Know How...

Jul 23rd 2015

Know How... 153

Car Hack, Disable Flash, & Bacteria

Yet another car hack.
New episodes every Monday at 6:00pm Eastern / 3:00pm Pacific / 22:00 UTC and Thursday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
Category: Help & How To

Smart cars getting hacked, how to disable Flash and why you should. Learn how much bacteria is living on things you use everyday, and more. Yet another car hack (and this one is a little scary) http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ * It's Blackhat time! Which means it's the season of exploits! * Charlie Miller and Chris Valasek will be doing a presentation at Blackhat on another exploit of the "CAN" (Controller Area Network) * This is the "communications bus" that allows devices in a car to communicate with each other. We've seen this before... in January with BMW's "Connected Drive" ** And a researcher showed off a device at Blackhat Asia that allowed attackers to gain complete control over a car with a gadget that plugged into the On board Diagnostic port. Car Hackin' -- Made EASY! http://www.wired.com/2015/03/60-gadget-thatll-make-car-hacking-easier-ever/ "Black Hat Asia" in Singapore, 24-year old "Eric Evenchick" introduced the "CANtact" -- It's a $60-$100 device that interfaces with your car's computer -- It has a USB port on one side, a OBD2 port on the other It allows a user to take control of anything that is connected to the car's "Controller Area Network" (CAN) - Engine, windows, entertainment, brakes, security -- Basically. EVERYTHING. He is releasing the software as open source. This isn't the first time that researchers have developed a device that can hack a car's computer --- but this is an extraordinarily inexpensive device. ** Most importantly, this device converts the OBD2 protocol into something that regular users can hack. But back to THIS story: * The researchers joined forces with journalist Andy Greenberg to do something that should be possible: -- They took advantage of an "entertainment feature" within some Chrysler vehicles to affect driving-critical systems ** They were able to turn on the radio and set it to full blast, with the driver not able to turn it off ** They turned on the flashers, the windshield wipers and the air con ** Then they did some REALLY scary stuff: --- They disabled the transmission, the brakes, and could have sent signals to the power-steering system to turn the car. And they did all of this to a Jeep Cherokee being driven by Greenberg while the team was in Miller's basement. * They did it by exploiting the "Uconnect", internet-connected computer, which gave them access to the entertainment system * They hacked the entertainment system, then used it as a beachhead to access the engineer, wheels and electrical systems Flash / Security It's time to take back our security! (Ok... let's not get too dramatic... it's just time for us to take our security seriously) There are two things that need to happen: 1. Stop using Flash 2. Start using a tool to prevent scripting exploits Chrome: * There are a lot of security folk who say Google Chrome is becoming a bloated mess with many integrated plugins that lend themselves to exploits. * However, I know that many of us are attached to Chrome because of it's tight integration with our Google Services * But... we CAN at least turn off the integrated Flash plugin! * If you go into the extensions window, you won't find it: 1. In the address bar, type: "chrome://plugins" 2. Disable the Flash Plugin Firefox: 1. Menu 2. Add Ons 3. Scroll to "Shockwave Flash" 4. Select "Never Activate" ** We're not completely removing it... because there MAY come a time when you really need it. VLC * If you turn off Flash, you won't be able to watch TWiT live because our CDNs use Flash ** Quick note... this is NOT TWiT's decision. THEY use flash. 1. Open VLC 2. Click "Media" 3. Click "Open Network Stream" 4. In the field "Please enter a Network URL", type one of the following: -- http://209.131.99.99/twit/live/low (Low Res Stream) -- http://209.131.99.99/twit/live/high (High Res Stream) If you want a shortcut: 1. Open Notepad 2. Add one of the streams (High or Low) 3. Save the file with the extension ".vlc" * Clicking that file will now start VLC with that stream setting Science! We're going to design our experiment, but first, let's get these dishes cooking! * First, check to make sure that there's nothing growing in our petri dishes. * We're going to do four swabs... two before UV exposure, and two after UV exposure. Notes: * After opening the swab package, do not allow ANYTHING to touch the surface of the swab except for the collection area and the growth medium. * Only have the petri dish open when inoculating the medium * Do not allow anything to touch the agar except for the swab * When opening the petri dish, open it just enough to allow for inoculation. * When inoculating, use a pattern that you can remember. It will help you determine if the growth if from bacteria on your swab, or if it came from airborne contamination. We need to have a well-developed experiment before we start using our new petri dishes. Every good experiment will have: 1. A Hypothesis: a proposed explanation for a phenomenon THAT CAN BE TESTED 2. A test that can verify or refute the hypothesis that uses: 3. Results from an experimental sample 4. Results from a control sample In our case: Hypothesis: "Exposing a cell phone to a UV light bath can significantly reduce the number of bacteria living on said phone's surface" Test: We're going to expose a phone to a UV light bath and use our petri dishes to determine how many and what kind of bacteria are growing on the cell phone surface before and after the UV bath. Experimental Sample: Swaps taken from the phone's surface AFTER the UV light bath Control Sample: Swabs taken from the phone's surface BEFORE the UV light bath Now let's laout the procedure and conditions of the test: 1. We'll be using a single cell-phone for the test. 2. We'll be using 5 petri-dishes for the test: 1 for sterility control, 2 for experimental samples, 2 for control samples 3. We will swab the phone twice before the UV bath, each time innoculating a control sample petri dish 4. We will follow the manufacturer's directions for sterilizing the phone with a UV light 5. We will swab the phone twice after the UV bath, each time innoculating an experiment sample petri dish Let's experiment! 1. If you refrigerated your plates, first allow them to warm to room temperature 2. Open the package for your sterile swab, run it over your collection area. 3. Open the petri dish and innoculate the medium with the swab. 4. Close the petri dish immediately and tape it shut. 5. Turn the plate upside down and keep it in a warm area. (90F or 32C is ideal for bacteria growth.) ** You should start to see Bacterial growth in 2-3 days Crazy Brutalist Designed House http://www.boredpanda.com/cliff-house-casa-brutale-opa-works/ We all love beautiful views of the ocean --- the wind gently blowing --- the surf pounding * The DREAM home has an incredible view of creation! -- But could you live... HERE 2 Greek Architects created a design they call "Casa Brutale" -- which combines industrial feel with a beautiful and yet terrifying view! Lertis Antonios Ando Vassilious & Pantelis Kampouropolous (Lur-tis Ann-tone-e-os Ann-doe Vaa-sil-e-us & Pan-tel-iss Kam-pour-op-o-lus) * The entire house is a concrete bunker embedded into a cliff face * It uses raw concrete surfaces and a LOT of glass to create the "Brutalist" look * There is a roof-top pool with an infinity wall leading over the cliff * Inside is a loft-style home, with a sheer glass face against the cliff * Even the ceiling is glass, so you can see THROUGH the pool, and people above the pool can see down into the house * Interesting detail: The fact that four of the surfaces of the house (three walls and the floor) are the cliff, and the ceiling is the pool, means that you don't need to put much energy into heating and cooling * Of course, as a brutalist design, I hope you don't like privacy. :)

Connect with us!