How would you steal a car in this model? Well, you compromise the car by a buffer overflow, or vulnerability in the software, something like that. You use the GPS in the car to locate it. You remotely unlock the doors through the computer that controls that, start the engine, bypass anti-theft, and you’ve got yourself a car.
Surveillance was really interesting. The authors of the study have a video where they show themselves taking over a car and then turning on the microphone in the car, and listening in on the car while tracking it via GPS on a map, and so that’s something that the drivers of the car would never know was happening.
Am I scaring you yet? I’ve got a few more of these interesting ones. These are ones where I went to a conference, and my mind was just blown, and I said: “I have to share this with other people.”
This was Fabian Monrose’s lab at the University of North Carolina, and what they did was something intuitive once you see it, but kind of surprising. They videotaped people on a bus, and then they post-processed the video. What you see here in number one is a reflection in somebody’s glasses of the smartphone that they’re typing in. They wrote software to stabilize — even though they were on a bus and maybe someone’s holding their phone at an angle — to stabilize the phone, process it, and you may know on your smartphone, when you type a password, the keys pop out a little bit, and they were able to use that to reconstruct what the person was typing, and had a language model for detecting typing.
What was interesting is, by videotaping on a bus, they were able to produce exactly what people on their smartphones were typing, and then they had a surprising result, which is that their software had not only done it for their target, but other people who accidentally happened to be in the picture, they were able to produce what those people had been typing, and that was kind of an accidental artifact of what their software was doing.
I’ll show you two more. One is P25 radios. P25 radios are used by law enforcement and all kinds of government agencies and people in combat to communicate, and there’s an encryption option on these phones. This is what the phone looks like. It’s not really a phone. It’s more of a two-way radio. Motorola makes the most widely used one, and you can see that they’re used by Secret Service, they’re used in combat, it’s a very, very common standard in the U.S. and elsewhere.
So one question the researchers asked themselves is: could you block this thing, right? Could you run a denial-of-service, because these are first responders? So, would a terrorist organization want to black out the ability of police and fire to communicate at an emergency? They found that there’s this Girl Tech device used for texting that happens to operate at the same exact frequency as the P25, and they built what they called My First Jammer.
If you look closely at this device, it’s got a switch for encryption or Cleartext. Let me advance the slide, and now I’ll go back. You see the difference? This is plain text. This is encrypted. There’s one little dot that shows up on the screen, and one little tiny turn of the switch. And so the researchers asked themselves: “I wonder how many times very secure, important, sensitive conversations are happening on these two-way radios where they forget to encrypt and they don’t notice that they didn’t encrypt?”
So they bought a scanner. These are perfectly legal and they run at the frequency of the P25, and what they did is they hopped around frequencies, and they wrote software to listen in. If they found encrypted communication, they stayed on that channel, and they wrote down, that’s a channel that these people communicate in, these law enforcement agencies, and they went to 20 metropolitan areas and listened in on conversations that were happening at those frequencies. They found that in every metropolitan area, they would capture over 20 minutes a day of Cleartext communication.
And what kind of things were people talking about? Well, they found the names and information about confidential informants. They found information that was being recorded in wiretaps, a bunch of crimes that were being discussed, sensitive information. It was mostly law enforcement and criminal. They went and reported this to the law enforcement agencies, after anonymizing it, and the vulnerability here is simply the user interface wasn’t good enough. If you’re talking about something really secure and sensitive, it should be really clear to you that this conversation is encrypted. That one’s pretty easy to fix.
The last one I thought was really, really cool, and I just had to show it to you. It’s probably not something that you’re going to lose sleep over like the cars or the defibrillators, but it’s stealing keystrokes.
Now, we’ve all looked at smartphones upside down. Every security expert wants to hack a smartphone, and we tend to look at the USB port, the GPS for tracking, the camera, the microphone, but no one up till this point had looked at the accelerometer. The accelerometer is the thing that determines the vertical orientation of the smartphone.