1
00:00:00,240 --> 00:00:04,530
With the National Cyber Warrior Academy at the University of Georgia, we're learning a little bit about

2
00:00:04,530 --> 00:00:05,390
car hacking.

3
00:00:05,730 --> 00:00:12,120
So over the weekend, we learned that a car, an automobile, has a controller area network, a Khan

4
00:00:12,120 --> 00:00:15,420
network that runs well throughout your entire car.

5
00:00:15,780 --> 00:00:22,590
But it allows you to utilize network sniffing tools like we've seen Wireshark and a couple of other

6
00:00:22,590 --> 00:00:27,900
sniffers to capture the network information that says what's going on in your car, whether that's your

7
00:00:27,900 --> 00:00:33,990
blinkers, your car stereo, your air conditioning, your accelerator, your brakes, your door locks,

8
00:00:34,230 --> 00:00:39,510
we can see all those things and we can tap into the network with just a USB cord and a cable that you

9
00:00:39,510 --> 00:00:46,680
can buy for 20 to 40 bucks on Amazon called a can to USB and has an onboard diagnostic port that plugs

10
00:00:46,680 --> 00:00:47,680
in under the steering wheel.

11
00:00:47,700 --> 00:00:52,920
So what I'm going to do with five of our mentors today is actually take a little time to show them how

12
00:00:52,920 --> 00:00:54,150
to connect to my car.

13
00:00:54,150 --> 00:00:57,240
This is my actual 2007 Volkswagen Jetta.

14
00:00:57,480 --> 00:01:02,730
And we're going to listen to some of the signals coming out of our onboard diagnostic port through a

15
00:01:02,730 --> 00:01:04,590
simple dashboard program that we've set up.

16
00:01:04,590 --> 00:01:10,350
So you can see things like fuel economy and how well the tachometer, just about everything from the

17
00:01:10,350 --> 00:01:10,920
dashboard.

18
00:01:11,310 --> 00:01:13,380
So know what you want to give the first shot.

19
00:01:13,740 --> 00:01:17,880
All you need to do is first plug this into the laptop and make sure we get a yellow light on there.

20
00:01:19,680 --> 00:01:23,520
And then, Sean, I'll show you where to plug it into the onboard diagnostic port.

21
00:01:24,330 --> 00:01:24,560
Yep.

22
00:01:26,790 --> 00:01:32,820
So what we're doing is first making sure that we're connecting from the computer to the tool, the cable

23
00:01:33,600 --> 00:01:36,590
and make sure we get a yellow light on the underside of the cable there.

24
00:01:38,010 --> 00:01:38,340
Good.

25
00:01:38,370 --> 00:01:45,210
All right, John, you want to step up under here with NOAA and run at the base of the steering wheel?

26
00:01:45,210 --> 00:01:50,490
On the left side, on the left over here, closer to the door here, you should see a purple port on

27
00:01:50,490 --> 00:01:51,030
my car.

28
00:01:52,350 --> 00:01:54,210
Looks like a really big cereal cable.

29
00:01:54,600 --> 00:01:56,370
And that's the onboard diagnostic port.

30
00:01:56,490 --> 00:02:00,360
It's the same thing that a mechanic plugs into when they want to read one of the codes from your car.

31
00:02:01,680 --> 00:02:04,290
And you just work that in and you'll feel like it goes in very far.

32
00:02:04,290 --> 00:02:05,120
But that's perfect.

33
00:02:05,820 --> 00:02:09,540
And then you should see the underside of that light turn green if you can look up under there.

34
00:02:11,270 --> 00:02:11,550
We're good.

35
00:02:11,790 --> 00:02:12,620
All right.

36
00:02:12,990 --> 00:02:15,000
Now that that's happened, we can turn on the vehicle.

37
00:02:15,210 --> 00:02:20,580
I'm actually I'm going to hand this off, Boaz, so I'll let you turn on the car.

38
00:02:21,360 --> 00:02:21,890
So pretty good.

39
00:02:21,900 --> 00:02:23,640
It's it's an automatic.

40
00:02:23,640 --> 00:02:24,900
So it shouldn't take off without you.

41
00:02:24,900 --> 00:02:27,000
The parking brakes on the streets over there and.

42
00:02:27,660 --> 00:02:29,270
Yeah, no, they're good.

43
00:02:29,850 --> 00:02:34,560
So let's remind the folks watching here that this is not intended to be a how to video.

44
00:02:34,590 --> 00:02:35,880
Don't try this at home.

45
00:02:36,840 --> 00:02:38,080
You do need to put on the brakes.

46
00:02:38,230 --> 00:02:38,610
There you go.

47
00:02:39,720 --> 00:02:40,360
All right.

48
00:02:40,920 --> 00:02:43,980
And you can hear you can hear the diesel engine start to purr.

49
00:02:44,370 --> 00:02:49,800
But you can also see on the front screen here, you can see the tachometer is now lit up and we have

50
00:02:49,800 --> 00:02:53,640
the miles per gallon, the fuel economy, how much we're consuming right now.

51
00:02:53,880 --> 00:02:55,830
And if you will, give it just a little bit of gas.

52
00:02:55,830 --> 00:03:00,570
But let's keep it steady a little higher.

53
00:03:01,650 --> 00:03:04,380
We'll see that tank move up just a bit.

54
00:03:05,600 --> 00:03:06,890
Oh, wait, how?

55
00:03:06,990 --> 00:03:07,950
We've got to reconnect.

56
00:03:08,220 --> 00:03:08,760
All right.

57
00:03:08,760 --> 00:03:11,510
So let's see, Isha, you haven't had a chance to run one on here.

58
00:03:11,940 --> 00:03:13,590
We're going to reconnect it.

59
00:03:13,590 --> 00:03:14,610
Lost that connection.

60
00:03:15,570 --> 00:03:20,940
So we're going to do a connection right here.

61
00:03:21,270 --> 00:03:23,700
And if you click the Connect button right there,

62
00:03:27,000 --> 00:03:27,390
good.

63
00:03:27,510 --> 00:03:31,410
And what it's doing now is just running through several different protocols for different types of cars.

64
00:03:31,740 --> 00:03:34,950
European cars are slightly different from Japanese makes and models.

65
00:03:34,950 --> 00:03:35,250
Right.

66
00:03:35,610 --> 00:03:37,020
So it's going through several different.

67
00:03:37,040 --> 00:03:41,520
And it's found one one of the European protocols, it's reading the vehicle information because it's

68
00:03:41,520 --> 00:03:45,990
a little German car, Volkswagen, and it will now.

69
00:03:46,200 --> 00:03:47,040
Yeah, there we go.

70
00:03:47,040 --> 00:03:49,350
We should get a live feed, actually.

71
00:03:49,360 --> 00:03:51,240
No, you want to give it just a little bit of gas.

72
00:03:51,390 --> 00:03:52,920
Just rev it up a little bit.

73
00:03:55,080 --> 00:03:55,690
Thanks, Boasso.

74
00:03:55,740 --> 00:03:56,230
Appreciate it.

75
00:03:57,750 --> 00:03:59,330
And there you see the tachometer move.

76
00:03:59,340 --> 00:04:03,580
Go ahead and take it up to two thousand and keep it up around two thousand for a while.

77
00:04:05,490 --> 00:04:06,270
There we go.

78
00:04:07,080 --> 00:04:10,620
So we can see the readout.

79
00:04:10,650 --> 00:04:15,180
You'll notice that my fuel economy is going way down because we're sitting still and running the engine.

80
00:04:16,830 --> 00:04:19,160
But we're getting information on the load, on the engine.

81
00:04:19,170 --> 00:04:23,340
So if you go back to inital, you see that comes back.

82
00:04:23,520 --> 00:04:24,060
There we go.

83
00:04:24,060 --> 00:04:24,900
And we steady off.

84
00:04:24,900 --> 00:04:26,130
We've got the engine temperature.

85
00:04:26,440 --> 00:04:28,830
Still pretty cool because we just now turned it on, of course.

86
00:04:30,270 --> 00:04:36,480
So we are actually reading from the controller area network of this car into our laptop now and this

87
00:04:36,480 --> 00:04:36,900
laptop.

88
00:04:36,900 --> 00:04:39,630
We have just a very simple dashboard type interface.

89
00:04:39,870 --> 00:04:46,200
But what we learned how to do over the weekend was set up a virtual controller area network, a simulated

90
00:04:46,200 --> 00:04:47,850
car network on the laptop.

91
00:04:48,210 --> 00:04:51,290
Then we can record those signals as we make changes.

92
00:04:51,300 --> 00:04:55,110
So if we turn on the blinker, we can see it flashing on the dashboard indicator.

93
00:04:55,110 --> 00:04:58,140
If we rev up the engine, in fact, I think we hacked it and we could go at.

94
00:04:58,310 --> 00:05:03,680
Two hundred and sixty or two hundred eighty miles per hour, our engine, our virtual car, then we

95
00:05:03,680 --> 00:05:09,470
can unlock the doors, locked the doors while it's moving, then you record that you capture those network

96
00:05:09,470 --> 00:05:12,890
packets and you can actually replay it on the same network.

97
00:05:12,890 --> 00:05:18,680
So what we saw a video of was a couple of guys doing exactly this, except they were controlling the

98
00:05:18,680 --> 00:05:22,790
car, turning the steering wheel, turning on the audio, turning on the stereo.

99
00:05:23,150 --> 00:05:27,140
I think they turned on an air conditioner blaster to a couple of other things.

100
00:05:27,140 --> 00:05:31,040
They were doing well, unfortunately, they ran out off the road and into a ditch.

101
00:05:31,040 --> 00:05:33,530
I believe we did not do that here locally.

102
00:05:33,530 --> 00:05:36,500
We just watched a couple of videos, but the same principles apply.

103
00:05:36,500 --> 00:05:41,480
Once you can capture the network signal, you can use what we call a replay attack, where you take

104
00:05:41,480 --> 00:05:47,750
that same network signal that was triggered when you turn on the blinker, turn on the stereo, hit

105
00:05:47,750 --> 00:05:52,610
the brakes and replay it on a car network, you can have the same effect.

106
00:05:52,620 --> 00:05:55,670
I'm sorry, Doctor, can we have someone who's watching right now?

107
00:05:55,670 --> 00:05:56,600
Here's the question.

108
00:05:56,600 --> 00:05:59,210
What's your software use on the computer?

109
00:05:59,540 --> 00:06:03,410
We were using some open source software from open garages.

110
00:06:03,410 --> 00:06:10,970
Doug, you can go to open garages, Doug, and has a link to the I see SIM, I see Capital I Capital

111
00:06:10,970 --> 00:06:13,370
C SIM or the I see simulator.

112
00:06:13,760 --> 00:06:19,520
And it allows you to simulate that controller area network to record things, use a package called Can

113
00:06:19,520 --> 00:06:20,000
Snipper.

114
00:06:20,270 --> 00:06:25,700
So it sniffs that controller area network and it allows you to record that network traffic and then

115
00:06:25,700 --> 00:06:27,740
can player allows you to play it back.

116
00:06:28,040 --> 00:06:33,470
They can utilize on most new Linux distributions, Debian, Linux, like the Caleigh Linux that we're

117
00:06:33,470 --> 00:06:33,890
using.

118
00:06:34,190 --> 00:06:39,050
You can download everything for free, install it on your own computer and buy one of these cables on

119
00:06:39,050 --> 00:06:45,410
Amazon or any place that sells a can to USB connector and you're able to connect into your real car

120
00:06:45,440 --> 00:06:47,330
and listen to the same signals.

121
00:06:48,830 --> 00:06:54,680
And what would be the advantage for someone wanting to do this on their own vehicle?

122
00:06:54,890 --> 00:06:55,700
Oh, absolutely.

123
00:06:55,700 --> 00:06:56,740
There are two things, really.

124
00:06:56,750 --> 00:06:58,970
First of all, you can just work on your own vehicle.

125
00:06:59,210 --> 00:07:03,170
And I used to be in the old days, we would buy a car and we could maintain it ourselves.

126
00:07:03,440 --> 00:07:07,940
Nowadays, we usually have to take it into a garage to even figure out what the problem with it is.

127
00:07:07,940 --> 00:07:09,530
We just get a dashboard indicator.

128
00:07:10,130 --> 00:07:15,290
The cool thing about these onboard diagnostic tools that we can plug into a regular laptop using open

129
00:07:15,290 --> 00:07:18,380
source software and read the code ourselves.

130
00:07:18,560 --> 00:07:21,700
And we still may need some help figuring out what to do with it after that.

131
00:07:22,250 --> 00:07:25,190
The second thing that you can do is check your car for security.

132
00:07:25,430 --> 00:07:30,290
In fact, in one of the videos we saw this weekend, they were able to hack in to the controller area

133
00:07:30,290 --> 00:07:33,530
network through the onboard entertainment system.

134
00:07:33,920 --> 00:07:38,900
So they were connecting in through a cell phone call and hacking a Jeep Grand Cherokee.

135
00:07:38,900 --> 00:07:40,850
You may have seen on the news a few years ago.

136
00:07:41,570 --> 00:07:46,550
What we're hoping to do is get these tools and more people's hands so they can check the security of

137
00:07:46,550 --> 00:07:47,390
their own vehicles.

138
00:07:47,750 --> 00:07:50,870
Plus, of course, we have a number of students who go on to work for the car companies.

139
00:07:50,990 --> 00:07:55,670
We have Giammetti just a few miles south of campus here down in Roswell, in Alpharetta.

140
00:07:55,910 --> 00:07:59,750
So we produce students who have at least seen a little bit of this and have a chance to take it into

141
00:07:59,750 --> 00:08:00,340
the work world.

142
00:08:00,890 --> 00:08:01,760
Thanks for the question.

143
00:08:02,320 --> 00:08:02,670
Sure.

144
00:08:04,430 --> 00:08:11,810
What what kind of skills are the students who are here at the Cyber Warriors Academy?

145
00:08:12,050 --> 00:08:16,730
What kind of skills do they learn from being able to do this or can learn more about car hack?

146
00:08:16,970 --> 00:08:18,290
OK, well, let's see.

147
00:08:18,290 --> 00:08:20,810
First of all, we learned a lot about Kelly Linux, right, guys?

148
00:08:21,050 --> 00:08:25,910
So we learned a lot of command line tools, a lot of open source software tools that people can download

149
00:08:25,910 --> 00:08:27,350
and install on their own computers.

150
00:08:28,190 --> 00:08:33,860
We learned how to use some particular tools for penetration testing or testing the security of a system

151
00:08:34,100 --> 00:08:40,760
like misplayed their attacks that you can use to break into a Windows machine, you can break into a

152
00:08:40,760 --> 00:08:43,280
Samsung television, anything with a computer in it.

153
00:08:43,280 --> 00:08:46,610
These days, there are exploits for cell phones included.

154
00:08:47,450 --> 00:08:49,430
So the students are getting a chance to see how to do that.

155
00:08:49,430 --> 00:08:51,170
We even worked with drones a little bit.

156
00:08:51,440 --> 00:08:57,470
They got a chance to go down to Fort Gordon yesterday to see some live hacking and coding sessions right

157
00:08:57,470 --> 00:09:07,160
there at the Army Cyber Center of Excellence and also exposure to this class that absolutely Rose Proctor

158
00:09:07,160 --> 00:09:11,300
came over and gave us a good dose of ethics before we started the ethical hacking course.

159
00:09:11,630 --> 00:09:13,280
So that was a great way to kick things off.

160
00:09:13,280 --> 00:09:18,680
We learned about how to do these things with permission on the systems that you own or for companies

161
00:09:18,680 --> 00:09:20,600
that are interested in increasing their security.

162
00:09:20,930 --> 00:09:23,510
We never use hacking tools without permission.

163
00:09:23,510 --> 00:09:25,010
That makes us a bad hacker.

164
00:09:26,060 --> 00:09:33,530
But you need to know what tactics correct hackers are using so that you can defeat the bad hackers.

165
00:09:33,620 --> 00:09:34,310
Exactly.

166
00:09:34,310 --> 00:09:37,070
And we're learning how to hack into things like web applications.

167
00:09:37,340 --> 00:09:42,830
And then we show how to strengthen Web applications so no one can hack into your site where your business

168
00:09:42,830 --> 00:09:43,250
inside.