Watch and read the full transcript of computer science professor Avi Rubin’s TEDx Talk: All Your Devices Can Be Hacked at TEDxMidAtlantic 2011 Conference.
Right click to download the MP3 audio:
Avi Rubin – Computer science professor
Thank you, Dave. Good morning everyone. I’m a computer science professor, and my area of expertise is computer and information security. When I was in graduate school, I had the opportunity to overhear my grandmother describing to one of her fellow senior citizens what I did for a living. Apparently, I was in charge of making sure that no one stole the computers from the university. And you know, that’s a perfectly reasonable thing for her to think, because I told her I was working in computer security, and it was interesting to get her perspective.
But that’s not the most ridiculous thing I’ve ever heard anyone say about my work. The most ridiculous thing I ever heard is, I was at a dinner party, and a woman heard that I worked in computer security, and she asked me if — she said her computer had been infected by a virus, and she was very concerned that she might get sick from it, that she could get this virus. And I’m not a doctor, but I reassured her that it was very, very unlikely that this would happen, but if she felt more comfortable, she could be free to use latex gloves when she was on the computer, and there would be no harm whatsoever in that.
I’m going to get back to this notion of being able to get a virus from your computer, in a serious way. What I’m going to talk to you about today are some hacks, some real world cyber-attacks that people in my community, the academic research community, have performed, which I don’t think most people know about, and I think they’re very interesting and scary. And this talk is kind of the greatest hits of the academic security community’s hacks. None of the work is my work. It’s all work that my colleagues have done, and actually I asked them for their slides and incorporated them into this talk.
So the first one I’m going to talk about are implanted medical devices. Medical devices have come a long way, technologically. You can see in 1926 the first pacemaker was invented. 1960, the first internal pacemaker was implanted — hopefully a little smaller than that one that you see there — and the technology has continued to move forward.
In 2006, we hit an important milestone from the perspective of computer security. And why do I say that? Because that’s when implanted devices inside of people started to have networking capabilities. One thing that brings us close to home is we look at Dick Cheney’s device, he had a device that pumped blood from an aorta to another part of the heart, and as you could see at the bottom there, it was controlled by a computer controller. And if you ever thought that software liability was very important, get one of these inside of you.
Now what a research team did was they got their hands on what’s called an ICD. This is a defibrillator, and this is a device that goes into a person to control their heart rhythm, and these have saved many lives.
Well, in order to not have to open up the person every time you want to reprogram their device or do some diagnostics on it, they made the thing be able to communicate wirelessly. And what this research team did is they reverse engineered the wireless protocol, and they built the device you see pictured here, with a little antenna that could talk the protocol to the device, and thus control it. In order to make their experience real — they were unable to find any volunteers — and so they went and they got some ground beef and some bacon and they wrapped it all up to about the size of a human being’s area where the device would go, and they stuck the device inside it to perform their experiment somewhat realistically.
They launched many, many successful attacks. One that I’ll highlight here is changing the patient’s name. I don’t know why you’d want to do that, but I sure wouldn’t want that done to me. And they were able to change therapies, including disabling the device — and this is with a real, commercial, off-the-shelf device — simply by performing reverse engineering and sending wireless signals to it. There was a piece on NPR that some of these ICDs could actually have their performance disrupted simply by holding a pair of headphones onto them.
Now, wireless and the Internet can improve health care greatly. There are several examples up on the screen of situations where doctors are looking to implant devices inside of people, and all of these devices now, it’s standard that they communicate wirelessly, and I think this is great, but without a full understanding of trustworthy computing, and without understanding what attackers can do and the security risks from the beginning, there’s a lot of danger in this.
Let me shift gears and show you another target. I am going to show you a few different targets like this, and that’s my talk.
So we’ll look at automobiles. This is a car, and it has a lot of components, a lot of electronics in it today. In fact, it’s got many, many different computers inside of it, more Pentiums than my lab did when I was in college, and they’re connected by a wired network.
There’s also a wireless network in the car, which can be reached from many different ways. So there’s Bluetooth, there’s the FM and XM radio, there’s actually Wi-Fi, there are sensors in the wheels that wirelessly communicate the tire pressure to a controller on board The modern car is a sophisticated multicomputer device.
And what happens if somebody wanted to attack this? Well, that’s what the researchers that I’m going to talk about today did. They basically stuck an attacker on the wired network and on the wireless network. Now they have two areas they can attack: one is short-range wireless, where you can actually communicate with the device from nearby, either through Bluetooth or Wi-Fi, and the other is long-range, where you can communicate with the car through the cellular network, or through one of the radio stations.
Think about it. When a car receives a radio signal, it’s processed by software. That software has to receive and decode the radio signal, and then figure out what to do with it, even if it’s just music that it needs to play on the radio, and that software that does that decoding, if it has any bugs in it, could create a vulnerability for somebody to hack the car. The way that the researchers did this work is they read the software in the computer chips that were in the car, and then they used sophisticated reverse engineering tools to figure out what that software did, and then they found vulnerabilities in that software, and then they built exploits to exploit those.