TEDxMidAtlantic 2011 - Avi Rubin - All Your Devices Can Be Hacked
HTML-код
- Опубликовано: 30 ноя 2011
- Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. Avi's primary research area is Computer Security, and his latest research focuses on security for electronic medical records. Avi is credited for bringing to light vulnerabilities in electronic voting machines. In 2006 he published a book on his experiences since this event.
Наука
The key to security is free and open source software.
Proprietary developers use security by obscurity because it's cheap, but as this talk shows, reverse-engineering is easy. Free software does not keep secrets from anyone, so vulnerabilities can't be hidden and swept under the rug. And to remain secure, they must have features that actively works to keep the system secure, which is much harder to break than common security by obscurity.
Very interesting talk. Most enjoyable, informative, witty and humorous. I loved it and learned quite a bit about digital literacy and know I am NOT digitally literate.
Interesting talk. I wish that even more decision makers / managers would watch this, get someone to explain it to them and then actually deal with it instead of only thinking about reducing short term costs and time-to-market.
Actually, we need to start teaching engineering as a high school subject. Engineering teaches the brain how to think different, like a hacker does. Also, benefits society as we need engineers.
I couldn't agree more! Very practical, logical, & open-minded ways of thinking as well as problem solving! Indeed a vital life skill that should implemented in middle school at the least
My lord, I think the most horrible and unbelievable thing is that the hackers use the accelerameter to read what we are typing!!!!!
Could be handy to have local "everything is done manually" day, few times per year, so that skills and capacity to keep things working exists if and when needed. Powerplants operated manually, traffic guided manually, utilities manually, (um... phone lines switched manually ? how does one do that with cellphones ?)
Very, very informative and good talk.
Great talk Avi. Very well done. Congratulations.
dis helps a lot..we r in world where our lives can easily be dictated by others..
Great Talk!!
Really Enlighten Me
Quite often, these attacks are only possible under lab conditions. I have worked with many vendors that have shown in practice, the devices were not as exposed as they were in these researchers' labs. BUT, the firmware should definitely be fixed anyway!
But consider what an "epidemic" is. Since so many devices are all alike, once a vulnerability is found, a whole bunch of devices could suddenly become infected. People are more resistant to epidemics, as we are not all exactly alike.
And as more devices become remotely accessible, imagine the potential for abuse. And what is with the insane rush to smart meters and smart appliances? I see little to no benefit to much of it. Do we want to allow some eco-nerd in some corporate or government office, to punish you for running your clothes dryer during peak air conditioning demand time, and to reprogram it so that it lets your wet clothes mildew and mold, until 3 am in the morning? Do you want the government watching or setting your home thermostat for you?
Does every fancy electronic device, even need remote access?
People think because they are doing nothing wrong, they don't need to concern themselves with the government spying on them. They could not be more wrong. The corrupt United Slaves of America government is paranoid, considers us all to be the enemy, wants to control and manipulate everybody, and the more info they steal about us, the more they can probe for "possible wrongdoing" that isn't even really that unusual, and is not actually wrongdoing but merely indicative of the prospect. How many times can we successfully prove ourselves to be innocent, before falling into some government entrapment trap?
we know how hacking works. the problem is, it's extremely hard for security professionals to convince business execs to invest in proper security and teach network/software designers how to code with security in mind.
Great vid!
One thing that is kind of ignored during scare talks like this is there is little motivation for it. Hackers have a lot of schooling and/or years of experience put into what they do and at the end of the day they are looking to make a profit. There is not exactly a whole lot of profit to be made by stopping someones pace maker or disabling someones breaks.
I'm not saying that these types of things shouldn't be looked into but it's not exactly a threat that has end of the world possibilities.
That's some interesting stuff! Security is always lacking in early implementations of new technology!
What makes you think any of these attacks have not ALREADY BEEN USED to make an assassination look like an accident?
did anyone notice the lack of blackberry (rim) presence in the video?
@2minutestomammoth What do you think computer defense people do? Why do you think they're able to put out the protection they do?
all of the commenters are over fifty, my mother watched this and has completely freaked out demanding we only use one device at a time, so when she is watching TV i cant be on my computer. why would you say "am i scaring you yet", its like telling a child that a monster is going to kill them in their sleep, sure it informs a person of their threats but it can also be to much to handle.
The thing is to have a come back.
@2minutestomammoth We have now electricallly operated accelerators in most (if not every) modern cars, some handbrakes are also operated electronically... but letting a computer decide whether to apply brakes or not is just plain stupid - that's why brakes and steering should always be physically connected to pedal/steering wheel.
ANNONYMOUS ;)
@Xyros7
Well you are lot's of fun. You must be the guy everyone calls on Friday nights to hang out with...right? Sometimes jokes are just looking for a smile. I thought he did really well at lightening the air of what could very easily been a dry presentation.
@2minutestomammoth I daresay somebody's replied to you, but in case they haven't: hacking is not easy. It may seem easy, but it's not. It's simply not practical to learn how hacking works in order to protect yourself. If so, everybody in the world would have a computer science degree. What is needed instead is the people to say that they won't buy something until the company has done their due diligence in protecting the end-users of the devices.
the security of such devices will not be improved from the company's in the future if nobody attacks them.
Making assasinations look like accidents...
Michael Hastings... and how many others??
No, expect hackers to fix it. They work in security.
wait... they could hac my freakin CAR trough my RADIO?!
@MrSayier Sir, you must truly be too kind hearted and noble. What if someone hacked into Dick Cheney's pacemaker, when he was VP, or someone hacked into the brakes of an important politician's car.....profit is not only to be measured in dollars, my trusting friend....! :)
I am fucking horrified. How in the hell has the consumer market not see this coming in the future of programming and technology. From this point on, I am going to make a effort to learn how to defend myself from technological threats, and to maybe learn some coding so possibly I can play some offence if need be. I recommend that everyone that reads this comment does the same, so everyone as a society can improve the future capitalist market.
Adam Peckham How? Throw out all of tech stuff, move to a cottage, what well-covered by hills, mountains. No phone signal, no satellites. Otherwise they're watching you and if they want, they ruin your life. Maybe, just for fun.
Funny enough, people are more afraid of other citizens or even people outside of the US government hacking and spying on them than they are when it comes to the US Government spying and possibly hacking them. Which yeah there are a lot of points in this video that will make almost anyone uneasy, but really most people don't know how to hack or how to write coding themselves. Most people these days, assuming that they are all gamers or trying to get to the top of the boards on online games or to get the best stats, will hack games and make the game still send a legitimate signal to the servers that it wasn't hacked what so ever.
I think we could say that moron (human) drivers have already been hacked. Somebody programmed their stupid minds for them to drive like morons. Which is yet another compelling reason for self-drive cars. Hopefully, the self-drive cars will have better security against bad driving.
should have written it in perl, wouldn't have any buffer overflows like this.
Those hacker scientists sure have an awesome job!
As long as something has proper software but limited hardware like a digital watch that cannot connect to internet or have a spot to stick a gig stick in, is not gonna be a hack-able device off the bat! The person would still be required to crack it open and install the needed hardware! Unfortunately hardware needs software! Now for instance I have an MP3 that can store data and it's USB like nothing preventing me putting slack ware to create a live OS to then read sensitive data on someones Windows computer or Linux or even Mac. if you don't have the hardware and software to hack then that is technically Unhackable till someone Physically changes it! So your Keylock padlock is ok till a person installs software, controller, motor, and a source of electricity to the normally hunk of metal to convert it into a device , then it becomes a lil more hack-able but it still even then has one function for each thing and since it's not wireless yet, you actually achievement nothing quite yet till it can send and receive wireless lols! I do admit that machines that can send strong Magnetic waves can probably program such things but not 100% sure :)
if you think outside the box that digital clock although has no option to connect to internet still is running on electricity. This means it has to have some sort of moter board cpu etc. Because there is electricity and you can send and recieve wireless electricity its also hackable some software hack is no different to manipulating cpu with electricity but yes it would be probably very hard to use that
why the hell are there so many TED channels
Why not do something good with all of this creepy technology? Why can't devices with microphones figure out when you are having a "medical event" or heart attack and call assistance for you? Or why can't the smart-phone or device become alarmed when it figures out that its elderly owner has been lying on the floor for the last 5 hours? Or why not find better ways to spy upon the corrupt government?
Perhaps someday, with better AI programming, programs can fight back against hacking attacks. Perhaps a pacemaker might decide, "No, I don't think that is reasonable to be ordered to shut down, while still inside of this human body. Must be a hack attack. Log the pattern for further study, and terminate access." Or become suspicious after too many failed attempts to gain access. No human would be able to make 1000s of attempts per second. Must be some malicious bot?
Who doesn't get an absurd amount of telemarketing calls, that pretty much say, "Pull out your wallet and give us money, for junk that you do not need"? How many of us do it? Most do not. Why? Yet stupid computers would say, "Okay, whatever you say"?
And why is it that 90+% of dead people, vote DemocRAT? We better be looking at who is writing the software or manipulating the electronic voting machines.
not enitrely. "they" can hack a car radio separately.
Finally - in the near future, with many people implanted with wifi - and I can leave my lair and finally assume my destined role - Keyboard Warrior
Or maybe, we could just learn how to use the E-Brake...
Pretty messed up.
My latest IOS iPod disagrees.
But I'm not a doctor...
Michael Hastings
Probably the certificates branding small code
Michael Hastings mercedes....
everyone who ever have played a game with glittering loots/drops saw the flash at 1:33 ;)
Hmm, sounds vaguely like Abstergo in Assassin's Creed...
Your mother is right, though her way of mitigating it might not be. Don't resign yourselves to a life under the terror of back doors and shoddy security. Check out the Free Software Foundation and the GNU project at fsf.org and gnu.org, respectively, and you can be free!
Michael Hastings!!!
... and we are proceeding full steam ahead with a forced "smart grid" infrastructure. So only the entire power grid is at risk now. Brilliant.
too fucking good the video
@2minutestomammoth You don't think bad people already know about this? I can assure you that they do! ^^
@dicktater54 False profit is measured purely in dollars. Are there people that want to kill people purely for opposing ideals? Yes, but those people typically aren't going to be capable of doing it in a way this complex.
@McGuffyFL I concede, I did overlook hitmen and the like.
FrankerZ
so that's what happened to toyota...
That's soooooooo scaaaaaaaaaaaryyyyyyyyyyyyyyyyyyyyyyyy!!!
NSA = [You're] Not Secured At All
Isn't it illegal now to even test the security vulnerabilities on vehicles?
NSA, Equation Group love to get in and proliferate de-secured Technical standards [ISO/IEEE/RFC etc]. Why is the WPS wifi one key not an 8 digit code but a 2 octet 4 digit code.. tell me that wasn't a standard pushed by internal 'intelligence' industry assholes when we took away there easy to hax0r WEP standard the same ones that called WEP Wired Equivalency Protocol. laugh. Then don't let Wifi device retailers actually claim to have official'WiFi ' (invented nonsense term btw) licensing unless they include WPS and preferably not a way to disable it, without a spl;oit... ;]
let alone these specific software cycle shortcomings that creep in on a Friday afternoon ...
osearth esp not If it's your own
New electric meters are now "smart" in that they are mini computers complete with microprocessor chips, hard drive, and wireless antennas to transmit usage. Just say NO to these stupid devices. They can be HACKED.
You could just wear a lead lined shirt to prevent implant hacks.
get in your Faraday cage'd microwave ;]
lol and people wonder why i have covered my cards in alluminum foil and drive an older model car XD
So why haven't hackers killed Dick Cheney yet?
id love to hack one car!
@LinairianiL It's because Rim sucks and no one wants it.
watchdogs...
Did anyone notice how hard he tries to be funny, but fails over and over?
WEAK!
Poor guy, all of his jokes flopped.