All your devices can be hacked

I'm a computer science professor, and my area of expertise is computer and information security.

I'm a computer science professor, and my area of expertise is computer and information security.

When I was in graduate school, I had the opportunity to overhear my grandmother describing to one of her fellow senior citizens what I did for a living.

Apparently, I was in charge of making sure that no one stole the computers from the university.

(Laughter) And, you know, that's a perfectly reasonable thing for her to think, because I told her I was working in computer security, and it was interesting to get her perspective.

(Laughter) And, you know, that's a perfectly reasonable thing for her to think, because I told her I was working in computer security, and it was interesting to get her perspective.

But that's not the most ridiculous thing I've ever heard anyone say about my work.

The most ridiculous thing I ever heard is, I was at a dinner party, and a woman heard that I work in computer security, and she asked me if -- she said her computer had been infected by a virus, and she was very concerned that she might get sick from it, that she could get this virus.

(Laughter) And I'm not a doctor, but I reassured her that it was very, very unlikely that this would happen, but if she felt more comfortable, she could be free to use latex gloves when she was on the computer, and there would be no harm whatsoever in that.

I'm going to get back to this notion of being able to get a virus from your computer, in a serious way.

What I'm going to talk to you about today are some hacks, some real world cyber-attacks that people in my community, the academic research community, have performed, which I don't think most people know about, and I think they're very interesting and scary, and this talk is kind of a greatest hits of the academic security community's hacks.

What I'm going to talk to you about today are some hacks, some real world cyber-attacks that people in my community, the academic research community, have performed, which I don't think most people know about, and I think they're very interesting and scary, and this talk is kind of a greatest hits of the academic security community's hacks.

It's all work that my colleagues have done, and I actually asked them for their slides and incorporated them into this talk.

So the first one I'm going to talk about are implanted medical devices.

You can see in 1926 the first pacemaker was invented.

In 2006, we hit an important milestone from the perspective of computer security.

One thing that brings us close to home is we look at Dick Cheney's device, he had a device that pumped blood from an aorta to another part of the heart, and as you can see at the bottom there, it was controlled by a computer controller, and if you ever thought that software liability was very important, get one of these inside of you.

One thing that brings us close to home is we look at Dick Cheney's device, he had a device that pumped blood from an aorta to another part of the heart, and as you can see at the bottom there, it was controlled by a computer controller, and if you ever thought that software liability was very important, get one of these inside of you.

Well, in order to not have to open up the person every time you want to reprogram their device or do some diagnostics on it, they made the thing be able to communicate wirelessly, and what this research team did is they reverse engineered the wireless protocol, and they built the device you see pictured here, with a little antenna, that could talk the protocol to the device, and thus control it.

In order to make their experience real -- they were unable to find any volunteers, and so they went and they got some ground beef and some bacon and they wrapped it all up to about the size of a human being's area where the device would go, and they stuck the device inside it to perform their experiment somewhat realistically.

They launched many, many successful attacks.

And they were able to change therapies, including disabling the device -- and this is with a real, commercial, off-the-shelf device --simply by performing reverse engineering and sending wireless signals to it.

There was a piece on NPR that some of these ICDs could actually have their performance disrupted simply by holding a pair of headphones onto them.

There's several examples up on the screen of situations where doctors are looking to implant devices inside of people, and all of these devices now, it's standard that they communicate wirelessly, and I think this is great, but without a full understanding of trustworthy computing, and without understanding what attackers can do and the security risks from the beginning, there's a lot of danger in this.

There's several examples up on the screen of situations where doctors are looking to implant devices inside of people, and all of these devices now, it's standard that they communicate wirelessly, and I think this is great, but without a full understanding of trustworthy computing, and without understanding what attackers can do and the security risks from the beginning, there's a lot of danger in this.

Okay, let me shift gears and show you another target.

Okay, let me shift gears and show you another target.

The modern car is a sophisticated multi-computer device.

That software has to receive and decode the radio signal, and then figure out what to do with it, even if it's just music that it needs to play on the radio, and that software that does that decoding, if it has any bugs in it, could create a vulnerability for somebody to hack the car.

The way that the researchers did this work is, they read the software in the computer chipsthat were in the car, and then they used sophisticated reverse engineering tools to figure out what that software did, and then they found vulnerabilities in that software, and then they built exploits to exploit those.

The first threat model was to see what someone could do if an attacker actually got access to the internal network on the car.Okay, so think of that as, someone gets to go to your car, they get to mess around with it, and then they leave, and now, what kind of trouble are you in?

Then they went out to an abandoned airstrip with two cars, the target victim car and the chase car, and they launched a bunch of other attacks.

Then they went out to an abandoned airstrip with two cars, the target victim car and the chase car, and they launched a bunch of other attacks.

They also were able to install malware that wouldn't kick in and wouldn't trigger until the car was doing something like going over 20 miles an hour, or something like that.

All of these were implemented successfully.

Surveillance was really interesting. show themselves the microphone in the car, and listening in on the car while tracking it via GPS on a map, and so that's something that the drivers of the car would never know was happening.

P25 radios are used by law enforcement and all kinds of government agencies and people in combat to communicate, and there's an encryption option on these phones.

P25 radios are used by law enforcement and all kinds of government agencies and people in combat to communicate, and there's an encryption option on these phones.

Could you run a denial-of-service, because these are first responders?

So, would a terrorist organization want to black out the ability of police and fire to communicate at an emergency?

They found that there's this GirlTech device used for texting that happens to operate at the same exact frequency as the P25, and they built what they called My First Jammer.

This is encrypted.

If they found encrypted communication, they stayed on that channel and they wrote down, that's a channel that these people communicate in, these law enforcement agencies, and they went to 20 metropolitan areas and listened in on conversations that were happening at those frequencies.

Well, they found the names and information about confidential informants.

It was mostly law enforcement and criminal.

Every security expert wants to hack a smartphone, and we tend to look at the USB port, the GPS for tracking, the camera, the microphone, but no one up till this point had looked at the accelerometer.

The accelerometer is the thing that determines the vertical orientation of the smartphone.

Now, when they tried this on an iPhone 3GS, this is a graph of the perturbations that were created by the typing, and you can see that it's very difficult to tell when somebody was typing or what they were typing, but the iPhone 4 greatly improved the accelerometer, and so the same measurement produced this graph.

They typed in, "The Illinois Supreme Court has ruled that Rahm Emanuel is eligible to run for Mayor of Chicago" — see, I tied it in to the last talk — "and ordered him to stay on the ballot."

They typed in, "The Illinois Supreme Court has ruled that Rahm Emanuel is eligible to run for Mayor of Chicago" — see, I tied it in to the last talk — "and ordered him to stay on the ballot."

They typed in, "The Illinois Supreme Court has ruled that Rahm Emanuel is eligible to run for Mayor of Chicago" — see, I tied it in to the last talk — "and ordered him to stay on the ballot."

They typed in, "The Illinois Supreme Court has ruled that Rahm Emanuel is eligible to run for Mayor of Chicago" — see, I tied it in to the last talk — "and ordered him to stay on the ballot."

Well, in the Android platform, for example, the developers have a manifest where every device on there, the microphone, etc., has to register if you're going to use it so that hackers can't take over it, but nobody controls the accelerometer.

There's several other notable attacks that unfortunately I don't have time to go into, but the one that I wanted to point out was a group from the University of Michigan which was able to take voting machines, the Sequoia AVC Edge DREs that were going to be used in New Jersey in the election that were left in a hallway, and put Pac-Man on it.

There's several other notable attacks that unfortunately I don't have time to go into, but the one that I wanted to point out was a group from the University of Michigan which was able to take voting machines, the Sequoia AVC Edge DREs that were going to be used in New Jersey in the election that were left in a hallway, and put Pac-Man on it.

There's several other notable attacks that unfortunately I don't have time to go into, but the one that I wanted to point out was a group from the University of Michigan which was able to take voting machines, the Sequoia AVC Edge DREs that were going to be used in New Jersey in the election that were left in a hallway, and put Pac-Man on it.

Well, I think that society tends to adopt technology really quickly.

But it's very important, and these researchers are showing, that the developers of these things need to take security into account from the very beginning, and need to realize that they may have a threat model, but the attackers may not be nice enough to limit themselves to that threat model, and so you need to think outside of the box.

What we can do is be aware that devices can be compromised, and anything that has software in it is going to be vulnerable.

What we can do is be aware that devices can be compromised, and anything that has software in it is going to be vulnerable.