National Center for Telecommunications Technologies Director Gordon F Snyder Jr and Mid Atlantic Institute for Telecommunications Technologies Director Mike Qaissaunee take a weekly look at the Networking, Information and Communications Technologies and how they affect the world of business, industry and education.
Ten Minutes with OP-TEC Webmaster Ian Anderson
The National Center for Optics and Photonics Education, OP-TEC, is a consortium of two-year colleges, high schools, universities, national laboratories, industry partners, and professional societies funded by the National Science Foundation’s Advanced Technological Education (ATE) program. The participating entities of OP-TEC have joined forces to create secondary-to-postsecondary as well as returning adult “pipelines” of highly qualified and strongly motivated students and to empower two-year colleges to prepare technicians in optics and photonics.
Hacking Car Anti-collision Systems [19:08]
Hacking Car Anti-collision Systems, August 28, 2016
A group of researchers presenting at this month’s Def Con hacker conference showed how they were able to trick Tesla's sophisticated anti-collision sensors to make a car hit an object it would normally detect in its path.
Before we start on the cars – you went to Def Con this year Mike – how was it?
So let’s get to the cars now – who did this research?
The group consisted of Chen Yan, a PhD student at Zhejiang University, Jianhao Liu, a senior security consultant at Qihoo 360, and Wenyuan Xu, a professor at Zhejiang University and The University of South Carolina.
So can you give a quicker overview of what they did?
They discovered methods for "quieting" sensors to diminish or hide obstacles in a car's path, "spoofing" them to make an object appear farther or closer than it actually is, and jamming, which, Yan said, renders the sensor useless as it's "overwhelmed by noise."
Could this be done now? I mean, if someone is driving a Tesla or any other car with this kind of sensor technology, should they be concerned?
It's important to note that the demonstration was a proof-of-concept that did not mimic real-world conditions today. Researchers were working on cars that were usually stationary with what was sometimes very expensive equipment. They noted that the "sky wasn't falling."
But the experiment suggests that theoretically, a few years from now, somebody could make a device that could jam certain sensors in a nearby car.
Can you talk about these sensors a little more?
There are a number of sensors on a Tesla Model S that are used for a variety of functions. It has radar to detect objects in front of it, GPS for location tracking, and cameras to detect speed limit signs and lane markings, for example. As the talk showed, many of these things can be tricked by a determined attacker.
Is it just Tesla people need to be concerned about?
Much of their presentation focused on the Tesla Model S, but they also successfully jammed sensors on cars from Audi, Volkswagen, and Ford.
So what kinds of systems were they jamming?
Cars with ultrasonic sensors
Cars with parking assistance
The Tesla Model S with self-parking and summon
Let’s talk a little more about what they were able to demonstrate.
In a video demonstrating an attack, the researchers jammed sensors in the rear of the Model S, so the car did not know it was about to hit a person standing behind it. In another, they "spoofed" its Autopilot to trick it into thinking it would drive into something that was not actually there.
You mentioned they talked about using lasers – can you give any details?
They also used off-the-shelf lasers to defeat the onboard cameras, and, in one of the most low-tech demonstrations, they wrapped objects up in cheap black foam that rendered them invisible to the car's sensors.
What kind of feedback did they get from the manufacturers?
Yan said after the talk that Tesla reacted positively when they disclosed their research, and it was researching ways to mitigate these types of attacks. "They appreciated our work and are looking into this issue," he said.
So, in summary what are the auto makers concerned about after this presentation?
Realistic issues of automotive sensor security Big threat to autonomous vehicles (present and future) Attacks on ultrasonic sensors Attacks on Millimeter Wave (MMW) Radars Attacks on cameras Attacks on self-driving cars Where can people get the full Deaf Con presentation?
It's available at Def Con’s website https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf
Lock It and Still Lose It [24:11]
Q: Could you tell us a little about how this research began?
A: Actually in 2013 Flavio Garcia, a computer scientist at University of Birmingham, and a team of researchers were about to reveal a vulnerability in the ignition of Volkswagen cars that allowed them to start the car and drive off without a key. This vulnerability was present in millions of VWs.
Q: You say “about to reveal”?
A: Yes, they were sued, which delayed the publication of the work for 2 years. They used that time to continue their research into vulnerabilities with VW cars.
Q: So did they find anything new?
A: They sure did. The paper they just published identifies flaws not only with the ignition system, but also with the keyless entry system.
Q: How many cars are we talking about?
A: The researchers claim that every Volkswagen sold since 1995 is affected. The estimate is nearly 100 million cars!
Q: Which cars are affected?
A: There are two distinct attacks – one impacts Audi and Škoda cars; the other Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
Q: Do they provide any details of the attack?
A: They use radio hardware to intercept signals from the victim’s key fob, using the intercepted signals to clone the key. They started with software defined radio connected to a laptop, but have moved to a small $40 setup that includes an Arduino board with an attached radio receiver.
Q: How concerned should we be?
A: Of the two attacks, the one targeting Volkswagen cars is most concerning because (1) there is no indication to the drivers that they’ve been compromised, (2) one a single button press needs to be intercepted.
Q: Why is the security weak?
A: It turns out that millions of Volkswagen vehicles share a single cryptographic key. Using the hardware we described earlier, researchers capture another key unique to the target vehicle that is transmitted every time the button on the key fob is pressed. By combining these two key, the researchers can clone the key fob. A single interception and the car is “owned”.
Q: So it’s that easy?
A: Not quite that easy. A few caveats. The attacker has to be within 300 feet of the car. The shared key is not quite universal. The shared key may change based on the model of the car and the year. Also, the internal components where the shared is extracted from may be different.
Q: So the key’s not universal. That’s good, right?
A: Yes, except that the 4 most common keys are used in nearly all the 100 million Volkswagen’s sold in the past 20 years.
Q: So should listeners sell their Volkswagens?
A: No, not yet. The researchers have not revealed where the shared key is stored, but a determined hacker could reverse engineer the keys and publish or sell them. And a newer locking system, used in the VW Golf 7 and other models, uses unique - not shared - keys and it his immune to these attacks.
Q: You mentioned that there are two attacks. What’s the second?
A: The second technique exploits flaws in a common cryptographic scheme called HiTag2 that is used in millions of vehicles.
Q: How does this attack work?
A: The hardware setup is similar to the previous attack. One big difference is that you don’t need to extract any internal keys from the car. You do have to intercept more codes from the target key fob - eight codes specifically. These codes include a rolling code number that changes with every button press.
Q: Sounds a lot like cracking a WEP key on a wireless network.
A: It is. In fact, the researchers suggest jamming the key fob so that the driver has to repeatedly press the button. Essentially generating more traffic to capture. Similar to a so-called replay attack used to help speed up the cracking of WEP keys.
Q: Why not just updated the encryption scheme?
A: It turns out the HiTag2 crypto system is hard coded into chips made by semiconductor company NXP. According to NXP HiTag2 is a legacy security algorithm - 18 years old. Since 2009, they hav
Intro To Pokemon Go [31:14]
4K Ultra High Definition Television [22:37]
Title: 4K Ultra High Definition Television
High definition has meant 1080p (1,920 by 1,080) resolution for years now, and it's ready for an upgrade. That's where 4K, also called ultra high-definition, or UHD, television comes in. 4K is finally a mature, accessible technology. In this podcast we take a close look at UHD 4K technology referencing a PC Magazine post.
First some continued bad news on the security front …
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone – Dan Goodin
Out-of-date apps put 3 million servers at risk of crypto ransomware infections – Dan Goodin
Now for a little good news …
Petya Ransomware's Encryption Defeated and Password Generator Released – Lawrence Abrams
NSA Launces 2016 GenCyber Camps
What Is 4K?
How Is 4K Different Than 1080p?
What if you have a 4K TV but not any 4K content?
What About HDR?
What 4K TVs Are Out There Now?
Is There Even Any 4K Content You Can Watch?
Do You Need 4K?
Engineering Technology and Engineering Degrees – What is the Difference [20:30]
Questions we try to answer in the podcast:
1. What is the difference between an Engineering Technology
degree and a Bachelor of Science in Engineering?
2. Can you also get an AS or AAS degree in Engineering
Technology at a Community College?
3. What is the career path for an Engineering Technology degree
holder versus a Bachelor of Science in Engineering?
4. What should you be doing in high school if you are interested
in an Engineering Technology or Bachelor of Science in Engineering
5. What courses will you likely take in college if you pursue an
Engineering Technology degree?
6. What courses will you likely take in college if you
pursue a Bachelor of Science in Engineering degree?
7. What interests are common to engineering technology degree
and engineering bachelor of science degree pursuers?