POPULARITY
In early 2021, hackers infiltrated the software that controlled the city's water supply in Oldsmar, Florida. Through dumb luck, they caught the intrusion shortly after the hacker tried to poison the city's water. This hack was part of a growing array of attacks against the Internet of Things, objects that used to operate offline but are now connected to the internet—and therefore vulnerable to hacking. From Wi-Fi enabled tea kettles to cars that can be taken over remotely to knocking power out for entire countries using smart thermostats, the risks are everywhere. We're just lucky there hasn't been an Internet of Things attack that has been on the scale of 9/11 or Hiroshima – yet. Guests this episode include Bruce Schneier, the author of Click Here to Kill Everybody; Nicole Perlorth, a reporter for the New York Times, Ken Munro, an ethical hacker, and Chris Valasek, a hacker who remotely took over a Jeep a few years ago and now works as the Director of Product Security at Cruise. To check out Nicole's book, click here: https://www.bloomsbury.com/us/this-is-how-they-tell-me-the-world-ends-9781635576061/ To buy Bruce's book, click here: https://www.schneier.com/books/click-here/ And to read about Chris's Jeep Hack as reported in Wired, click here: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Pre order Brian's book - https://www.simonandschuster.com/books/Corruptible/Brian-Klaas/9781982154097 Support the show on Patreon at Patreon.com/powercorrupts
Today's cars are more connected than ever before. But the more you open up internal parts of your system to this connectivity, the bigger the chance that those vulnerabilities are accessible from the outside.In this episode, we’ll talk with researchers, including noted Jeep Cherokee hacker Chris Valasek, who have found weaknesses in today’s connected cars, and we explore the teamwork involved in keeping today’s vehicles as secure as possible. See acast.com/privacy for privacy and opt-out information.
What does it take to be CyberAware? What can we learn from the cybercriminals? What can we learn from each other? Everyone has a success story and everyone has a failure; how can we leverage these to extract a valuable learning lesson? Sean Martin chats with Jenny Radcliffe and Mikko Hypponen to hear what they’ve learned as they’ve engaged with users, companies, countries, and law enforcement from around the world. To kick things off, Sean chats with Jenny Radcliffe. While Jenny gets to do some fantastic work in the social engineering world, she also hosts a successful podcast series, The People Hacker, which connects her with some of the top information security professionals from around the world. During their chat, one of the more poignant points that Jenny makes is that there isn’t a one-size-fits-all answer to how people and companies should approach cybersecurity and privacy. After chatting with Jenny, Sean connected with Mikko who just got off stage telling stories of cyber fraud and hacking — two different things, by the way — while sharing pictures of the tracksuit hackers: Charlie Miller and Chris Valasek. Mikko takes a clear view for cybersecurity in that it needs to be a permanent topic at the top management level of every leadership team and every board, regardless of company size. The reasoning behind this view is evident as Mikko tells some real stories about cybercrime and fraud - even attempts made at his own company. This episode of At The Edge is brought to you by Edgescan. Visit Edgescan on ITSPmagazine at https://www.itspmagazine.com/company-directory/edgescan
Click Here Or On Above Image To Reach Our ExpertsSecurity Expert Says, "Latest Trend Is Truck-Based Terrorism" Terrorists have long used vehicles as bomb-delivery weapons to kill people inside buildings: the U.S. Marines barracks in Lebanon in 1983, the World Trade Center in New York a decade later, then a federal office building in Oklahoma City in 1995.But vehicles have rarely been used to mow down pedestrians to such devastating and tragic effect as in Nice, France.The attack highlighted a vexing challenge to law enforcement: How to protect throngs of people in an open society. It is far more difficult to prevent that type of attack, and taking such measures could be far more debilitating and inconvenient to everyday life and commerce, officials said.“You can't harden every target,” said Eugene O'Donnell, a professor of law and police studies at John Jay College of Criminal Justice in New York. “Ultimately, it's a democracy and that's our ultimate vulnerability.”Law-enforcement experts said the Nice attack would likely heighten alert for potential copycats and lead to increased security at public events, potentially including new limits on vehicle access.PRO-DTECH II FREQUENCY DETECTOR(Buy/Rent/Layaway)“Before, we were conditioned to look for bombs,” said George Venizelos, the former top FBI official in New York who is now a senior executive at a private security firm. “Now you've got to worry about a truck driving into people, so it's a whole new twist to things.”Terrorists have used vehicular assaults in the past. In 2011 in Tel Aviv, a truck plowed into people on a busy street, killing one person and injuring 16 others, according to news reports. The driver denied intentionally causing the wreck.In December 2014, France was the scene of two such incidents. About a dozen people were injured in each, according to news reports.CELLPHONE DETECTOR (PROFESSIONAL)(Buy/Rent/Layaway)“We've seen similar vehicle attacks by individual Palestinians against Israelis, which have gotten enormous attention in jihadi circles, and al Qaeda has called for people to imitate them,” said Bruce Riedel, who spent 30 years at the Central Intelligence Agency, including posts in the Middle East and Europe. “Adding an armed driver is more deadly.”PRO-DTECH III FREQUENCY DETECTOR(Buy/Rent/Layaway)Groups like Islamic State and al Qaeda in the Arabian Peninsula have urged such attacks in the past, according to the SITE Intelligence Group, which monitors militant websites.In a widely distributed 2014 speech, Islamic State spokesman Abu Muhammad al-Adnani urged followers to kill Westerners and nonbelievers any way possible.“Smash his head with a rock, or slaughter him with a knife, or run him over with your car, or throw him down from a high place, or choke him, or poison him,” he said, according to SITE.In a 2010 article in the al Qaeda magazine “Inspire,” a leader of al Qaeda in the Arabian Peninsula urged followers to pursue “individual jihad” by using pickup trucks to run down civilians, mounting sharp blades on the front to maximize deaths and injuries. “The idea is to use a pickup truck as a mowing machine, not to mow grass, but mow down the enemies of Allah,” he wrote.PRO-DTECH III FREQUENCY DETECTOR(Buy/Rent/Layaway)Autonomous Trucks As New Terrorists WeaponOn July 14, Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd at a Bastille Day celebration in Nice, France, killing 84 people. He carried out the attack on behalf of the Islamic State terrorist organization.Bouhlel was shot dead by police, a typical consequence for those who carry out jihadist attacks. However, an emerging technology seems as though it could take the suicidal terrorist out of the equation entirely: the autonomous truck.Autonomous trucks operate in much the same way as self-driving cars, using Wi-Fi-connected artificial intelligence. Anything that uses Wi-Fi can theoretically be hacked, including vehicles, as revealed last year in St. Louis, Missouri, when hacker duo Charlie Miller and Chris Valasek demonstrated how easy it was to hijack a Jeep Cherokee's brakes, dashboard functions, steering and transmission by remotely hacking into its Wi-Fi-connected entertainment system from a laptop 10 miles away.Does this mean that it's possible an attack such as the tragedy in Nice could happen again, this time carried out by someone controlling the vehicle from a remote location?There are currently only a few hundred of these trucks in operation, and the prevailing concern is not that they could be used in terrorist attacks but that they will put many truck drivers out of work. Still, as the technology becomes more prevalent, it's worth asking what the risks might be in the future.The Growing Road To AutonomyAutonomous trucks are predominantly in operation overseas. The Tokyo-based heavy-equipment company Komatsu Ltd. has been operating a small fleet at Codelco's Gabriela Mistral copper mine in Chile since 2008. Last year Alberta-based Suncor Energy signed an agreement to buy 175 trucks from Komatsu, with plans to make its entire fleet autonomous by 2020.There are also approximately 50 autonomous trucks in use in the mines of Pilbara in Western Australia. And last year the Nevada Department of Transportation granted the first license for an autonomous commercial truck to operate in daylight on the state's public highways in order to test its real-world capabilities. Although this truck operates at autonomy level 3, meaning a human driver still needs to be behind the wheel to take full control in critical traffic and environmental conditions, it is expected the driver will be needed only for occasional control. Michelle Culver, a spokesperson for industry research firm IHS Markit, said these numbers will likely grow in the coming years, particularly when it comes to trucks in the Class 8 segment, whose weight exceeds 33,000 pounds when hauling freight.PRO-DTECH III FREQUENCY DETECTOR(Buy/Rent/Layaway)"Within the next 10 years, IHS Automotive analysts expect that autonomous heavy trucks will gradually grow into the market and potentially hit the 20,000-unit annual sales mark in the United States by 2025, most of which will be expected in the Class 8 segment," she said. "Autonomous truck sales could reach 60,000 annually by 2035. That would amount to 15 percent of sales for trucks in the big Class 8 weight segment."In Other Words, The Trucks Are ComingA Whole New Level of RiskSo how worried should we be about the possibility of a terrorist using one as a remotely guided weapon? According to Jeremy Anwyl, CEO of Trucks.com, the scenario is not entirely likely, but even if it's the product of baseless paranoia, it couldn't hurt to give it some thought, he said."Paranoia is a good thing, because it will cause technology providers to take the risk seriously and prevent it from ever happening," he told DPL-Surveillance-Equipment.com. "It's one thing to protect our phones, but this is a whole other level of risk."Anwyl said that well over 50 percent of new vehicles being sold today have some form of connectivity, and he cited the St. Louis, Missouri, Jeep Cherokee "hijacking" test as a good case study in demonstrating the risk of this reality.WIRELESS/WIRED HIDDENCAMERA FINDER III(Buy/Rent/Layaway)"More and more vehicles today have some form of access to the internet, and somebody could hack into that signal," he said. "If a truck communicates its location, speed and fuel level to headquarters, somebody could intercept that message and trick the truck into thinking the person was fleet headquarters. It's not an easy thing to do, but anything's possible."Anwyl explained that the autonomous vehicle's wireless safety features present hackers with their biggest, juiciest opportunities. The technology that allows an autonomous vehicle to wirelessly inform another that it's coming around a blind corner is, ironically, where hackers would find the most vulnerabilities."Anytime you have wireless technology like that, there's an opportunity for a bad actor to hack into that system," he said. "In theory it would be possible for someone to take over a 70,000- or 80,000-pound vehicle.… If it was a fuel tanker, they could drive into anything and cause a big explosion."Chris Finan, former director for cybersecurity legislation and policy under President Obama and current CEO and co-founder of Manifold Technology, a start-up that offers security technology to financial institutions, agreed this scenario shouldn't be dismissed.PRO-DTECH IV FREQUENCY DETECTOR(Buy/Rent/Layaway)"We've seen vulnerability researchers in the last year or so prove that this technology can be hacked," he told us. "Really great hackers aren't always the smartest people, but the most creative. You succeed because of cleverness, not because you have the best technology. They always have the most clever ways of finding vulnerabilities."When we asked him if the Nice attack could be replicated elsewhere with an autonomous truck, his answer was an unequivocal "yes.""The hypothetical of remote reprogramming is plausible," he said. "You could have a malicious actor or group that would reprogram a truck and use it as a missile as a way to target bystanders."Finan added that one way of preventing such hacks was to use open-source technology, which is available to be viewed and updated by anyone from the general public, in a truck's programming."If you use open-source technology, you get millions of eyes on it, instead of just a few, on the type of bugs that hackers would exploit," he said. "In general, open-source code tends to be more secure, because you have so many people looking at it and finding flaws more quickly."Finan hastened to add that while the scenario is possible, it's unlikely to transpire anytime soon, due to jihadists' attitude toward technology."This isn't something people need to freak out about happening tomorrow with radical Islamists," he said. "They view cyberspace as a recruiting space, not as a threat delivery system. It's very possible that in the future that could change, but they've got very many people willing to be programmed to die carrying out these attacks."RECENT TRUCK ATTACKSDec. 21, 2014 Dijon and Nantes, France: A driver shouting Islamic phrases ran down 13 pedestrians in a half-hour span, seriously injuring two. The next day, another man drove into a crowd of holiday shoppers, wounding 11 people.Wireless Camera Finder(Buy/Rent/Layaway)Oct. 28, 2013 Beijing: Five people were killed after a Jeep crashed in front of the Forbidden City. Chinese police described it as a terrorist attack.MAGNETIC, ELECTRIC, RADIO ANDMICROWAVE DETECTOR(Buy/Rent/Layaway)May 15, 2011 Tel Aviv: One man was killed and 16 others injured after a truck crashed into several vehicles and pedestrians on a crowded Tel Aviv roadway. The driver denied intentionally causing the collision.COUNTERSURVEILLANCE PROBE / MONITOR(Buy/Rent/Layaway)June 8, 2008 Tokyo: A man drove a truck into a popular shopping street, killing three men with the vehicle before stabbing 14 people. Four of the stabbing victims died.PRO-DTECH FREQUENCY DETECTOR(Buy/Rent/Layaway)April 19, 1995 Oklahoma City: Timothy McVeigh parked a rental truck packed with explosives in front of a federal building in downtown Oklahoma City. The detonation killed 168, including 19 children, and injured more than 500 people.RF SIGNAL DETECTOR ( FREQUENCY COUNTER)(Buy/Rent/Layaway)Your questions and comments are greatly appreciated.Monty Henry, Owner (function () { var articleId = fyre.conv.load.makeArticleId(null); fyre.conv.load({}, [{ el: 'livefyre-comments', network: "livefyre.com", siteId: "345939", articleId: articleId, signed: false, collectionMeta: { articleId: articleId, url: fyre.conv.load.makeCollectionUrl(), } }], function() {}); }()); Additional Resources: * Prevention and Detection of Electronic Harassment and Surveillance* Electrical Hyper-Sensitivity: The-Truth!!* How Do I Know If I've Been Bugged? &l
Cybersecurity pro and undercover CIA officer-turned-Republican Rep. Will Hurd joins New America's Peter Singer and Passcode's Sara Sorcher to talk about what it's like to be the rare cybersecurity expert in Congress; why he went to DEF CON this summer; and why he's disappointed the Office of Personnel Management never apologized for allowing his personal information to fall into the hands of hackers. Hurd, a freshman, is chairman of the IT subcommittee on the House Committee on Oversight and Government Reform. Next up: Chris Valasek. He made headlines this summer by demonstrating a live hack of a Jeep Cherokee with a Wired reporter in it – work that forced a recall of some 1.4 million Chrysler vehicles. Now a security lead at Uber's advanced technologies center, Valasek joins the podcast to talk about the line between drawing needed attention to cybersecurity issues and a dangerous stunt; how companies can make themselves available for "free quality assurance" hackers can provide; and security concerns within the Internet of Things. This podcast is sponsored by Arizona State University.
![DEF CON 22 [Materials] Speeches from the Hacker Convention.](https://ivyfm.s3.amazonaws.com/i320/597383.jpg)
A Survey of Remote Automotive Attack Surfaces Charlie Miller Security Engineer, Twitter Chris Valasek Director of Threat Intelligence, IOActive Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes. Last year, we discussed 2 particular vehicles. However, since each manufacturer designs their fleets differently; analysis of remote threats must avoid generalities. This talk takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last 5 years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward? Charlie Miller is a security engineer at Twitter. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated". Twitter: @0xcharlie Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. Twitter: @nudehaberdasher
Chris Valasek and Charlie Miller join us to discuss what attackers can do once they break into the 30 or so computers within a modern car. We also cover how their research can help protect us from those same attackers.
Ladies and gentlemen, we are over the 50 episodes mark! If you've enjoyed the podcast, please go rate us in the iTunes store, or leave us a note here. Have you checked out past episodes?! There are some gems in there, I promise, and worth your time. Topics Covered Charlie Miller and Chris Valasek demonstrated (and will disclose code to) the hack which allows complete (tethered) remote control of a modern vehicle. You need to watch this video, and if you develop code for transport vehicles and aren't thinking about securing your code - it's time to adjust course before you actually kill someone - http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/ and this is how the UK 'muzzled' a researcher who did something similar - http://www.theregister.co.uk/2013/07/28/birmingham_uni_car_cracker_muzzled_by_lords/ Apple demonstrates how not to do breach disclosure, while Ibrahim Balic demonstrates how to jump into the spotlight (and put foot in mouth before thinking) by disclosing, video-recording, and telling the world of his 'ethical test' of Apple's forums - http://www.news.com.au/technology/ibrahim-balic-breaks-silence-on-hacking-apple-developer-site/story-e6frfro0-1226684484916 and http://gigaom.com/2013/07/22/researcher-comes-forward-to-claim-responsibility-for-intrusion-on-apple-developer-site/ After many years on the run Russian super-hackers involved in the biggest breach of all time are caught - because they broke the first few rules of hiding - http://www.reuters.com/article/2013/07/26/us-usa-hackers-creditcards-arrests-idUSBRE96P02Z20130726 Exciting news for those of you who are sick of Android App Developers' over-reaching nature in the permissions arena, with the release of 4.3 there is a glimmer of hope in reigning in those games that for some unknown reason require access to your contacts and 'premium services' and such - http://www.androidpolice.com/2013/07/25/app-ops-android-4-3s-hidden-app-permission-manager-control-permissions-for-individual-apps/
© 2020-2025 Ivy Podcast Discovery LLC
