Art of Hacking | Rahul Sasi | TEDxGCT

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you so my name is Raja Sheikh I'm a cycle hacker and I'm here to hack your bank accounts how many of you think that your bank accounts are secure place your hands it's one two three four five six I mean almost all of the people let me prove you guys wrong how many of you use this thing called phone banking you know it's something where you make a call to your bank a computer-generated system responds back asking you to enter your account number followed your PIN code when it's all indicates give you all the details so that's basically phone banking right we basically build the program to automate this but the program dresses what the program does is it makes a call to the bank it automatically tries to brute-force your password because it's a four digit ATM PIN and not only just brute force is your password it brute force hundred other thousand other accounts for the common password one two three four so then the number of people who would have the password ATM PIN core one two three four out of thousand different accounts would be really high right so let me show you the program so basically the program is connected to a mobile phone over there and the program will automatically call the bank if you are the first customer plus one to report lots of car we connect come with following five shumphlett at any time during this please enter your six things which is debit card or term so what is happening is a computer program is talking to another computer program everything is automated and it's trying to brute force other people's bank accounts so right now it can understand what the computer voice is saying it can knows that bad text figures out what option you to choose and it sends back everything is automated that means you can hack one bank account at a time when we disclose this particular show this was back in 2011 a couple of banks still is vulnerable to these a couple of them have fixed it so now it asks for the password so we try a common password like I mentioned we're going to look for the decision of better parking or first Nam authentication is successful thing available services in your account is really dark thousand five hundred twenty five degree and so next game and I will ask you aa trip me next time someone ask you whether that's secure don't see us so what he saw was IVR applications they are called interactive voice response systems because they use voice to communicate back to the user the normal web applications you use they show a text that's where you read them here it reads out to you right so what we figure out was if you can trigger an exception exception is like an error if you can confuse the application the application would read out the entire internal information back to you so if you can confuse it some way you would be able to do this so in this case the application expects a four-digit real controller but we are computer giving them more than four digit in program names finally mark and 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 while we process your information sorry that content has an internal error a Webster error occurred air starting voicexml application to build mesh with code 500 server error URL HTTP colon slash slash 192.168.0 3 got and then light beardless lot of lot of things Thanks so yeah so basically there are so many different ways of hacking into something the possibilities has endless all you have to do is look into it this is a research who sided with my colleague I had enough ease what we are basically trying to do was impress our girlfriends by trying to propose them over the TV so the idea was if you are watching star movies at your home what if I can inject my own videos and broadcast it to your houses like have you seen the die hard movie it's sadly the same thing so let me show you how we did it so you might need an exclusive challenge the man you're working passionately turn on the radio we have happened when you play watching yourself those reviews these demos make us we've taken straight questions from India's most to do again hello Nell greetings from garage for hackers this broadcasting is taken over by us knowledge is free and Garage forum is - Libre knowledge you may acquire interpret and apply freely the knowledge you gained from garage the knowledge can be reformulated according to one's needs and share it with others for community this video could be anything it could be anything of your choice you know for our purpose was to demonstrate our you know Lao to our girlfriends on the TV so we did the entire thing using this particular setup which we built using less than 80 USD that's like less than 5,000 rupees what we basically did was times now comes in a particular frequency we signal out then - we can say - times now and recreate at our own video in the same frequency as of times and then broadcasted it onto the network so that means I cannot really control your videos I can control the video for an entire city so an entire city would watch what I decide they should watch could be anything so moving on by the way this is the garage which we worked on we spend almost like eight months trying to figure out a lot of things so this is the entire mess which was created out of the research going on how many of you is linked in over here I use it it's very popular I really like it alright that's a good number of people linkdin is a microblogging site for Coach knows what we see what I figured out is I can make any individual on LinkedIn my employee without their console I can basically ask any of the LinkedIn users I mean make any of the linden uses my employee that means I will get access to their information personal information I can communicate to them I can pretty much do anything which I can do to my invoice so I had couple of interesting people whom I wanted to make my employees so I started with Bill Gates so Bill Gates was my first employee and followed by President Obama and I like Narendra Modi as well so he was my third employee and then Mark Cuban which because he is a cool guy so many of these security many of these companies have a security disclosure policies where if a hacker discloses a particular bulk to them they pay for it or you know they they they take good care of the hackers so this was done part of a responsible disclosure thing have you seen these drones this small flying drones which are which are very popular these days sort of take photographs have you seen one of them in real life right I mean they are they are very popular because it's mechanically very simple what they do is they have sensors which collects data from their environment passes the data to a software program which is embedded in it and the software program is like the brain which decides whether what action this is wrong should do whether it should move left or right it is controlled by the software what we did is we created another program like a malware a virus which stays in between the hardware unit and software unit so any request that comes from the hardware passes through our malicious program and it actually comes back to me that occur so if a drone is moving left I can make it move right because I'm a proxy in between right let me show you how that is fine what you can do it can go high up in the air you can you and the malicious malware called malreaux once it's the drone is infected my payload would actually stop his engine that means he'll speak crashing down since this is an expensive device I'm going to stand somewhere near and for catch hold of it so in any minute the pegler would be successful and but the engines would stop working and the drones would keep dropping dead so juicy and touching Pacey bit like this so yeah so you can just basically walk over all the guys who take photographs hijack their drones and make them bring you to your houses right fly to their houses again this is a tiny small program which did that what I figured out is when you do a lot of research you learn a lot like what I learned it I used to go out to my tennis court we perform this action videos what I did knew yes there is a next awesome hacker who lives in my apartment I never knew this guy exists while I was doing the research I accidentally stumbled upon this type you can see that when I was fine we had this device and in few minutes this amazing after shows up and he's actually able to show a better technique to hijack any production so any woman you see this awesome hacker much better than me having a better capable to your fat engines and yield an unscalable so I'll fly my zone by light and the hacker would come any minute and there you it's you you basically you basically don't need a program to do it you basically throw anything at that particular drone and you can bring it down you know sometimes things are simple but you always think about it but yeah so that's the little hacker who was in my apartment so people ask me how do I get into hockey what motivated me this is one question I get a lot the motivation was I had a very trouble school a most of the days my parents were summoned to the school because of my lack of concentration when things got worse they took me to a neurologist where I was dying where I did a lot of EEG tests and I was diagnosed for a medical condition with my brainwaves the problem was my brains were incapable of focusing on one particular thing for more than 30 seconds so even when I'm attending a lecture I would not be able to grasp the entire lecture I would be able to pop observe every 3 seconds my brains would go somewhere and comes back so I was very difficult to understand lecture so when I got into college same thing continued and it was no point for me to sit in a lecture and attended so I started bunking classes when you start bunking classes your attendance comes around and you're much bigger trouble right so in my school days a college raised all the attendants of the staffs were managed by these biometric devices have you seen these things the biometric fingerprint devices right you know uses a fingerprint oh so staffs use this for for their daily attendance the logs are saved on these devices temporarily later an administrator could remotely log into these devices and collect the logs that means this is connected on a network which means I can sit my dormitory and hack into these devices so after many sleepless nights I figure out that if I send fake UDP packets to this device pretending it to be coming from the administrator's computer this device would give me complete access to its locks so what do you see over here is my staff's fingerprints and their login details so I can based a swap my fingerprint with their fingerprint and I can go to any restricted area in my college or I can do pretty much or I can mark a particular staff absent on a particular day or you know you can do a lot of possibilities are endless so this is me hacking is my passion I route now run a computer company called cloud check for hacking to me is about solving challenging problems it's about overcoming the difficulties in your personal life as well as your technical life and the finding solutions for tougher problems thank you you

Info

Channel: TEDx Talks

Views: 104,511

Rating: 4.728745 out of 5

Keywords: TEDxTalks, English, India, Technology, Hack, Art, Computers, Security

Id: YKEyErOJp-c

Channel Id: undefined

Length: 14min 47sec (887 seconds)

Published: Tue Aug 16 2016