The risk of connectivity: Hacking our watches, fridges, guns and more | Avi Rubin | TEDxMidAtlantic

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

the scanner that you see on the left is not unlike what you might see at a checkout counter in a store but the one in this picture is much more sophisticated than that it's got a Wi-Fi connection to another part of the product that's on the back end which has access to a database and so the idea is when things come in to a warehouse or go out you scan them with this scanner and the information about the barcode goes to the back-end system and the back-end system has databases and it has access to payroll and Human Resources and a whole lot of other information that's available to this application but the reason I'm telling you this story is that the particular scanner that's pictured here was manufactured in China and one of the electronic components was built by some Chinese hackers and it contained malware that was embedded in the firmware of the device the firmware is that software that sits between the applications and the hardware and this malicious code made it so that when somebody scanned a package and that information went to the backend it carried a virus with it that infiltrated the systems and sent all the confidential proprietary information back to the Chinese now let me tell you about the other scanner pictured here this is a common printer fax machine scanner that you could see in a small office these exist all over the place these things have to be connected to the internet to work and so what happened is a group of Russian hackers discovered that this particular scanner it had a vulnerability that allowed them to get malware on it and what their malware did was it's as each document is being scanned it would look for words like top-secret confidential proprietary and when those existed would send the entire PDF that was scanned to the Russian hackers I mean you can't make this stuff up well actually I did one of those stories I made up and one of them is true but what's interesting is that if one of those is true the other one could have been true and I love making up stories about hackers so let me tell you two more stories one of which is true and one of which I made up so the cottonmouth one the cottonmouth one came out of some documents leaked by Edward Snowden it was a top secret highly classified NSA project and what it was was a replacement for the USB dongle on a keyboard so for example if the NSA wanted to target somebody they would swap out the keyboard that they were going to put on their computer or one they already had there with this USB dongle which would then wirelessly communicate with that computer and send malware onto the computer that would allow them to track what was going on in the computer now they spent a million dollars for every 50 of those that they produced and when Edward Snowden had his leak this was information that came to the light of day now the USB banana is so sensitive that's still classified I can't tell you about that one sorry so everything today is connected everything is online we're at in my house I've got so many smart devices that I think the devices are smarter than the people now we have nest thermostat we have automatic lights we have you name it we've got it and is my concern that hackers will be able to exploit the software in these devices to you know make it really cold in my house or to flick my lights on and off I mean those are not my concerns that's not what I'm worried about I am worried that hackers will be able to exploit the vulnerable software in these devices in order to use them as command and control for distributed denial-of-service attacks that could knock out major networks and as we get millions and millions more things in our internet of things this is a real concern now we've all seen these fitness trackers that are all the rage everybody is tracking their steps and they're running and their health and their fitness what I'm showing you here is a fitness tracker one of the top models that had a bug in the software and it causes the sensors to sample way too much and it injured this person and I was thinking you know these devices are usually connected to a smart phone that runs them and smart phones are vulnerable they have tons of software millions of lines of code running on the smart phones and if an attacker can take advantage of that and basically activate a bug in the fitness tracker they can cause real injury as we see here another device that is in the health and fitness space that I purchased was this blood pressure monitor I put this thing on my arm and it's really cool because it doesn't have a controller doesn't have a screen or a display you use your iPhone and then you can see you know say start and you can see your progress etc so I put this thing on and I activated it it started squeezing my arm and it squeezed really really hard and I'm I tend to be pretty claustrophobic and I was starting to wonder if this thing was gonna rip my arm off I mean it really really really hurt so it didn't rip off my arm fortunately but I got a really scary reading I was supposed to be dead in about three minutes based on my blood pressure reading when I did that now the concern of course is that if somebody hacks your phone and you've got this thing on your arm they can injure you physically okay one of the things I like to do is to play games and I'm gonna play a game with you guys I came up with four of the most interesting hacks that I've seen and I wanted to present them to you but I thought it'd be cool if I added a fifth one that I made up and this way will keep your attention so you're gonna try to guess which of these five hacks that I'm gonna describe is the fake one the first one is called the faceplant attack and what this is is there's an electronic skateboard that has a controller that you hold in your hand it's got a Bluetooth connection and it's kind of cool you can go up to 20 miles an hour on this thing and you can even configure it to go faster but that's the default maximum speed and it can go forwards or backwards etc so some hackers were able to hack into the skateboard disable the control from the handheld controller and automatically as the things moving at 20 miles an hour switch it into reverse so the skateboard flies backwards and doesn't stop in the person plants their face in the ground let me describe the second one this one is really really cool if it's true so what you do is you take your phone and you point it at a wall with a room behind that wall and it sends out a Wi-Fi signal and then the Wi-Fi signal is reflected back to the phone and what it does is basically trying to detect motion on the other side of the wall and so the first thing it does is it measures all the static reflections and then it measures all of the dynamic reflections that's somebody moving and it creates an internal model based on the reflections of the Wi-Fi of what's going on on the other side of that wall so let me show you a demonstration and you'll see that if this is one of my fake this is my fake one I put a lot of work into it a person is walking around the room here and you see them taking steps and you can see the drawing of the model of the motion that's being detected simply by reflecting Wi-Fi from the phone back through a wall the next one I'm gonna describe so somebody thought it would be a good idea to put Wi-Fi and an operating system on a sniper rifle yeah what could go wrong with that so we take the sniper rifle and you can control it from your laptop and you can enter things like the wind speed the wind direction the weight of the bullets and a whole bunch of other factors and you you set this thing down on a sturdy platform and then you pull the trigger after you've set your controls and they say it has accuracy to within a mile is what the manufacturer says which is a whole lot more the most nieghbors can achieve well some security researchers got their hand on this rifle and they started tinkering with it and they discovered a vulnerability in the Wi-Fi software on the rifle and they were able to get rude on it and to be able to change settings and as they played with it they discovered that for example if you said that the bullet weighed instead of 13 grams say 72 pounds you could actually change the trajectory wouldn't complain and say well a bullet can't weigh 72 pounds and it would happily make the adjustments in the calculations so through some trial and error they were able to get the rifle to actually hit a bull's eye which wasn't the bullseye that they were supposed to be aiming at and that's depicted here so the manufacturer was smart enough to make it that you have to physically pull the trigger to fire so the gun can't be fired from a hacker but you can change the aim of it which i think is pretty scary so number three is very very cool the idea is as I'm speaking and whenever you talk vibrations are created right and so let's put a bag of potato chips in a room an empty bag of potato chips and somebody will be speaking and their voice will vibrate and so you could possibly perceive the by operations on that bag and figure out through some mathematical calculations what was the sound what was being said imagine the ability to spy on people by being able to measure vibrations of things near them on video and so here I'm going to show you an original sound that was created in a soundproof room with a video camera pointed at it potato chips that was near that sound has been videotaped and some back-end processing occurred and it produced it pretty cool stuff researchers in Israel were able to figure out the secret encryption key on a laptop that was performing computations simply by touching the laptop the way this work is that the person would be hooked up to some equipment that could measure the flow of electricity through their body they touch the computer and apparently as you're performing RSA encryption operations the amount of electricity that will conduct through you for a 0 bit in loci will be something and for a one will be different it's actually a lot more complicated than that but they're able to recover the entire key by touching the computer that's performing the encryption but they were also able to do it by simply measuring the power draw that the computer had without even touching the computer if they had access to the power that computer was drawing they can tell you what the key is and so to review we have faceplant on the skateboard Wi-Fi through the walls audio from video the bag of potato chips cryptographic keys by touching the computer and hacking a sniper rifle spy show of hands who thinks faceplant was my plan y'all believe that's real okay how about Wi-Fi through walls okay we got a bunch of hands audio from video some more hands quite a few cryptographic keys from touching I think we have a favorite and hacking the sniper rifle okay well all of them got some votes so let me reveal the secret I lied they all are true but I did make up the story of the copier scanner fax and the warehouse inventory scanner with pre-installed malware from China is a true story and you think about it that scanner doesn't have to be hacked it's born hacked right the met the vendor of that device doesn't even know that this thing is putting a virus on people's systems so let me talk about a couple of more interesting Internet of Things hacks one of them is Samsung's new smart fridge okay Samsung realized that in order to know what's on your calendar people don't want to have to pull out their phone or go look on their computer they can just look on their fridge and so they designed the smart fridge that you could lock into with your Google credentials and see your calendar right there on your fridge the only problem is the people that built that may not have had a lot of security training and they don't verify the they don't validate the SSL Certificates for those of you that are technical you know what that means for those of you that are not technical trust me that means bad stuff will happen and what you can do is the certificates aren't validated you can create a man-in-the-middle attack which will allow somebody to get the person's Gmail email all the history of all of their email and to log into their gmail account basically because they have a smart fridge the last thing I'm going to tell you about is self-driving cars we know that self-driving cars are coming some of us are happy about it some of us aren't but they're coming and one of the ways that self-driving cars work is they sense everything around them so they send laser pulses out and they get reflections back and they create a 3d model of the world around them well what a hacker was able to do a researcher is to fool the laser sensor and send laser pulses using $60 worth of equipment to change the 3d model of a car so by doing that you could make a car like have to suddenly veer off the road because it thinks it's about to hit someone or something like that and this is where I'm going to get to what I think are the important points to take out of this talk which is imagine you're building self-driving car and you're a security guy and you know a lot about security you're going to build the thing in such a way that you'll say well maybe we'll share 3d models across cars and all of a sudden the laser pulse attack doesn't work we're gonna think about security from the very beginning okay they did that with the rifle they don't let you fire the rifle but many of the other things if you just thought about security from the beginning you could have prevented a lot of these vulnerabilities finally I'll close with a quote that I saw on the internet I don't know who said it but I believe it's a good idea just because you can connect something to the Internet does not mean that you should thank you very much

Info

Channel: TEDx Talks

Views: 18,820

Rating: undefined out of 5

Keywords: TEDxTalks, English, United States, Technology, Computer Virus, Computers, Hack, Privacy, Security, Software

Id: hhh3U2Swyfg

Channel Id: undefined

Length: 14min 10sec (850 seconds)

Published: Wed Apr 06 2016