000> them<00:04:20.000> now
a pair of headphones onto them now
a pair of headphones onto them now
Wireless<00:04:20.759> and<00:04:20.919> the<00:04:21.000> internet<00:04:21.440> can<00:04:21.600> improve
Wireless and the internet can improve
Wireless and the internet can improve
Healthcare<00:04:22.360> greatly<00:04:23.040> there<00:04:23.160> are<00:04:23.280> several
Healthcare greatly there are several
Healthcare greatly there are several
examples<00:04:24.040> up<00:04:24.199> on<00:04:24.360> the<00:04:24.520> screen<00:04:25.280> of<00:04:25.639> situations
examples up on the screen of situations
examples up on the screen of situations
where<00:04:26.440> doctors<00:04:26.759> are<00:04:26.960> looking<00:04:27.320> to<00:04:27.759> implant
where doctors are looking to implant
where doctors are looking to implant
devices<00:04:28.600> inside<00:04:28.919> of<00:04:29.120> people<00:04:29.720> and<00:04:29.880> all<00:04:30.039> of
devices inside of people and all of
devices inside of people and all of
these<00:04:30.400> devices<00:04:30.960> now<00:04:31.199> it's<00:04:31.440> standard<00:04:32.199> that
these devices now it's standard that
these devices now it's standard that
they<00:04:32.520> communicate<00:04:33.600> wirelessly<00:04:34.600> and<00:04:34.759> I<00:04:34.880> think
they communicate wirelessly and I think
they communicate wirelessly and I think
this<00:04:35.199> is<00:04:35.479> great<00:04:36.039> but<00:04:36.199> without<00:04:36.440> a<00:04:36.639> full
this is great but without a full
this is great but without a full
understanding<00:04:37.440> of<00:04:37.680> trustworthy<00:04:38.440> Computing
understanding of trustworthy Computing
understanding of trustworthy Computing
and<00:04:39.240> without<00:04:39.840> understanding<00:04:40.199> what<00:04:40.400> attackers
and without understanding what attackers
and without understanding what attackers
can<00:04:41.000> do<00:04:41.320> and<00:04:41.440> the<00:04:41.560> security<00:04:41.960> risks<00:04:42.280> from<00:04:42.440> the
can do and the security risks from the
can do and the security risks from the
beginning<00:04:43.199> there's<00:04:43.360> a<00:04:43.479> lot<00:04:43.600> of<00:04:43.720> danger<00:04:44.080> in
beginning there's a lot of danger in
beginning there's a lot of danger in
this<00:04:45.560> okay<00:04:45.720> let<00:04:45.800> me<00:04:45.880> shift<00:04:46.120> gears<00:04:46.360> and<00:04:46.479> show
this okay let me shift gears and show
this okay let me shift gears and show
you<00:04:46.840> another<00:04:47.080> Target<00:04:47.400> I'm<00:04:47.479> going<00:04:47.560> to<00:04:47.680> show<00:04:47.840> you
you another Target I'm going to show you
you another Target I'm going to show you
a<00:04:48.080> few<00:04:48.320> different<00:04:48.680> targets<00:04:49.120> like<00:04:49.320> this<00:04:49.479> and
a few different targets like this and
a few different targets like this and
that's<00:04:49.919> my<00:04:50.080> talk<00:04:50.639> so<00:04:50.759> we'll<00:04:50.960> look<00:04:51.080> at
that's my talk so we'll look at
that's my talk so we'll look at
automobiles<00:04:52.880> this<00:04:53.039> is<00:04:53.160> a<00:04:53.400> car<00:04:53.919> and<00:04:54.039> it<00:04:54.160> has<00:04:54.280> a
automobiles this is a car and it has a
automobiles this is a car and it has a
lot<00:04:54.520> of<00:04:54.680> components<00:04:55.120> a<00:04:55.240> lot<00:04:55.360> of<00:04:55.520> electronics
lot of components a lot of electronics
lot of components a lot of electronics
in<00:04:56.160> it<00:04:56.320> today<00:04:57.039> in<00:04:57.280> fact<00:04:57.960> it's<00:04:58.240> got<00:04:58.720> many<00:04:59.039> many
in it today in fact it's got many many
in it today in fact it's got many many
different<00:04:59.919> computers<00:05:00.400> inside<00:05:00.720> of<00:05:00.880> it<00:05:01.240> more
different computers inside of it more
different computers inside of it more
penum<00:05:02.240> than<00:05:02.440> my<00:05:02.600> lab<00:05:02.880> did<00:05:03.039> when<00:05:03.160> I<00:05:03.240> was<00:05:03.360> in
penum than my lab did when I was in
penum than my lab did when I was in
college<00:05:05.039> and<00:05:05.320> they're<00:05:05.520> connected<00:05:05.960> by<00:05:06.080> a<00:05:06.199> wired
college and they're connected by a wired
college and they're connected by a wired
Network<00:05:07.960> there's<00:05:08.320> also<00:05:09.199> a<00:05:09.400> wireless<00:05:09.960> network
Network there's also a wireless network
Network there's also a wireless network
in<00:05:10.800> the<00:05:11.000> car<00:05:11.800> which<00:05:12.039> can<00:05:12.240> be<00:05:12.560> reached<00:05:12.960> from
in the car which can be reached from
in the car which can be reached from
many<00:05:13.400> different<00:05:13.720> ways<00:05:14.600> so<00:05:14.800> there's<00:05:15.080> Bluetooth
many different ways so there's Bluetooth
many different ways so there's Bluetooth
there's<00:05:16.320> the<00:05:16.479> FM<00:05:16.880> and<00:05:17.039> XM<00:05:17.479> radio<00:05:18.319> there's
there's the FM and XM radio there's
there's the FM and XM radio there's
actually<00:05:19.199> Wi-Fi<00:05:20.160> there<00:05:20.240> are<00:05:20.360> sensors<00:05:20.720> in<00:05:20.840> the
actually Wi-Fi there are sensors in the
actually Wi-Fi there are sensors in the
wheels<00:05:21.240> that<00:05:21.400> wirelessly<00:05:22.039> communicate<00:05:22.479> the
wheels that wirelessly communicate the
wheels that wirelessly communicate the
tire<00:05:22.919> pressure<00:05:23.360> to<00:05:23.600> a<00:05:23.759> controller<00:05:24.160> on<00:05:24.360> board
tire pressure to a controller on board
tire pressure to a controller on board
the<00:05:25.319> modern<00:05:25.960> car<00:05:26.880> is<00:05:27.000> a<00:05:27.199> sophisticated
the modern car is a sophisticated
the modern car is a sophisticated
multi-computer<00:05:28.600> device
multi-computer device
multi-computer device
and<00:05:30.319> what<00:05:30.520> happens<00:05:31.199> if<00:05:31.840> somebody<00:05:32.240> wanted<00:05:32.479> to
and what happens if somebody wanted to
and what happens if somebody wanted to
attack<00:05:33.080> this<00:05:33.400> well<00:05:33.600> that's<00:05:33.759> what<00:05:33.880> the
attack this well that's what the
attack this well that's what the
researchers<00:05:34.600> that<00:05:34.720> I'm<00:05:34.840> going<00:05:34.919> to<00:05:35.039> talk<00:05:35.199> about
researchers that I'm going to talk about
researchers that I'm going to talk about
today<00:05:35.960> did<00:05:36.960> they<00:05:37.160> basically<00:05:37.680> stuck<00:05:37.840> an
today did they basically stuck an
today did they basically stuck an
attacker<00:05:38.440> on<00:05:38.560> the<00:05:38.680> wired<00:05:39.000> network<00:05:39.560> and<00:05:39.720> on<00:05:39.840> the
attacker on the wired network and on the
attacker on the wired network and on the
wireless
wireless
wireless
network<00:05:42.199> now<00:05:42.360> they<00:05:42.520> have<00:05:42.720> two<00:05:43.600> uh<00:05:43.720> areas<00:05:44.039> they
network now they have two uh areas they
network now they have two uh areas they
can<00:05:44.360> attack<00:05:44.680> one<00:05:44.840> is<00:05:44.960> short-<00:05:45.199> range<00:05:45.440> Wireless
can attack one is short- range Wireless
can attack one is short- range Wireless
where<00:05:46.120> you<00:05:46.240> can<00:05:46.440> actually<00:05:46.720> communicate<00:05:47.160> with
where you can actually communicate with
where you can actually communicate with
device<00:05:47.720> from<00:05:47.919> nearby<00:05:48.440> either<00:05:48.639> through
device from nearby either through
device from nearby either through
Bluetooth<00:05:49.360> or<00:05:49.639> Wi-Fi<00:05:50.639> and<00:05:50.759> the<00:05:50.840> other<00:05:51.039> is<00:05:51.199> long
Bluetooth or Wi-Fi and the other is long
Bluetooth or Wi-Fi and the other is long
range<00:05:51.840> where<00:05:52.000> you<00:05:52.120> can<00:05:52.319> communicate<00:05:52.800> with<00:05:52.960> the
range where you can communicate with the
range where you can communicate with the
car<00:05:53.280> through<00:05:53.520> the<00:05:53.720> cellular<00:05:54.120> network<00:05:54.600> or
car through the cellular network or
car through the cellular network or
through<00:05:54.960> one<00:05:55.039> of<00:05:55.160> the<00:05:55.280> radio<00:05:55.880> stations<00:05:56.880> think
through one of the radio stations think
through one of the radio stations think
about<00:05:57.240> it<00:05:57.400> when<00:05:57.520> a<00:05:57.639> car<00:05:58.080> receives<00:05:58.240> a<00:05:58.440> radio
about it when a car receives a radio
about it when a car receives a radio
signal<00:06:00.120> it's<00:06:00.440> processed<00:06:00.960> by<00:06:01.199> software<00:06:01.960> that
signal it's processed by software that
signal it's processed by software that
software<00:06:02.520> has<00:06:02.639> to<00:06:02.840> receive<00:06:03.360> and<00:06:03.520> decode<00:06:03.919> the
software has to receive and decode the
software has to receive and decode the
radio<00:06:04.319> signal<00:06:04.639> and<00:06:04.759> then<00:06:04.880> figure<00:06:05.120> out<00:06:05.280> what<00:06:05.360> to
radio signal and then figure out what to
radio signal and then figure out what to
do<00:06:05.639> with<00:06:05.759> it<00:06:05.960> even<00:06:06.160> if<00:06:06.280> it's<00:06:06.479> just<00:06:06.680> music<00:06:06.960> that
do with it even if it's just music that
do with it even if it's just music that
it<00:06:07.160> needs<00:06:07.360> to<00:06:07.440> play<00:06:07.680> on<00:06:07.759> the<00:06:07.880> radio<00:06:08.720> and<00:06:08.919> that
it needs to play on the radio and that
it needs to play on the radio and that
software<00:06:09.919> that<00:06:10.080> does<00:06:10.360> that<00:06:10.520> decoding<00:06:11.479> if<00:06:11.560> it
software that does that decoding if it
software that does that decoding if it
has<00:06:11.919> any<00:06:12.120> bugs<00:06:12.400> in<00:06:12.560> it<00:06:13.319> could<00:06:13.479> create<00:06:13.720> a
has any bugs in it could create a
has any bugs in it could create a
vulnerability<00:06:14.599> for<00:06:14.800> somebody<00:06:15.319> to<00:06:15.599> hack<00:06:15.800> the
vulnerability for somebody to hack the
vulnerability for somebody to hack the
car<00:06:17.199> the<00:06:17.360> way<00:06:17.560> that<00:06:17.680> the<00:06:17.840> researchers<00:06:18.479> did
car the way that the researchers did
car the way that the researchers did
this<00:06:18.919> work<00:06:19.800> is<00:06:20.400> they<00:06:20.599> read<00:06:21.240> the<00:06:21.479> software<00:06:22.199> in
this work is they read the software in
this work is they read the software in
in<00:06:22.960> the<00:06:23.680> computer<00:06:24.160> chips<00:06:24.560> that<00:06:24.639> were<00:06:24.840> in<00:06:24.960> the
in the computer chips that were in the
in the computer chips that were in the
car<00:06:25.880> and<00:06:26.000> then<00:06:26.120> they<00:06:26.240> Ed<00:06:26.560> sophisticated
car and then they Ed sophisticated
car and then they Ed sophisticated
reverse<00:06:27.720> engineering<00:06:28.280> tools<00:06:29.000> to<00:06:29.160> figure<00:06:29.400> out
reverse engineering tools to figure out
reverse engineering tools to figure out
what<00:06:29.880> that<00:06:30.039> software<00:06:30.560> did<00:06:31.319> and<00:06:31.479> then<00:06:31.639> they
what that software did and then they
what that software did and then they
found<00:06:32.039> vulnerabilities<00:06:32.759> in<00:06:32.960> that<00:06:33.160> software
found vulnerabilities in that software
found vulnerabilities in that software
and<00:06:34.039> then<00:06:34.199> they<00:06:34.319> built<00:06:34.680> exploits<00:06:35.280> to<00:06:35.479> exploit
and then they built exploits to exploit
and then they built exploits to exploit
those<00:06:37.520> they<00:06:37.800> actually<00:06:38.199> carried<00:06:38.479> out<00:06:38.680> their
those they actually carried out their
those they actually carried out their
attack<00:06:39.400> in<00:06:39.560> real<00:06:39.759> life<00:06:39.960> they<00:06:40.080> bought<00:06:40.280> two<00:06:40.479> cars
attack in real life they bought two cars
attack in real life they bought two cars
and<00:06:41.000> I<00:06:41.120> guess<00:06:41.280> they<00:06:41.400> have<00:06:41.560> better<00:06:41.759> budgets
and I guess they have better budgets
and I guess they have better budgets
than<00:06:42.280> I
than I
than I
do<00:06:44.080> the<00:06:44.199> first<00:06:44.479> threat<00:06:44.759> model<00:06:45.080> was<00:06:45.240> to<00:06:45.360> see
do the first threat model was to see
do the first threat model was to see
what<00:06:46.039> someone<00:06:46.400> could<00:06:46.560> do<00:06:46.919> if<00:06:47.039> an<00:06:47.240> attacker
what someone could do if an attacker
what someone could do if an attacker
actually<00:06:48.120> got<00:06:48.479> access<00:06:48.960> to<00:06:49.199> the<00:06:49.479> internal
actually got access to the internal
actually got access to the internal
Network<00:06:50.199> on<00:06:50.319> the<00:06:50.479> car<00:06:51.240> okay<00:06:51.400> so<00:06:51.599> think<00:06:51.759> of<00:06:51.919> that
Network on the car okay so think of that
Network on the car okay so think of that
if<00:06:52.199> someone<00:06:52.479> gets<00:06:52.639> to<00:06:52.800> go<00:06:52.919> to<00:06:53.039> your<00:06:53.240> car<00:06:53.720> they
if someone gets to go to your car they
if someone gets to go to your car they
get<00:06:53.960> to<00:06:54.120> mess<00:06:54.360> around<00:06:54.639> with<00:06:54.759> it<00:06:55.240> and<00:06:55.360> then<00:06:55.520> they
get to mess around with it and then they
get to mess around with it and then they
leave<00:06:56.560> and<00:06:56.759> now<00:06:57.160> what<00:06:57.319> kind<00:06:57.440> of<00:06:57.560> trouble<00:06:57.879> are
leave and now what kind of trouble are
leave and now what kind of trouble are
you<00:06:58.199> in<00:06:58.879> the<00:06:59.000> other<00:06:59.240> threat<00:06:59.759> model<00:07:00.160> is<00:07:00.360> that
you in the other threat model is that
you in the other threat model is that
they<00:07:01.080> contact<00:07:01.440> you<00:07:01.560> in<00:07:01.759> real<00:07:02.080> time<00:07:02.400> over<00:07:02.639> one
they contact you in real time over one
they contact you in real time over one
of<00:07:02.919> the<00:07:03.120> wireless<00:07:03.599> networks<00:07:04.000> like<00:07:04.120> the
of the wireless networks like the
of the wireless networks like the
cellular<00:07:04.800> or<00:07:04.960> something<00:07:05.319> like<00:07:05.520> that<00:07:06.000> never
cellular or something like that never
cellular or something like that never
having<00:07:06.759> actually<00:07:07.080> gotten<00:07:07.360> physical<00:07:07.840> access
having actually gotten physical access
having actually gotten physical access
to<00:07:08.240> your
to your
to your
car<00:07:10.160> this<00:07:10.280> is<00:07:10.520> what<00:07:10.680> their<00:07:10.840> setup<00:07:11.240> looks<00:07:11.520> like
car this is what their setup looks like
car this is what their setup looks like
for<00:07:11.919> the<00:07:12.039> first<00:07:12.319> model<00:07:12.680> where<00:07:12.800> you<00:07:12.919> get<00:07:13.039> to
for the first model where you get to
for the first model where you get to
have<00:07:13.360> access<00:07:13.599> to<00:07:13.759> the<00:07:13.919> car<00:07:14.599> they<00:07:14.759> put<00:07:14.919> a<00:07:15.120> laptop
have access to the car they put a laptop
have access to the car they put a laptop
and<00:07:15.960> they<00:07:16.280> connected<00:07:16.720> to<00:07:16.879> the<00:07:17.080> diagnostic
and they connected to the diagnostic
and they connected to the diagnostic
unit<00:07:18.000> on<00:07:18.120> the<00:07:18.199> incar<00:07:18.680> network<00:07:19.520> and<00:07:19.639> they<00:07:19.759> did
unit on the incar network and they did
unit on the incar network and they did
all<00:07:20.080> kinds<00:07:20.240> of<00:07:20.400> silly<00:07:20.759> things<00:07:21.199> like<00:07:21.440> here's<00:07:21.599> a
all kinds of silly things like here's a
all kinds of silly things like here's a
picture<00:07:22.360> of<00:07:22.879> the<00:07:23.039> speedometer<00:07:23.639> showing<00:07:24.240> 140
picture of the speedometer showing 140
picture of the speedometer showing 140
mph<00:07:25.160> when<00:07:25.280> the<00:07:25.360> cars<00:07:25.560> in<00:07:26.080> park<00:07:27.080> once<00:07:27.240> you<00:07:27.400> have
mph when the cars in park once you have
mph when the cars in park once you have
control<00:07:28.080> of<00:07:28.199> the<00:07:28.319> car's<00:07:28.599> computers<00:07:29.000> you<00:07:29.080> can
control of the car's computers you can
control of the car's computers you can
do<00:07:29.319> anything<00:07:29.560> anything<00:07:29.840> now<00:07:29.919> you<00:07:30.039> might<00:07:30.160> say
do anything anything now you might say
do anything anything now you might say
okay<00:07:30.599> that's<00:07:30.800> silly<00:07:31.520> well<00:07:31.680> what<00:07:31.800> if<00:07:31.919> you<00:07:32.080> make
okay that's silly well what if you make
okay that's silly well what if you make
the<00:07:32.400> car<00:07:32.720> always<00:07:32.960> say<00:07:33.120> it's<00:07:33.280> going<00:07:33.520> 20<00:07:33.759> M<00:07:34.120> hour
the car always say it's going 20 M hour
the car always say it's going 20 M hour
slower<00:07:34.599> than<00:07:34.720> it's<00:07:34.960> actually<00:07:35.280> going<00:07:35.960> you
slower than it's actually going you
slower than it's actually going you
might<00:07:36.240> produce<00:07:36.520> a<00:07:36.599> lot<00:07:36.680> of<00:07:36.800> speeding
might produce a lot of speeding
might produce a lot of speeding
tickets<00:07:38.800> then<00:07:39.000> they<00:07:39.120> went<00:07:39.280> out<00:07:39.440> to<00:07:39.599> an
tickets then they went out to an
tickets then they went out to an
abandoned<00:07:40.199> airst<00:07:40.479> strip<00:07:41.039> with<00:07:41.240> two<00:07:41.479> cars<00:07:42.199> the
abandoned airst strip with two cars the
abandoned airst strip with two cars the
target<00:07:42.720> victim<00:07:43.080> car<00:07:43.440> and<00:07:43.560> the<00:07:43.680> Chase<00:07:44.080> car<00:07:45.080> and
target victim car and the Chase car and
target victim car and the Chase car and
they<00:07:45.879> launched<00:07:46.280> a<00:07:46.400> bunch<00:07:46.599> of<00:07:46.759> other<00:07:47.440> attacks
they launched a bunch of other attacks
they launched a bunch of other attacks
one<00:07:48.560> of<00:07:48.680> the<00:07:48.800> things<00:07:49.039> they<00:07:49.120> were<00:07:49.280> able<00:07:49.479> to<00:07:49.599> do
one of the things they were able to do
one of the things they were able to do
from<00:07:49.879> the<00:07:50.000> Chase<00:07:50.280> car<00:07:50.440> is<00:07:50.599> apply<00:07:50.879> the<00:07:51.000> brakes
from the Chase car is apply the brakes
from the Chase car is apply the brakes
on<00:07:51.759> the<00:07:51.879> other<00:07:52.120> car<00:07:52.560> simply<00:07:52.840> by<00:07:53.000> hacking<00:07:53.240> the
on the other car simply by hacking the
on the other car simply by hacking the
computer<00:07:54.280> they<00:07:54.360> were<00:07:54.520> able<00:07:54.680> to<00:07:54.879> disable<00:07:55.280> the
computer they were able to disable the
computer they were able to disable the
brakes<00:07:56.479> they<00:07:56.639> also<00:07:56.800> were<00:07:56.960> able<00:07:57.159> to<00:07:57.360> install
brakes they also were able to install
brakes they also were able to install
malware<00:07:58.919> that<00:07:59.039> wouldn't<00:07:59.520> kick<00:07:59.680> in<00:07:59.800> and
malware that wouldn't kick in and
malware that wouldn't kick in and
wouldn't<00:08:00.199> trigger<00:08:00.560> until<00:08:00.800> the<00:08:00.919> car<00:08:01.120> was<00:08:01.240> doing
wouldn't trigger until the car was doing
wouldn't trigger until the car was doing
something<00:08:01.960> like<00:08:02.280> going<00:08:02.840> over<00:08:03.080> 20<00:08:03.319> M<00:08:03.680> hour<00:08:03.960> or
something like going over 20 M hour or
something like going over 20 M hour or
something<00:08:04.440> like<00:08:05.000> that<00:08:06.000> the<00:08:06.159> results<00:08:06.440> are
something like that the results are
something like that the results are
astonishing<00:08:07.199> and<00:08:07.319> when<00:08:07.520> they<00:08:07.680> gave<00:08:07.879> this<00:08:08.080> talk
astonishing and when they gave this talk
astonishing and when they gave this talk
even<00:08:08.879> though<00:08:09.039> they<00:08:09.159> gave<00:08:09.360> this<00:08:09.520> talk<00:08:09.720> at<00:08:09.840> a
even though they gave this talk at a
even though they gave this talk at a
conference<00:08:10.360> to<00:08:10.520> a<00:08:10.599> bunch<00:08:10.759> of<00:08:10.919> computer
conference to a bunch of computer
conference to a bunch of computer
security<00:08:11.680> researchers<00:08:12.319> everybody<00:08:12.720> was
security researchers everybody was
security researchers everybody was
gasping<00:08:13.960> they<00:08:14.080> were<00:08:14.319> able<00:08:14.840> to<00:08:15.240> take<00:08:15.599> over<00:08:16.159> a
gasping they were able to take over a
gasping they were able to take over a
bunch<00:08:16.479> of<00:08:16.599> critical<00:08:17.080> computers<00:08:17.639> inside<00:08:18.000> the
bunch of critical computers inside the
bunch of critical computers inside the
car<00:08:18.960> the<00:08:19.080> brakes<00:08:19.520> computer<00:08:20.000> the<00:08:20.120> lighting
car the brakes computer the lighting
car the brakes computer the lighting
computer<00:08:21.120> the<00:08:21.280> engine<00:08:21.919> the<00:08:22.039> dash<00:08:22.360> the<00:08:22.520> radio
computer the engine the dash the radio
computer the engine the dash the radio
Etc<00:08:24.000> and<00:08:24.120> they<00:08:24.199> were<00:08:24.440> able<00:08:24.680> to<00:08:24.840> perform<00:08:25.199> these
Etc and they were able to perform these
Etc and they were able to perform these
on<00:08:25.520> real<00:08:25.800> commercial<00:08:26.199> cars<00:08:26.479> that<00:08:26.639> they
on real commercial cars that they
on real commercial cars that they
purchased<00:08:27.560> using<00:08:27.919> the<00:08:28.080> radio<00:08:28.520> network<00:08:29.680> they
purchased using the radio network they
purchased using the radio network they
were<00:08:30.000> able<00:08:30.280> to<00:08:30.560> compromise<00:08:31.199> every<00:08:31.440> single<00:08:31.759> one
were able to compromise every single one
were able to compromise every single one
of<00:08:32.200> the<00:08:32.760> uh<00:08:32.880> pieces<00:08:33.120> of<00:08:33.279> software<00:08:33.599> that
of the uh pieces of software that
of the uh pieces of software that
controlled<00:08:34.240> every<00:08:34.440> single<00:08:34.680> one<00:08:34.839> of<00:08:35.000> the
controlled every single one of the
controlled every single one of the
wireless<00:08:35.760> capabilities<00:08:36.320> of<00:08:36.440> the<00:08:36.640> car<00:08:37.640> all<00:08:37.760> of
wireless capabilities of the car all of
wireless capabilities of the car all of
these<00:08:37.959> were<00:08:38.120> implemented<00:08:39.000> successfully<00:08:40.000> how
these were implemented successfully how
these were implemented successfully how
would<00:08:40.240> you<00:08:40.360> steal<00:08:40.640> a<00:08:40.800> car<00:08:41.399> in<00:08:41.599> this<00:08:41.760> model<00:08:42.760> well
would you steal a car in this model well
would you steal a car in this model well
you<00:08:43.159> compromise<00:08:43.680> the<00:08:43.839> car<00:08:44.440> by<00:08:45.120> uh<00:08:45.440> a<00:08:45.519> buffer
you compromise the car by uh a buffer
you compromise the car by uh a buffer
overflow<00:08:46.279> vulnerability<00:08:46.880> in<00:08:47.000> the<00:08:47.120> software
overflow vulnerability in the software
overflow vulnerability in the software
something<00:08:47.920> like<00:08:48.120> that<00:08:48.600> you<00:08:48.760> use<00:08:49.000> the<00:08:49.120> GPS<00:08:49.519> in
something like that you use the GPS in
something like that you use the GPS in
the<00:08:49.760> car<00:08:49.920> to<00:08:50.080> locate<00:08:50.480> it<00:08:51.000> you<00:08:51.200> remotely<00:08:51.640> unlock
the car to locate it you remotely unlock
the car to locate it you remotely unlock
the<00:08:52.080> doors<00:08:52.399> through<00:08:52.680> the<00:08:53.000> computer<00:08:53.399> that
the doors through the computer that
the doors through the computer that
controls<00:08:54.040> that<00:08:54.360> start<00:08:54.680> the<00:08:54.800> engine<00:08:55.320> bypass
controls that start the engine bypass
controls that start the engine bypass
anti-<00:08:56.120> theft<00:08:56.480> and<00:08:56.560> you've<00:08:56.760> got<00:08:56.920> yourself<00:08:57.200> a
anti- theft and you've got yourself a
anti- theft and you've got yourself a
car<00:08:58.440> surveillance<00:08:59.040> was<00:08:59.200> really<00:08:59.600> interesting
car surveillance was really interesting
car surveillance was really interesting
um<00:09:00.880> the<00:09:01.079> authors<00:09:01.399> of<00:09:01.560> the<00:09:01.760> study<00:09:02.440> have<00:09:02.600> a<00:09:02.760> video
um the authors of the study have a video
um the authors of the study have a video
where<00:09:03.279> they<00:09:03.399> show<00:09:03.839> themselves<00:09:04.160> taking<00:09:04.480> over<00:09:04.680> a
where they show themselves taking over a
where they show themselves taking over a
car<00:09:05.399> and<00:09:05.519> then<00:09:05.680> turning<00:09:06.040> on<00:09:06.480> the<00:09:06.600> microphone
car and then turning on the microphone
car and then turning on the microphone
in<00:09:07.200> the<00:09:07.399> car<00:09:07.839> and<00:09:08.000> listening<00:09:08.399> in<00:09:08.560> on<00:09:08.720> the<00:09:08.880> car
in the car and listening in on the car
in the car and listening in on the car
while<00:09:09.360> tracking<00:09:09.800> it<00:09:10.160> via<00:09:10.720> a<00:09:10.880> GPS<00:09:11.360> on<00:09:11.519> a<00:09:11.720> map<00:09:12.560> and
while tracking it via a GPS on a map and
while tracking it via a GPS on a map and
so<00:09:12.959> that's<00:09:13.160> something<00:09:13.440> that<00:09:13.560> the<00:09:13.680> drivers<00:09:13.959> of
so that's something that the drivers of
so that's something that the drivers of
the<00:09:14.200> car<00:09:14.360> would<00:09:14.480> never<00:09:14.680> know<00:09:14.880> was<00:09:15.399> happening
the car would never know was happening
the car would never know was happening
am<00:09:16.519> I<00:09:16.640> scaring<00:09:17.000> you
am I scaring you
am I scaring you
yet<00:09:19.000> got<00:09:19.160> a<00:09:19.240> few<00:09:19.399> more<00:09:19.560> of<00:09:19.720> these<00:09:19.880> interesting
yet got a few more of these interesting
yet got a few more of these interesting
ones<00:09:20.640> these<00:09:20.760> are<00:09:20.920> ones<00:09:21.120> where<00:09:21.279> I<00:09:21.360> went<00:09:21.480> to<00:09:21.640> a
ones these are ones where I went to a
ones these are ones where I went to a
conference<00:09:22.600> and<00:09:22.920> my<00:09:23.040> mind<00:09:23.279> was<00:09:23.480> just<00:09:23.600> blown
conference and my mind was just blown
conference and my mind was just blown
and<00:09:24.079> I<00:09:24.160> said<00:09:24.360> I<00:09:24.480> have<00:09:24.600> to<00:09:24.680> share<00:09:24.920> this<00:09:25.040> with
and I said I have to share this with
and I said I have to share this with
other<00:09:25.440> people<00:09:26.279> this<00:09:26.399> was<00:09:26.600> Fabian<00:09:26.959> monro's<00:09:27.519> Lab
other people this was Fabian monro's Lab
other people this was Fabian monro's Lab
at<00:09:28.000> the<00:09:28.079> University<00:09:28.440> of<00:09:28.519> North<00:09:28.760> Carolina<00:09:29.760> and
at the University of North Carolina and
at the University of North Carolina and
what<00:09:30.120> they<00:09:30.320> did<00:09:30.880> was<00:09:31.480> something<00:09:31.880> intuitive
what they did was something intuitive
what they did was something intuitive
once<00:09:32.560> you<00:09:32.680> see<00:09:32.920> it<00:09:33.279> but<00:09:33.480> kind<00:09:33.600> of
once you see it but kind of
once you see it but kind of
surprising<00:09:35.279> they<00:09:35.480> videotaped<00:09:36.160> people<00:09:36.399> on<00:09:36.519> a
surprising they videotaped people on a
surprising they videotaped people on a
bus<00:09:37.560> and<00:09:37.720> then<00:09:38.000> they<00:09:38.160> post-processes<00:09:39.040> the
bus and then they post-processes the
bus and then they post-processes the
video<00:09:40.120> what<00:09:40.240> you<00:09:40.320> see<00:09:40.519> here<00:09:40.640> in<00:09:40.800> number<00:09:41.079> one<00:09:41.720> is
video what you see here in number one is
video what you see here in number one is
a<00:09:43.120> um<00:09:44.000> reflection<00:09:44.519> in<00:09:44.720> somebody's<00:09:45.360> glasses<00:09:46.160> of
a um reflection in somebody's glasses of
a um reflection in somebody's glasses of
the<00:09:46.440> smartphone<00:09:46.959> that<00:09:47.079> they're<00:09:47.240> typing<00:09:47.600> in
the smartphone that they're typing in
the smartphone that they're typing in
they<00:09:48.440> wrote<00:09:48.839> software<00:09:49.640> to<00:09:49.959> stabilize<00:09:50.560> even
they wrote software to stabilize even
they wrote software to stabilize even
though<00:09:50.880> they<00:09:50.959> were<00:09:51.079> on<00:09:51.200> a<00:09:51.360> bus<00:09:51.640> and<00:09:51.800> maybe
though they were on a bus and maybe
though they were on a bus and maybe
someone's<00:09:52.399> holding<00:09:53.120> their<00:09:53.480> phone<00:09:53.839> at<00:09:53.959> an
someone's holding their phone at an
someone's holding their phone at an
angle<00:09:54.720> to<00:09:54.959> stabilize<00:09:55.560> the<00:09:55.680> phone<00:09:56.279> process<00:09:56.680> it
angle to stabilize the phone process it
angle to stabilize the phone process it
and<00:09:57.360> you<00:09:57.480> may<00:09:57.640> know<00:09:57.839> on<00:09:57.959> your<00:09:58.120> smartphone<00:09:58.560> when
and you may know on your smartphone when
and you may know on your smartphone when
you<00:09:58.800> type<00:09:58.959> a<00:09:59.040> passord
you type a passord
you type a passord
the<00:10:00.000> keys<00:10:00.360> pop<00:10:00.560> out<00:10:00.760> a<00:10:00.880> little<00:10:01.079> bit<00:10:01.360> and<00:10:01.480> they
the keys pop out a little bit and they
the keys pop out a little bit and they
were<00:10:01.720> able<00:10:01.959> to<00:10:02.160> use<00:10:02.480> that<00:10:02.640> to<00:10:02.839> reconstruct
were able to use that to reconstruct
were able to use that to reconstruct
what<00:10:03.640> the<00:10:03.800> person<00:10:04.040> was<00:10:04.240> typing<00:10:05.040> and<00:10:05.240> had<00:10:05.360> a
what the person was typing and had a
what the person was typing and had a
language<00:10:05.920> model<00:10:06.240> for<00:10:06.480> detecting
language model for detecting
language model for detecting
typing<00:10:08.839> what<00:10:09.240> what<00:10:09.360> was<00:10:09.560> interesting<00:10:10.040> is<00:10:10.279> by
typing what what was interesting is by
typing what what was interesting is by
videotaping<00:10:11.040> on<00:10:11.160> a<00:10:11.279> bus<00:10:11.600> they<00:10:11.680> were<00:10:11.920> able<00:10:12.279> to
videotaping on a bus they were able to
videotaping on a bus they were able to
produce<00:10:12.920> exactly<00:10:13.320> what<00:10:13.480> people<00:10:13.760> on<00:10:13.880> their
produce exactly what people on their
produce exactly what people on their
smartphones<00:10:14.519> were<00:10:14.720> typing<00:10:15.600> and<00:10:15.720> then<00:10:15.880> they
smartphones were typing and then they
smartphones were typing and then they
had<00:10:16.160> a<00:10:16.320> surprising<00:10:16.920> result<00:10:17.440> which<00:10:17.560> is<00:10:17.720> that
had a surprising result which is that
had a surprising result which is that
their<00:10:18.079> software<00:10:18.560> had<00:10:18.720> not<00:10:18.920> only<00:10:19.440> done<00:10:19.600> it<00:10:19.760> for
their software had not only done it for
their software had not only done it for
their<00:10:20.160> target<00:10:20.600> but<00:10:20.760> other<00:10:21.000> people<00:10:21.240> who
their target but other people who
their target but other people who
accidentally<00:10:22.000> happened<00:10:22.279> to<00:10:22.360> be<00:10:22.519> in<00:10:22.640> the
accidentally happened to be in the
accidentally happened to be in the
picture<00:10:23.440> they<00:10:23.560> were<00:10:23.720> able<00:10:23.959> to<00:10:24.160> produce<00:10:24.480> what
picture they were able to produce what
picture they were able to produce what
those<00:10:24.839> people<00:10:25.079> had<00:10:25.200> been<00:10:25.360> typing<00:10:26.079> and<00:10:26.200> that
those people had been typing and that
those people had been typing and that
was<00:10:26.480> kind<00:10:26.600> of<00:10:26.720> an<00:10:26.880> accidental<00:10:27.240> artifact<00:10:27.800> of
was kind of an accidental artifact of
was kind of an accidental artifact of
what<00:10:28.120> their<00:10:28.279> software<00:10:28.680> was<00:10:28.800> doing
what their software was doing
what their software was doing
I'll<00:10:30.959> show<00:10:31.200> you<00:10:31.760> uh<00:10:31.880> two<00:10:32.079> more<00:10:32.800> one<00:10:32.959> is<00:10:33.160> p25
I'll show you uh two more one is p25
I'll show you uh two more one is p25
radios<00:10:34.920> p25<00:10:35.639> radios<00:10:36.200> are<00:10:36.360> used<00:10:36.720> by<00:10:36.880> law
radios p25 radios are used by law
radios p25 radios are used by law
enforcement<00:10:38.079> and<00:10:38.240> all<00:10:38.480> kinds<00:10:38.800> of<00:10:39.279> uh
enforcement and all kinds of uh
enforcement and all kinds of uh
government<00:10:40.040> agencies<00:10:41.040> and<00:10:41.279> people<00:10:41.519> in<00:10:41.760> combat
government agencies and people in combat
government agencies and people in combat
to<00:10:42.320> communicate<00:10:43.160> and<00:10:43.279> there's<00:10:43.519> an<00:10:43.720> encryption
to communicate and there's an encryption
to communicate and there's an encryption
option<00:10:44.480> on<00:10:44.639> these<00:10:44.800> phones<00:10:45.680> this<00:10:45.760> is<00:10:45.920> what<00:10:46.079> the
option on these phones this is what the
option on these phones this is what the
phone<00:10:46.440> looks<00:10:46.760> like<00:10:47.279> um<00:10:47.440> it's<00:10:47.560> not<00:10:47.720> really<00:10:47.920> a
phone looks like um it's not really a
phone looks like um it's not really a
phone<00:10:48.240> it's<00:10:48.360> more<00:10:48.480> of<00:10:48.600> a<00:10:48.680> two-way<00:10:49.040> radio<00:10:49.880> uh
phone it's more of a two-way radio uh
phone it's more of a two-way radio uh
Motorola<00:10:50.519> makes<00:10:50.720> the<00:10:50.839> most<00:10:51.040> widely<00:10:51.360> used<00:10:51.680> one
Motorola makes the most widely used one
Motorola makes the most widely used one
and<00:10:52.360> you<00:10:52.480> can<00:10:52.600> see<00:10:52.800> that<00:10:52.920> they're<00:10:53.040> used<00:10:53.320> by
and you can see that they're used by
and you can see that they're used by
Secret<00:10:53.800> Service<00:10:54.200> they're<00:10:54.360> used<00:10:54.560> in<00:10:54.800> combat
Secret Service they're used in combat
Secret Service they're used in combat
it's<00:10:55.680> a<00:10:55.959> very<00:10:56.200> very<00:10:56.399> common<00:10:56.760> standard<00:10:57.079> in<00:10:57.200> the
it's a very very common standard in the
it's a very very common standard in the
US<00:10:57.600> and<00:10:57.839> elsewhere<00:10:58.839> so<00:10:59.000> one<00:10:59.360> question<00:10:59.600> the
US and elsewhere so one question the
US and elsewhere so one question the
researchers<00:11:00.160> asked<00:11:00.560> themselves<00:11:00.959> is<00:11:01.639> could
researchers asked themselves is could
researchers asked themselves is could
you<00:11:02.040> block<00:11:02.519> this<00:11:02.720> thing<00:11:03.120> right<00:11:03.680> could<00:11:03.800> you<00:11:04.360> uh
you block this thing right could you uh
you block this thing right could you uh
run<00:11:04.639> a<00:11:04.760> denial<00:11:05.079> of<00:11:05.200> service<00:11:05.560> because<00:11:05.720> these
run a denial of service because these
run a denial of service because these
are<00:11:06.000> First<00:11:06.279> Responders<00:11:06.959> so<00:11:07.279> would<00:11:07.360> a
are First Responders so would a
are First Responders so would a
terrorist<00:11:07.800> organization<00:11:08.320> want<00:11:08.480> to<00:11:08.639> black<00:11:08.880> out
terrorist organization want to black out
terrorist organization want to black out
the<00:11:09.200> ability<00:11:09.639> of<00:11:09.839> police<00:11:10.160> and<00:11:10.320> fired<00:11:10.680> to
the ability of police and fired to
the ability of police and fired to
communicate<00:11:11.760> at<00:11:11.880> an<00:11:12.519> emergency<00:11:13.519> they<00:11:13.680> found
communicate at an emergency they found
communicate at an emergency they found
that<00:11:14.040> there's<00:11:14.279> this<00:11:14.440> girl<00:11:14.800> Tech<00:11:15.360> a<00:11:15.519> device
that there's this girl Tech a device
that there's this girl Tech a device
used<00:11:16.120> for<00:11:16.320> texting<00:11:17.200> that<00:11:17.360> happens<00:11:17.680> to<00:11:17.800> operate
used for texting that happens to operate
used for texting that happens to operate
at<00:11:18.160> the<00:11:18.279> same<00:11:18.480> exact<00:11:18.800> frequency<00:11:19.279> as<00:11:19.399> the<00:11:19.600> p25
at the same exact frequency as the p25
at the same exact frequency as the p25
and<00:11:20.720> they<00:11:20.839> built<00:11:21.200> what<00:11:21.320> they<00:11:21.440> called<00:11:21.760> my<00:11:21.920> first
Jammer<00:11:26.240> if<00:11:26.320> you<00:11:26.519> look<00:11:26.800> closely<00:11:27.480> at<00:11:27.639> this
Jammer if you look closely at this
Jammer if you look closely at this
device<00:11:28.480> it's<00:11:28.720> got<00:11:29.040> a<00:11:29.519> switch<00:11:29.959> for<00:11:30.279> encryption
device it's got a switch for encryption
device it's got a switch for encryption
or<00:11:30.880> clear<00:11:31.200> text<00:11:31.639> let<00:11:31.760> me<00:11:31.920> advance<00:11:32.320> the<00:11:32.720> slide
or clear text let me advance the slide
or clear text let me advance the slide
and<00:11:33.839> now<00:11:33.959> I'll<00:11:34.160> go<00:11:34.320> back<00:11:34.560> you<00:11:34.680> see<00:11:34.839> the
and now I'll go back you see the
and now I'll go back you see the
difference<00:11:36.959> this<00:11:37.079> is<00:11:37.680> plain<00:11:38.040> text<00:11:39.040> this<00:11:39.160> is
difference this is plain text this is
difference this is plain text this is
encrypted<00:11:40.200> there's<00:11:40.480> one<00:11:40.680> little<00:11:41.040> dot<00:11:41.320> that
encrypted there's one little dot that
encrypted there's one little dot that
shows<00:11:41.680> up<00:11:41.839> on<00:11:41.959> the<00:11:42.120> screen<00:11:42.519> and<00:11:42.680> one<00:11:42.880> little
shows up on the screen and one little
shows up on the screen and one little
tiny<00:11:43.320> turn<00:11:43.519> of<00:11:43.680> the<00:11:43.800> switch<00:11:44.480> and<00:11:44.560> so<00:11:44.720> the
tiny turn of the switch and so the
tiny turn of the switch and so the
researchers<00:11:45.399> asked<00:11:45.760> themselves<00:11:46.200> I<00:11:46.320> wonder
researchers asked themselves I wonder
researchers asked themselves I wonder
how<00:11:46.720> many<00:11:47.000> times<00:11:47.720> very<00:11:48.440> secure<00:11:49.120> important
how many times very secure important
how many times very secure important
sensitive<00:11:50.200> conversations<00:11:50.760> are<00:11:50.880> happening<00:11:51.160> on
sensitive conversations are happening on
sensitive conversations are happening on
these<00:11:51.360> two-way<00:11:51.720> radios<00:11:52.040> where<00:11:52.160> they<00:11:52.279> forget
these two-way radios where they forget
these two-way radios where they forget
to<00:11:52.680> encrypt<00:11:53.040> and<00:11:53.120> they<00:11:53.279> don't<00:11:53.440> notice<00:11:53.760> that
to encrypt and they don't notice that
to encrypt and they don't notice that
they<00:11:53.959> didn't<00:11:54.079> an<00:11:54.720> encrypt<00:11:55.720> so<00:11:56.279> they<00:11:56.480> bought<00:11:56.839> a
they didn't an encrypt so they bought a
they didn't an encrypt so they bought a
scanner<00:11:57.720> these<00:11:57.880> are<00:11:58.040> perfectly<00:11:58.480> legal<00:11:59.040> and
scanner these are perfectly legal and
scanner these are perfectly legal and
they<00:11:59.560> run<00:11:59.920> at<00:12:00.120> the<00:12:00.320> frequency<00:12:00.800> of<00:12:00.920> the<00:12:01.160> p25<00:12:02.160> and
they run at the frequency of the p25 and
they run at the frequency of the p25 and
what<00:12:02.360> they<00:12:02.480> did<00:12:02.639> is<00:12:02.720> they<00:12:02.839> hopped<00:12:03.120> around
what they did is they hopped around
what they did is they hopped around
frequencies<00:12:03.959> and<00:12:04.079> they<00:12:04.200> wrote<00:12:04.519> software<00:12:05.320> to
frequencies and they wrote software to
frequencies and they wrote software to
listen<00:12:05.839> in<00:12:06.480> if<00:12:06.680> they<00:12:06.800> found<00:12:07.240> encrypted
listen in if they found encrypted
listen in if they found encrypted
communication<00:12:08.480> they<00:12:08.600> stayed<00:12:08.920> on<00:12:09.079> that
communication they stayed on that
communication they stayed on that
channel<00:12:09.519> and<00:12:09.639> they<00:12:09.720> wrote<00:12:09.920> down<00:12:10.120> that's<00:12:10.240> a
channel and they wrote down that's a
channel and they wrote down that's a
channel<00:12:10.880> that<00:12:11.200> these<00:12:11.399> people<00:12:11.639> communicate<00:12:12.160> in
channel that these people communicate in
channel that these people communicate in
these<00:12:12.680> law<00:12:12.880> enforcement<00:12:13.320> agencies<00:12:14.160> and<00:12:14.279> they
these law enforcement agencies and they
these law enforcement agencies and they
went<00:12:14.519> to<00:12:14.639> 20<00:12:14.920> metropolitan<00:12:15.680> areas<00:12:16.399> and
went to 20 metropolitan areas and
went to 20 metropolitan areas and
listened<00:12:17.000> in<00:12:17.399> on<00:12:17.760> conversations<00:12:18.760> that<00:12:18.880> were
listened in on conversations that were
listened in on conversations that were
happening<00:12:19.360> at<00:12:19.560> those
happening at those
happening at those
frequencies<00:12:21.399> they<00:12:21.600> found<00:12:22.279> that<00:12:22.440> in<00:12:22.600> every
frequencies they found that in every
frequencies they found that in every
metropolitan<00:12:23.639> area<00:12:24.120> they<00:12:24.240> would<00:12:24.480> capture
metropolitan area they would capture
metropolitan area they would capture
over<00:12:25.160> 20<00:12:25.480> minutes<00:12:25.800> a<00:12:26.000> day<00:12:26.519> of<00:12:26.680> clear<00:12:27.000> text
over 20 minutes a day of clear text
over 20 minutes a day of clear text
communication<00:12:28.560> and<00:12:28.680> what<00:12:28.800> kind<00:12:28.880> of<00:12:29.000> thing
communication and what kind of thing
communication and what kind of thing
were<00:12:29.480> people<00:12:29.720> talking<00:12:30.040> about<00:12:30.440> well<00:12:30.600> they
were people talking about well they
were people talking about well they
found<00:12:31.120> the<00:12:31.279> names<00:12:31.680> and<00:12:31.839> information<00:12:32.240> about
found the names and information about
found the names and information about
confidential<00:12:33.120> informants<00:12:34.120> they<00:12:34.279> found
confidential informants they found
confidential informants they found
information<00:12:35.120> that<00:12:35.279> was<00:12:35.440> being<00:12:35.680> recorded<00:12:36.040> in
information that was being recorded in
information that was being recorded in
wiretaps<00:12:37.360> a<00:12:37.519> bunch<00:12:37.720> of<00:12:37.959> crimes<00:12:38.560> that<00:12:38.639> were
wiretaps a bunch of crimes that were
wiretaps a bunch of crimes that were
being<00:12:39.120> discussed<00:12:39.880> sensitive<00:12:40.399> information<00:12:41.320> it
being discussed sensitive information it
being discussed sensitive information it
was<00:12:41.600> mostly<00:12:41.880> law<00:12:42.120> enforcement<00:12:42.839> and
was mostly law enforcement and
was mostly law enforcement and
criminal<00:12:44.600> they<00:12:44.720> went<00:12:44.959> and<00:12:45.160> reported<00:12:45.600> this<00:12:45.760> to
criminal they went and reported this to
criminal they went and reported this to
the<00:12:46.000> law<00:12:46.199> enforcement<00:12:46.639> agencies<00:12:47.120> after
the law enforcement agencies after
the law enforcement agencies after
anonymizing<00:12:48.120> it<00:12:48.560> and<00:12:48.959> the<00:12:49.279> vulnerability
anonymizing it and the vulnerability
anonymizing it and the vulnerability
here<00:12:50.160> is<00:12:50.320> simply<00:12:50.639> the<00:12:50.760> user<00:12:51.040> interface<00:12:51.440> wasn't
here is simply the user interface wasn't
here is simply the user interface wasn't
good<00:12:51.880> enough<00:12:52.360> if<00:12:52.440> you're<00:12:52.639> talking<00:12:52.959> about
good enough if you're talking about
good enough if you're talking about
something<00:12:53.760> really<00:12:54.040> secure<00:12:54.360> and<00:12:54.560> sensitive<00:12:55.360> it
something really secure and sensitive it
something really secure and sensitive it
should<00:12:55.639> be<00:12:55.920> really<00:12:56.199> clear<00:12:56.440> to<00:12:56.560> you<00:12:56.800> that<00:12:56.920> this
should be really clear to you that this
should be really clear to you that this
conversation<00:12:57.639> is<00:12:57.839> encrypted<00:12:58.800> that<00:12:58.920> one
conversation is encrypted that one
conversation is encrypted that one
pretty<00:12:59.480> easy<00:12:59.680> to<00:12:59.839> fix<00:13:00.560> the<00:13:00.720> last<00:13:00.880> one<00:13:01.079> I
pretty easy to fix the last one I
pretty easy to fix the last one I
thought<00:13:01.360> was<00:13:01.560> really<00:13:01.800> really<00:13:02.000> cool<00:13:02.360> and<00:13:02.480> I
thought was really really cool and I
thought was really really cool and I
just<00:13:02.760> had<00:13:02.839> to<00:13:02.959> show<00:13:03.160> it<00:13:03.240> to<00:13:03.399> you<00:13:04.040> it's<00:13:04.240> probably
just had to show it to you it's probably
just had to show it to you it's probably
not<00:13:04.800> something<00:13:05.120> that<00:13:05.199> you're<00:13:05.320> going<00:13:05.440> to<00:13:05.519> lose
not something that you're going to lose
not something that you're going to lose
sleep<00:13:06.000> over<00:13:06.240> like<00:13:06.360> the<00:13:06.480> cars<00:13:06.760> or<00:13:06.880> the
sleep over like the cars or the
sleep over like the cars or the
defibrillators<00:13:08.000> but<00:13:08.720> um<00:13:09.720> it's<00:13:09.880> stealing
defibrillators but um it's stealing
defibrillators but um it's stealing
keystrokes<00:13:11.320> now<00:13:11.480> we've<00:13:11.680> all<00:13:11.839> looked<00:13:12.079> at
keystrokes now we've all looked at
keystrokes now we've all looked at
smartphones<00:13:13.160> upside<00:13:13.600> down<00:13:13.959> every<00:13:14.160> security
smartphones upside down every security
smartphones upside down every security
expert<00:13:14.880> wants<00:13:15.040> to<00:13:15.240> hack<00:13:15.399> a<00:13:15.519> smartphone<00:13:16.360> and<00:13:16.480> we
expert wants to hack a smartphone and we
expert wants to hack a smartphone and we
tend<00:13:16.800> to<00:13:17.000> look<00:13:17.399> at<00:13:17.839> the<00:13:17.959> USB<00:13:18.519> port<00:13:19.160> the<00:13:19.360> GPS<00:13:19.800> for
tend to look at the USB port the GPS for
tend to look at the USB port the GPS for
tracking<00:13:20.519> the<00:13:20.720> camera<00:13:21.120> the<00:13:21.440> microphone<00:13:22.440> but
tracking the camera the microphone but
tracking the camera the microphone but
no<00:13:23.000> one<00:13:23.240> up<00:13:23.399> till<00:13:23.639> this<00:13:23.760> point<00:13:24.000> had<00:13:24.120> looked<00:13:24.320> at
no one up till this point had looked at
no one up till this point had looked at
the<00:13:24.600> accelerometer<00:13:25.440> the<00:13:25.600> accelerometer<00:13:26.199> is
the accelerometer the accelerometer is
the accelerometer the accelerometer is
the<00:13:26.440> thing<00:13:26.639> that<00:13:26.760> determines<00:13:27.440> the<00:13:27.639> vertical
the thing that determines the vertical
the thing that determines the vertical
orientation<00:13:29.000> of<00:13:29.120> of<00:13:29.240> the<00:13:29.720> smartphone<00:13:30.720> and<00:13:30.800> so
orientation of of the smartphone and so
orientation of of the smartphone and so
they<00:13:31.079> had<00:13:31.199> a<00:13:31.279> simple<00:13:31.560> setup<00:13:32.279> they<00:13:32.480> put<00:13:32.720> a
they had a simple setup they put a
they had a simple setup they put a
smartphone<00:13:33.399> next<00:13:33.560> to<00:13:33.720> a<00:13:33.839> keyboard<00:13:34.560> and<00:13:34.680> they
smartphone next to a keyboard and they
smartphone next to a keyboard and they
had<00:13:34.920> people<00:13:35.240> type<00:13:36.199> and<00:13:36.360> then<00:13:36.519> their<00:13:36.720> goal<00:13:37.240> was
had people type and then their goal was
had people type and then their goal was
to<00:13:37.600> use<00:13:38.040> the<00:13:38.240> vibrations<00:13:38.839> that<00:13:38.959> were<00:13:39.120> created
to use the vibrations that were created
to use the vibrations that were created
by<00:13:40.079> typing<00:13:41.079> um<00:13:41.240> to<00:13:41.480> measure<00:13:42.000> the<00:13:42.120> change<00:13:42.360> in
by typing um to measure the change in
by typing um to measure the change in
the<00:13:42.920> accelerometer<00:13:43.959> reading<00:13:44.959> to<00:13:45.199> determine
the accelerometer reading to determine
the accelerometer reading to determine
what<00:13:45.760> the<00:13:45.920> person<00:13:46.199> had<00:13:46.320> been<00:13:46.839> typing<00:13:47.839> now<00:13:47.959> when
what the person had been typing now when
what the person had been typing now when
they<00:13:48.199> tried<00:13:48.600> this<00:13:48.760> on<00:13:48.880> an<00:13:49.040> iPhone<00:13:49.480> 3GS<00:13:50.480> this<00:13:50.600> is
they tried this on an iPhone 3GS this is
they tried this on an iPhone 3GS this is
a<00:13:51.079> graph<00:13:51.600> of<00:13:51.759> the<00:13:51.920> perturbations<00:13:52.680> that<00:13:52.759> were
a graph of the perturbations that were
a graph of the perturbations that were
created<00:13:53.639> by<00:13:53.800> the<00:13:54.000> typing<00:13:54.920> and<00:13:55.040> you<00:13:55.120> can<00:13:55.279> see
created by the typing and you can see
created by the typing and you can see
that<00:13:55.720> it's<00:13:55.920> very<00:13:56.360> difficult<00:13:56.519> to<00:13:56.680> tell<00:13:56.920> when
that it's very difficult to tell when
that it's very difficult to tell when
somebody<00:13:57.440> was<00:13:57.600> typing<00:13:57.920> or<00:13:58.079> what<00:13:58.199> they<00:13:58.320> were
somebody was typing or what they were
somebody was typing or what they were
typing<00:13:59.480> the<00:13:59.600> the<00:13:59.680> iPhone<00:13:59.959> 4<00:14:00.320> greatly<00:14:00.759> improved
typing the the iPhone 4 greatly improved
typing the the iPhone 4 greatly improved
the
the
the
accelerometer<00:14:03.199> and<00:14:03.399> so<00:14:04.279> the<00:14:04.519> same
accelerometer and so the same
accelerometer and so the same
measurement<00:14:05.800> produced<00:14:06.320> this<00:14:06.600> graph<00:14:07.600> now<00:14:07.839> that
measurement produced this graph now that
measurement produced this graph now that
gave<00:14:08.240> you<00:14:08.440> a<00:14:08.560> lot<00:14:08.680> of<00:14:08.880> information<00:14:09.800> while
gave you a lot of information while
gave you a lot of information while
someone<00:14:10.320> was<00:14:10.519> typing<00:14:11.480> and<00:14:11.639> what<00:14:11.759> they<00:14:11.959> did
someone was typing and what they did
someone was typing and what they did
then<00:14:12.680> is<00:14:12.959> used<00:14:13.399> Advanced<00:14:13.759> artificial
then is used Advanced artificial
then is used Advanced artificial
intelligence<00:14:14.800> techniques<00:14:15.279> called<00:14:15.480> machine
intelligence techniques called machine
intelligence techniques called machine
learning<00:14:16.680> to<00:14:16.880> have<00:14:17.000> a<00:14:17.160> training<00:14:17.600> phase<00:14:18.160> and<00:14:18.279> so
learning to have a training phase and so
learning to have a training phase and so
they<00:14:18.639> got<00:14:19.000> most<00:14:19.240> likely<00:14:19.560> grad<00:14:19.880> students<00:14:20.440> to
they got most likely grad students to
they got most likely grad students to
type<00:14:20.839> in<00:14:21.000> a<00:14:21.079> whole<00:14:21.279> lot<00:14:21.399> of<00:14:21.560> things<00:14:22.560> and<00:14:23.199> um<00:14:23.600> to
type in a whole lot of things and um to
type in a whole lot of things and um to
learn<00:14:24.320> to<00:14:24.480> have<00:14:24.639> the<00:14:24.800> system<00:14:25.120> use<00:14:25.320> the<00:14:25.440> machine
learn to have the system use the machine
learn to have the system use the machine
learning<00:14:26.040> tools<00:14:26.320> that<00:14:26.440> were<00:14:26.600> available<00:14:27.360> to
learning tools that were available to
learning tools that were available to
learn<00:14:27.920> what<00:14:28.079> it<00:14:28.240> is<00:14:28.480> that<00:14:28.600> the<00:14:28.720> people<00:14:29.320> typing
learn what it is that the people typing
learn what it is that the people typing
and<00:14:30.800> to<00:14:31.480> match<00:14:31.800> that<00:14:32.000> up<00:14:32.399> with<00:14:32.560> the
and to match that up with the
and to match that up with the
measurements<00:14:33.120> in<00:14:33.279> the<00:14:33.720> accelerometer<00:14:34.720> and
measurements in the accelerometer and
measurements in the accelerometer and
then<00:14:34.920> there's<00:14:35.120> the<00:14:35.320> attack<00:14:35.680> phase<00:14:36.120> where<00:14:36.320> you
then there's the attack phase where you
then there's the attack phase where you
get<00:14:36.639> somebody<00:14:36.920> to<00:14:37.160> type<00:14:37.440> something<00:14:37.759> in<00:14:38.040> you
get somebody to type something in you
get somebody to type something in you
don't<00:14:38.320> know<00:14:38.480> what<00:14:38.560> it<00:14:38.720> was<00:14:39.199> but<00:14:39.320> you<00:14:39.480> use<00:14:39.680> your
don't know what it was but you use your
don't know what it was but you use your
model<00:14:40.240> that<00:14:40.360> you<00:14:40.480> created<00:14:40.800> in<00:14:40.920> the<00:14:41.040> training
model that you created in the training
model that you created in the training
phase<00:14:41.920> to<00:14:42.079> figure<00:14:42.320> out<00:14:42.519> what<00:14:42.639> they<00:14:42.720> were
phase to figure out what they were
phase to figure out what they were
typing<00:14:43.920> they<00:14:44.040> had<00:14:44.240> pretty<00:14:44.480> good<00:14:44.680> success<00:14:45.560> this
typing they had pretty good success this
typing they had pretty good success this
is<00:14:45.920> an<00:14:46.040> article<00:14:46.440> from<00:14:46.600> the<00:14:46.720> USA<00:14:47.160> Today<00:14:48.160> they
is an article from the USA Today they
is an article from the USA Today they
typed<00:14:48.600> in<00:14:48.800> the<00:14:48.880> Illinois<00:14:49.320> Supreme<00:14:49.680> Court<00:14:49.920> has
typed in the Illinois Supreme Court has
typed in the Illinois Supreme Court has
ruled<00:14:50.360> that<00:14:50.480> Ram<00:14:50.720> Emanuel<00:14:51.320> is<00:14:51.480> eligible<00:14:51.839> to
ruled that Ram Emanuel is eligible to
ruled that Ram Emanuel is eligible to
run<00:14:52.120> for<00:14:52.279> mayor<00:14:52.519> of<00:14:52.639> Chicago<00:14:53.160> see<00:14:53.320> I<00:14:53.440> tied<00:14:53.680> into
run for mayor of Chicago see I tied into
run for mayor of Chicago see I tied into
the<00:14:54.000> last<00:14:54.240> talk<00:14:54.759> and<00:14:54.920> ordered<00:14:55.240> him<00:14:55.360> to<00:14:55.519> stay<00:14:55.720> on
the last talk and ordered him to stay on
the last talk and ordered him to stay on
the<00:14:56.160> ballot<00:14:57.160> now<00:14:57.360> the<00:14:57.519> system<00:14:57.920> is<00:14:58.120> interesting
the ballot now the system is interesting
the ballot now the system is interesting
because<00:14:58.759> it<00:14:59.040> produced<00:14:59.480> Illinois<00:15:00.000> Supreme<00:15:00.759> and
because it produced Illinois Supreme and
because it produced Illinois Supreme and
then<00:15:01.000> it<00:15:01.120> wasn't<00:15:01.399> sure<00:15:02.000> the<00:15:02.120> model<00:15:02.399> produced<00:15:02.759> a
then it wasn't sure the model produced a
then it wasn't sure the model produced a
bunch<00:15:03.040> of<00:15:03.199> options<00:15:04.040> and<00:15:04.199> this<00:15:04.320> is<00:15:04.680> the<00:15:04.800> beauty
bunch of options and this is the beauty
bunch of options and this is the beauty
of<00:15:05.720> of<00:15:05.920> some<00:15:06.040> of<00:15:06.199> the<00:15:06.399> AI<00:15:06.680> techniques<00:15:07.160> is<00:15:07.360> that
of of some of the AI techniques is that
of of some of the AI techniques is that
computers<00:15:07.959> are<00:15:08.120> good<00:15:08.279> at<00:15:08.399> some<00:15:08.639> things<00:15:09.240> humans
computers are good at some things humans
computers are good at some things humans
are<00:15:09.680> good<00:15:09.800> at<00:15:09.959> other<00:15:10.199> things<00:15:10.759> take<00:15:10.959> the<00:15:11.079> best
are good at other things take the best
are good at other things take the best
of<00:15:11.360> both<00:15:11.600> let<00:15:11.720> the<00:15:11.839> human<00:15:12.120> solve<00:15:12.440> this<00:15:12.560> one
of both let the human solve this one
of both let the human solve this one
don't<00:15:12.959> waste<00:15:13.240> computer<00:15:13.600> Cycles<00:15:14.199> a<00:15:14.320> human's
don't waste computer Cycles a human's
don't waste computer Cycles a human's
not<00:15:14.800> going<00:15:14.920> to<00:15:15.120> think<00:15:15.279> it's<00:15:15.480> the<00:15:15.600> Supreme
not going to think it's the Supreme
not going to think it's the Supreme
might<00:15:16.320> it's<00:15:16.480> the<00:15:16.600> Supreme<00:15:16.959> Court<00:15:17.759> right<00:15:17.959> and
might it's the Supreme Court right and
might it's the Supreme Court right and
so<00:15:18.639> together<00:15:18.959> we're<00:15:19.160> able<00:15:19.360> to<00:15:19.519> reproduce
so together we're able to reproduce
so together we're able to reproduce
typing<00:15:20.759> simply<00:15:21.120> by<00:15:21.279> measuring<00:15:21.639> the
typing simply by measuring the
typing simply by measuring the
accelerometer<00:15:23.160> why<00:15:23.279> is<00:15:23.480> this<00:15:23.680> matter<00:15:24.320> well<00:15:25.000> in
accelerometer why is this matter well in
accelerometer why is this matter well in
in<00:15:25.600> the<00:15:25.839> Android<00:15:26.279> platform<00:15:26.759> for<00:15:27.199> example<00:15:28.199> the
in the Android platform for example the
in the Android platform for example the
uh<00:15:29.440> uh<00:15:29.680> developers<00:15:30.279> have<00:15:30.399> a<00:15:30.560> manifest<00:15:31.160> where
uh uh developers have a manifest where
uh uh developers have a manifest where
every<00:15:31.720> device<00:15:32.040> on<00:15:32.240> there<00:15:32.440> the<00:15:32.600> microphone<00:15:33.240> Etc
every device on there the microphone Etc
every device on there the microphone Etc
has<00:15:33.880> to<00:15:34.079> register<00:15:34.680> if<00:15:34.759> you're<00:15:34.920> going<00:15:35.040> to<00:15:35.199> use
has to register if you're going to use
has to register if you're going to use
it<00:15:35.639> so<00:15:35.839> that<00:15:36.079> hackers<00:15:36.600> can't<00:15:37.199> take<00:15:37.399> over<00:15:37.639> it
it so that hackers can't take over it
it so that hackers can't take over it
but<00:15:38.360> nobody<00:15:38.720> controls<00:15:39.160> the
but nobody controls the
but nobody controls the
accelerometer<00:15:40.839> so<00:15:41.040> what's<00:15:41.240> the<00:15:41.399> point<00:15:41.759> you
accelerometer so what's the point you
accelerometer so what's the point you
can<00:15:42.040> leave<00:15:42.240> your<00:15:42.440> iPhone<00:15:42.759> next<00:15:42.959> to<00:15:43.079> someone's
can leave your iPhone next to someone's
can leave your iPhone next to someone's
keyboard<00:15:44.079> and<00:15:44.199> just<00:15:44.319> leave<00:15:44.519> the<00:15:44.680> room<00:15:45.160> and
keyboard and just leave the room and
keyboard and just leave the room and
then<00:15:45.480> later<00:15:45.959> recover<00:15:46.360> what<00:15:46.480> they<00:15:46.600> did<00:15:46.800> even
then later recover what they did even
then later recover what they did even
without<00:15:47.199> using<00:15:47.440> the<00:15:47.759> microphone<00:15:48.759> um<00:15:48.920> if
without using the microphone um if
without using the microphone um if
someone<00:15:49.399> is<00:15:49.560> able<00:15:49.759> to<00:15:49.880> put<00:15:50.000> malware<00:15:50.399> on<00:15:50.519> your
someone is able to put malware on your
someone is able to put malware on your
iPhone<00:15:51.079> they<00:15:51.160> could<00:15:51.399> then<00:15:51.880> maybe<00:15:52.160> get<00:15:52.319> the
iPhone they could then maybe get the
iPhone they could then maybe get the
typing<00:15:52.880> that<00:15:53.040> you<00:15:53.199> do<00:15:53.440> whenever<00:15:53.800> you<00:15:53.959> put<00:15:54.079> your
typing that you do whenever you put your
typing that you do whenever you put your
iPhone<00:15:54.560> next<00:15:54.720> to<00:15:54.880> your<00:15:55.199> keyboard<00:15:56.199> there's
iPhone next to your keyboard there's
iPhone next to your keyboard there's
several<00:15:56.839> other<00:15:57.040> notable<00:15:57.399> attacks<00:15:57.720> that
several other notable attacks that
several other notable attacks that
unfortunately<00:15:58.319> I<00:15:58.399> don't<00:15:58.519> have<00:15:58.680> time<00:15:59.000> to<00:15:59.120> go
unfortunately I don't have time to go
unfortunately I don't have time to go
into<00:15:59.600> but<00:15:59.720> the<00:15:59.839> one<00:16:00.040> that<00:16:00.160> I<00:16:00.240> wanted<00:16:00.480> to<00:16:00.639> point
into but the one that I wanted to point
into but the one that I wanted to point
out<00:16:01.160> was<00:16:01.279> a<00:16:01.440> group<00:16:01.720> from<00:16:01.839> the<00:16:01.959> University<00:16:02.319> of
out was a group from the University of
out was a group from the University of
Michigan<00:16:03.240> which<00:16:03.399> was<00:16:03.560> able<00:16:03.759> to<00:16:03.959> take<00:16:04.319> voting
Michigan which was able to take voting
Michigan which was able to take voting
machines<00:16:05.360> the<00:16:05.639> seoa<00:16:06.160> ABC<00:16:06.600> Edge<00:16:06.959> Dres<00:16:07.360> that
machines the seoa ABC Edge Dres that
machines the seoa ABC Edge Dres that
were<00:16:07.560> going<00:16:07.720> to<00:16:07.759> be<00:16:07.880> used<00:16:08.040> in<00:16:08.160> New<00:16:08.279> Jersey<00:16:08.560> in
were going to be used in New Jersey in
were going to be used in New Jersey in
the<00:16:08.759> election<00:16:09.160> that<00:16:09.240> were<00:16:09.399> left<00:16:09.560> in<00:16:09.639> a<00:16:09.800> hallway
the election that were left in a hallway
the election that were left in a hallway
and<00:16:10.440> put<00:16:10.680> Pac-Man<00:16:11.040> on<00:16:11.160> it<00:16:11.360> so<00:16:11.519> they<00:16:11.600> ran<00:16:11.839> the
and put Pac-Man on it so they ran the
and put Pac-Man on it so they ran the
Pac-Man
game<00:16:15.519> what<00:16:15.639> does<00:16:15.800> this<00:16:15.959> all<00:16:16.160> mean<00:16:17.120> well<00:16:17.839> I
game what does this all mean well I
game what does this all mean well I
think<00:16:18.399> that<00:16:18.800> Society<00:16:19.279> tends<00:16:19.560> to<00:16:19.720> adopt
think that Society tends to adopt
think that Society tends to adopt
technology<00:16:20.560> really<00:16:20.759> quickly<00:16:21.199> I<00:16:21.319> love<00:16:21.519> the
technology really quickly I love the
technology really quickly I love the
next<00:16:21.959> coolest<00:16:22.440> Gadget<00:16:23.279> but<00:16:23.399> it's<00:16:23.639> very
next coolest Gadget but it's very
next coolest Gadget but it's very
important<00:16:24.199> and<00:16:24.319> these<00:16:24.480> researchers<00:16:24.959> are
important and these researchers are
important and these researchers are
showing<00:16:25.639> that<00:16:25.759> the<00:16:25.880> developers<00:16:26.639> of<00:16:26.800> these
showing that the developers of these
showing that the developers of these
things<00:16:27.360> need<00:16:27.519> to<00:16:27.680> take<00:16:27.920> security<00:16:28.319> into
things need to take security into
things need to take security into
account<00:16:28.920> from<00:16:29.079> the<00:16:29.199> very<00:16:29.399> beginning<00:16:30.040> and<00:16:30.199> need
account from the very beginning and need
account from the very beginning and need
to<00:16:30.680> realize<00:16:31.399> that<00:16:31.680> the<00:16:31.920> they<00:16:32.040> may<00:16:32.199> have<00:16:32.319> a
to realize that the they may have a
to realize that the they may have a
threat<00:16:32.720> model<00:16:33.279> but<00:16:33.440> the<00:16:33.560> attackers<00:16:34.040> may<00:16:34.199> not
threat model but the attackers may not
threat model but the attackers may not
be<00:16:34.519> nice<00:16:34.800> enough<00:16:35.040> to<00:16:35.199> limit<00:16:35.600> themselves<00:16:35.839> to
be nice enough to limit themselves to
be nice enough to limit themselves to
that<00:16:36.199> threat<00:16:36.440> model<00:16:37.079> and<00:16:37.160> so<00:16:37.319> you<00:16:37.440> need<00:16:37.560> to
that threat model and so you need to
that threat model and so you need to
think<00:16:37.959> outside<00:16:38.279> of<00:16:38.399> the<00:16:38.600> box<00:16:39.560> what<00:16:39.720> we<00:16:39.839> can<00:16:40.000> do
think outside of the box what we can do
think outside of the box what we can do
is<00:16:40.480> be<00:16:40.680> aware<00:16:41.440> that<00:16:41.680> devices<00:16:42.120> can<00:16:42.279> be
is be aware that devices can be
is be aware that devices can be
compromised<00:16:43.399> and<00:16:43.639> anything<00:16:43.959> that<00:16:44.120> has
compromised and anything that has
compromised and anything that has
software<00:16:44.800> in<00:16:45.000> it<00:16:45.480> is<00:16:45.639> going<00:16:45.800> to<00:16:45.920> be<00:16:46.079> vulnerable
software in it is going to be vulnerable
software in it is going to be vulnerable
it's<00:16:46.880> going<00:16:47.040> to<00:16:47.199> have<00:16:47.639> bugs<00:16:48.639> thank<00:16:48.759> you<00:16:48.920> very
it's going to have bugs thank you very
it's going to have bugs thank you very
much
Avi Rubin, TED TEDx TEDxMidAtlantic TED-Ed TED Ed, TEDEducation, hack, hacker, hacking, hackable, world
