Real World Hacking

Featured

Hacking in the virtual world is almost as prevalent as speeding on the motorways, in that there are so many people doing it, it is almost expected that things get hacked. New exploits and ways of hacking are being discovered all the time, and the cyber world has become a battleground for hackers and the companies that protect systems.

Real world hacking is getting extremely worrying

Real world hacking is getting extremely worrying

There has been for some time a movement that is not interested in hacking computers per se, but are more interested in hacking the micro controllers we now use in so many systems, for instance in the control units in vehicles.

As a couple of examples of this there has recently been two high-profile demonstrations of hacking technology that are a little scary.

Firstly a team of ‘White Hat’ hackers (so-called ‘ethical hackers’) identified a potential problem with the engine management systems in some cars, and the immobilization systems. Namely the Megamos Crypto system used to encrypt the communication of remote keys.

(reference: http://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars)

The hack was first reported back in November last year by three researchers, when, upon discovery, the information was detailed to the car manufacturers to do something about, before being published in the upcoming Usenix Security Symposium, which will be held in Washington next month (August).

The three researchers are Flavio Garcia, a computer science lecturer at the University of Birmingham, and Baris Ege and Roel Verdult, security researchers at Radboud University Nijmegen in the Netherlands.

Hacking security vulnerabilities in real world devices such as cars, luxury yachts and even medical equipment is becoming a real concern as we progress down a more technological path in our lives.
The German carmaker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals. Once this was gained the researchers plans to publicize the information at an upcoming hacking conference were dropped.

Further to this – and possibly more worrying – is that news that DARPA funded research in to hacking the actual control systems in cars.

(Reference: http://www.ibtimes.com/car-hacking-darpa-funded-researchers-take-control-toyota-prius-ford-escape-using-laptop-video)

The troubling part is that the researchers were able to take control of a Toyota Prius and a Ford Escape and do simple things such as manipulating the speedometer and various sensors. More nefarious hacks included tricking the car into jerking to the left and right, controlling the horn, triggering the seat belt tensioner and even turning off the brakes entirely.

The second example involves the spoofing of a GPS signal confusing the systems used on a luxury yacht and meaning you could direct it anywhere you wished.

(reference: http://www.upi.com/Science_News/Blog/2013/07/30/Texas-GPS-spoofing-fools-80M-superyacht-receiver/1741375208037/)

In this case researchers simple created a false GPS signal to fool a yachts GPS systems in to believing they were somewhere else. Using this technology, the researchers were able to control the yacht and send it to a destination of their choice.

This was all done with the consent of the yacht’s captain, who reported that there were no alarms or warnings of any type on the yacht.

All this could apparently be done from a range of up to 30km away using drones to provide the fake GPS signal.

If all this isn’t scary enough for you, what if I mentioned that Hacker Barnaby Jack also discovered vulnerabilities in the code used to turn pacemakers on and off and ‘tamper’ with kidney equipment, in this case it was possible to build a simple transmitter that stopped the pacemaker entirely resulting in the death of the target.

Mysteriously Barnaby, the hacker that found this exploit, died before revealing his research; it is even more strange that there are no details about the circumstances of his death, although details were sent to the manufacturers to rectify the problem.

Specialized Echelon 2013 Helmet

The Specialized Echelon 2013 Helmet is my latest purchase for my cycling hobby, And what a little belter it is.

Specialized Echelon Helmet

Specialized Echelon Helmet

Install

Although a bit of a strange title – installing (?) this was a doddle:

  1. Remove from packaging
  2. Place on head
  3. Adjust straps (removing as necessary)
  4. Wear helmet

Features

Shell construction: Composite matrix internal reinforcement allows larger vents for greater cooling

Fit system: Headset SL fit system with four height positions and micro-adjustable dial is easy to adjust on the fly

Ventilation: 4th Dimension Cooling System to optimise ventilation

Straps: Tri-Fix strap system – new innovative retention system makes fitting the helmet simpler and more secure

Extra Features: Complies with one or more of the following safety standards for bicycle helmets: CPSC, SNELL B90A, CE and AS/NZS

Review

I purchased this to replace the Giro I was wearing as it’s got a little tatty and has a couple of dents; Being the good cyclist that I am, all the warnings about good helmet practice say to replace if it gets slight damage on it, so I did.

Evans Cycles in Leeds was the place to go as I’ve found them to be great for service and highly helpful when it comes to what you want, without being steered towards the pricier end of the market.

Now here I have to admit I have a really small head – buying any headgear for me is a bit of a nightmare as nothing seems to fit properly, so this wasn’t going to be a good experience; or so I thought!

What did surprise me was that the more expensive helmets really didn’t give anything extra in terms of looks or comfort, why pay more?
I tried on several different helmets from the range – from the cheaper £30 ones to the more expensive £150+ ones, but found that the Specialized Echelon (at £50) felt the most comfortable without looking like I was a mushroom.

I chose the black one, but it comes in a range of colours. 😎

The first ride with it was a revelation too. There was little notice that I was wearing the helmet, it is quite light, and the airflow into the helmet was much better than my Giro, cooling the head and brow quite nicely in the present heatwave we are experiencing.

All in all I’m a happy cyclist – Nice! 9/10  😀

Autonomous Cars Approved

Featured

Yesterday was a great day for automotive technology in the UK, as the government approves testing of autonomous vehicles by the end of 2013 (cars that drive themselves for want of a better word – Autocars perhaps?).

The converted Nissan Leaf, self-drive car, as built by Oxford University.

The converted Nissan Leaf, self-drive car, as built by Oxford University.

So far, these kind of cars have only been allowed to be driven on private land in the UK where researchers at Oxford University have been testing a converted Nissan Leaf car around the Oxford Science Park.

As I mentioned in a previous post (Self-driving car comes to Oxford), the car uses a different method than that of the Google Self-Drive car to determine its location, and attempts to memorize routes regularly driven ~ such as the school run or daily commute.

Google themselves seem to be leading the way with this technology along with the American Government; I suspect that this is simply because Google are getting more airtime and publicity, but their converted Toyota Prius has clocked up an impressive 300,000 miles on public roads. The governments of Nevada, Florida and California have all passed legislation specifically about driverless cars.

There are several companies developing this technology though, as you would expect, and both Mercedes and Volvo have demonstrated the self-drive capabilities of their vehicles.

You can almost read the headlines now: Autodrive Car Kills Child
Further reading however tells that the car was manually driven by a drunkard, massive bad press and bad public feeling ensues. You get the idea…
All the vehicles mentioned however, all seem to have one fatal flaw in my opinion, and that is that they all have a ‘manual override’ – i.e. you can take control whenever you wish. Personally I believe that this is not a good idea, and that by doing this you are inviting trouble. Google themselves have had a couple of crashes 😳 which happened when the car was being manually driven.

Take out the driver and you take out the bit of driving that causes the vast proportion of the problems. Computers don’t have opinions, or attitudes, nor do they make decisions based on their emotional state; They just do what they are told.

The best news for me as a long-term geek, is that these cars “should be commercially available by the end of the decade”. Soon we’ll be able to jump in the car, direct it to the destination, sit back and relax, maybe have a little breakfast and watch the news on our windscreen… 😎

Sky Ride Leeds

Featured

Under the baking sun of an incredibly beautiful Sunday morning, hundreds of day-glow yellow clad cyclists gathered for a city centre bike ride round the closed streets of Leeds.

skyride1

Image courtesy of Yorkshire Evening Post

The first ride of its type in Leeds, and organised by  Leeds City Council, Sky, British Cycling and West Yorkshire Metro’s go:cycling project, this was a simple jaunt around a 5.2Km (3.2 mile) course, circling the Town Hall, and passing through Woodhouse Moor and the university campus.

The ride was started by Leeds’s own Kimberley Walsh, at just after 10:00am, we started pedalling; only to come up against the slower riders in front of us…

After a little start/stopping, we finally got going as the mass peleton gained momentum. This is where it started getting good!

It really was a stunning sunny day, and the ride itself (rated as ‘Easy Going’) was a fairly quiet affair as riders of all ages and abilities were present.

As you would expect, there were quite a few of the ‘all the gear, no idea’ crowd about, and riding in a group is an acquired skill it would seem – it was amusing to see quite a few chunky middle-aged people, bedecked in skin tight garish colours on some fantastic bikes, wobbling about and sweating profusely, walking up the hill (there was a fairly gentle but long hill on the route). 😆

As the  route rounded a little downhill section there was a small crowd of, well, ‘loonies’ is probably the best description, as they were encouraging people, by cheering and blasting air horns. Surprisingly this seems to work! Weird…

There was a small troupe of clowns wandering about - I HATE CLOWNS (Coulrophobia)

There was a small troupe of clowns wandering about – I HATE CLOWNS (Coulrophobia)

The best bit for me though was towards the end of the route as we rode the parks bowered pathways, and down to a twisty, downhill section approaching and through the university grounds. Bliss! 😎

After the ride we wandered through the stalls and things arranged about the start section, where we were fed free cooled Jaffa oranges (we managed 8 between us), filmed for a future event in Leeds (something about animating a clock), and had opportunity to ride on some other style bikes. This transpired as a sporty, low slung recumbent bike (think go-cart with pedals), a lovely sedate side by side bike for two, and a hand-cranked bike designed for disabled people (this was particularly hard to use).

For me this was a great day out – there was food, drink, sun and cycling around traffic free roads. Much to be recommended!!

Reamde

Reamde<br/>Neal Stephenson

Reamde
Neal Stephenson
Paperback | Kindle Edition

A story about the crossover of the digital realms and the physical, rolled into a plot centered on international terrorism.

From the book

From the extraordinary Neal Stephenson comes an epic adventure that spans entire worlds, both real and virtual.

The black sheep of an Iowa farming clan, former draft dodger and successful marijuana smuggler Richard Forthrast amassed a small fortune over the years—and then increased it a thousandfold when he created T’Rain. A massive, multibillion-dollar, multiplayer online role-playing game, T’Rain now has millions of obsessed fans from the U.S. to China. But a small group of ingenious Asian hackers has just unleashed Reamde—a virus that encrypts all of a player’s electronic files and holds them for ransom—which has unwittingly triggered a war that’s creating chaos not only in the virtual universe but in the real one as well.Its repercussions will be felt all around the globe—setting in motion a devastating series of events involving Russian mobsters, computer geeks, secret agents, and Islamic terrorists—with Forthrast standing at ground zero and his loved ones caught in the crossfire.

Plot

The book opens by introducing a few characters at the families annual get together – the aforementioned ‘black sheep’, Richard Forthrast, the second of the children of John Forthrast; and Zula, an adopted Eritrean daughter.

Richard, runs a multi-million dollar MMORPG (Massively Multiplayer Online Role Playing Game – entitle T’Rain) and apparently has a rather dubious past of running drugs across the north american border.

Zula seems to be an altogether kind of girl, with Peter, a true geek boyfriend; who has his toes in some decidedly dodgy dealings.

That is to say, just when one thing happens, something bigger/worse/more shocking happens just after, and on it continues.
The title comes from an in-game virus with a misspelled name (the ransom demand comes in some kind of text file that should be titled: Read Me, but the misspelling makes it Reamde), designed to elicit money from the game by infecting a players machine, encrypting the files on that machine and forcing a ransom of in-game currency (gold) to unlock it. The player gathers all the requested gold and drops it at a specified location within the game. The virus writers, then gather the gold and transfer it into real money.

The plot escalates when Peter has his fingers burned after the virus encrypts the list of credit card numbers he has sold to russian mobsters; who decide that the best way to decrypt the files is to travel to China to force the virus writers to unlock the file.

This further escalates, when the mobsters are tricked into a gunfight with an Islamic terrorist cell. Things go rapidly downhill from there as Richard realises that Zula is missing, and sets out to find her…

Review

Where to start? This isn’t going to be pretty…

Well on a positive note – the characters are quite well written and believable, the plot elements are written in an exciting style, the story moves along at a good pace – but something is missing. 😐

I think for me it was simply that there was one thing happening after another. That is to say, just when one thing happens, something bigger/worse/more shocking happens just after, and on it continues. This really does not sit well with me – there are a few films that take this kind of approach but it turns me cold.

This for me gave me a considerable ‘yeah, right!’ attitude that spoiled the entire book.  🙁

And it is a read – it’s quite a long story.

I really wanted to enjoy this book as I usually enjoy reading Neal’s stories, and he seems to have a great way of weaving plot elements together and cutting between them at crucial moments, but in this case I found myself forcing myself to read just another chunk to get it over and done with.

I guess it might be worth a pop, if you like your thrillers, but for me it was a bit of a drag to complete 🙁

I think I’d rate it as a disappointing 5/10