Top hacker shows us how it's done Pablos Holman TEDxMidwest

So this is a hotel room like the one I'm staying in. Sometimes I am bored. A room like this doesn't have much to offer for entertainment, but for a

hacker

it becomes a little interesting because that TV is not like the one in your house. It's a note on a network, that means I can alter it if I connect a small device like this to my computer. It is an infrared transceiver. I can send the codes that the TV remote could send and some other codes, so what can I see? free movies that doesn't matter much to me but I can also play video games Hey, but what is this?

Not only can I do this for my TV in my hotel room. I can control your TV in your hotel room so I can watch you. if you're paying with one of these, you know, TV-based check-in things, if you're browsing the web on your hotel TV, I can see how you do it, sometimes you see cool stuff, fund transfers, fund transfers really great, you never know what people might do. want to do while surfing the web from their hotel room, but the point is that I get to decide if you're watching the Disney report tonight. Is anyone else staying at the Affinia Hotel?

Okay, this is a project I worked on when we were trying. to discover the security properties of wireless networks is called robot

hacker

. This is a robot we built that can drive around and find Wi-Fi users, approach them, and show them their passwords on the screen. We just wanted to build a robot, but you know we didn't know what to do, so we made a gun version of the same thing. This is called sniper yagi. It is for your long range password sniffing action from a mile away. I can observe this network well. This is a project that I worked on with Ben Laurie to show passive surveillance, so what it is is a map of the conference called computer freedom and privacy and this conference was in a hotel and what we did was, you know, put a computer in each conference room that recorded all the Bluetooth traffic, so when everyone came and went with their phones and laptops, we were able to record that correlation and then I can print a map like this for everyone at the conference.

This is Kim Cameron, the chief privacy architect at Microsoft, unbeknownst to him, I have to see all the places he went and I can show that I can correlate this and show you who he goes out with, he got bored, he hangs out in the lobby with someone, someone here used cell phones. so my phone is calling calling skin first your message to listen to you you expressed a wrong password you have to skip the message in three religious messages bye oh so we're on Brad's voicemail and I was going to record a new message for him but he seems to have pressed the garlic key, so we'll go ahead and I'll explain how that works another day because we're short on time.

Does anyone here use Myspace? Myspace users used to be popular. It's kind of like Facebook. This type. a friend of ours, Sammy, was trying to meet girls on myspace, which I think is what he used to be good at and what he did was not see, you know, he had a myspace page about him, let's all be your friends and that's it like You know you're cool because you have a lot of friends on MySpace. Well, Sammy didn't have any friends, so he wrote some JavaScript code that he put on his page so that every time you looked at his page it would automatically. add you as his friend and it would skip the whole acknowledgment response protocol of saying that Sammy is actually your friend, but then it would copy that code to your page so that every time someone looked at your page, it would automatically add them as Sammy's friend as well and I would change your page to say Sammy is your hero, so in less than 24 hours Sammy had over a million friends on MySpace.

You know, he just did three years of probation for that, even better, Christopher is bad, this guy, another hacker who also tries to meet girls. on myspace by halving the irregular results, some of these dates didn't work so well, so the bad thing he did was write some code to connect myspace with spam killer, which is an open source spam filter that works just like spam. it filters your email, you train it by giving it some spam, you train it by giving it some legitimate email, and it tries to use artificial intelligence to figure out the difference.

Well, he just trained him on profiles of girls he dated and liked. He spammed legitimate email profiles of girls he dated and didn't like and then compared them to all the MySpace profiles. Now spit out girls you'd like to date. I think you know what I'm saying about a bet. I think there are like three new companies here. I don't know why we need Match.com when we could have spam dating. You know this is innovation. Have a problem. He found a solution. Anyone used these blue keys to open your car remotely. They're popular and well, maybe not in Chicago.

Yes, these days kids drive through a Walmart parking lot clicking open, open, open Boop. Eventually you find another Jetta or whatever like yours, maybe a different color that uses the same key code. The kids will just ransack it, lock it, and go to their insurance company. will turn on you because there is no evidence of a theft for one manufacturer, we figured out how to manipulate that key so that it opens all of that manufacturer's cars, there is one point to make about this that I barely have time for, but it is that your car now It's a PC your phone is also a PC your toaster if it's not a PC it will soon be fine and I'm not kidding about that and the point is that when that happens you inherit all the security properties and problems of PCs and we have a lot of them, so keep that in mind and we could talk more about that later.

Anyone used a lock like this on the front door. Good me too. This is a Schlage lock, it is in the middle of the front. doors in America I brought one to show you, so this is my old lock. This is a key that fits the lock but is not cut properly so it does not turn the lock. No one here has tried to pick locks with tools like this. I have a few nefarious lock picks, well it's for OCD kids, you have to put them in there and Finnick with them and spend hours perfecting the finesse of manipulating the pins, you know, for the D D kids in the house. an easier way: I put my little magic key here, I put a little pressure there to turn it, I hit it a few times with this special mallet and I just open the lock we're in, it's easy and I actually don't do it.

I know a lot more about this than you, it's really very easy. I have a keychain that I made with the same type of key for all the other locks in the United States and if you are interested, I bought a key machine so I could cut these keys and I made them. some for all of you so my gift to you is coming later and I'm going to show you how to pick a lock and I'm going to give you one of these keys that you can take home and try on your door. Anyone can use these USB sticks.

Yes, print my Word document. Yes, they are very popular. Mine works like yours. You can print my Word document for me, but while you do it invisibly and magically in the background, you're just making a handy backup of your My Documents folder and your browser history and cookies. and your password registry and database and all the things that you know you might need someday if you have a problem, so we just like to do these things and throw them in the trash at conferences, anyone here uses credit cards, oh well yes, they are popular and tremendously secure, well there are new credit cards that you may have received in the mail with a letter explaining how your new credit card is secure.

Anyone who gets one of these you know it's safe because it has a chip, an RFID tag and you can use them. in taxis and at Starbucks I brought one to show it to the reader by simply touching it. Has anyone seen this before. Okay, who has one? Bring it here. There is a prize for you. I just want to show you some things we learned. them, I received this credit card in the mail. I really need some volunteers, in fact, I need one, two, three, four or five volunteers because the winners will receive these amazing stainless steel wallets that will protect you against the problem that, you guessed it, I'm about. to demonstrate, bring a credit card here and I'll show you what I want, I want to try it with one of these awesome new credit cards, okay, so someone can do it.

We have like a conference organizer, someone can force people to cooperate. It's really bitten by his own volition because they know, okay, so this is where the show gets really amazing. I know you guys have never seen what it is that they are really cool while they are made of stainless steel, okay, did anyone else see the code on the screen in Ted before, yeah, this is pretty awesome, okay, cool, I got volunteers, so who has one of these exciting credit cards? Okay, here we go. I'm about to show your credit card number to only 350 close friends.

Listen for the beep that means someone is hacking your credit. card okay, what did we get, valued customer and credit card number and expiration date? Turns out you're a new secure credit card, it's not totally secure, someone else wants to try yours out while we're here, beep, let's see what we've got. if we complained about this and AMEX changed it to no longer show the name which is progress you can see mine if it

shows

it yeah it

shows

my name or that's what my mom calls me anyway. Oh yours doesn't have it's fine anyway so next time you get something in the mail that says it's safe send it to me oh wait one of these is empty wait and I think this is the one that does here we go get the one that's unarmed, good, great.

Okay, I still have a few minutes left, so I'm going to make a couple of points. Oh, that's my subliminal messaging campaign. It was supposed to be much faster. Well, here is the most exciting slide ever shown. Ted, this is the protocol diagram for SSL, which is. the encryption system in your web browser that protects your credit card when you send it to Amazon and other cool stuff, I know, but the point is that hackers will attack every point of this protocol. I will send two responses when the server accepts one. I'll send a zero and expect a one.

I'm sending twice as much data as expected. It will take me twice as long to respond than expected. I'll try a bunch of things to see where it breaks. what balls in my lap when I find a hole like that then I can start looking for an exploit, okay this is a bit more than meets the eye SSL, really boring hackers, this guy kills a million Africans a year, it's a terribly steep mosquito in New Zealand. malaria is wrong talk, this is a protocol diagram for malaria, so what we are doing in our lab is attacking this protocol at every point we can find correct.

It has a very complex life cycle that I won't go into now, but it's been some time in humans, some time and mosquitoes and what I need is hackers because hackers have a mind optimized for discovery, they have a mind optimized for discovering what's possible, you know, I often illustrate this by saying that if you know, you get something new at random. device and show it to your mom, she might say, well, what does this do and you would tell mom it's a phone and instantly she would know exactly what it's for, but with a hacker the question is different: what can I do that Do this?

I'm going to remove all the screws, take off the back and break it into many pieces, but then I'll find out what I can build from the rubble, that's a discovery and we have to do it in science and technology. to find out what's possible, and so in the lab what I'm trying to do is apply that mindset to some of the biggest problems humans have. We worked on malaria because of Bill Gates, who asked us to work on it, that's how we used to do it. Solving Malaria is a mock ad from the 1940s. We eradicated malaria in the US by spraying DDT throughout the lab.

What we do is a lot of work to try to understand the problem. This is a high speed video. We have an amazing video camera. trying to learn how mosquitoes fly and you can see they are more like swimming in the air, we actually have no idea how they fly but we have a cool video camera so we know yeah it costs more than a Ferrari anyway , we came up with some ways. to take care of the mosquitoes, let's shoot it with lasers, this is what happens, you know, when you put every kind of scientist in the room and a laser addict, so people thought it was funny at first, but we We realized that we can. build this from consumer electronics, use the CCD from a webcam, the laser like a Blu-ray burner, the laser from a laser printer,we do motion detection on a GPU processor, like you would find a video game system, that's all. things that follow Moore's law, so it won't actually be that expensive to do.

The idea is that we would place a similar perimeter of these laser systems around a building or a village and simply shoot any mosquitoes that came in to feed. humans and we might want to do that for your backyard, we might also do it to protect crops. Our team is working right now to characterize what they need to do the same for the pests that have wiped out about two-thirds of the I think it's about two-thirds of the orange groves in Florida, so people laughed at first. . This is a video of our system working. We are tracking mosquitoes live as they fly.

Our computer puts those crosshairs there and just watches them, finds them moving, and then points a laser at them to sample their wing beat frequency, find out if it's a mosquito, if it's a terribly stiff New Zealand, If all of that is true, then we take it down with a lethal laser to make it work in a lab that we're working in, take that project into the field now all of this happens in the Ventures think tank in Seattle where I work and we're trying to address some of the problems hardest thing humans have and this is the money shot, you see, we just burned off his wing with a UV laser, he's not coming back as a vaporized wing right there, yeah, they loved it, I mean, he was never called out by PETA or by Nobody else, I mean, that's right. the perfect enemy there's just no one to come to the rescue of the mosquitoes sometimes we overdo it yeah so anyway I'll go offstage this is the Ventures brain lab where I work we basically use all kinds of scientists in one of all the tools in the world. work on crazy invention projects, so thanks