Get in touch with technology with tech Stuff from Hey there and welcome to tech Stuff. I'm Jonathan Strickland and joined me in the studio today is Joe McCormick. Hey, Joe, Hey Jonathan. I'm doing great. How are you? I am quite well and Joe very graciously agreed to join me on this episode where we're going to update a topic that I covered with Ben Boland's back on November ten, two thousand and fourteen. The episode came out called Hack That Auto. So this is Hacked that Auto two point oh.
So wait a minute. This was about the technology of like hatchets that you used to mutilate and destroy automobiles. No, just people named auto. Oh no, like Vondas Mark. That sounds horribly violent. It was pretty violent. Ben is a Ben is just a ticking time bomb. Wait a minute, Hold on a second. I'm remembering that in the world of tech mala gea hack means something different than what
I do to would it? Does it? Does? It generally means that you are, you know, hacking together something to accomplish a particular goal, and hacking can mean anything, right like it doesn't necessarily the connotation we typically assigned to it is someone is trying to gain unauthorized access to something, which really is a subset of hacking exactly. Hacking really could mean that you are building stuff, like you could
be a maker. You're trying to create a device that does a very specific thing, and it maybe to do it in a way that no one has done before. It maybe to increase efficiency, efficiency, maybe the furthest thing from your mind. It might just be to do something creatively.
And in that previous episode of Hack that Auto, Ben and I covered lots of ways where you could use technology to alter a vehicle in order to make it do something that it was either not intended to do or that had been limitation that have been placed upon it at the manufacturing stage. WHOA, WHOA. So you mean like you could overclock your car the same way you
can overclock your CPU. Well, maybe not the same way, but getting a very similar response, because there are governors and speed limitters on vehicles right where it is set so that the engine might be capable of producing enough power to get you to a speed above the quote unquote top speed of your vehicle, but there are are elements inside the vehicle that limit those speeds. Like you can't go beyond them because they essentially cut the power, so you're not going to be able to get more
out of it. But if you hack your vehicle, you could, in theory, remove said limitations at your own peril and be able to go faster than what the vehicle's manufacturer had intended, you know, at the risk of sounding like a gullible sheep, I bet those limitations are there for a decent reason. They tend to be. Yeah, like, I could probably damage your vehicle or do something unsafe if
you exceed them. I don't know if you have you ever been in a car where it reached a certain speed and the car was beginning to feel like it was not enjoying that experience. Yeah, the first car I had, if you got up to about fifty five or so, it felt like it was about to come apart. Yeah. Yeah.
And there are some cars where, even right off the lot, if you are pushing it at towards the top speed, you start to feel like, yeah, this vehicle is not really meant to maintain this for any length of time. But there are people who want to have that full control of their vehicle and they want to be able to do things with their vehicle that perhaps the manufacturer had put limitations on, and they will hack their their cars. And this is made possible by well a couple of things.
If you have a car that's more than twenty years old, then you might be able to mechanically alter that vehicle, right. But as vehicles have become more and more complex, more and more of those uh, those those systems have become computerized, and it's falling into what some people call the black box problem, which is where you have a system that is essentially contained within a black box and it is very difficult, if not impossible, to get access inside that
black box. You can alter what happens once this is what what whatever the output is of that system, you can alter that, and you can alter the arrangement of various black box systems. But if you don't have that special diagnostic computer right or any other means of tapping
into it, then you're kind of stuck. And and the argument is that the technology is reaching a level of complexity where the tinker is becoming more and more rarefied, Like it's it's harder to be a tinker in that world because things are getting so specialized and so advanced that it requires a good deal of specialization just to alter one thing, let alone all the other related systems. I feel like we talked about this in an early episode of the Forward Thinking podcast. This is very familiar.
But okay, so that's how you hack your own vehicle to improve or maybe not improve but change it. Sure, but what about the more, you know, the more popular sense of hacking these days, where you're talking about violating
a supposedly secure system making it work for you. So Ben and I talked about this as well, and overwhelmingly the most prevalent version of that kind of hacking required physical access to the vehicle and that you would have a laptop that you would plug in with a an adapter to your your cars computer system, and with that laptop you could alter things with the vehicle. In fact, you could even set it up so that you could have remote control of the vehicle through the laptop that's
still physically attached to the car. Oh wow, I wouldn't I wouldn't really expect that with I mean, I could see how that could be coming with autonomous cars. But I'm so you could control like gas and brake and steering.
You could certainly control things like brakes and steering. Uh, not necessarily acceleration, although you could do that too, I assume, but you could certainly alter things like you could you could make the brakes stop working, and in fact, there have been demonstrations where people have done that, where it was done in a safe way, but to show that, like the anti lock brake system would be disconnected so that hitting the brake would do nothing and the car
would continue on as if you hadn't hit the brake at all. Just kind of terrifying to think about. But there was a laptop computer sitting right there, plugged into the dashboard. It was just that the commands. Like, think of it this way, it's the same thing as if someone were sitting in the passenger seat sending the commands
from the laptop directly to your car's computer. Only you have removed the need for a person to be sitting there because you have a remote system sitting the commands to the laptop, which then send the commands to the car computer. Well, if you're gonna do that, you might as well just say, well, somebody sitting in the passenger he could reach over and grab the steering wheel, right, and that was the point, right, That was the point that allot of the car manufacturers were making, that a
lot of security experts were making. They said, these examples require somebody to have physical access to your vehicle in order for them to make these alterations, and therefore it's not necessarily something to go out and panic over. Yeah, so that doesn't really bother me. What would really bother me? And and a quick digression, I think you and I are both on the record as being pretty pro autonomous vehicle. I am it would be harder for me to be
more pro autonomous vehicle. I am also very pro autonomous vehicle despite all these concerns. And one of these concerns is what if somebody could wirelessly hack an autonomous vehicle? And that seems like, I mean, hopefully the industry will take all the proper steps to prevent that from happening. But autonomous vehicles do need to be able to communicate with each other, so it seems like they may possibly
have some wireless based vulnerabilities. And there are cars out there right now that have wireless vulnerabilities, and we'll talk more about specifics in a little bit. So you are absolutely right that autonomous cars will have these because we have cars right now that have these these wireless vulnerabilities from from various systems. Uh, there have been examples of people using the entertainment systems within certain cars to hack
into the rest of the vehicle. Now, you would think that these should be networks within a car that are completely separate, that don't have anything to do with one another, But there are times where, either because the design is simpler or because of well intentioned reasons, the they are coupled more closely. Like imagine that you have an entertainment system that is wired in such a way where the volume of the system will automatically adjust based upon your
ex leuration. So if you accelerate more, the volume goes up because it figures, hey, now it's going to be a noisier environment, so I need to balance out by becoming louder so that the person can continue to have the same experience listening to whatever they're listening to, whether
they're going slowly or quickly. Well, that means that there needs to be some data coming from the drive system of the vehicle, and it may just be data and it may just flow one way, which would be the best way to implement that, but it may mean that these systems are more connected than you had first imagined, So as we get into more WiFi based entertainment systems,
that is a potential point of vulnerability for vehicles. Yeah, and a thing that just occurs to me is that hopefully anybody who made these would sort of have entertainment systems running on what's essentially a different computer than the
computer that controls the engine. Otherwise it seems like it could be vulnerable to the kind of buffer overflow attack or something where you h you have some kind of like you max out the memory on something and then you start and then once you've maxed out that area, it overflows into a place where you can just execute some code. Right. Yeah, that's a good example. I mean that that's certainly something that that needs to be thought
about when designing these systems. And to make this more complicated, we have things like, you know, the wireless entry systems, which can be spoofed, although it's not easy to do so. So wireless obviously that's when you've got you know, your little key fob and you push a button and it unlocks the door so you can get into your car. Uh. Those work on little radio signals, and it is possible to broadcast radio signals at a car and activate it's
unlocking mechanism. It's not easy, and the reason it's not easy is that you need to know generally what frequency this thing is broadcasting over, so it may require you to be in the presence of the key fob being
used in order to pick up on this frequency. You really need to know probably the beginning of the code, which again you can sometimes glean by listening in essentially on that key fob um and then you have to brute force attack because the way key fobs work is it works with a rolling algorithm, so every time you press that button, it changes the code, so the cook but it's changed based upon an algorithm, so it's based
upon specific rules. It's not random because if it were random, no car would ever know when it's key is being used, right but it But that means that if you are using a remote attack to try and get access to a vehicle, then you have to do a brute force so this can take minutes up to hours, depending upon uh the system and depending upon your luck based upon where you're starting from the code. And also it means that if you have a keyless entry and you go to your car and you try and use it and
someone has remotely accessed your vehicle. One of the only ways you might be able to tell, assuming that your vehicle is still there, is that is that it takes a couple of presses before anything works, because it will take a while for the the code on your key fob to match up with the code that's in the car. So, in other words, if you press it and you're like, oh, nothing's happening, and you press a couple more times, then it it'll synchronize up again and then you can have access. Uh.
This is something that has been done already. Security experts have shown. There's one in particular who used his own vehicle to demonstrate that you could gain access. But it could take hours and it takes a huge amount of effort, So it's not something that is is probably easier to
just get a brick and bash the window. Yeah, it's definitely not likely to happen, right, I get like the likelihood of it happening is incredibly low because there are other ways of getting access to a vehicle that require far less work and far less access to set vehicle. For a given length of time. Um, there are other examples of someone having a remote control of a vehicle, but it was it was by exploiting a system that
was intended to have this remote shutdown feature. So you you know that a lot of vehicles have this ability for for a an entity to either remotely shut down the engine or do things like hawk the horn, right, yeah, I think, Uh, well, I know one scenario in which this occurs would be like, so let's say you take out a loan on a car and the person who sells you the car is not very confident that you
will pay back that loan. They can put equipment on the car that prevents it from starting up, right, so they can say, this person isn't paying on their financing, we need to shut down the car's ability to run. Yeah, it's essentially a remote kill switch and your car will not start at that point. And uh, yeah, it could be hopefully they wouldn't be able to turn off the
engine while you're driving. No, I don't think that's that's a possibility, but they could certainly do it, you know, so that the next time you try to start up your car it doesn't work. And uh, it can be used in that case where someone's not keeping up with their payments. It can also be used in the case of a stolen car. So if your car stolen, you report it to the police, you work with the dealership,
you explain, hey, my vehicle was stolen. They can actually activate this remote kill switch so that the criminals who have possession of your car are no longer able to drive it, and then the police can hopefully locate your vehicle and you get it back. Uh Right. So there are legitimate reasons why you would want that technology install
on your vehicle. However, there was at least one case where a person who had access to said system, uh, accessed it for personal reasons and out of vindictiveness, was essentially harassing somebody using the system to mess with their vehicle.
So if you look at a discussions about car hacking, and they always say, like, what are the examples of Mali Shiss car hacking, they said, well, outside of research and development, where where security researchers are trying their best to do this to to see if it's viable, there's only one example of it ever actually happening, and in that case, it wasn't hacking in the sense of someone setting down at their computer and trying to get access
to a vehicle, someone exploiting an existing system that was already attached to that vehicle. But that being said, with all those caveats laid out, the issue of wireless hacking a vehicle, of remotely accessing a vehicle is by no
means a dead issue. It is something that is continuously brought up, and as of the time that we're recording this podcast, which is in May of twenty, there's increasing interest in this because of a pair of researchers and what they claim they are able to do and what they will show off at the black At Conference in August. What is that? Well, first I should explain what the black Hat Conference is, So it's a um it's essentially
it's a hacker convention. It's all about discussing security vulnerabilities and uh, the ways to exploit them. Now, in hacker circles, you have white hats and black hats, and sometimes you can argue gray hats. White hat hackers are people who are looking for security vulnerabilities with the intent to have those security vulnerabilities patched so that they are no longer vulnerable.
Black hat hackers UH tend to be the folks who find security vulnerabilities in order to exploit them, whether that is to exploit them directly or to exploit them by selling that information to other interested parties. And whether they're doing it for cash or for leverage over somebody, or just for fun, Yeah, just to build their own reputation, as opposed to, you know, a genuine desire to help
other folks. So even though it's called the black Hat Conference, it doesn't necessarily mean that these are all people who are gathering around trying to figure out how to control the world through their laptops. Often its actual discussions about these are serious concerns that we need to address in order to make sure that they don't become huge problems
go beyond concern to an enormous problem. So the the researchers were talking about, actually, I think Ben and I mentioned them to Charlie Miller and Chris valisek Uh, their two security experts who had talked about hacking cars previously. They had UH shown in two thousand thirteen and two thousand and fourteen various ways to hack vehicles. UH, and now they are talking that. In the two thousand fifteen conference in August, they will reveal a way of remotely
gaining access to a vehicle. It does not require you to plug a laptop into a computer. They say that you could do this with an unmodified vehicle as soon as it rolls off the dealership. Scary, very scary. Um, that's an excellent question. I think that I'm sure that they have something. The extent of that. Yeah, no, no, no,
the extent of what they have I do not know now. Previously, they have published lists of vehicles that they have looked at that they say represent, you know, the most hackable kind of vehicles, and the very top of the list, where the Jeep Cherokee was number one. That's the most table, most tackable, most tackical. But they had identified three different criteria for hackability, including things like are the systems interconnected with one with one another? How many wireless points of
entry are are potentially there? That sort of stuff, and out of the various criteria, the Jeep Cherokee had the most of them, the most examples. Uh. The Infinity Q fifty was also up there in the catalacic esconade as a as the the SNL Southern character would say was also up there, and uh, when we're talking about wireless points of vulnerability, really you're talking about any system that
has that wireless communication capability. So one example, which is perfectly innocent in of itself is the tire monitoring system, the tire pressure monitoring system. So if you have a vehicle that has this, then like you get in your car, you turn your you know, you put the key in the ignition you or if it's key less ignition, you
turn on your car, however that may be. And there might be an indicator on your dashboard that tells you, you know, if your tires are overinflated, underinflated, what the you know, how the pressure is? Uh, which is kind of cool. You're like, oh, awesome, I don't need to get out of my vehicle, you know, pull over to a gas station or whatever and get the air pressure gauge out and see how it's doing. It's telling right here, um,
which is useful. But it's doing so with wireless sensors that communicate back to the the computer system that is governing all the other systems in the car. Yeah. I can see why you wouldn't want wires going to the tires. Yeah, yeah, no,
it would it would be problematic. Right, So the the wireless system is likely communicating with the what's called the controller area network bus or can bus, which is kind of like the traffic controller of all the different systems that feed information into the cars computer, the master control program. If not the master control program, it's got to be like the master control programs Uh executive assistant, Right, yeah, yeah, it's a it's good old David Uh not Yeah Stark
controlling this. So yeah, exactly, it's it's this this traffic controller that sends the information to the computer. Well, you know, that's a potential point of vulnerability. And there have been examples of being able to track a vehicle based upon tracking the unique monitoring frequency for that that tire pressure system.
So you could potentially track where a vehicle has gone by keeping note of this particular this particular wireless communication system, if you could, can you get access to more critical systems like breaking or steering through that? That remains to be seen. So Miller and Uh and Valask have said that they have found some interesting stuff through their experiments. Um, they haven't had this discussion, so we can't say exactly
what they revealed. But they have said that uh, or at least the black Hat website says that the presentation will include starting with remote exploitation, we will show how to pivot through different pieces of the v vehicles hardware in order to be able to send messages on the can bus to critical electronic control units e c us. We will conclude by showing several can messages that affect physical systems of the vehicle. So that that's pretty vague, right.
It doesn't specifically say that it could do something like break the car as it b R A K E the car like apply the brakes. Doesn't say that, uh, you know, explicitly, so maybe their methodology will be limited. And in fact, they say that they plan on showing both the reality and the limitations of remote hacking on vehicles.
So a lot of security experts have said, listen, this is something to be concerned about, yes, but not something to panic over because one, they have not indicated how extensive these these messages can go, like what what the effects can be. Two, they haven't discussed their methodology of coming up with the ability, the way of doing it, or if whether or not they plan on sharing in
detail how it's done. And three, it may require so much effort to do this that, just like the keyless entry, no one would ever bother to do it, because they are easier ways to sabotage a vehicle than going through
these processes. But showing that it's possible means that further, like the future generations of vehicles could be built and designed to counteract this sort of stuff from the from the get go so that it doesn't become attempting enough target to make further investigation into that that line of attack.
Right like, if you if you find a vulnerability and you find a really hard way that you can exploit that vulnerability, that might lead to other people saying maybe I can find an easier way to exploit that same vulnerability. As long as that sunability exists, and it's a it's a target, and if we ever get to a point where it's easier to attack the target than other methods
of messing with a vehicle, then you're in trouble. So the hope is that these systems one could be addressed by updating firmware on existing vehicles, and two could be prevented in future vehicle design. Uh that being said, of course, we still don't know what they're gonna say yet. It may it may be that this is all uh, you know, largely, you know, the speculation that we're having is largely harmless.
That could be that's best case scenario. Worst case would be, Yeah, we figured out that we could with a laptop and a wireless transmitter, we can make your card do whatever we wanted to do. That would be bad. Well, I would say, actually, the best case scenario would be that, um, that they actually do turn up whatever are the most critical vulnerabilities that exist in that leads manufacturers to take
better steps to protect their cars. Yeah, assuming that there are in fact critical vulnerabilities, that is the best case scenario. The true best case scenario is to discover there are no critical vulnerabilities. But the likelihood of that, I mean, if someone's really determined to get access to a system, there hasn't been a system made that is crack proof. You know, eventually, given enough time, resources and willpower, any system that has been made can will eventually be be breached.
Speak for yourself. I'm behind seven proxies. I tracked him all the all the way to a pub in Ireland. It turned out he was at least three more hops away. Uh, well, as scary as the idea of somebody hacking the car you or driving is, Yeah, about the only thing I could imagine scarier than that is somebody hacking the airplane you're writing in. Yeah, that would that is a a sobering thought right now. Of course, we would hope that
nothing like that is possible. That airplanes are designed to be as secure as possible, and that they don't really have any vulnerabilities that you could exploit, like like these, you know, tire pressure gauges or anything like that. We would hope, but that might not necessarily be the case, because this month, in May, if you haven't seen yet, some media outlets have been reporting that a security researcher named Chris Roberts may have hacked an airplane and send
it off course. Yeah. Now, the reason why you're building so many qualifiers into this statement is because, as it turns out, there's there are a lot of differing accounts about what exactly was done and or happened. Yeah, well, our information is a kind of like he said, he said, he said issue, So I'll explain that as we go forward. But who is Chris Roberts so for years he has been known as a white hat hacker. We talked about black hats and white hats earlier. If you're a listener
to the show, you're probably familiar anyway. But the white hat is somebody who at least ostensibly uh goes out and looks for vulnerabilities and systems in order to improve security, to show you, hey, here's where you're weak. You should shore up your defenses in this area. And so Roberts for years has been known as a white hat hacker, especially in a vionic sort of publicly denouncing alleged security problems and vulnerabilities in networks airline manufacturers put into their aircraft.
So keeping in mind that, you know, as the aircraft experience has evolved over time, Roberts would argue it has introduced vulnerabilities from an electronics standpoint computer standpoints, So things like the in flight entertainment systems, the i f E s or the fact that a lot of a lot of airlines offer WiFi on their flights. Yeah, that these could potentially be vulnerabilities. Yeah, and so you know you would just hope that well, I mean, if a plane's
showing me movies on some central computer system. Surely that computer is not linked to the computers that control things like I don't know, life support systems inside the airplane. Yeah, the the engine, the navigating computer. You would hope that there's no involvement there. But I'm gonna tell a little story. Okay, So in April, I think it was on April fifteen, sometimes in the middle of April. Yeah, Roberts, the same guy, Chris Roberts. He was removed from a flight by FBI
agents after the flight landed in Syracuse, New York. And the supposed reason that everybody figured this happened was because Roberts had tweeted a joke about hacking an airplane in which he was riding earlier that day, and has at least on one subsequent occasion said he was essentially poking the bear. Yeah. So the tweet read as follows, find myself on a seven hundred. Let's see box I F E ice st com Shall we start playing with E I C A S messages pass oxygen on anyone? Smiley face.
So he's using some some acronyms there. One of them is I F E that's in flight entertainment. Another one is E I C a S that's engine indicating and crew alerting system at the past oxygen on what it seems to be saying there is he's suggesting it would be funny to, uh to trigger a command that makes the oxygen masks descend on all the passengers, whereupon you would uh adjust your own mask before helping others. Yes, that's important to remember. Now. Of course, it's important to
point out that Roberts did not do anything. He was just tweeting a joke. Still, one could and probably has argued that such a joke was at best in poor taste and at worst really dumb. Yeah. Well, especially because the FBI acted on it. The FBI agents detained him, interrogated him, and confiscated his electronics. He even tweeted out a picture of the electronics that were confiscated and said, well, they're all encrypted, but they're all gone now. Yeah. So
that was last month in April. But in May, a Canadian news organization published I guess what must have been a leaked copy um of a warrant application for the search and seizure of Robert's devices. This was written up
by FBI special agent Mark Hurley. According to this document, Roberts had all ready voluntarily spoken with the FBI in February and March of so a few months ago to inform them about basically what he claimed were security vulnerabilities in these in flight entertainment systems that we were talking about before. And he identified several aircraft, in particular the Boeing seven hundred, the seven thirty seven, nine hundred, the
seven fifty seven two hundred, and the Airbus A three twenty. Now, if you'll notice, he identified in his tweet that he was on A seven hundred, one of the ones that had these in flight entertainment system vulnerabilities according to him, and so that's sort of the joke he was making. He was like, Okay, remember these things I've been talking about.
I'm on one of these planes now. So the document, the warrant application, claims that Roberts told FBI agents on these earlier conversations that he had exploited these security flaws and penetrated in flight entertainment networks in midflight. So he claims between he penetrated i FE systems fifteen to twenty times, and he said he gained access to these i FE systems by physically plugging in. I thought this was interesting.
So he said he physically plugged in via a modified Cat six Ethernet cable into the seat electronics box or SEB, and these are found under the seats in some airplanes, so you can imagine his process. Basically, what he said he did is he reach under the seat in front of him and sort of wiggle this box and squeeze it until the cover comes off, which is quite the feat because many of these are fixed by screws. Yeah, well, we'll go into we'll go into potential objections to the story. Yeah,
oh yeah, yeah. So I've never tried to get into a seat electronic box myself. Neither have, uh, nor will I, and nor should you, because it's not a good thing to try to mess with. But what he said is he got the cover off and he'd plug in. It's kind of strange that nobody ever seemed to like notice him doing this. One of thee to the story. Yeah, but uh so, and again, just to reiterate, this is what the warrant application claims he told the FBI earlier
this year. So it's several levels of hearsay. Um, But yeah, they said he so he said he would plug in with this Cat six ethernet cable and that would give him access to the plane's i FE system, the inflight entertainment one and then and I'm going to read just a direct quote from the warrant application in this next part. It claims that Roberts told them he quote connected to other systems on the airplane network after he exploited SLASH, gained access to or quote hacked the i FE system.
He stated that he then overwrote code on the airplane's thrust management computer. While a board of flight, He stated that he successfully commanded the system he had accessed to issue the CLB or climb command. He stated that he thereby caused one of the airplane engines to climb, resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising SLASH, exploiting or quote hacking the
airplane's networks. He used the software to monitor traffic from the cockpit system and if true, this is fascinating. The warrant application claims Robert said he used default I d s and passwords to compromise the network. That was a face palm. There if that's true, people change your passwords. I mean, okay, here, here, here's one thing I would argue, as far as the changing of the passwords is yes,
as it should not be default. At the same time, this is a difficult, UH scenario because you have multiple flight crews all using the same equipment. So how do you do I D password management in that case? Like assuming that assuming that the idea and password is is unique to the vehicle, to the aircraft, and not unique to the crew. So if if it's unique to the crew,
that's one thing. You know, if it's if it's the pilot and copilot who have to put in this I D and password, and it's the same for whichever aircraft are in, that's one thing. But I suspect that's not the case. I suspect it's more unique to the aircraft. That's more. That's tricky. How do you where do you record the information for the aircraft so that the crew has access to it? Um? I mean, I don't know. I don't know, but you can do better than default.
I'm sure, I'm sure, And I don't know the answer to this question. And I mean I would hesitate to ask because I don't think I don't need to know. As long as I know that they are practicing good security measures, as long as they're not doing the default ide and password, Uh, then whatever you know, I'm maybe uh.
And then of course he claimed he after this that he used a virtual environment to build a virtual version of the airplane's network that he could then study safely, and so to to reiterate this, he according to the FBI document, Roberts claimed he steered an airplane, He plugged into an airplane from a passenger seat, and caused the airplane to briefly divert off course. That's amazing and amazingly scary if true. Yeah, that that is that is incredibly
sobering if in fact it is true. Now, there are some things to consider, and we'll get fully into some questions about this story later on. One of the things is that I think there might be some confusion online in reaction to this story, where one of the things is that Roberts was not claiming that he did this on the day he was arrested. The warrant application is saying that he told them he had done this in
previous years. Yeah, and they just got around to arresting him. Later. Yeah, Well, I think they got around to arresting him because of this tweet and then because they suspected that he had been messing with the flight he was on that day and in April, even though he claims I think he claims that he didn't mess with it that day. Yeah. Uh,
And so there's there was. I believe there was. Part of the the accusation was that the this this electronics box, the seat the CEB had been altered, but Robert says, well, I didn't, that wasn't me. Yeah. Yeah, So the FBI claimed it showed signs of tampering. The seat, the one under the seat in front of him on the flight he'd been on that day looked like it had had been tampered with, but he claimed he didn't do it.
And so I don't know what to say about that, except that another interesting question that comes out of this is about the nature of white hat hacking. Right, So, like, if you take this story at face value and just say, let's assume it's true, and you are a white hat hacker who is aware of a very dangerous, very scary security vulnerability, whether it's in a vehicle or a piece
of software on the internet infrastructure, whatever. It may be something that that could really endanger a lot of people, and you're aware of how to exploit it, and you know that other people could exploit it, and you've been trying to warn people about it but getting nowhere. But but it's not getting fixed. What do you do? And so I know a lot of people would look at what he did here if he in fact did do it,
and they would say, that's that's so reckless. How could you gamble with the lives of all the people on that plane just to sort of like proves something for a little research project. On the other hand, I think, you know, you could argue that, well, you know, he didn't tell it to like crash into the ground. He you know, maybe executed something that it would have seemed to him to be an innocuous test. I don't know. Again, we have to say, again, this is all sort of
hypothetical because we don't know what really happen. We don't know the real story. Yeah, so a lot of this depends upon what really happened, Right, So I think anything that would that results in the diverting at all from a flight plan is incredibly reckless, Even if even if it's too demonstrate, Hey, you really need to pay attention to me, these vulnerabilities exist. I think that's taking taking that approach where you are potentially putting the lives of
everyone on board that flight, not just yourself. I mean, if it were just yourself and you were just proving it, then that's one thing. But you are taking You're taking. It's an incredible amount of bravado to say I'm gonna put the lives of every single person on this plane in danger. I Am potentially going to uh to to eliminate the lives of everyone here and forever alter the lives of all of their loved ones like that, not to mention potentially the lives of people on the ground
as well. I mean, it's just incredible. Yeah, I totally agree. But then on the other hand, you could also make the argument, like with this security vulnerability in place and them not doing anything to fix it, that that there already in danger and you're trying to get something done.
The best I could say is that there has to be some means of getting that message across without physically altering the pathway of the aircraft, Like you could send a message some other way or you could document what you are doing and send that documentation on and say, look, this is exactly how it works. If I can do it, then potentially other people can do it. And that's why
you need to address the security vulnerability. I think I think there are other ways that would have gotten just as much attention from an official standpoint without potentially harming people. Assuming that the story that we hear in the affidavit
is in fact what happened. Yeah, and so now we really do need to get to that point what really happened, because there are people who have raised serious concerns about the version of this story that's come out, and it's it's hard to identify if if it's not true, where the fault lies. Was there a problem with the FBI? Is retelling of u of Robert's supposed story? Did Robert's mislead the FBI? Did the FBI not understand what he was telling them or did? Or were they misleading in
their report? But there are places along the line where we could have gotten the wrong story from this document. So no matter where the fault may lie, there have been a lot of people who have pointed out problems with the story. So whether it was the original Roberts story or was the retelling that's kind of beside the point.
Here are some of the objections. One of the big ones is one that we've raised already, the idea that if it requires plugging a modified cable into an electronic box that typically is not accessible by a passenger, why
didn't anyone else notice or comment on it? Or you know, because again, it requires some manipulation of the box to get access to it, even according to the affidavit story of what Roberts was saying, um, and a lot of these do have screws that are set in, so you would have to unscrew a panel in order to get access to the ports that are inside of it. Why would no other pastor or flight attendant have noticed this?
Because it's it's you know, it's fairly disruptive. On one hand, I agree with that, but then there's a little part of my brain that says, yeah, but what's the easiest way to rob a bank? Show up and look like you know what you're doing. Just walk into the vault like you're somebody who's supposed to be going in. Yeah, I mean, there's a certain thing to be said for if you just don't act like you're doing anything shady, but you've got this sort of like aura of yeah,
this is what I normally do. People just don't really question it. They're like, Okay, I assume me knows what he's doing. Well, And I suppose if if someone saying next to that person just assumes that what they're doing is plugging in a device to charge because some a lot of aircraft now have you know, outlets for that sort of thing, Maybe that's the assumption. I still think that flight attendants would find it interesting. But maybe but let's let's all right, let's go ahead and say that
that's one of the objections. But the other one is that you have to you know this. This also assume is that the i f E is in fact an interconnected network with the same computers that control the flight controls, and not two separate networks that have limited or no connectivity. Right. So this is the objection that I really hope is correct. And the objection is the airplanes do not actually have this vulnerability, right, Like, he couldn't have done what he
said because it's not possible. Yeah, now there are some connections that have to be there for most of these i FE systems, because if you've ever been on one where you have the track my flight, then obviously the track my flight uh app or whatever you want to call it in the entertainment system, that feature is gaining some information from various systems aboard the aircraft. Uh you know, things like altitude and air speed and the temperature outside, all this kind of stuff, Um, how how far you
from your point of origin? How far are you from your destination? But all that being said, that could totally be connected to computer systems that have no other connection to anything else, right, Like, there are a lot of redundant systems of board aircraft for very good reason. You want there to be redundancy for safety. So and it could also be that the information that's come across is again traveling in a very specific one way path that there's no way to go upstream of that information. Um,
and that would make the most sense. In fact, Boeing says, the connections are limited and offer no access to flight controls through the i F e uh and that means that you wouldn't be able to get access to this thrust management control using the i F It would be impossible. So you know, you might be able to hack the i f and get access to it and maybe require everyone to watch biodome, but you wouldn't necessarily be able to tear It would be awful, yeah, but not as
awful as having someone altered the flight path plan. Um. Now, there have been some folks who said it's it might be possible that the i f E has a direct connection to climate control, which matters, Yeah, because if it's on the same system as climate control and you shut down climate control, then you're going to force that aircraft to land. Uh. I don't know how much access to climate control the typical i FE has. It may only have access to vent control. Then your vent is on
or off and that's it. It may not have any access to the actual climate control part. I don't know. But if it does have access to climate control, that could potentially be a point of vulnerability that could be exploited to force an aircraft to land prematurely. Um. Most likely flying to the closest airport that has availability and landing. So it's not like it's not like, you know, a drastic emergency, but it would require premature landing, which obviously
would be problematic at best. Yeah. I also remember seeing one criticism of the story that that essentially said that pilots would have to review any kind of like review and approved any incoming change to the flight path or flight control. Yeah, that's the aircraft systems are designed for safety.
And again that redundancy is meant for not just the systems, but for commands given to the system, so that you know, think of any computer program where you've had, you know, something where you you choose a command and it pops up and says are you sure and you hit okay.
Multiply that by a hundred, and that's what we're talking about with aircraft systems for good reason that that you know, you are meant to review and approve these things, so that anything that would affect a key element of the aircraft's operation would require approval, review, and approval, and not just a command issued by a computer. So that's another objection. Uh, there's also a Mashable has an article on this. They
interviewed a pilot. The pilot requested to remain anonymous in the interview, So we don't I trust that it's really a pilot. I do too. So the pilot said that Roberts claims according to what the FBI said. At any rate, we're false because the systems he had claimed to access
didn't exist aboard the type of aircraft he was on. Now, granted, this might have just been been uh limited to the seven hundred story, and it could be that it was a different aircraft that he claimed he had gained access to, but he said the pilot says, if Roberts is saying he was on a seven hundred when he did this, it's impossible because the system he claims to have taken advantage of can't do that. He also points out the eye cast system you were talking about earlier, says that
that just displays messages. It doesn't have any control over the aircraft at all. All it does is tell you stuff. It's a readoubt essentially. Ah. And trying to compromise a computer by issuing print commands. Yeah, yeah, you might be able to print some naughty words out, but it's not it's not affecting any other part of the computer. Uh. And then he also pointed out that the I f E and cockpit systems had no point of commonality except for the fact that they both drew power from the
same power source. But that's it. They didn't have any crossover, there was no connectivity between the two. So it is entirely possible that the this is a big fuss over over largely nothing. Um But I mean I certainly hope so yeah, But I also hope no matter what the true facts of this case, where I hope this is at least encouraging airline manufacturers and the people who designed their their hardware and software to re examine the security of their aircraft, right yeah, and really put it through
vigorous testing. And I don't mean to suggest that they don't already do that. I imagine that the companies, I mean, obviously they have a vested interest in making sure those those systems are tested vigorously with lots of different attempts
at intrusion. The various scenarios have to be run about how likely or possible is this, because I mean, it's it's it's life and death, and a company has to be able to rely upon having the reputation of being responsible for something as important and potentially as dangerous as air travel. Um. So I I'm fairly confident that that the the security vulnerabilities are very seriously looked at in these cases. Whether the Roberts case is as extreme as
has been indicated in that affidavit, I don't know. I mean, if that is a possibility, then that's certainly warrants a re examination of how these network systems are laid out within an aircraft. Now let me do let me tell you something. This is background, Jonathan. Way before I worked for How Stuff Works. Years before I had worked for uh, you know, I worked for a couple of consulting firms. Is before that. This is way back when I was
looking for my first job. I landed some contract work with an airline and my job was to transcribe audio files that were detailing the various systems aboard aircraft into text files so that there would be a text copy of these audios. As far as I know, they didn't have the manuals or the hard copy anywhere. So it was my job to transcribe hours of technical documentation about these aircraft, which included things like how the cables were laid out in the systems. And it was fascinating to
learn at the time. It was nothing, you know, that was exploitable or anything like that. It was just interesting. But it really displayed to me the care that goes into designing these systems to make certain that this redundancy is there. And it actually really reassured me quite a bit.
All I was doing this like, it removes some of the the mystery behind aircraft and also displayed exactly how incredibly um detail oriented these designers had to be, which you know, makes sense if you think about it for more than a second you realize, oh, of course they have to be. But it really drove that home. So I was very thankful to actually have that experience. It's one that not a lot of people have necessarily had. Now.
I will also say that it was for a lot of old aircraft that aren't around anymore, because this was many years ago and those aircraft have since been retired from various fleets. But I think there's some old aircraft still in circulation. Yeah, but you don't see a whole lot of these gigantic old war horses. They've been they've been replaced by newer more. Um. Yeah, you know, you know, back back when uh an aircraft consisted of a giant rubber band and a lot of hope, No, it wasn't
like that. But other thing I wanted to point out kind of going back to the car discussion, just briefly, is that whether or not these concerns are critical, like whether or not these are things that we really need to worry about. Most most security experts say right now, the trouble you'd have to go through in order to exploit any of these so called vulnerabilities would be so
great as to render them meaningless. That doesn't really matter because there's been so much public interest shown on the story for obvious reasons. That is, it has prompted politicians
to get involved. And Congressman Ed Markey sent out a letter to twenty automakers after the two thousand thirteen Black Hat conference that that are earlier one where uh they were demonstrating the ability to hack vehicles by directly hooking up computers to the diagnostic system UM and he sent these letter to twenty automakers to ask about their secure
A measures for wireless attacks. Now, all of the automakers that responded, and I think sixteen of twenty cent responses something like that, But all of the response the ones that responded said their vehicles had wireless points of access, so at least one wireless point of access that could potentially be used to connect to the car, not necessarily exploit of vulnerability, but to connect. Seven of the respondents said that they used a third party to test their
systems for security vulnerabilities, so essentially white hat hackers. They went outside their own company to hire contractors and say, see if you can gain wireless access, remote access to these security systems, and if you can or these these what are supposed to be secured systems, and if you can, let us know how you did it so we can address that before we release the vehicle as a production model.
Very responsible, But only two said that their vehicles had countermeasures for hacking attacks on stuff like breaking and steering systems. So the story that gets out from this is that you know, only a couple of car manufacturers when they weren't named, actually have the security measures in place, and only seven are using third parties to test their systems. The flip side of that argument could be there's no demonstrable security issue yet that that would be enough to
create a concern. However, it is good to be aware of it and to perhaps start building in these kind of safety features moving forward, knowing that it's not like the world's going to get less connected, right we're gonna continue to see that trend go, so we need to be certain that we're doing so in a responsible way, in a safe way. Totally excellent. I'm glad you agree. So, yeah, this was this was a fun kind of thing to look at. And I mean, ultimately, I would always argue,
apply critical thinking to the situation. Don't react with your initial emotional reaction. I mean, anyone who sees anything like this, I'm sure the first emotional reaction is a fear, a feeling of unease, if not fear right because I mean, when you are behind the wheel of your car, you know you want to be in control. You don't get the thought of someone else potentially gaining control of the situation that you felt you were in control of is
that's scary. So, I mean it's understandable, but apply critical thinking. Know that it is not likely to happen. There are other things that are far more likely to happen, and as long as you take those precautions against those, you're
probably okay about these other more remote possibilities. Um And again, if you are in a position to make decisions about these kind of systems, whether it's you know, from a car manufacturer or maybe you do aftermarket stuff then keeping that in mind and keeping that as as part of your best practices of of testing the security of your systems. It's definitely something you should look into. Joe, thank you for joining me. Thanks for having me, man, I've been
wanting to talk about this since I saw the article. Yeah, and it was fun to kind of follow up on an previous episode that actually, you know, it really did warrant this new discussion, and we'll probably end up having another follow up once the the August Black Hat conferences over. In fact, I think it would be good for me to do an episode just kind of following up on the stuff that comes out of these things like def Con and black Hat, so that folks can know, all right,
what were the vulnerabilities that were discovered? How bad is it? Those are two good questions to answer. So I will try to do that this year and and follow up on that because I think it'd be really interesting. Uh, And I've got buddies who are hackers, so they can give me the inside story. Maybe I'll get Snubs to come on, Shannon Morris to come on, or or Darren Kitchen to come on and talk about it because they're both super smart about that stuff, way smarter than I am. Guys,
I'll listen to that. Yeah, if you'll be fantastic, you know, maybe we'll even have a three person show. I mean, it's always that we have three microphones in here. There's no reason why we can't do that. So, guys, thank you so much for listening. You can check out Joe's work at other locations. He's one of the hosts and writers for Forward Thinking. So we do the Forward Thinking podcast twice a week Wednesdays and Fridays, and Joe has written for the video series as well, and so you
can check us out there. Joe, you also write for some of the video series and appear occasionally in them. Yeah. I write for brain stuff and uh and other house stuff Works videos and you can check those out on the house stup Works main page on YouTube or at the brain Stuff page. Yeah, those are awesome. There are a lot of fun. They range all over the map, from super cool science two, super scary stuff to really just quirky fun facts that you might not have thought about.
They're always fun to work on, so check those out. If you have any suggestions for future guests on the show topics. You know, you have questions or comments, You have your own insight into things like hacking vehicles, Send me a message the email addresses tech stuff at how stuff works dot com, or drop me a line on Facebook, Twitter or Tumbler to handle it. All three of those is tech stuff h s W and I'll talk to
you again really soon. For more on this and thousands of other topics, how stuff works dot com