Hacker Explains One Concept in 5 Levels of Difficulty | WIRED

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Great video although I was only able to understand up to the college student level. At the grad student level, I understood somewhat and then I got lost at the expert level lol. Amazing to see that experts have a deep understanding of computers down to its physics level.

πŸ‘οΈŽ︎ 12 πŸ‘€οΈŽ︎ u/Digitally_Depressed πŸ“…οΈŽ︎ Jul 21 2020 πŸ—«︎ replies

Great content.

πŸ‘οΈŽ︎ 15 πŸ‘€οΈŽ︎ u/HeyGuyGuyGuy πŸ“…οΈŽ︎ Jul 20 2020 πŸ—«︎ replies

Smart ass 9 year old

πŸ‘οΈŽ︎ 5 πŸ‘€οΈŽ︎ u/[deleted] πŸ“…οΈŽ︎ Jul 21 2020 πŸ—«︎ replies

Ah, brings back nice memories from graduate school. Differential Power Analysis against AES-ECB was part of my thesis. Synergizing knowledge in cryptography and EE during the ASIC design of ECC accelerators was so exciting. I used O'Flynn's second evaluation board in the groundwork of my thesis. He's a badass and openly communicative to his following.

The legalization of automotive electronic control unit security inspection is around the cornerβ€”GM has been quite open for years.

Side note, if you think expert is somewhat abstract, you should go to Black Hat if you wallet can take the hit. It'll explode your mind. And the parties are alright, too...

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/uncannysalt πŸ“…οΈŽ︎ Jul 21 2020 πŸ—«︎ replies

samy is my hero

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/kr-ujjwal πŸ“…οΈŽ︎ Jul 21 2020 πŸ—«︎ replies

Well explained Thanks πŸ‘

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/HarisKhanHK πŸ“…οΈŽ︎ Jul 22 2020 πŸ—«︎ replies
Captions
hi my name is sam kamkar i'm a security researcher computer hacker and co-founder of openpath security i've been challenged today to explain one simple concept in five levels of increasing complexity my topic hacking hacking to me is using or manipulating a system in a way that it wasn't intended or really expected and that could be a computer or it could be a phone or a drone or a satellite could really be anything do you know what computer hacking is it's bad like um going into someone's like personal account or account changing some stuff or just stealing some information or your money yeah it's crazy they're really a lot of bad or malicious hackers out there who are doing just that they're going into people's accounts and they're stealing money but there's also another side of computer hacking where there are people who are trying to learn how those bad hackers are actually breaking in to the bank accounts did they like return the money like give them their money or something like that what they're trying to do is they're trying to even prevent the bad hackers from getting in in the first place so they put like a protection account or something yeah exactly they're looking for ways that they can create protection it's kind of like the lock on your front door that lock is to essentially prevent bad people from coming in or people accidentally coming in when they shouldn't a hacker is essentially looking at a way how can i get into this lock but then there are the good ones who are trying to unlock it so that they can tell the company that made the lock hey we can actually protect people by making the lock a little harder what would they do about the people in the broken lock in many cases they'll send them a new lock so it's an upgraded a better version sometimes that's new features but sometimes that's bug fixes and ways to protect you as well but like they may get arrested because they might get mistaken that's a very good point you should definitely make sure that you're obeying the law they might work with the lock company and say i'm trying to improve your product and they're trying to find these holes or problems and then share that with the company even though the good hacker is doing exactly the same thing as the bad hacker it's the same exact skill set and you're using the same exact techniques and information to try to break that lock but your goal is a good hacker is really to help everyone like you and me to make sure that our stuff is protected so hopefully they don't get in trouble because they're the good guys when did you start doing like the good hacking i started doing the good hacking when i turned nine years old wow i started going on the computer and playing video games but i had some ideas of my own and that's where i started to learn how to hack i wanted to play with my friends on this video game and just change the way that things look but that would be kind of like bad because maybe the creator did it for a reason that's entirely possible they may have done it for a reason but you may have come up with a really good idea that do you think there are other people who might like the idea that you came up with yeah when you have creative ideas like that hacking can actually allow you to change the way a system works and that means you can change a game and how the game is played and then you can share that with your friends and other people who like that game once i started learning how to do it i found that things that were harder for me i could make easier did your parents improve with it i don't think my parents knew but when my parents found out that i was doing it for good i think they were happy do you do anything with computers or any coding i like to play coding games and i like to go on code.org and they have a variety of games for like different ages so like i really like to do that for example like the game flappy bird it's like puzzle pieces so they would like tell you to connect something and then you would play the game and then you could see what you connected interesting so it's like a graphical interface where you can connect different pieces together kind of like wire them together yeah oh that's pretty cool what do you know about computer hacking i don't really know much about computer hacking actually so on code.org one of the things you've been doing is actually building a game or that they have a game and then you can actually rewire some of the inputs and outputs of that is that right yeah okay with computer hacking it's actually the same thing uh really you have some sort of system and you have a bunch of inputs and you have some sort of output and actually you as the designer you're essentially designing games and software you're saying well i will only allow a user to really control these inputs can you think of any inputs the computer might have spacebar yep there's also things like your mouse and there's even things like the microphone itself is actually an input device it's it's taking something from you which is the sound and it's then transmitting that and it's actually sending it to me are there any other things that you can talk to a computer you can give it information camera that's absolutely another input that exists on your computer that's how i try to think of things is there's just a bunch of inputs often if you're trying to break something or hack something you're really saying okay how can i control these inputs in a way that wasn't necessarily expected what inputs would you normally use to hack typically it's going to be something like the keyboard right i'm just going to be typing keystrokes to be talking to some piece of software or hardware but other times it can be other things like even the temperature of a computer can actually affect how the computer operates and it might be advantageous to me to cool down the computer and actually slow down the movement of electrons in something like memory so that when a computer shuts off it stores something that was in memory like a password and stores it for longer enough time that i might be able to actually extract it through some other method how long does it take to get in it just depends what you're trying to do in some cases it could literally be seconds because you already know how the system works in other times it could be yours so what have you learned about hacking i think hacking is actually really interesting there's different languages to hack in i've also learned that a lot of things could be hacked that like you don't necessarily think that could be hacked have you started studying cyber security i started this year i took my first course so haven't gone too deep into it but we got a basic idea of like basics of information and network security we learned about how networks are set up like the different type of topologies like star and mesh and also how networks are designed with different levels of security have you heard of the breach of target where they were reached many years ago and their point of sale systems were hacked yes i heard about that so where people are swiping credit cards those credit card numbers were stolen they hired a company to come in and perform a penetration test to see can the good guys essentially break in again to prevent this sort of thing in the future and when this team came in they found they actually were able to get pretty much to the same point of sale system and the way they did that was by exploiting an internet connected delhi meet scale once the company was able to essentially get into the delhi scale because the daily scale was on the internal network then they were able to really escalate privilege and find a vulnerability within another system essentially that just got them into the network and once you're in the network it's often really easy to then escalate from there i've heard about similar attacks in hospitals using hospital equipment but i'm surprised that something as simple as a meat scale would have been used in such an attack we discussed it in class as how hackers look at some of the weakest links in these large networks and use that those to tap into networks yeah that's a another interesting concept is really just different layers that we have for protection because often when you're talking about something like a corporate network or even your home network you typically have sort of one level of the defense right if someone can break that or can get in through some other system that is connected or exposes some other protocol like bluetooth right you can connect to a bluetooth device without being on the wireless network without being on the lan that potentially gives you another place that you can pivot on and then access other devices because if something has both bluetooth and also wi-fi well if you can get in through bluetooth then you can then access the wi-fi and get to other devices on the network are you familiar with buffer overflows no i'm not familiar with that if we were to write a program that asked for your name and you you typed in your name but before you could type in your name in a low level language like series c plus plus you'd have to allocate some memory so you might allocate a buffer of 100 bytes because whose name is going to be longer than 100 bytes or 100 characters but what happens if you were to not really check that they limited to 100 bytes do you know what happens if they essentially start typing over that 100 bytes in that case there it would be an error for accessing invalid memory absolutely you descent essentially cause like a segmentation fault yeah but what's really cool about that is when you're going into memory you're starting to cross over that boundary of that 100 byte allocation and now you're starting to write over additional memory that other memory is really important stuff so you have your like your name the 100 bytes there and then right next to your name is the return address and that's the address that the code is going to execute is going to return to after that function is done and it's going to jump to that address but after you type your 100 bytes the next few bytes that you type you're actually going to overwrite that return address so that return address could essentially be another address in memory so what you end up doing is you type a name and it's not really a name it's really just code and that code you keep typing until you get to the return address and you start typing an address which is really the beginning of your name and your computer your your processor is actually going to read that address and it will jump back to the beginning and then execute that payload so that was sort of the very first thing that i think was super exciting to me when i started learning about really reverse engineering so how does the buffer overloading relate to what you are doing in terms of network security or designing software for penetrating testing ever since buffer overflow started many years ago there have been a lot of protection mechanisms built to make it difficult to exploit more and more we're actually using smaller and smaller computers with small amounts of compute power if you take a car you have hundreds of microcontrollers that are all running there so they don't really have a sophisticated operating system that can try to prevent attacks like buffer overflows so how do we keep these low-cost computers in here while adding layers of protection to prevent malice and these types of attacks sometimes it actually is how can we write software or how can we build a system that prevents these types of attacks from entering but oftentimes it's really looking for how can we find new attacks that we haven't even necessarily thought of what got you interested in computer science and information security i got interested in cyber security because i'm really into global affairs global politics and you often hear in the news about the rising power of china the rising power of um iran i enjoy how interdisciplinary computer science is like nowadays there's so much going on in the world of computers and that's what fascinated me you brought up china and iran and something that's interesting about those areas is really censorship right they have essentially censored internet in the us we have a really interesting internal struggle here where we actually have uh government agencies like the state department that are funding software to evade censorship like tor and other mechanisms while then we also have an internal struggle where we have other organizations like the nsa who are specifically looking to break that exact same system that the us government is also funding there are a lot of like ethical questions about whether we should be intervening in other countries but it's pretty interesting that two different agencies at the government are actually working on contrasting technology i can actually understand that because if we are creating a technology that we're going to deploy somewhere else we should know its limitations we should know how to control it it's good for us to understand like how these systems can really break down although the i think one thing that i see is that some of let's say the organizations that are looking to break this are not necessarily going to share once they actually learn that information they might actually sort of hold that in their back pocket and use it when it's advantageous to them what kind of projects are you working on this is the end of my first year i'm a phd student at nyu tandon school of engineering i'm studying security systems and operating systems so security for operating systems i've been mostly working on a project that limits executables exposure to bugs in the kernel it's run by professor justin kapos there he found that the majority of bugs that occur in the linux kernel happen when you're doing things that people don't do that often that programs don't do that often so designing like a runtime environment that lets you limit what a certain program has access to but also the things that it does have access to is also limited to those popular paths in the kernel so it can't access areas that aren't under more scrutiny so essentially it's a really potentially a stripped down operating system or i guess i guess it's a virtual machine basically we're creating a user space operating system have you done any work in side channel analysis like a little bit i've like read the row hammer paper i found it really interesting but it's nothing that i've actually worked with so the side channel analysis is really looking not at vulnerability within a system but really unintended consequences of what the system is built on a very simple example of maybe site of a side channel is putting your ear to the ground to hear if their horse is coming towards you and the same thing applies to technology so you can have something like a cpu it's executing instructions certain instructions use a little bit more power and power is reserved in these capacitors which are like tiny batteries next to your cpu and as they're pulling power there's something in physics called the electro-restrictive effect where the capacitor will move in a very very tiny amount and then although we can't hear it the microphone on a mobile device can't actually listen to that if you then listen to that and you say oh i see a pattern here and you can go all the way down and then extract reveal the full password the full key even though it could be argued that the algorithm itself there's no problem with it so all memory devices are just it's just a bunch of gates and they'll they're in rows they basically all hold different pieces of memory that's all the gates are either they're turned on or they're turned off so what rowhammer found was to test a bunch of different memory devices and found that by doing a certain order of storing things and then pulling that information back in a certain way in one place would actually flip gates in a different place so that you could actually do a bunch of things to a piece of memory that had nothing to do with something that may be critical in a different place and actually change its contents and that obviously exposes all sorts of security issues um because that's that's very hard to predict yeah i suppose the physical adjacency right of the underlying transistors and capacitors that are holding that that storage that's that's crazy i think the first time i heard of an interesting attack like that was learning about uh the cold boot attack um being able to you know someone enters their password on their computer and that decrypts their hard drive and then they they walk away being able to extract that password is really difficult if i can pull that memory chip out and extract that memory put it in my own device except the problem is memory is volatile so it'll erase as soon as i pull it out you can take something like that canned air turn it upside down cool that computer make it real nice and cool then you have a minute or two to pull out the memory put it in your own device extract the memory and then you're good such a simple method to really extract something kind of critical like row hammer it's such a low level vulnerability and it's you know you could argue that it's not necessarily a vulnerability in the in the architecture itself but rather exploitation of physics at that point i've spent a decent amount of time with this stuff in my mind a lot of that is a nightmare over the last year while i was doing some other stuff i actually designed some microcontroller boards for a company that was doing stuff with like a smart watering project the problems with like updating is just like that's scares me the most like people don't update their own stuff let alone these like devices i keep forgetting to update my fridge i find myself like trying to shy away from owning like smart things that's pretty challenging if you want to use wireless right if you want to use a wireless router yeah i mean there's obviously essentials no matter what you can't really avoid any of this the risk right now just during uh this quarantine is actually massive now now that we think about it because you might have these legacy systems you know they were built 20 30 years ago and it's too costly to upgrade but now you can't actually have a lot of people in a central location in a single location so potentially they actually do have to now add some sort of remote capabilities to these systems that were never meant to be on the internet have you ever had any ethical concerns with the stuff you're interested in or the work you do oh yeah for sure when people find vulnerabilities i think it's their duty to release those to the public especially now that we're seeing more and more companies who are trying to make it illegal for you to inspect the vehicle that you've purchased right something that you actually own yeah i think that's nuts i'm i'm firmly against that for sure what if it were illegal uh would you would you then do it fortunately it's not today right it hasn't been you know that despite their attempts none of that has been passed um but if you had a vehicle and you wanted to inspect it but all of a sudden it passed i mean i don't know uh probably yeah [Laughter] no i don't think that's hurting anyone but the laws don't always equate to hurting anyone i ethically think similar to you and that you know what is moral to me is as long as i'm not intentionally hurting others right yeah i think we see every day that ethics and the laws aren't necessarily the same thing all the time hey colin uh we already know each other but why don't you introduce yourself for the people watching hi i'm colin o'flynn i live in halifax nova scotia canada i do hardware hacking both in academia at dalhousie university in an industry of my startup new ae technology what have you been up to and yeah what are you working on lately i've been doing um you know always a little bit of side channel analysis so what i really do you know is all hardware layer so i've been looking uh you know on some various devices lately uh how susceptible they are to fault attacks uh what that sort of means in real life you know not just purely the the research side but also how much should you care about it uh maybe a mutual acquaintance of ours uh jasper gave an example of fault injection and i like to use that as what is like when i'm trying to explain fall injection he shows a pinball machine and the pinball machine obviously the two inputs are the plun the two plungers when you're playing a pinball machine but fault injection you can tilt the entire pinball machine right you're just introducing some external variable that's outside of the traditional inputs that you're used to and you've now controlled the environment in an advantageous way to the the user or the player can you give an example of some type of fault injection that you're doing or working on one of them was looking at like a little hardware bitcoin wallet and you could use fault injection to actually recover secrets from it um and a lot of devices i mean the whole idea is pretty cool right because you tell the device hey i want to authenticate um and it's supposed to run some really crazy math that authenticates it but instead of doing that crazy math and attacking the math you just attack the check at the end we're also scratching the surface of like what is possible it's not necessarily just the system itself and not necessarily that algorithm itself like like you said you don't necessarily need to attack the math in some cases you can just attack that check and i think something that's been pretty cool is looking at higher energy particles it's going to be maybe hard to entirely confirm but i think it'd be really really cool to actually see like i want to see one of these faults because i haven't seen it myself and also how do you know that you've seen it i've started playing with like a setting up a cloud chamber a cloud chamber lets you actually view high energy particles going through sort of like in a in a small jar with some evaporated alcohol and i thought it'd be really cool if we put some memory chip in there like a basic memory chip and we just fill it with some data but then you put a camera on that area and you just watch assuming that there is a high particle high energy particle that actually hits that memory that should potentially potentially flip the energy state of that bit the outside microcontroller should be able to read that and actually say oh wait the data changed even though i'm not changing data i'm only reading data and we should be able to visibly or optically see it what i'm wondering is could that be a next area of research because i don't think anyone's actually looking at intentionally injecting high energy particles to take over a computer when really that's what you know that's another technique for fault injection technically speaking this was actually tied into something recently i was looking at um which was you know flipping flash and eprom memory you mean flipping bits within flash yeah exactly right so flipping it in this sort of flash memory and so someone's done it with x-rays there's actually uh i forget who now there's a paper at least one and it's just like little plate right they make with like a hole in it to concentrate the x-ray source and it works like so yeah it's it's super interesting like one bit in memory means a lot especially the flash memory side yeah visualizing it would be cool though i've never seen um uh maybe call it a verifiable visualization of it right we we know it's true you know you can get skin cancer by going outside and having uh too many high and high energy particles hit you um but we've never seen it and we know it can happen to a computer chip but i've never seen like both yeah so actually so it's funny you mentioned like making it uh more obvious for state i mean staying on fault injection right now this is lately what i've been up to a lot of uh making a little kind of you know like electronics kits of old right and you can assemble it all yourself and see how it works um so making something like that for fault injection so all kind of older logic and stuff like that so um i mean it's sort of based on like you had presented the the little mux chip you know voltage glitcher that sort of idea uh using just discrete logic to generate the um the actual glitch itself so but you know it's part of i think this stuff right it's like people don't know about it sometimes like even engineers designing systems it's it's new to a lot of people the thing is even if you know about that then there's so many others that someone won't necessarily know about because there's so many i guess potential areas for for a fall to occur where do you think security is going or new research is going are any new areas you think are coming out are going to be more interesting you know pretty soon fault injection i think has become pretty interesting like there's been a lot of people poking at that and i think a lot more products of interest um side channels still might have a bit of a comeback basically what i kind of see is a lot of the really cool stuff has been in academia because product security hasn't capped up right for the longest time doing these attacks on hardware was pretty straightforward you didn't need these crazy attacks it looks like a lot of devices are coming out now that actually have real claims to security right more than just a data sheet mentioned there's actually something behind it for me i think the things that have been recent and super interesting are typically down to like physics levels effects that maybe we haven't seen before i think my mind was blown with the there was the light commands research and they were able to modulate sound although it's purely over light using a laser they would hit the mems microphone and it was picking that up and was able to then interpret it and essentially get take control over light i'm curious of the back story to how they found that uh because if you told me that right said you said like hey colin you should test this out i probably would be like i probably won't even work right which is like a lot of side channels when i first heard about it uh you know working doing firmware stuff it was like ah that sounds like it's not gonna work like that sounds impossible you know the whole area of the hardware backing it feels kind of like cheating because you know as you said someone designing the system needs to know about like so many different ways right so there's so many ways to break the system and if you're designing them you need to know like all of them but when you're attacking it you really need to know one right so i can know nothing about like how does ecc like actually work you know i have some vague hand waving i can tell you about uh but if you gave me a pen until you okay write it down specifically the equations and what they mean and how the point mall works and stuff right no idea the designers are like the other side it's almost like the i want to say lazy side of it it's the easier side i i would say my side is the easier side right i'm on the offensive side i want to break into things someone on the defense side might they might have a you know a system was developed and they now need to patch a hundred holes uh they patch 99 of them i only need to find that one yeah there's no downsides is what you're saying yeah only when you get caught i hope you learned something about hacking maybe next time a system behaves in a way that you weren't expecting you might just be curious enough to try to understand why thanks for [Music] watching
Info
Channel: WIRED
Views: 685,612
Rating: 4.9510627 out of 5
Keywords: hacking, 5 levels, 5 levels hacking, 5 levels of hacking, hacking explained, expert explains hacking, computer hacker, computer hacking, wired computer hacking, hacker, hacking computer, wired, wired hacker, wired hacking, samy kamkar, samy kamkar wired, samy kamkar hacker, eli5, eli5 hacking, explaining hacking, 5 levels wired, wired 5 levels, explain hacking to kid, hacking explained to kid, hacking experts, hackers, pro hackers, real hacker
Id: d9PqVcgT1kQ
Channel Id: undefined
Length: 25min 23sec (1523 seconds)
Published: Mon Jul 20 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.