Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and how the tech are you? It's time for a tech Stuff classic episode. This episode originally published May two thousand fifteen. It is called Hack That Auto two point oh and I had a special guest co host on that show, Joe McCormick. Joe is one of the co hosts of Stuff to Blow Your Mind. He was also one of my co hosts on Forward Thinking, the audio podcast, and he was also a writer on the video series Forward Thinking. Joe is one incredibly intelligent person, even if he doesn't recognize Douglas Adams quotes. And let's have them take it away. Hacking can mean any thing, right like, it doesn't necessarily the connotation we typically assigned to it is someone is trying to gain unauthorized access to something, which really is a subset of hacking exactly. Hacking really could mean that you are building stuff, like you could be a maker. You're trying to create a device that does a very specific thing, and it maybe to do it in a way that no one has done before it, maybe to increase efficiency efficiency maybe the furthest thing from your mind. It might just be to do something creatively. And in that previous episode of Hack that Auto, Ben and I covered lots of ways where you could use technology to alter a vehicle in order to make it do something that it was either not intended to do or that had been limitations that have been placed upon it at the manufacturing stage. WHOA, So you mean like you could overclock your car the same way you can overclock your CPU. Well, maybe not the same way, but getting a very similar response. Because there are governors and speed limitters vehicles right where it is set so that the engine might be capable of producing enough power to get you to a speed above the quote unquote top speed of your vehicle, but there are are elements inside the vehicle that limit those speeds, like you can't go beyond them because they essentially cut the power, so you're not going to be able to get more out of it. But if you hack your vehicle, you could, in theory, remove said limitations at your own peril and be able to go faster than what the vehicle's manufacturer had intended, you know, at the risk of sounding like a gullible sheep. I bet those limitations are there for a decent reason. They tend to be yeah, like I could probably damage your vehicle or do something unsafe if you exceed them. I don't know if you have you ever been in a car where it reached a certain speed and the car was beginning to feel like it was not enjoying that experience. Yeah, the first car I had, if you got up to about fifty five or so, it felt like it was about to come apart. Yeah. Yeah. And there are some cars where, even right off the lot, if you are pushing it at towards the top speed, you start to feel like, yeah, this vehicle is not really meant to maintain this for any length of time. But there are people who want to have that full control of their vehicle, and they want to be able to do things with their vehicle that perhaps the manufacturer had put limitations on, and they will hack their their cars. And this is made possible by well a couple of things. If you have a car that's more than twenty years old, then you might be able to mechanically alter that vehicle. Right. But as vehicles have become more and more complex More and more of those uh, those those systems have become computerized, and it's falling into what some people call the black box problem, which is where you have a system that is essentially contained within a black box, and it is very difficult, if not impossible, to get access inside that black box. You can alter what happens once this is what what whatever the output is of that system, you can alter that, and you can alter the arrangement of various black box systems. But if you don't have that special diagnostic computer right or any other means of tapping into it, then you're kind of stuck. And and the argument is that the technology is reaching a level of complexity where the tinker is becoming more and more rarefied, Like it's it's harder to be a tinker in that world because things are getting so specialized and so advanced that it requires a good deal of specialization just to alter one thing, let alone all the other related systems. I feel like we talked about this in an early episode of the Forward Thinking podcast. This sounds very familiar. But okay, so that's how you hack your own vehicle to improve or maybe not improve but change it. Sure, but what about the more you know. The more popular sense of hacking these days where talking about violating a supposedly secure system making it work for you. So Ben and I talked about this as well, and overwhelmingly the most prevalent version of that kind of hacking required physical access to the vehicle and that you would have a laptop that you would plug in with an adapter to your your cars computer system, and with that laptop you could alter things with the vehicle. In fact, you could even set it up so that you could have remote control of the vehicle through the laptop that's still physically attached to the car. Oh wow, I wouldn't. I wouldn't really expect that with it. I mean, I could see how that could be coming with autonomous cars. But I'm so you could control like gas and break and steering. You could certainly control things like brakes and steering. Uh, not necessarily acceleration, although you could do that too, I assume, but you could certainly alter things like you could you could make the brakes stopped working, and in fact, there have been demonstrations where people have done that where it was done in a safe way. But to show that, like the anti lock brake system would be disconnected, so that hitting the brake would do nothing and the car would continue on as if you hadn't hit the brake at all. Just kind of terrifying to think about. But there was a laptop computer sitting right there, plugged into the dashboard. It was just that the commands. Like, think of it this way, it's the same thing as if someone were sitting in the passenger seat sending the commands from the laptop directly to your car's computer. Only you have removed the need for a person to be sitting there because you have a remote system sitting the commands to the laptop, which then send the commands to the car computer. Well, if you're gonna do that, you might as well just say, well, somebody sitting in the passenger seat could reach over and grab the steering wheel, right, And that was the point, right, That was the point that allot of the car manufacturers were making, that a lot of security experts were making. They said, these examples require somebody to have physical access to your vehicle in order for them to make these alterations, and therefore it's not necessarily something to go out and panic over. Yeah, so that doesn't really bother me? What would really bother me? And and a quick digression, I think you and I are both on the record as being pretty pro autonomous vehicle. I am on it would be harder for me to be more pro autonomous vehicle. I am also very pro autonomous vehicle despite all these concerns, And one of these concerns is what if somebody could wirelessly hack an autonomous vehicle? And that seems like, I mean, hopefully the industry will take all the proper steps to prevent that from happening, But autonomous vehicles do need to be able to communicate with each other, so it seems like they may possibly have some wireless based vulnerabilities. And there are cars out there right now that have wireless vulnerabilities, and we'll talk more about specifics in a little bit. So you are at slutely right that autonomous cars will have these because we have cars right now that have these these wireless vulnerabilities from from various systems. Uh, there have been examples of people using the entertainment systems within certain cars to hack into the rest of the vehicle. Now you would think that these should be networks within a car that are completely separate that don't have anything to do with one another. But there are times where, either because the design is simpler or because of well intentioned reasons, the they are coupled more closely. Like imagine that you have an entertainment system that is wired in such a way where the volume of the system will automatically adjust based upon your acceleration. So if you accelerate more, the volume goes up because it figures, hey, now it's going to be a noisier environment, so I need to balance out by becoming louder so that the person can continue to have the same experience listening to whatever they're listening to, whether they're going slowly or quickly. Well, that means that there needs to be some data coming from the drive system of the vehicle, and it may just be data, and it may just flow one way, which would be the best way to implement that, but it may mean that these systems are more connected than you had first imagined. So as we get into more WiFi based entertainment systems, that is a potential point of vulnerability for vehicles. Yeah, and a thing that just occurs to me is that hopefully anybody who made these would sort of have entertainment systems running on what's essentially a different computer than the computer that controls the engine. Otherwise it seems like it could be vulnerable to the kind of buffer overflow attack or something where you, uh, you have some kind of like you max out the memory on something and then you start and then once you've maxed out that area, it overflows into a place where you can just execute some code. Right. Yeah, that's a good example. I mean that, that's certainly so something that that needs to be thought about when designing these systems. And to make this more complicated, we have things like, you know, the wireless entry systems which can be spoofed, although it's not easy to do so. So wireless obviously that's when you've got, you know, your little key fob and you push a button and it unlocks the door so you can get into your car. Uh. Those work on little radio signals, and it is possible to broadcast radio signals at a car and activate it's unlocking mechanism. It's not easy, and the reason it's not easy is that you need to know generally what frequency this thing is broadcasting over, so it may require you to be in the presence of the key fob being used. In order to pick up on this frequency, you really need to know probably the beginning of the code, which again you can sometimes glean by listening in essentially on that key fob um and then you have to brute force attack because the way key fobs work is it works with a rolling algorithm, So every time you press that button, it changes the code, so the cook but it's changed based upon an algorithm, so it's based upon specific rules. It's not random, because if it were random, no car would ever know when it's key is being used, right, but it But that means that if you are using a remote attack to try and get access to a vehicle, then you have to do a brute force so this can take minutes up to hours, depending upon uh the system and depending upon your luck based upon where you're starting from the code. And also it means that if you have a keyless entry and you go to your car and you try and use it and someone has remotely accessed your vehicle, one of the only ways you might be able to tell, assuming that your vehicle is still there, is that is that it takes a couple of presses before anything works, because it will take a while for the the code on your key fob to match up with the code that's in the car. So in other words, of press it and you're like, oh, nothing's happening, and you pressed a couple more times, then it it'll synchronize up again and then you can have access. Uh, this is something that has been done already. Security experts have shown. There's one in particular who used his own vehicle to demonstrate that you could gain access, but it could take hours and it takes a huge amount of effort, so it's not something that is is probably easier to just get a brick and bash the window. Yeah, it's definitely not likely to happen, right, I get like the likelihood of it happening is incredibly low because there are other ways of getting access to a vehicle that require far less work and far less access to set vehicle for a given length of time. We'll be back with more of this classic episode of tech stuff after this quick break. There are other examples of someone having a remote control of a vehicle, but was it was by exploiting a system that was intended to have this remote shutdown feature. So you you know that a lot of vehicles have this ability for for a an entity to either remotely shut down the engine or do things like hawk the horn, right, yeah, I think, uh, well, I know one scenario in which this occurs would be like, so let's say you take out a loan on a car and the person who sells you the car is not very confident that you will pay back that loan. They can put equipment on the car that prevents it from starting up, right, so they can say, this person isn't paying on their financing, we need to shut down the car's ability to run. Yeah, it's essentially a remote kill switch, and your car will not start at that point. And uh, yeah, it could be hopefully they wouldn't be able to turn off the engine while you're driving. No, I don't think that's that's a possibility, but they could certainly do it, you know, so that the next time you try to start up your car it doesn't work. And uh, it can be used in that case where someone's not keeping up with their payments. It can also be used in the case of a stolen car. So if your car stolen, you report it to the police. You work with the dealership, you explain, hey, my vehicle was stolen, they can actually activate this remote kill switch so that the criminals who have possession of your car are no longer able to drive it, and then the police can hopefully locate your vehicle and you get it back, uh Right. So there are legitimate reasons why you would want that technology install on your vehicle. However, there was at least one case where a person who had access to said system uh accessed it for personal reasons and out of vindictiveness, was essentially harassing somebody using the system to mess with their vehicle. So if you look at a discussions about car hacking and they always say, like, what are the examples of malicious car hacking, they said, well, outside of research and development, where where security researchers are trying their best to do this to see if it's viable, there's only one example of it ever actually happening. And in that case, it wasn't hacking in the sense of someone setting down at their computer and trying to get access to a vehicle, someone exploiting an existing system that was already attached to that vehicle. But that being said, with all those caveats laid out the issue of wireless hacking a vehicle of remotely accessing a vehicle is by no means a dead issue. It is something that is continuously brought up, and as of the time that we're recording this podcast, which is in May of twenty, there's increasing interest in this because of a pair of researchers and what they claim they are able to do and what they will show off at the black Hat Conference in August. What is that? Well, first I should explain what the black Hat Conference is, So it's a um it's essentially it's a hacker convention. It's all about discussing security vulnerabilities and uh the ways to exploit them. Now, in hacker circles, you have white hats and black hats, and sometimes you can argue gray hats. White hat hackers are people who are looking for security vulnerabilities with the intent to have those security vulnerabilities patched so that they are no longer vulnerable. Black hat hackers UH tend to be the folks who find security vulnerabilities in order to exploit them, whether that is to exploit them directly or to exploit them by selling that information to other interested parties, and whether they're doing it for cash or for leverage over somebody, or just for fun, Yeah, just to build their own reputation, as opposed to, you know, a genuine desire to help other folks. So even though it's called the black Hat Conference, it doesn't necessarily mean that these are all people who are gathering around trying to figure out how to control the world through their laptops. Often its actual discussions about these are serious concerns that we need to address in order to make sure that they don't become huge problems go beyond concern to an enormous problem. So the the researchers were talking about actually, I think Ben and I mentioned them to Charlie Miller and Chris valisek Uh, their two security experts who had talked about hacking cars previously. They had uh shown in two thousand thirteen and two thousand and fourteen various ways to hack vehicles UH, and now they are talking that in the two thousand fifteen conference in August they will reveal a way of remotely gaining access to a vehicle. It does not require you to plug a laptop into a computer. They say that you could do this with an unmodified vehicle as soon as it rolls off the dealership. Scary, very scary. Um, that's an excellent question. I think that I'm sure that they have something. The extent of that, yeah, no, no, no, the extent of what they have I do not know. Now. Previously, they have published lists of vehicles that they have looked at that they say represent, you know, the most hackable kind of vehicles, and the very top of the list, where the Jeep Cherokee was number one. That's the most table, most tackable, most tackical. But they they had identify three different criteria for hackability, including things like are the systems interconnected with one with one another? How many wireless points of entry are are potentially there? That sort of stuff, And out of the various criteria, the Jeep Cherokee had the most of them, the most examples. Uh, the Infinity Q fifty was also up there in the Cattle I Escalade as ah as the the SNL Southern character would say, was also up there. And uh, when we're talking about wireless points of vulnerability, really you're talking about any system that has that wireless communication capability. So one example, which is perfectly innocent in of itself, is the tire monitoring system the tire pressure monitoring system. So if you have a vehicle that has this, then like you get in your car, you turn your you know, you put the key in the ignition you or if it's key less ignition, you turn on your car, however that may be. And there might be an indicator on your dashboard that tells you, you know, if your tires are overinflated, underinflated, what the you know, how the pressure is? Uh, which is kind of cool. You're like, oh, awesome, I don't need to get out of my vehicle, you know, pull over to a gas station or whatever and get the air pressure gauge out and see how it's doing. It's telling me right here, um, which is useful. But it's doing so with wireless sensors that communicate back to the the computer system that is governing all the other systems in the car. Yeah. I can see why you wouldn't want wires going to the tires. Yeah, yeah, no, it would It would be problematic, right. So the the wireless system is likely communicating with the what was called the controller area network bus or can bus, which is kind of like the the traffic controller of all the different systems that feed information into the car's computer the master control program. Yeah, if not the master control program, it's got to be like the master control programs. Uh executive assistant, Right, yeah, yeah, it's a it's good old David uh not Yeah, Stark controlling this. So yeah, exactly, it's it's this this traffic controller that sends the information to the computer. Well, you know, that's a potential point of vulnerability. And there have been example of being able to track a vehicle based upon tracking the unique monitoring frequency for that that tire pressure system. So you could potentially track where a vehicle has gone by keeping note of this particular this particular wireless communication system. If you could, can you get access to more critical systems like breaking or steering through that? That remains to be seen. So Miller and uh and Valask have said that they have found some interesting stuff through their experiments. Um, they haven't had this discussion, so we can't say exactly what they revealed, but they have said that UH or at least the black Hat website says that the presentation will include starting with remote exploitation, we will show how to pivot through different pieces of the vehicle's hardware in order to be able to send messages on the can bus to critical electronic control units e c U s. We will conclude by showing several can messages that affect physical systems of the vehicle. So that that's pretty vague, right. It doesn't specifically say that it could do something like break the car as it b R a k E the car, like apply the brakes. Doesn't say that, uh, you know, explicitly, so maybe their methodology will be limited. And in fact, they say that they plan on showing both the reality and the limitations of remote hacking on vehicles. So a lot of security experts have said, listen, this is something to be concerned about, yes, but not something to panic over because one, they have not indicated how extensive these these messages can go, like what what the effects can be. Two, they haven't discussed their methodology of coming up with the ability, the way of doing it, or if whether or not they plan on sharing in detail how it's done. And three, it may require so much effort to do this that, just like the keyless entry, no one would ever bother to do it, because they are easier ways to sabotage a vehicle than going through these processes but showing that it's possible means that further like the future generations of vehicles could be built and designed to counteract this sort of stuff from the from the get go, so that it doesn't become attempting enough target to make further investigation into that that line of attack. Right, Like, if you if you find a vulnerability and you find a really hard way that you can exploit that vulnerability, that might lead to other people saying maybe I can find an easier way to exploit that same vulnerability. As long as that vulnerability exists, it's a it's a target, and if we ever get to a point where it's easier to attack the target than other methods of messing with a vehicle, then you're in trouble. So the hope is that these systems one could be addressed by updating firmware on existing vehicles, and two could be prevented in future vehicle design. Uh. That being said, of course, we still don't know what they're gonna say yet. It may it may be that this is all uh, you know, largely, you know, the speculation that we're having is largely harmless. That could be that's best case scenario. Worst case would be, Yeah, we figured out that we could with a laptop and a wireless transmitter, we can make your card do whatever we wanted to do. That would be bad. Well, I would say, actually, the best case scenario would be that, um, that they actually do turn up whatever are the most critical vulnerabilities that exist, and that leads manufact trurers to take better steps to protect their cars. Yeah, assuming that there are in fact critical vulnerabilities, that is the best case scenario. The true best case scenario is to discover there are no critical vulnerabilities. But the likelihood of that, I mean, if someone's really determined to get access to a system, there hasn't been a system made that is crack proof. You know, eventually, given enough time, resources and willpower, any system that has been made can will eventually be be breached. Speak for yourself. I'm behind seven proxies. I tracked him all the all the way to a pub in Ireland. It turned out he was at least three more hops away. We've got more to say in this classic episode of tech stuff. After these quick messages, Uh well as scary as the idea of somebody hacking the car windows, eleven gives people new ways to get more done. Snap Assist lets you organize your open windows at once with a click. Multiple desktops make it easier than ever to switch between work, school, and everything else. Plus a screen you can actually touch means less typing more. Creating Windows eleven brings you closer to what you love. Discover more ways to get more done with Windows eleven PCs at Windows dot com. Slash brings you closer. Windows eleven gives people new ways to get more done. Snap Assist lets you organize your open windows at once with a click. Multiple desktops make it easier than ever to switch between work, school, and everything else. Plus a screen you can actually touch means less typing more. Creating Windows eleven brings you closer to what you love. Discover more ways to get more We're done with Windows eleven PCs at Windows dot com. Slash brings you closer. Miry redeemed a fifty thousand dollar cash prize playing Chumba Casino online. I wasn't expecting anything and was only playing for fun, so to win this was a dream come true. Join Merry and over one million players at Chumba Casino, America's favorite online social casino. It's serious fun and you can play for free. You'll be spoiled for choice with over a hundred games to choose from. Play with gold coins for fun or sweeps coins for your change to redeem cash prizes. Absolutely anybody could be like Mirry. Be like Mirry, visit Chumba Casino dot com and play for free. Now that c h U m B A casino dot Com win big with Chumba Casino c h U m b A casino dot Com. No purchase necessary void We're prohibited by Law eight team plus terms and conditions apply. See website for details. Again, that c h U m b A Casino Com. The voice in the preceding commercial was not the actual voice of a win for driving is Yeah. About the only thing I could imagine scarier than that is somebody hacking the airplane you're writing in. Yeah, that would that is a a sobering thought right now. Of course, we would hope that nothing like that is possible, That airplanes are designed to be as secure as possible, and that they don't really have any vulnerabilities that you could exploit, like like these, you know, tire pressure gauges or anything like that. We would hope, but that might not necessarily be the case, because this month, in May, if you haven't seen yet, some media outlets have been reporting that a security researcher named Chris Roberts may have hacked an airplane and sent it off course. Yeah. Now, the reason why you're building so many qualifiers into this statement is because, as a turns out, there's there are a lot of differing accounts about what exactly was done and or happened. Yeah, well, our information is a kind of like he said, he said, he said issue. So I'll explain that as we go forward. But who is Chris Roberts. So for years he has been known as a white hat hacker. We talked about black hats and white hats earlier. If you're a listener to the show, you're probably familiar anyway. But the white hat is somebody who, at least ostensibly uh goes out and looks for vulnerabilities and systems in order to improve security, to show you, hey, here's where you're weak. You should shore up your defenses in this area. And so Roberts for years has been known as a white hat hacker, especially in a vionic sort of publicly denouncing alleged security problems and vulnerabilities in networks airline manufacturers put into their aircraft. So keeping in mind that, you know, as the aircraft experience has a al it over time, Roberts would argue, it has introduced vulnerabilities from an electronic standpoint computer standpoint, So things like the in flight entertainment systems, the i f E s, or the fact that a lot of a lot of airlines offer WiFi on their flights. Yeah, that these could potentially be vulnerabilities. Yeah, And so you know, you would just hope that, well, I mean, if a plane's showing me movies on some central computer system, surely that computer is not linked to the computers that control things like I don't know, life support systems inside the airplane. Yeah, the the engine, the navigating computer. You would hope that there's no involvement there. But I'm gonna tell a little story. Okay, So in April, I think it was on April fifteen, sometimes in the middle of April. Yeah, Roberts, the same guy, Chris Roberts. He was removed from a fly by FBI agents after the flight landed in Syracuse, New York. And the supposed reason that everybody figured this happened was because Roberts had tweeted a joke about hacking an airplane in which he was riding earlier that day, and has at least on one subsequent occasion said he was essentially poking the bear. Yeah, so the tweet read as follows, find myself on a seven hundred. Let's see box I F E ice dot com. Shall we start playing with E I C A S messages pass oxygen on anyone smiley face. So he's using some some acronyms there. One of them is I F E that's in flight entertainment. Another one is E I C A S that's Engine indicating and crew alerting system. At the past oxygen on. What it seems to be saying there is he's suggesting it would be funny to to trigger a command that makes the oxygen masks descend on all the passengers, whereupon you would adjust your own mask before helping others. Yes, that's important to remember. Now. Of course, it's important to point out that Roberts did not do anything. He was just tweeting a joke. Right. Still, one could and probably has, argued that such a joke was at best in poor taste and at worst, really dumb. Yeah, well, especially because the FBI acted on it. The FBI agents detained him, interrogated him, and confiscated his electronics. He even tweeted out a picture of the electronics that were confiscated and said, well they're all encrypted, but they're all gone now. Yeah. So that was last month in April. But in May of a Canadian news organization published I guess what must have been a leaked copy um of a warrant application for the search and seizure of Robert's devices. This was itt up by FBI special Agent Mark Hurley. According to this document, Roberts had already voluntarily spoken with the FBI in February and March of so a few months ago to inform them about basically what he claimed were security vulnerabilities in these in flight entertainment systems that we were talking about before. And he identified several aircraft in particular the Boeing seven hundred, the seven thirty seven, nine hundred, seven fifty seven, two hundred, and the Airbus A three twenty. Now, if you'll notice, he identified in his tweet that he was on A seven hundred, one of the ones that had these in flight entertainment system vulnerabilities according to him, and so that's sort of the joke he was making. He was like, Okay, remember these things I've been talking about. I'm on one of these planes now. So the document, the warrant application, claims that Roberts told FBI agents on these earlier conversations that he had exploited these security flaws and penetrated in flight entertainment networks in midflight. So he claims between he penetrated i FE systems fifteen to twenty times, and he said he gained access to these i FE systems by physically plugging in. I thought this was interesting. So he said he physically plugged in via a modified Cat six Ethernet cable into the seat electronics box or SEB, and these are found under the seats in some airplanes, so you can imagine his process. Basically, what he said he did is he reach under the seat in front of him and sort of wiggle this box and squeeze it until the cover comes off, which is quite the feat because many of these are fixed by screws. Yeah, well, we'll go into we'll go into potential object actions to the story. Yeah yeah, oh yeah, yeah. So I've never tried to get into a seat electronic s box myself, have I, nor will I, and nor should you, because it's not a good thing to try to mess with. But what he said is he got the cover off and he'd plug in. It's kind of strange that nobody ever seemed to like notice him doing this. One of the sections to the story. Yeah, but uh so, and again, just to reiterate, this is what the warrant application claims he told the FBI earlier this year. So it's several levels of hearsay, um, but yeah, they said he so, he said he would plug in with this Cat six Ethernet cable and that would give him access to the plane's i FE system, the inflight entertainment one. And then and I'm going to read just a direct quote from the warrant application and this next part. It claims that Roberts told them he quote connected to other systems on the airplane network after he exploited slash, gained access to, or quote hacked the i f A system. He stated that he then overwrote code on the airplane's thrust management computer while a board of flight. He stated that he successfully commanded the system. He had accessed to issue the CLB or climb command. He stated that he thereby caused one of the airplane engines to climb, resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising, slash, exploiting, or quote hacking the airplane's networks. He used the software to monitor traffic from the cockpit system and if true, this is fascinating. The warrant application claims Robert said he used default I D s and passwords to compromise the network. That was a face palm there. If that's true, people change your passwords? Well, I mean, okay, here, here's here's one thing I would argue as far as the changing of the passwords is yes, as it should not be default. At the same time, this is a difficult UH scenario because you have multiple flight crews all using the same equipment. So how do you do I D password management in that case? Like assuming that assuming that the idea and password is is unique to the vehicle, to the aircraft, and not unique to the crew. So if if it's unique to the crew, that's one thing, you know, Like if it's if it's the pilot and copilot who have to put in this I D and password, and it's the same for whichever aircraft are in. That's one thing. But I suspect that's not the case. I suspect it's more unique to the aircraft. That's more. That's tricky. How do you where do you record the information for the aircraft so that the crew has access to it? Um? I mean, I don't know. I don't know, but you can do better than default. I'm sure, I'm sure, And I don't know the answer to this question. And I mean I would hesitate to ask because I don't think I don't need to know. As long as I know that they are practicing good security measures, as long as they're not doing the default IDE and password. Uh, then whatever you know, I'm maybe uh. And then of course he claimed he after this that he used a virtual environment to build a virtual version of the airplane's network that he could then study safely and so to to reiterate this, he, according to the FBI document, Roberts claimed he steered an airplane, he plugged into an airplane from a passenger seat, and caused the airplane to briefly divert off course, that's amazing and amazingly scary if true. Yeah, that that is that is incredibly sobering if in fact it is true. Now, there are some things to consider, and we'll get fully into some questions about this story later on. One of the things is that I think there might be some confusion online in reaction to this story, where one of the things is that Roberts was not claiming that he did this on the day he was arrested. The warrant application is saying that he told them he had done this in previous years. Yeah, and they just got around to arresting him later. Yeah. Well, I think they got around to arresting him because of this tweet and then because they suspected that he had been messing with the flight he was on that day and in April, even though he claims I think he claims that he didn't mess with it that day. Yeah, And so there's there was I believe there was. Part of the the accusation was that the this this electronics box, the seat the SEV had been altered, but Robert says, well I didn't, that wasn't me. Yeah. Yeah, So the FBI claimed it showed signs of TA bring the seat, the one under the seat in front of him on the flight he'd been on that day looked like it had it had been tampered with, but he claimed he didn't do it. And so I don't know what to say about that, except that another interesting question that comes out of this is about the nature of white hat hacking. Right, So, like, if you take this story at face value and just say, let's assume it's true, and you are a white hat hacker who is aware of a very dangerous, very scary security vulnerability, whether it's in a vehicle or a piece of software on the internet infrastructure, whatever, it may be, something that that could really endanger a lot of people, and you're aware of how to exploit it, and you know that other people could exploit it, and you've been trying to warn people about it but getting nowhere. But but it's not getting fixed. What do you do? And so I know a lot of people would look at what he did here, if he in fact did do it, and they would say that that's so reckless. How could you gamble with the lives of all the people on that plane just to sort of like prove something for a little research project. On the other hand, I think, you know, you could argue that well, you know, he didn't tell it to like crash into the ground. He you know, maybe executed something that it would have seemed to him to be an innocuous test. I don't know. Again, we have to say, again, this is all sort of hypothetical because we don't know what really happen. We don't know the real story. Yeah, so a lot of this depends upon what really happened, Right, So I think anything that would that results in the diverting at all from a flight plan is incredibly reckless, even if even if it's too demonstrate, Hey, you really need to pay attention to me, these vulnerabilities exist. I think that's it taking taking that approach where you are potentially putting the lives of everyone on board that flight, not just yourself. I mean, if it were just yourself and you were just proving it, then that's one thing. But you are taking You're taking it's an incredible amount of bravado to say I'm gonna put the lives of every single person on this plane in danger. I am potentially going to uh to to eliminate the lives of everyone here and forever alter the lives of all of their loved ones like that, not to mention potentially the lives of people on the ground as well. I mean, it's just incredible. Yeah, I totally agree. But then on the other hand, you could also make the argument, like, with this security vulnerability in place and them not doing anything to fix it, that are already in danger and you're trying to get something done, the best I could say is that there has to be some means of getting that message across without physically altering the pathway of the aircraft, Like you could send a message some other way, or you could document what you are doing and send that documentation on and say, look, this is exactly how it works. If I can do it, then potentially other people can do it. And that's why you need to address the security vulnerability. I think. I think there are other ways that would have gotten just as much attention from an official standpoint without potentially harming people. Assuming that the story that we hear in the affidavit is in fact what happened. Yeah, and so now we really do need to get to that point what really happened, because there are people who have raised serious concerns about the version of this story that's come out, and it's it's hard to identify if if it's not true, where the fault lies. Was there a problem with the FBI? Is retelling of of Robert's supposed story? Did Robert's mislead the FBI? Did the FBI not understand what he was telling them or did? Or were they misleading in their report? But there are places along the line where we could have gotten the wrong story from this document. Stay tuned for the exciting conclusion of this tex Stuff classic episode right after we take this break. So, no matter where the fault may lie, there have been a lot of people who have pointed out problems with the story. So whether it was the original Roberts story or was the retelling, that's kind of beside the point. Here are some of the objections. One of the big ones is one that we've raised already, the idea that if it requires plugging a modified cable into an electronic box that typically is not accessible by a passenger, why didn't anyone else notice or comment on it? Or you know, because again, and it requires some manipulation of the box to get access to it, even According to the affidavit story of what Roberts was saying, um, and a lot of these do have screws that are set in, so you would have to unscrew a a a panel in order to get access to the ports that are inside of it. Why would no other pastor or flight attendant have noticed this because it's it's you know, it's fairly disruptive. On one hand, I agree with that, but then there's a little part of my brain that says, yeah, but what's the easiest way to rob a bank? Show up and look like you know what you're doing. Just walk into the vault like you're somebody who's supposed to be going in. Yeah. I mean, there's a certain thing to be said for if you just don't act like you're doing anything shady, but you've got this sort of like aura of yeah, this is what I normally do. People just don't really question it. They're like, Okay, I assume me knows what he's doing. Well, and I suppose if if someone saying next to that person just assumes that what they're doing is plugging in a device to charge. Because some a lot of aircraft now have you know, outlets for that sort of thing. Maybe that's the assumption. I still think that flight attendants would find it interesting, but maybe. But let's let's all right, let's go ahead and say that that's one of the objections. But the other one is that you have to you know this. This also assumes that the i FE is in fact an interconnected network with the same computers that control the flight controls, and not two separate networks that have limited or no connectivity. Right. So this is the objection that I really hope is correct. And the objection is the airplanes do not actually have this vulnerability, right, Like, he couldn't have done what he said because it's not possible. Yeah, Now, there are some connections that have to be there for most of these i FE systems, because if you've ever been on one where you have the track my flight, then obviously the track my flight uh app or whatever you want to call it in the entertainment system, that feature is gaining some information from various systems aboard the aircraft, uh you know, things like altitude and air speed and the temperature outside all this kind of stuff. Um, how how far are you from your point of origin? How far are you from your destination? But all that being said, that could totally be connected to computer systems that have no other connection to anything else. Right, Like, there are a lot of redundant systems aboard aircraft for very good reason. You want there to be redundantcy for safety. So and it could also be that the information that's coming across is again traveling in a very specific one way path that there's no way to go upstream of that information. Um, and that would make the most sense. In fact, Boeing says the connections are limited and offer no access to flight controls through the i f E. UH, and that means that you wouldn't be able to get access to this thrust management control using the i f It would be impossible. So you know, you might be able to hack the i FE and get access to it and maybe require everyone to watch biodome, but you wouldn't necessarily be able to terrible. It would be awful, yeah, but not as awful as having someone altered the flight path plan. Um. Now, there have been some folks who said it's it might be possible that the i f E has a direct connection to climate control, which matters, Yeah, because if it's on the same system as climate control, and you shut down climate control, then you're going to force that aircraft to land. Uh. I don't know how much access to climate control the typical i F has. It may only have access to vent control, even your vent is on or off and that's it. It may not have any access to the actual climate control part. I don't know. But if it does have access to climate control, that could potentially be a point of vulnerability that could be exploited to force an aircraft to land prematurely, um most likely flying to the closest airport that has availability and landing. So it's not like it's not like, you know, a drastic emergency, but it would require premature landing, which obviously would be problematic at best. Yeah. I also remember seeing one criticism of the story that that essentially said that pilots would have to review any kind of like review and approved any incoming change to the flight path or flight control. Yeah, that's the aircraft systems are designed for safety. And again that redundancy is meant for not just the systems, but for commands given to the system so that you know, think of any computer program where you've had, you know, something where you you choose a command and it pops up and says are you sure, and you hit okay. Multiply that by a hundred, and that's what we're talking about aircraft systems for good reason that that you know, you are meant to review and approve these things, so that anything that would affect a key element of the aircraft's operation would require approval, review, and approval, and not just a command issued by a computer. So that's another objection. Uh. There's also a Mashable has an article on this. They interviewed a pilot. The pilot requested to remain anonymous in the interview, so we don't I trust that it's really a pilot. I do too. So the pilot said that Robert's claims, according to what the FBI said, at any rate, we're false because the systems he had claimed to access didn't exist aboard the type of aircraft he was on. Now, granted, this might have just been been uh limited to the seven story, and it could be that it was a different aircraft that he claimed he had gained access to, but he said, the pilot says, if Roberts is saying he was hundred when he did this, it's impossible because the system he claims to have taken advantage of, can't do that. He also points out the eye cast system you were talking about earlier, that that just displays messages. It doesn't have any control over the aircraft at all. All it does is tell you stuff. It's a redoubt essentially. Ah and be like trying to compromise a computer by issuing print commands. Yeah, yeah, you might be able to print some naughty words out, but it's not It's not affecting any other part of the computer. Uh. And then he also pointed out that the I f E and cockpit systems had no point of commonality except for the fact that they both drew power from the same power source. But that's it. They didn't have any crossover. There was no connectivity between the two. So it is entirely possible that the this is a big fuss over over largely nothing. Um, but I mean I certainly hope so yeah, but also hope no matter what the true facts of this case, where I hope this is at least encouraging airline manufacturers and the people who design their their hardware and software to re examine the security of their aircraft. Right. Yeah, and really put it through vigorous testing. And I don't mean to suggest that they don't already do that. I imagine that these companies, I mean, obviously they have a vested interest in making sure those those systems are tested vigorously with lots of different attempts at intrusion. The various scenarios have to be run about how likely or possible is this? Because I mean, it's it's it's life and death, and a company has to be able to rely upon having the reputation of being responsible for something as important and potentially as dangerous as air travel. Um So I I'm fairly confident that that the security vulnerabilities are very seriously looked at in these cases. Whether the Roberts case is as extreme as has been indicated in that affidavit, I don't know. I mean, if that is a possibility, then that's certainly warrants a re examination of how these network systems are laid out within an aircraft. Now let me do let me tell you something. This is background on Jonathan Way. Before I worked for How Stuff Works, years before I had worked for uh, you know, I worked for a couple of consulting firms. Is before that, this is way back when I was looking for my first job. I landed some contract work with an airline and my job was to transcribe audio files that were detailing the various systems aboard aircraft into text files so that there'll be a text copy of these audios. As far as I know, they didn't have the manuals or the hard copy anywhere. So it's my job to transcribe hours of technical documentation about these aircraft, which included things like how the cables were laid out in the systems, and it was fascinating to learn at the time. It was nothing you know, that was exploitable or anything like that. It was just interesting. But it really displayed to me the care that goes into designing these systems to make certain that this redundancy is there, and it actually it really reassured me quite a bit while I was doing this, like it removes some of the the mystery behind aircraft, and also displayed exactly how incredibly um detail oriented these designers had to be, which you know, makes sense if you think about it for more than a second you realize, oh, of course they have to be. But it really drove that home. So I was very thankful to actually have that experience. It's one that not a lot of people have necessarily had. Now. I will also say that it was for a lot of old aircraft that aren't around anymore, because this was many years ago, and those aircraft have since been retired from various fleets. But I think there's old aircraft still in circulation. Yeah, but you don't see a whole lot of these gigantic old war horses. They've been they've been replaced by newer more. Um. Yeah, you know, you know, back back when uh an aircraft consisted of a giant rubber band and a lot of hope. No, it wasn't like that. But one other thing I wanted to point out, kind of going back to the car discussion just briefly, is that whether or not these concerns are critical, like whether or not these are things that we really need to worry about. Most most security experts say right now, the trouble you'd have to go through in order to exploit any of these so called vulnerabilities would be so great as to render the meaningless. That doesn't really matter, because there's been so much public interest shown on the story for obvious reasons. That is it has prompted politicians to get involved, and Congressman Ed Markey sent out a letter to twenty automakers after the two thousand thirteen black Hat conference that that are earlier one where uh they were demonstrating the ability to hack vehicles by directly hooking up computers to the diagnostic system UM and he sent these letter to twenty automakers to ask about their security measures for wireless attacks. Now, all of the automakers that responded, and I think sixteen of twenty cent responses something like that, but all of the response the ones that responded said their vehicles had wireless points of access, so at least one wireless point of access that could potentially be used to connect to the car, not necessarily exploit a vulnerability, but to connect. Seven of the respondents said that they used a third party to test their systems for security vulnerabilities, So essentially white hat hackers. They went outside their own company to hire contractors and say, see if you can gain wireless access were mode access to these security systems, and if you can or these these what are supposed to be secured systems, and if you can, let us know how you did it. So we can address that before we release the vehicle as a production model. Very responsible, But only two said that their vehicles had countermeasures for hacking attacks on stuff like breaking and steering systems. So the story that gets out from this is that you know, only a couple of car manufacturers when they weren't named, actually have the security measures in place, and only seven are using third parties to test their systems. The flip side of that argument could be there's no demonstrable security issue yet that that would be enough to create a concern. However, it is good to be aware of it and to perhaps start building in these kind of safety features moving forward, knowing that it's not like the world's going to get less connected, right, We're gonna continue to see that trend go, so we need to be certain that we're doing so in a responsible way, in a safe way. Totally excellent. I'm glad you agree. So, yeah, this was This was a fun kind of thing to look at, and I mean, ultimately, I would always argue, apply critical thinking to the situation. Don't react with your initial emotional reaction. I mean, anyone who sees anything like this, I'm sure the first emotional reaction is a fear, a feeling of unease, if not fear right, because I mean, when you are behind the wheel of your car, you know you want to be in control. You don't get the thought of someone else potentially gaining control of the situation that you felt you were in control of is that's scary. So, I mean, it's understandable, but apply critical thinking. Know that it is not likely to happen. There are other things that are far more likely to happen, and as long as you take those precautions against those, you're probably okay about these other more remote possibilities. Um And again, if you are in a position to make decisions about these kind of systems, whether it's you know, from a car manufacturer or maybe you do aftermarket stuff, then keeping that in mind and keeping that as as part of your best practices of of testing the security of your systems, it's definitely something you should look into. I hope you enjoyed that episode called Hack that Auto two point oh. Clearly, as cars get more and more computerized h there are even more literal hacking things we could talk about with vehicles. In fact, I have covered some of those in the past, So maybe I'll do a follow up to this episode in the future. If you have suggestions for topics I should cover in episodes of tech Stuff, please reach out to me. The best way to do that is on Twitter. The handle for the show is tech Stuff hs W and I'll talk to you again really soon. Y. Tech Stuff is an I Heart Radio production. For more podcasts from I Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.