How to pronounce "ram"

[Music]

[Music]

[Music] [Applause]

[Applause]

[Applause] I'm a computer science professor and my

I'm a computer science professor and my

I'm a computer science professor and my area of expertise is computer and

area of expertise is computer and

area of expertise is computer and information

information

information security when I was in graduate school I

security when I was in graduate school I

security when I was in graduate school I had the opportunity to overhear my

had the opportunity to overhear my

had the opportunity to overhear my grandmother uh describing to one of her

grandmother uh describing to one of her

grandmother uh describing to one of her uh fellow senior citizens uh what I did

uh fellow senior citizens uh what I did

uh fellow senior citizens uh what I did for a

for a

for a living

living

living apparently I was in charge of making

apparently I was in charge of making

apparently I was in charge of making sure that no one stole the computers

sure that no one stole the computers

sure that no one stole the computers from the

from the

from the University and you know that's a

University and you know that's a

University and you know that's a perfectly reasonable thing for her to

perfectly reasonable thing for her to

perfectly reasonable thing for her to think because I told her I was working

think because I told her I was working

think because I told her I was working in computer security and it was

in computer security and it was

in computer security and it was interesting to get her

interesting to get her

interesting to get her perspective but that's not the most

perspective but that's not the most

perspective but that's not the most ridiculous thing I've ever heard anyone

ridiculous thing I've ever heard anyone

ridiculous thing I've ever heard anyone say about my work the most ridiculous

say about my work the most ridiculous

say about my work the most ridiculous thing I ever heard is I was at a dinner

thing I ever heard is I was at a dinner

thing I ever heard is I was at a dinner party

party

party and a woman heard that I work in

and a woman heard that I work in

and a woman heard that I work in computer security and she asked me if um

computer security and she asked me if um

computer security and she asked me if um she said her computer had been infected

she said her computer had been infected

she said her computer had been infected by a virus and she was very concerned

by a virus and she was very concerned

by a virus and she was very concerned that she might get sick from it that she

that she might get sick from it that she

that she might get sick from it that she could get this

could get this

could get this virus and I'm not a doctor but I

virus and I'm not a doctor but I

virus and I'm not a doctor but I reassured her that it was very very

reassured her that it was very very

reassured her that it was very very unlikely that this would

unlikely that this would

unlikely that this would happen but if she felt more comfortable

happen but if she felt more comfortable

happen but if she felt more comfortable she could be free to use latex gloves

she could be free to use latex gloves

she could be free to use latex gloves when she was on the computer and

when she was on the computer and

when she was on the computer and there'll be no harm whatsoever in

there'll be no harm whatsoever in

there'll be no harm whatsoever in that I'm going to get back to this

that I'm going to get back to this

that I'm going to get back to this notion of being able to get a virus from

notion of being able to get a virus from

notion of being able to get a virus from your computer in a serious way what I'm

your computer in a serious way what I'm

your computer in a serious way what I'm going to talk to you about today are

going to talk to you about today are

going to talk to you about today are some hacks some real world world cyber

some hacks some real world world cyber

some hacks some real world world cyber attacks that people in my community the

attacks that people in my community the

attacks that people in my community the academic research Community have

academic research Community have

academic research Community have performed which I don't think most

performed which I don't think most

performed which I don't think most people know about and I think they're

people know about and I think they're

people know about and I think they're very interesting and

very interesting and

very interesting and scary and this talk is kind of a

scary and this talk is kind of a

scary and this talk is kind of a greatest hits of the academic security

greatest hits of the academic security

greatest hits of the academic security communities hacks none of the work is my

communities hacks none of the work is my

communities hacks none of the work is my work it's all work that my colleagues

work it's all work that my colleagues

work it's all work that my colleagues have done and I actually asked them for

have done and I actually asked them for

have done and I actually asked them for their slides and Incorporated them into

their slides and Incorporated them into

their slides and Incorporated them into this talk so the first one I'm going to

this talk so the first one I'm going to

this talk so the first one I'm going to talk about are implanted medical devices

talk about are implanted medical devices

talk about are implanted medical devices now medical devices have come a long way

now medical devices have come a long way

now medical devices have come a long way technologically you can see in 1926 the

technologically you can see in 1926 the

technologically you can see in 1926 the first pacemaker was invented 1960 the

first pacemaker was invented 1960 the

first pacemaker was invented 1960 the first internal pacemaker was implanted

first internal pacemaker was implanted

first internal pacemaker was implanted hopefully a little smaller than that one

hopefully a little smaller than that one

hopefully a little smaller than that one that you see there and technology has

that you see there and technology has

that you see there and technology has continued to move forward in 2006 we hit

continued to move forward in 2006 we hit

continued to move forward in 2006 we hit an important Milestone from the

an important Milestone from the

an important Milestone from the perspective of of computer security and

perspective of of computer security and

perspective of of computer security and why do I say that because that's when

why do I say that because that's when

why do I say that because that's when implanted devices inste of people

implanted devices inste of people

implanted devices inste of people started to have networking

started to have networking

started to have networking capabilities one thing that brings us

capabilities one thing that brings us

capabilities one thing that brings us close to home as we look at Dick

close to home as we look at Dick

close to home as we look at Dick Cheney's uh device he had a device that

Cheney's uh device he had a device that

Cheney's uh device he had a device that pumped blood from an aorta to another

pumped blood from an aorta to another

pumped blood from an aorta to another part of the heart and as you could see

part of the heart and as you could see

part of the heart and as you could see at the bottom there it was controlled by

at the bottom there it was controlled by

at the bottom there it was controlled by a computer controller and if you ever

a computer controller and if you ever

a computer controller and if you ever thought that software reliability was

thought that software reliability was

thought that software reliability was very important get one of these inside

very important get one of these inside

very important get one of these inside of

of

of you now what a research team did um was

you now what a research team did um was

you now what a research team did um was they got their hands on what's called an

they got their hands on what's called an

they got their hands on what's called an ICD this is a defibrillator and this is

ICD this is a defibrillator and this is

ICD this is a defibrillator and this is a device that goes into a person to

a device that goes into a person to

a device that goes into a person to control their heart rhythm and these

control their heart rhythm and these

control their heart rhythm and these have saved many lives well in order to

have saved many lives well in order to

have saved many lives well in order to not have to open up the person every

not have to open up the person every

not have to open up the person every time you want to reprogram their device

time you want to reprogram their device

time you want to reprogram their device or do some Diagnostics on it they made

or do some Diagnostics on it they made

or do some Diagnostics on it they made the thing be able to communicate

the thing be able to communicate

the thing be able to communicate wirelessly and what this research team

wirelessly and what this research team

wirelessly and what this research team did is they reverse engineered the

did is they reverse engineered the

did is they reverse engineered the wireless protocol and they built a

wireless protocol and they built a

wireless protocol and they built a device you see pictured here with a

device you see pictured here with a

device you see pictured here with a little antenna that could talk the

little antenna that could talk the

little antenna that could talk the protocol to the device and um and thus

protocol to the device and um and thus

protocol to the device and um and thus control it in order to make their

control it in order to make their

control it in order to make their experience real they were unable to find

experience real they were unable to find

experience real they were unable to find any volunteers and so they went and they

any volunteers and so they went and they

any volunteers and so they went and they got some ground beef and some bacon and

got some ground beef and some bacon and

got some ground beef and some bacon and they wrapped it all up to about the size

they wrapped it all up to about the size

they wrapped it all up to about the size of a human being's uh area where the

of a human being's uh area where the

of a human being's uh area where the device would go and they stuck the

device would go and they stuck the

device would go and they stuck the device inside it to perform their

device inside it to perform their

device inside it to perform their experiment somewhat

experiment somewhat

experiment somewhat realistically um they launched many many

realistically um they launched many many

realistically um they launched many many successful attacks uh one that I'll

successful attacks uh one that I'll

successful attacks uh one that I'll highlight here is changing the patient's

highlight here is changing the patient's

highlight here is changing the patient's name I don't know why you would want to

name I don't know why you would want to

name I don't know why you would want to do that but I sure wouldn't want that

do that but I sure wouldn't want that

do that but I sure wouldn't want that done to me and they were able to change

done to me and they were able to change

done to me and they were able to change therapies including disabling the device

therapies including disabling the device

therapies including disabling the device and this is with a real commercial

and this is with a real commercial

and this is with a real commercial off-the-shelf device simply by

off-the-shelf device simply by

off-the-shelf device simply by performing reverse engineering and

performing reverse engineering and

performing reverse engineering and sending Wireless signals to

sending Wireless signals to

sending Wireless signals to it uh there was a piece on NPR that some

it uh there was a piece on NPR that some

it uh there was a piece on NPR that some of these icds could actually have their

of these icds could actually have their

of these icds could actually have their performance disrupted simply by holding

performance disrupted simply by holding

performance disrupted simply by holding a pair of headphones onto them now

a pair of headphones onto them now

a pair of headphones onto them now Wireless and the internet can improve

Wireless and the internet can improve

Wireless and the internet can improve Healthcare greatly there are several

Healthcare greatly there are several

Healthcare greatly there are several examples up on the screen of situations

examples up on the screen of situations

examples up on the screen of situations where doctors are looking to implant

where doctors are looking to implant

where doctors are looking to implant devices inside of people and all of

devices inside of people and all of

devices inside of people and all of these devices now it's standard that

these devices now it's standard that

these devices now it's standard that they communicate wirelessly and I think

they communicate wirelessly and I think

they communicate wirelessly and I think this is great but without a full

this is great but without a full

this is great but without a full understanding of trustworthy Computing

understanding of trustworthy Computing

understanding of trustworthy Computing and without understanding what attackers

and without understanding what attackers

and without understanding what attackers can do and the security risks from the

can do and the security risks from the

can do and the security risks from the beginning there's a lot of danger in

beginning there's a lot of danger in

beginning there's a lot of danger in this okay let me shift gears and show

this okay let me shift gears and show

this okay let me shift gears and show you another Target I'm going to show you

you another Target I'm going to show you

you another Target I'm going to show you a few different targets like this and

a few different targets like this and

a few different targets like this and that's my talk so we'll look at

that's my talk so we'll look at

that's my talk so we'll look at automobiles this is a car and it has a

automobiles this is a car and it has a

automobiles this is a car and it has a lot of components a lot of electronics

lot of components a lot of electronics

lot of components a lot of electronics in it today in fact it's got many many

in it today in fact it's got many many

in it today in fact it's got many many different computers inside of it more

different computers inside of it more

different computers inside of it more penum than my lab did when I was in

penum than my lab did when I was in

penum than my lab did when I was in college and they're connected by a wired

college and they're connected by a wired

college and they're connected by a wired Network there's also a wireless network

Network there's also a wireless network

Network there's also a wireless network in the car which can be reached from

in the car which can be reached from

in the car which can be reached from many different ways so there's Bluetooth

many different ways so there's Bluetooth

many different ways so there's Bluetooth there's the FM and XM radio there's

there's the FM and XM radio there's

there's the FM and XM radio there's actually Wi-Fi there are sensors in the

actually Wi-Fi there are sensors in the

actually Wi-Fi there are sensors in the wheels that wirelessly communicate the

wheels that wirelessly communicate the

wheels that wirelessly communicate the tire pressure to a controller on board

tire pressure to a controller on board

tire pressure to a controller on board the modern car is a sophisticated

the modern car is a sophisticated

the modern car is a sophisticated multi-computer device

multi-computer device

multi-computer device and what happens if somebody wanted to

and what happens if somebody wanted to

and what happens if somebody wanted to attack this well that's what the

attack this well that's what the

attack this well that's what the researchers that I'm going to talk about

researchers that I'm going to talk about

researchers that I'm going to talk about today did they basically stuck an

today did they basically stuck an

today did they basically stuck an attacker on the wired network and on the

attacker on the wired network and on the

attacker on the wired network and on the wireless

wireless

wireless network now they have two uh areas they

network now they have two uh areas they

network now they have two uh areas they can attack one is short- range Wireless

can attack one is short- range Wireless

can attack one is short- range Wireless where you can actually communicate with

where you can actually communicate with

where you can actually communicate with device from nearby either through

device from nearby either through

device from nearby either through Bluetooth or Wi-Fi and the other is long

Bluetooth or Wi-Fi and the other is long

Bluetooth or Wi-Fi and the other is long range where you can communicate with the

range where you can communicate with the

range where you can communicate with the car through the cellular network or

car through the cellular network or

car through the cellular network or through one of the radio stations think

through one of the radio stations think

through one of the radio stations think about it when a car receives a radio

about it when a car receives a radio

about it when a car receives a radio signal it's processed by software that

signal it's processed by software that

signal it's processed by software that software has to receive and decode the

software has to receive and decode the

software has to receive and decode the radio signal and then figure out what to

radio signal and then figure out what to

radio signal and then figure out what to do with it even if it's just music that

do with it even if it's just music that

do with it even if it's just music that it needs to play on the radio and that

it needs to play on the radio and that

it needs to play on the radio and that software that does that decoding if it

software that does that decoding if it

software that does that decoding if it has any bugs in it could create a

has any bugs in it could create a

has any bugs in it could create a vulnerability for somebody to hack the

vulnerability for somebody to hack the

vulnerability for somebody to hack the car the way that the researchers did

car the way that the researchers did

car the way that the researchers did this work is they read the software in

this work is they read the software in

this work is they read the software in in the computer chips that were in the

in the computer chips that were in the

in the computer chips that were in the car and then they Ed sophisticated

car and then they Ed sophisticated

car and then they Ed sophisticated reverse engineering tools to figure out

reverse engineering tools to figure out

reverse engineering tools to figure out what that software did and then they

what that software did and then they

what that software did and then they found vulnerabilities in that software

found vulnerabilities in that software

found vulnerabilities in that software and then they built exploits to exploit

and then they built exploits to exploit

and then they built exploits to exploit those they actually carried out their

those they actually carried out their

those they actually carried out their attack in real life they bought two cars

attack in real life they bought two cars

attack in real life they bought two cars and I guess they have better budgets

and I guess they have better budgets

and I guess they have better budgets than I

than I

than I do the first threat model was to see

do the first threat model was to see

do the first threat model was to see what someone could do if an attacker

what someone could do if an attacker

what someone could do if an attacker actually got access to the internal

actually got access to the internal

actually got access to the internal Network on the car okay so think of that

Network on the car okay so think of that

Network on the car okay so think of that if someone gets to go to your car they

if someone gets to go to your car they

if someone gets to go to your car they get to mess around with it and then they

get to mess around with it and then they

get to mess around with it and then they leave and now what kind of trouble are

leave and now what kind of trouble are

leave and now what kind of trouble are you in the other threat model is that

you in the other threat model is that

you in the other threat model is that they contact you in real time over one

they contact you in real time over one

they contact you in real time over one of the wireless networks like the

of the wireless networks like the

of the wireless networks like the cellular or something like that never

cellular or something like that never

cellular or something like that never having actually gotten physical access

having actually gotten physical access

having actually gotten physical access to your

to your

to your car this is what their setup looks like

car this is what their setup looks like

car this is what their setup looks like for the first model where you get to

for the first model where you get to

for the first model where you get to have access to the car they put a laptop

have access to the car they put a laptop

have access to the car they put a laptop and they connected to the diagnostic

and they connected to the diagnostic

and they connected to the diagnostic unit on the incar network and they did

unit on the incar network and they did

unit on the incar network and they did all kinds of silly things like here's a

all kinds of silly things like here's a

all kinds of silly things like here's a picture of the speedometer showing 140

picture of the speedometer showing 140

picture of the speedometer showing 140 mph when the cars in park once you have

mph when the cars in park once you have

mph when the cars in park once you have control of the car's computers you can

control of the car's computers you can

control of the car's computers you can do anything anything now you might say

do anything anything now you might say

do anything anything now you might say okay that's silly well what if you make

okay that's silly well what if you make

okay that's silly well what if you make the car always say it's going 20 M hour

the car always say it's going 20 M hour

the car always say it's going 20 M hour slower than it's actually going you

slower than it's actually going you

slower than it's actually going you might produce a lot of speeding

might produce a lot of speeding

might produce a lot of speeding tickets then they went out to an

tickets then they went out to an

tickets then they went out to an abandoned airst strip with two cars the

abandoned airst strip with two cars the

abandoned airst strip with two cars the target victim car and the Chase car and

target victim car and the Chase car and

target victim car and the Chase car and they launched a bunch of other attacks

they launched a bunch of other attacks

they launched a bunch of other attacks one of the things they were able to do

one of the things they were able to do

one of the things they were able to do from the Chase car is apply the brakes

from the Chase car is apply the brakes

from the Chase car is apply the brakes on the other car simply by hacking the

on the other car simply by hacking the

on the other car simply by hacking the computer they were able to disable the

computer they were able to disable the

computer they were able to disable the brakes they also were able to install

brakes they also were able to install

brakes they also were able to install malware that wouldn't kick in and

malware that wouldn't kick in and

malware that wouldn't kick in and wouldn't trigger until the car was doing

wouldn't trigger until the car was doing

wouldn't trigger until the car was doing something like going over 20 M hour or

something like going over 20 M hour or

something like going over 20 M hour or something like that the results are

something like that the results are

something like that the results are astonishing and when they gave this talk

astonishing and when they gave this talk

astonishing and when they gave this talk even though they gave this talk at a

even though they gave this talk at a

even though they gave this talk at a conference to a bunch of computer

conference to a bunch of computer

conference to a bunch of computer security researchers everybody was

security researchers everybody was

security researchers everybody was gasping they were able to take over a

gasping they were able to take over a

gasping they were able to take over a bunch of critical computers inside the

bunch of critical computers inside the

bunch of critical computers inside the car the brakes computer the lighting

car the brakes computer the lighting

car the brakes computer the lighting computer the engine the dash the radio

computer the engine the dash the radio

computer the engine the dash the radio Etc and they were able to perform these

Etc and they were able to perform these

Etc and they were able to perform these on real commercial cars that they

on real commercial cars that they

on real commercial cars that they purchased using the radio network they

purchased using the radio network they

purchased using the radio network they were able to compromise every single one

were able to compromise every single one

were able to compromise every single one of the uh pieces of software that

of the uh pieces of software that

of the uh pieces of software that controlled every single one of the

controlled every single one of the

controlled every single one of the wireless capabilities of the car all of

wireless capabilities of the car all of

wireless capabilities of the car all of these were implemented successfully how

these were implemented successfully how

these were implemented successfully how would you steal a car in this model well

would you steal a car in this model well

would you steal a car in this model well you compromise the car by uh a buffer

you compromise the car by uh a buffer

you compromise the car by uh a buffer overflow vulnerability in the software

overflow vulnerability in the software

overflow vulnerability in the software something like that you use the GPS in

something like that you use the GPS in

something like that you use the GPS in the car to locate it you remotely unlock

the car to locate it you remotely unlock

the car to locate it you remotely unlock the doors through the computer that

the doors through the computer that

the doors through the computer that controls that start the engine bypass

controls that start the engine bypass

controls that start the engine bypass anti- theft and you've got yourself a

anti- theft and you've got yourself a

anti- theft and you've got yourself a car surveillance was really interesting

car surveillance was really interesting

car surveillance was really interesting um the authors of the study have a video

um the authors of the study have a video

um the authors of the study have a video where they show themselves taking over a

where they show themselves taking over a

where they show themselves taking over a car and then turning on the microphone

car and then turning on the microphone

car and then turning on the microphone in the car and listening in on the car

in the car and listening in on the car

in the car and listening in on the car while tracking it via a GPS on a map and

while tracking it via a GPS on a map and

while tracking it via a GPS on a map and so that's something that the drivers of

so that's something that the drivers of

so that's something that the drivers of the car would never know was happening

the car would never know was happening

the car would never know was happening am I scaring you

am I scaring you

am I scaring you yet got a few more of these interesting

yet got a few more of these interesting

yet got a few more of these interesting ones these are ones where I went to a

ones these are ones where I went to a

ones these are ones where I went to a conference and my mind was just blown

conference and my mind was just blown

conference and my mind was just blown and I said I have to share this with

and I said I have to share this with

and I said I have to share this with other people this was Fabian monro's Lab

other people this was Fabian monro's Lab

other people this was Fabian monro's Lab at the University of North Carolina and

at the University of North Carolina and

at the University of North Carolina and what they did was something intuitive

what they did was something intuitive

what they did was something intuitive once you see it but kind of

once you see it but kind of

once you see it but kind of surprising they videotaped people on a

surprising they videotaped people on a

surprising they videotaped people on a bus and then they post-processes the

bus and then they post-processes the

bus and then they post-processes the video what you see here in number one is

video what you see here in number one is

video what you see here in number one is a um reflection in somebody's glasses of

a um reflection in somebody's glasses of

a um reflection in somebody's glasses of the smartphone that they're typing in

the smartphone that they're typing in

the smartphone that they're typing in they wrote software to stabilize even

they wrote software to stabilize even

they wrote software to stabilize even though they were on a bus and maybe

though they were on a bus and maybe

though they were on a bus and maybe someone's holding their phone at an

someone's holding their phone at an

someone's holding their phone at an angle to stabilize the phone process it

angle to stabilize the phone process it

angle to stabilize the phone process it and you may know on your smartphone when

and you may know on your smartphone when

and you may know on your smartphone when you type a passord

you type a passord

you type a passord the keys pop out a little bit and they

the keys pop out a little bit and they

the keys pop out a little bit and they were able to use that to reconstruct

were able to use that to reconstruct

were able to use that to reconstruct what the person was typing and had a

what the person was typing and had a

what the person was typing and had a language model for detecting

language model for detecting

language model for detecting typing what what was interesting is by

typing what what was interesting is by

typing what what was interesting is by videotaping on a bus they were able to

videotaping on a bus they were able to

videotaping on a bus they were able to produce exactly what people on their

produce exactly what people on their

produce exactly what people on their smartphones were typing and then they

smartphones were typing and then they

smartphones were typing and then they had a surprising result which is that

had a surprising result which is that

had a surprising result which is that their software had not only done it for

their software had not only done it for

their software had not only done it for their target but other people who

their target but other people who

their target but other people who accidentally happened to be in the

accidentally happened to be in the

accidentally happened to be in the picture they were able to produce what

picture they were able to produce what

picture they were able to produce what those people had been typing and that

those people had been typing and that

those people had been typing and that was kind of an accidental artifact of

was kind of an accidental artifact of

was kind of an accidental artifact of what their software was doing

what their software was doing

what their software was doing I'll show you uh two more one is p25

I'll show you uh two more one is p25

I'll show you uh two more one is p25 radios p25 radios are used by law

radios p25 radios are used by law

radios p25 radios are used by law enforcement and all kinds of uh

enforcement and all kinds of uh

enforcement and all kinds of uh government agencies and people in combat

government agencies and people in combat

government agencies and people in combat to communicate and there's an encryption

to communicate and there's an encryption

to communicate and there's an encryption option on these phones this is what the

option on these phones this is what the

option on these phones this is what the phone looks like um it's not really a

phone looks like um it's not really a

phone looks like um it's not really a phone it's more of a two-way radio uh

phone it's more of a two-way radio uh

phone it's more of a two-way radio uh Motorola makes the most widely used one

Motorola makes the most widely used one

Motorola makes the most widely used one and you can see that they're used by

and you can see that they're used by

and you can see that they're used by Secret Service they're used in combat

Secret Service they're used in combat

Secret Service they're used in combat it's a very very common standard in the

it's a very very common standard in the

it's a very very common standard in the US and elsewhere so one question the

US and elsewhere so one question the

US and elsewhere so one question the researchers asked themselves is could

researchers asked themselves is could

researchers asked themselves is could you block this thing right could you uh

you block this thing right could you uh

you block this thing right could you uh run a denial of service because these

run a denial of service because these

run a denial of service because these are First Responders so would a

are First Responders so would a

are First Responders so would a terrorist organization want to black out

terrorist organization want to black out

terrorist organization want to black out the ability of police and fired to

the ability of police and fired to

the ability of police and fired to communicate at an emergency they found

communicate at an emergency they found

communicate at an emergency they found that there's this girl Tech a device

that there's this girl Tech a device

that there's this girl Tech a device used for texting that happens to operate

used for texting that happens to operate

used for texting that happens to operate at the same exact frequency as the p25

at the same exact frequency as the p25

at the same exact frequency as the p25 and they built what they called my first

Jammer if you look closely at this

Jammer if you look closely at this

Jammer if you look closely at this device it's got a switch for encryption

device it's got a switch for encryption

device it's got a switch for encryption or clear text let me advance the slide

or clear text let me advance the slide

or clear text let me advance the slide and now I'll go back you see the

and now I'll go back you see the

and now I'll go back you see the difference this is plain text this is

difference this is plain text this is

difference this is plain text this is encrypted there's one little dot that

encrypted there's one little dot that

encrypted there's one little dot that shows up on the screen and one little

shows up on the screen and one little

shows up on the screen and one little tiny turn of the switch and so the

tiny turn of the switch and so the

tiny turn of the switch and so the researchers asked themselves I wonder

researchers asked themselves I wonder

researchers asked themselves I wonder how many times very secure important

how many times very secure important

how many times very secure important sensitive conversations are happening on

sensitive conversations are happening on

sensitive conversations are happening on these two-way radios where they forget

these two-way radios where they forget

these two-way radios where they forget to encrypt and they don't notice that

to encrypt and they don't notice that

to encrypt and they don't notice that they didn't an encrypt so they bought a

they didn't an encrypt so they bought a

they didn't an encrypt so they bought a scanner these are perfectly legal and

scanner these are perfectly legal and

scanner these are perfectly legal and they run at the frequency of the p25 and

they run at the frequency of the p25 and

they run at the frequency of the p25 and what they did is they hopped around

what they did is they hopped around

what they did is they hopped around frequencies and they wrote software to

frequencies and they wrote software to

frequencies and they wrote software to listen in if they found encrypted

listen in if they found encrypted

listen in if they found encrypted communication they stayed on that

communication they stayed on that

communication they stayed on that channel and they wrote down that's a

channel and they wrote down that's a

channel and they wrote down that's a channel that these people communicate in

channel that these people communicate in

channel that these people communicate in these law enforcement agencies and they

these law enforcement agencies and they

these law enforcement agencies and they went to 20 metropolitan areas and

went to 20 metropolitan areas and

went to 20 metropolitan areas and listened in on conversations that were

listened in on conversations that were

listened in on conversations that were happening at those

happening at those

happening at those frequencies they found that in every

frequencies they found that in every

frequencies they found that in every metropolitan area they would capture

metropolitan area they would capture

metropolitan area they would capture over 20 minutes a day of clear text

over 20 minutes a day of clear text

over 20 minutes a day of clear text communication and what kind of thing

communication and what kind of thing

communication and what kind of thing were people talking about well they

were people talking about well they

were people talking about well they found the names and information about

found the names and information about

found the names and information about confidential informants they found

confidential informants they found

confidential informants they found information that was being recorded in

information that was being recorded in

information that was being recorded in wiretaps a bunch of crimes that were

wiretaps a bunch of crimes that were

wiretaps a bunch of crimes that were being discussed sensitive information it

being discussed sensitive information it

being discussed sensitive information it was mostly law enforcement and

was mostly law enforcement and

was mostly law enforcement and criminal they went and reported this to

criminal they went and reported this to

criminal they went and reported this to the law enforcement agencies after

the law enforcement agencies after

the law enforcement agencies after anonymizing it and the vulnerability

anonymizing it and the vulnerability

anonymizing it and the vulnerability here is simply the user interface wasn't

here is simply the user interface wasn't

here is simply the user interface wasn't good enough if you're talking about

good enough if you're talking about

good enough if you're talking about something really secure and sensitive it

something really secure and sensitive it

something really secure and sensitive it should be really clear to you that this

should be really clear to you that this

should be really clear to you that this conversation is encrypted that one

conversation is encrypted that one

conversation is encrypted that one pretty easy to fix the last one I

pretty easy to fix the last one I

pretty easy to fix the last one I thought was really really cool and I

thought was really really cool and I

thought was really really cool and I just had to show it to you it's probably

just had to show it to you it's probably

just had to show it to you it's probably not something that you're going to lose

not something that you're going to lose

not something that you're going to lose sleep over like the cars or the

sleep over like the cars or the

sleep over like the cars or the defibrillators but um it's stealing

defibrillators but um it's stealing

defibrillators but um it's stealing keystrokes now we've all looked at

keystrokes now we've all looked at

keystrokes now we've all looked at smartphones upside down every security

smartphones upside down every security

smartphones upside down every security expert wants to hack a smartphone and we

expert wants to hack a smartphone and we

expert wants to hack a smartphone and we tend to look at the USB port the GPS for

tend to look at the USB port the GPS for

tend to look at the USB port the GPS for tracking the camera the microphone but

tracking the camera the microphone but

tracking the camera the microphone but no one up till this point had looked at

no one up till this point had looked at

no one up till this point had looked at the accelerometer the accelerometer is

the accelerometer the accelerometer is

the accelerometer the accelerometer is the thing that determines the vertical

the thing that determines the vertical

the thing that determines the vertical orientation of of the smartphone and so

orientation of of the smartphone and so

orientation of of the smartphone and so they had a simple setup they put a

they had a simple setup they put a

they had a simple setup they put a smartphone next to a keyboard and they

smartphone next to a keyboard and they

smartphone next to a keyboard and they had people type and then their goal was

had people type and then their goal was

had people type and then their goal was to use the vibrations that were created

to use the vibrations that were created

to use the vibrations that were created by typing um to measure the change in

by typing um to measure the change in

by typing um to measure the change in the accelerometer reading to determine

the accelerometer reading to determine

the accelerometer reading to determine what the person had been typing now when

what the person had been typing now when

what the person had been typing now when they tried this on an iPhone 3GS this is

they tried this on an iPhone 3GS this is

they tried this on an iPhone 3GS this is a graph of the perturbations that were

a graph of the perturbations that were

a graph of the perturbations that were created by the typing and you can see

created by the typing and you can see

created by the typing and you can see that it's very difficult to tell when

that it's very difficult to tell when

that it's very difficult to tell when somebody was typing or what they were

somebody was typing or what they were

somebody was typing or what they were typing the the iPhone 4 greatly improved

typing the the iPhone 4 greatly improved

typing the the iPhone 4 greatly improved the

the

the accelerometer and so the same

accelerometer and so the same

accelerometer and so the same measurement produced this graph now that

measurement produced this graph now that

measurement produced this graph now that gave you a lot of information while

gave you a lot of information while

gave you a lot of information while someone was typing and what they did

someone was typing and what they did

someone was typing and what they did then is used Advanced artificial

then is used Advanced artificial

then is used Advanced artificial intelligence techniques called machine

intelligence techniques called machine

intelligence techniques called machine learning to have a training phase and so

learning to have a training phase and so

learning to have a training phase and so they got most likely grad students to

they got most likely grad students to

they got most likely grad students to type in a whole lot of things and um to

type in a whole lot of things and um to

type in a whole lot of things and um to learn to have the system use the machine

learn to have the system use the machine

learn to have the system use the machine learning tools that were available to

learning tools that were available to

learning tools that were available to learn what it is that the people typing

learn what it is that the people typing

learn what it is that the people typing and to match that up with the

and to match that up with the

and to match that up with the measurements in the accelerometer and

measurements in the accelerometer and

measurements in the accelerometer and then there's the attack phase where you

then there's the attack phase where you

then there's the attack phase where you get somebody to type something in you

get somebody to type something in you

get somebody to type something in you don't know what it was but you use your

don't know what it was but you use your

don't know what it was but you use your model that you created in the training

model that you created in the training

model that you created in the training phase to figure out what they were

phase to figure out what they were

phase to figure out what they were typing they had pretty good success this

typing they had pretty good success this

typing they had pretty good success this is an article from the USA Today they

is an article from the USA Today they

is an article from the USA Today they typed in the Illinois Supreme Court has

typed in the Illinois Supreme Court has

typed in the Illinois Supreme Court has ruled that Ram Emanuel is eligible to

ruled that Ram Emanuel is eligible to

ruled that Ram Emanuel is eligible to run for mayor of Chicago see I tied into

run for mayor of Chicago see I tied into

run for mayor of Chicago see I tied into the last talk and ordered him to stay on

the last talk and ordered him to stay on

the last talk and ordered him to stay on the ballot now the system is interesting

the ballot now the system is interesting

the ballot now the system is interesting because it produced Illinois Supreme and

because it produced Illinois Supreme and

because it produced Illinois Supreme and then it wasn't sure the model produced a

then it wasn't sure the model produced a

then it wasn't sure the model produced a bunch of options and this is the beauty

bunch of options and this is the beauty

bunch of options and this is the beauty of of some of the AI techniques is that

of of some of the AI techniques is that

of of some of the AI techniques is that computers are good at some things humans

computers are good at some things humans

computers are good at some things humans are good at other things take the best

are good at other things take the best

are good at other things take the best of both let the human solve this one

of both let the human solve this one

of both let the human solve this one don't waste computer Cycles a human's

don't waste computer Cycles a human's

don't waste computer Cycles a human's not going to think it's the Supreme

not going to think it's the Supreme

not going to think it's the Supreme might it's the Supreme Court right and

might it's the Supreme Court right and

might it's the Supreme Court right and so together we're able to reproduce

so together we're able to reproduce

so together we're able to reproduce typing simply by measuring the

typing simply by measuring the

typing simply by measuring the accelerometer why is this matter well in

accelerometer why is this matter well in

accelerometer why is this matter well in in the Android platform for example the

in the Android platform for example the

in the Android platform for example the uh uh developers have a manifest where

uh uh developers have a manifest where

uh uh developers have a manifest where every device on there the microphone Etc

every device on there the microphone Etc

every device on there the microphone Etc has to register if you're going to use

has to register if you're going to use

has to register if you're going to use it so that hackers can't take over it

it so that hackers can't take over it

it so that hackers can't take over it but nobody controls the

but nobody controls the

but nobody controls the accelerometer so what's the point you

accelerometer so what's the point you

accelerometer so what's the point you can leave your iPhone next to someone's

can leave your iPhone next to someone's

can leave your iPhone next to someone's keyboard and just leave the room and

keyboard and just leave the room and

keyboard and just leave the room and then later recover what they did even

then later recover what they did even

then later recover what they did even without using the microphone um if

without using the microphone um if

without using the microphone um if someone is able to put malware on your

someone is able to put malware on your

someone is able to put malware on your iPhone they could then maybe get the

iPhone they could then maybe get the

iPhone they could then maybe get the typing that you do whenever you put your

typing that you do whenever you put your

typing that you do whenever you put your iPhone next to your keyboard there's

iPhone next to your keyboard there's

iPhone next to your keyboard there's several other notable attacks that

several other notable attacks that

several other notable attacks that unfortunately I don't have time to go

unfortunately I don't have time to go

unfortunately I don't have time to go into but the one that I wanted to point

into but the one that I wanted to point

into but the one that I wanted to point out was a group from the University of

out was a group from the University of

out was a group from the University of Michigan which was able to take voting

Michigan which was able to take voting

Michigan which was able to take voting machines the seoa ABC Edge Dres that

machines the seoa ABC Edge Dres that

machines the seoa ABC Edge Dres that were going to be used in New Jersey in

were going to be used in New Jersey in

were going to be used in New Jersey in the election that were left in a hallway

the election that were left in a hallway

the election that were left in a hallway and put Pac-Man on it so they ran the

and put Pac-Man on it so they ran the

and put Pac-Man on it so they ran the Pac-Man

game what does this all mean well I

game what does this all mean well I

game what does this all mean well I think that Society tends to adopt

think that Society tends to adopt

think that Society tends to adopt technology really quickly I love the

technology really quickly I love the

technology really quickly I love the next coolest Gadget but it's very

next coolest Gadget but it's very

next coolest Gadget but it's very important and these researchers are

important and these researchers are

important and these researchers are showing that the developers of these

showing that the developers of these

showing that the developers of these things need to take security into

things need to take security into

things need to take security into account from the very beginning and need

account from the very beginning and need

account from the very beginning and need to realize that the they may have a

to realize that the they may have a

to realize that the they may have a threat model but the attackers may not

threat model but the attackers may not

threat model but the attackers may not be nice enough to limit themselves to

be nice enough to limit themselves to

be nice enough to limit themselves to that threat model and so you need to

that threat model and so you need to

that threat model and so you need to think outside of the box what we can do

think outside of the box what we can do

think outside of the box what we can do is be aware that devices can be

is be aware that devices can be

is be aware that devices can be compromised and anything that has

compromised and anything that has

compromised and anything that has software in it is going to be vulnerable

software in it is going to be vulnerable

software in it is going to be vulnerable it's going to have bugs thank you very

it's going to have bugs thank you very

it's going to have bugs thank you very much