Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests

Rollback to version 17

0:12 - 0:16

So this is a hotel room,
kind of like the one I'm staying in.
0:16 - 0:18

I get board sometimes.
0:18 - 0:21

A room like this has not a lot
to offer for entertainment.
0:21 - 0:26

But for a hacker, it gets a little
interesting because that television
0:26 - 0:28

is not like the television in your home,
0:28 - 0:31

it's a node on a network. Right?
0:31 - 0:33

That means I can mess with it.
0:33 - 0:38

If I plug a little device
like this into my computer,
0:38 - 0:40

it's an infrared transceiver,
I can send the codes that
0:40 - 0:44

the TV remote might send
and some other codes.
0:44 - 0:47

So what?
Well, I can watch movies for free.
0:47 - 0:49

(Laughter)
0:49 - 0:54

That doesn't matter to me so much,
but I can play video games too.
0:55 - 0:58

Hey, but what's this?
0:58 - 1:01

I can not only do this
for my TV in my hotel room,
1:01 - 1:04

I can control your TV
in your hotel room.
1:04 - 1:05

(Laughter)
1:05 - 1:08

So I can watch you if you're
checking out with one of these,
1:08 - 1:11

you know, TV based registration things,
1:11 - 1:14

if you're surfing
the web on your hotel TV,
1:14 - 1:16

I can watch you do it.
1:17 - 1:20

Sometimes it's interesting stuff.
1:20 - 1:22

Funds transfer.
1:23 - 1:26

Really big funds transfers.
1:26 - 1:28

You never know what people
might want to do
1:28 - 1:32

while they're surfing the web
from their hotel room.
1:32 - 1:35

(Laughter)
1:35 - 1:38

The point is I get to decide
if you're watching Disney or porn tonight.
1:38 - 1:40

Anybody else staying
at the Affinia hotel?
1:40 - 1:43

(Laughter)
1:43 - 1:47

This is a project I worked on
when we were trying to figure out
1:47 - 1:50

the security properties of wireless
networks; it's called the "Hackerbot".
1:50 - 1:54

This is a robot we've built that can
drive around and find Wi-Fi users,
1:54 - 1:57

drive up to them and show them
their passwords on the screen.
1:57 - 2:01

(Laughter)
2:01 - 2:03

We just wanted to build a robot,
2:03 - 2:05

but we didn't know what to make it do, so --
2:05 - 2:07

We made the pistol
version of the same thing.
2:07 - 2:09

This is called the "Sniper Yagi".
2:09 - 2:12

It's for your long-range
password sniffing action,
2:12 - 2:15

about a mile away I can watch
your wireless network.
2:15 - 2:19

This is a project I worked on with
Ben Laurie to show passive surveillance.
2:19 - 2:22

So what it is, is a map
of the conference called
2:22 - 2:24

"Computers, Freedom and Privacy".
2:24 - 2:29

And this conference was in a
hotel, and what we did is we,
2:29 - 2:31

you know, put a computer in
each room of the conference
2:31 - 2:33

that logged all the Bluetooth traffic.
2:33 - 2:36

So as everybody came and went
with their phones and laptops
2:36 - 2:39

we were able to just
log that, correlate it,
2:39 - 2:42

and then I can print out a map like this
for everybody at the conference.
2:42 - 2:46

This is Kim Cameron,
the Chief Privacy Architect at Microsoft.
2:46 - 2:46

(Laughter)
2:46 - 2:49

Unbeknownst to him,
2:49 - 2:53

I got to see everywhere he went.
2:53 - 2:56

And I can correlate this
and show who he hangs out with
2:56 - 2:58

(phone dialing)
when he got board,
2:58 - 3:01

(phone dialing)
hangs out in the lobby with somebody.
3:01 - 3:03

Anybody here use cellphones?
3:03 - 3:05

(Laughter)
3:05 - 3:08

(Phone ringing)
3:08 - 3:12

So my phone is calling--
3:12 - 3:16

(Ringing)
3:17 - 3:19

calling --
3:24 - 3:26

Voice mail: You have 100 messages.
3:26 - 3:28

Palbos Holman: Uh oh!
3:28 - 3:30

VM: First unheard message --
3:30 - 3:31

PH: Where do I press --
3:31 - 3:33

VM: Message skipped.
First skipped message.
3:33 - 3:35

PH: Uh oh!
3:35 - 3:38

VM: Main menu. To listen to your--
You have pressed an incorrect key --
3:38 - 3:41

You have two skipped messages.
Three saved messages.
3:41 - 3:43

Goodbye.
3:43 - 3:46

PH: Uh oh!
So we're in Brad's voice mail.
3:47 - 3:48

(Laughter)
3:48 - 3:50

And I was going to record him
a new message,
3:50 - 3:53

but I seem to have pressed an invalid key,
3:53 - 3:54

so we're going to move on.
3:54 - 3:58

And I'll explain how that works some
other day because we're short on time.
3:58 - 4:00

Anybody here used MySpace?
4:00 - 4:02

MySpace users? Oh!
4:02 - 4:05

Used to be popular.
It's kind of like Facebook.
4:05 - 4:09

This guy, a buddy of ours Samy,
was trying to meet chicks on MySpace
4:09 - 4:11

which I think is what
it used to be good for.
4:11 - 4:16

And what he did is he had
a page on MySpace about him.
4:17 - 4:19

It lists all your friends,
and that's how you know
4:19 - 4:22

somebody's cool is that they have
a lot of friends on MySpace.
4:22 - 4:24

Well, Samy didn't have any friends.
4:24 - 4:28

He wrote a little bit of Javascript code
that he put in his page,
4:28 - 4:30

so that whenever you look at his page
4:30 - 4:32

it would just automagically
add you as his friend.
4:32 - 4:35

And it would skip the whole
acknowledgement response protocol
4:35 - 4:38

saying "Is Samy really your friend?"
4:38 - 4:41

But then it would copy
that code onto your page,
4:41 - 4:43

so that whenever anybody
looked at your page
4:43 - 4:46

it would automatically add them
as Samy's friend too.
4:46 - 4:47

(Laughter)
4:47 - 4:51

And it would change your page
to say that "Samy is your hero."
4:51 - 4:52

(Laughter)
4:52 - 4:56

So in under 24 hours, Samy had
over a million friends on MySpace.
4:56 - 4:59

(Laughter)
4:59 - 5:03

Hey, he just finished serving
3-years probation for that.
5:04 - 5:06

(Laughter)
5:06 - 5:10

Even better, Christopher Abad,
this guy, another hacker,
5:10 - 5:13

also trying to meet chicks on
MySpace but having spotty results.
5:13 - 5:16

Some of these dates
didn't work out so well,
5:16 - 5:20

so what Abad did is
he wrote a little bit of code
5:20 - 5:26

to connect MySpace to Spam Assassin,
which is an open source spam filter.
5:26 - 5:28

It works just like
the spam filter in your email.
5:28 - 5:30

You train it by giving it some spam
5:30 - 5:33

train it by giving it a little
bit of legitimate email,
5:33 - 5:35

and it tries to use
artificial intelligence
5:35 - 5:37

to work out the difference. Right?
5:37 - 5:41

Well, he just trained it on profiles
from girls he dated and liked
5:41 - 5:43

as legitimate email.
5:43 - 5:47

Profiles from girls he dated
and not liked, as spam,
5:47 - 5:50

and then ran it against
every profile on MySpace.
5:50 - 5:53

(Laughter)
5:53 - 5:56

Out spits girls you might like to date.
5:56 - 5:59

What I say about Abad is, I think,
there's like three startups here.
5:59 - 6:01

I don't know why we need Match.com,
6:01 - 6:05

when we can have Spam dating?
You know this is innovation.
6:05 - 6:07

He's got a problem, he found a solution.
6:07 - 6:12

Does anybody use these -- bleep --
keys for opening your car remotely?
6:12 - 6:16

They're popular in, well,
maybe not Chicago, OK.
6:17 - 6:20

So kids these days will drive
through a Wal-Mart parking lot
6:20 - 6:22

clicking open, open, open, bloop.
6:22 - 6:26

Eventually you find another
Jetta or whatever just like yours,
6:26 - 6:30

maybe a different color,
that uses the same key code.
6:30 - 6:32

Kids will just loot it, lock it up and go.
6:32 - 6:34

Your insurance company
will roll over on you
6:34 - 6:36

because there's not
evidence of a break-in.
6:36 - 6:40

For one manufacturer we figured
out how to manipulate that key
6:40 - 6:43

so that it will open every car
from that manufacturer.
6:43 - 6:45

(Laughter)
6:45 - 6:48

There is a point to be made about this
which I barely have time for,
6:48 - 6:52

but it's that your car is now a PC,
your phone is also a PC,
6:52 - 6:56

your toaster, if it is not a PC,
soon will be. Right?
6:56 - 6:58

And I'm not joking about that.
6:58 - 7:00

And the point of that is
that when that happens
7:00 - 7:04

you inherit all the security
properties and problems of PC's.
7:04 - 7:06

And we have a lot of them.
7:06 - 7:09

So keep that in mind,
we can talk more about that later.
7:09 - 7:13

Anybody use a lock like this
on your front door?
7:13 - 7:15

OK, good.
7:15 - 7:16

I do too.
7:16 - 7:20

This is a Schlage lock.
It's on half of the front doors in America.
7:20 - 7:23

I brought one to show you.
7:23 - 7:25

So this is my Schlage lock.
7:25 - 7:30

This is a key that fits the lock,
but isn't cut right, so it won't turn it.
7:30 - 7:35

Anybody here ever tried
to pick locks with tools like this?
7:35 - 7:39

All right, got a few,
few nefarious lock pickers.
7:40 - 7:42

Well, it's for kids with OCD.
7:42 - 7:45

You've got to put them in there,
and finick with them,
7:45 - 7:48

spend hours getting the finesse
down to manipulate the pins.
7:48 - 7:51

You know, for the ADD kids in the house
there's an easier way.
7:51 - 7:53

I put my little magic key in here,
7:53 - 7:56

I put a little pressure on there to turn it,
(Tapping)
7:56 - 7:59

smack it a few times
with this special mallet
7:59 - 8:02

and I just picked the lock. We're in.
8:03 - 8:05

It's easy.
8:05 - 8:08

And in fact, I don't really know
much more about this than you do.
8:08 - 8:10

It's really, really easy.
8:10 - 8:12

I have a keychain I made
of the same kind of key
8:12 - 8:15

for every other lock in America.
8:15 - 8:19

And if you're interested,
I bought a key machine
8:19 - 8:22

so that I can cut these keys
and I made some for all of you guys.
8:22 - 8:24

(Laughter)
8:24 - 8:26

(Applause)
8:26 - 8:28

So my gift to you,
come afterwards and I will show you
8:28 - 8:31

how to pick a lock and
give you one of these keys
8:31 - 8:33

you can take home and try it on your door.
8:33 - 8:36

Anybody used these USB thumb drives?
8:36 - 8:39

Yeah, print my Word document, yeah!
8:39 - 8:43

They're very popular.
8:43 - 8:46

Mine works kind of like yours.
You can print my Word document for me.
8:46 - 8:50

But while you're doing that,
invisibly and magically in the background
8:50 - 8:54

it's just making a handy backup
of your My Documents folder,
8:54 - 8:58

and your browser history and cookies
and your registry and password database,
8:58 - 9:02

and all the things that you might need
someday if you have a problem.
9:02 - 9:06

So we just like to make these things
and litter them around at conferences.
9:06 - 9:10

(Laughter)
9:10 - 9:12

Anybody here use credit cards?
9:12 - 9:13

(Laughter)
9:13 - 9:14

Oh, good!
9:14 - 9:18

Yeah, so they're popular
and wildly secure.
9:18 - 9:19

(Laughter)
9:19 - 9:22

Well, there's new credit cards
that you might have gotten in the mail
9:22 - 9:25

with a letter explaining how
it's your new "Secure credit card".
9:25 - 9:27

Anybody get one of these?
9:27 - 9:32

You know it's secure because
it has a chip in it, an RFID tag,
9:32 - 9:35

and you can use these in
Taxicabs and at Starbucks,
9:35 - 9:38

I brought one to show you,
by just touching the reader.
9:38 - 9:40

Has anybody seen these before?
9:40 - 9:42

Okay, who's got one?
9:44 - 9:46

Bring it on up here.
9:46 - 9:48

(Laughter)
9:48 - 9:51

There's a prize in it for you.
9:51 - 9:54

I just want to show you
some things we learned about them.
9:54 - 9:56

I got this credit card in the mail.
9:56 - 9:58

I really do need some volunteers,
in fact, I need
9:58 - 10:01

one, two, three, four, five
volunteers because the winners
10:01 - 10:04

are going to get these
awesome stainless steel wallets
10:04 - 10:08

that protect you against the problem that
you guessed, I'm about to demonstrate.
10:08 - 10:11

Bring your credit card up here
and I'll show you.
10:11 - 10:14

I want to try it on one of these
awesome new credit cards.
10:14 - 10:16

OK.
10:19 - 10:21

Do we have a conference organizer,
10:21 - 10:24

somebody who can coerce people
into cooperating?
10:24 - 10:25

(Laughing)
10:25 - 10:29

It's by your own volition because --
10:30 - 10:33

This is where the demo gets really awesome
10:33 - 10:34

I know you guys have never seen --
10:34 - 10:36

(Inaudible question)
10:36 - 10:37

What's that?
10:37 - 10:41

They're really cool wallets
made of stainless steel.
10:41 - 10:45

Anybody else seen code
on screen at TED before?
10:45 - 10:47

Yeah, this is pretty awesome.
10:47 - 10:50

(Laughter)
10:52 - 10:53

OK, great I got volunteers.
10:53 - 10:57

So who has one of these
exciting credit cards?
10:58 - 10:59

OK, here we go.
10:59 - 11:02

I'm about to share
your credit card number
11:02 - 11:04

only to 350 close friends.
11:04 - 11:06

Hear the beep?
11:06 - 11:09

That means someone's hacking
your credit card.
11:09 - 11:10

OK, what did we get?
11:10 - 11:15

Valued customer and the credit
card number and expiration date.
11:15 - 11:19

It turns out your secure new
credit card is not totally secure.
11:19 - 11:22

Anybody else want to try yours
while you're here?
11:22 - 11:24

Man: Can you install overdraft protection?
11:24 - 11:26

PH: Beep, let's see what we got?
11:26 - 11:29

So we bitched about
this and AMEX changed it,
11:29 - 11:31

so it doesn't show the name anymore.
11:31 - 11:35

Which is progress.
You can see mine, if it shows it.
11:37 - 11:41

Yeah, it shows my name on it,
that's what my Mom calls me anyway.
11:41 - 11:43

Yours doesn't have it.
11:44 - 11:49

Anyway, so next time you get
something in the mail
11:49 - 11:52

that says it's secure, send it to me.
11:52 - 11:55

(Laughter)
11:56 - 11:59

Oh wait, one of these is empty, hold on.
12:01 - 12:03

I think this is the one, yep, here you go.
12:03 - 12:05

You get the one that's disassembled.
12:05 - 12:07

All right, cool.
12:07 - 12:10

(Applause)
12:10 - 12:14

I still have a few minutes yet left,
so I'm going to make a couple of points.
12:14 - 12:15

(Laughter)
12:15 - 12:17

Oh, shit.
12:17 - 12:21

That's my subliminal messaging campaign.
It was supposed to be much faster.
12:21 - 12:25

Here's the most exciting
slide ever shown at TED.
12:25 - 12:28

This is the protocol diagram for SSL,
12:28 - 12:30

which is the encryption
system in your web browser
12:30 - 12:33

that protects your credit card when you're
sending it to Amazon and so on.
12:33 - 12:35

Very exciting, I know, but the point is
12:35 - 12:39

hackers will attack every
point in this protocol, right?
12:39 - 12:43

I'm going to send two responses
when the server's expecting one.
12:43 - 12:46

I'm going to send a zero
when it's expecting a one.
12:46 - 12:49

I'm going to send twice as much
data as it's expecting.
12:49 - 12:51

I'm going to take twice as long
answering as it's expecting.
12:51 - 12:54

Just try a bunch of stuff.
See where it breaks.
12:54 - 12:56

See what falls in my lap.
12:56 - 13:01

When I find a hole like that
then I can start looking for an exploit.
13:01 - 13:06

This is a little more what SSL looks
like to hackers, that's really boring.
13:06 - 13:11

This guy kills a million Africans a year.
13:11 - 13:15

It's Anopheles stephensi mosquito
carrying malaria.
13:16 - 13:18

Is this the wrong talk?
13:18 - 13:19

(Laughter)
13:19 - 13:23

This is a protocol diagram for malaria.
13:24 - 13:27

So what we're doing in our lab
is attacking this protocol
13:27 - 13:30

at every point we can find.
13:30 - 13:33

It has a very complex life cycle
that I won't go into now,
13:33 - 13:36

but it spends some time in humans,
some time in mosquitos
13:36 - 13:39

and what I need are hackers.
13:39 - 13:44

Because hackers have a mind
that's optimized for discovery.
13:44 - 13:47

They have a mind that's optimized
for figuring out what's possible.
13:47 - 13:50

You know, I often illustrate this
by saying,
13:50 - 13:55

If you get some random new
gadget and show it to your Mom,
13:55 - 13:59

she might say, "Well, what does this do?"
And you'd say "Mom, it's a phone."
13:59 - 14:03

And instantly, she'd would know
exactly what it's for.
14:03 - 14:05

But with a hacker,
the question is different.
14:05 - 14:09

The question is
"What can I make this do?"
14:09 - 14:12

I'm going to take all the screws out,
and take the back off,
14:12 - 14:14

and break it into a lot of little pieces.
14:14 - 14:17

But then I'm going to figure out
what I can build from the rubble.
14:17 - 14:21

That's discovery, and we need to
do that in science and technology
14:21 - 14:23

to figure out what's possible.
14:23 - 14:27

And so in the lab what I'm trying
to do is apply that mindset
14:27 - 14:30

to some of the biggest
problems humans have.
14:30 - 14:34

We work on malaria, thanks to
Bill Gates, who asked us to work on it.
14:34 - 14:37

This is how we used to solve malaria.
14:37 - 14:39

This is a real ad from like the 40's.
14:39 - 14:43

We eradicated malaria in the US
by spraying DDT everywhere.
14:44 - 14:49

In the lab what we do is a lot of work
to try and understand the problem.
14:49 - 14:54

This is a high-speed video,
we have a badass video camera,
14:54 - 14:56

trying to learn how mosquitos fly.
14:56 - 14:59

And you can see that
they're more like swimming in air.
14:59 - 15:01

We actually have no idea how they fly.
15:01 - 15:04

But we have a cool video camera so we --
15:04 - 15:06

(Laughter)
15:06 - 15:09

Yeah, it cost more than a Ferrari.
15:09 - 15:12

Anyway we came up with some
ways to take care of mosquitos.
15:12 - 15:15

Let's shoot them down with laser beams.
15:15 - 15:19

This is what happens when you put
one of every kind of scientist in a room
15:19 - 15:21

and a laser junky.
15:21 - 15:25

So people thought it was funny at first,
15:25 - 15:30

but we figured out, you know, we can
build this out of consumer electronics.
15:30 - 15:33

It's using the CCD from a webcam,
15:33 - 15:37

the laser from a Blu-ray burner,
15:37 - 15:40

the laser galvo is from a laser printer.
15:40 - 15:43

We do motion detection on a GPU processor
15:43 - 15:45

like you might find in video game system.
15:45 - 15:47

It's all stuff that follows Moore's law.
15:47 - 15:50

So it's actually not going to
be that expensive to do it.
15:50 - 15:52

The idea is that we would put
15:52 - 15:56

a perimeter of these laser systems
around a building or a village
15:56 - 16:00

and just shoot all the mosquitos
on their way in to feed on humans.
16:00 - 16:03

And we might want to do that
for your backyard.
16:03 - 16:05

We could also do it to protect crops.
16:05 - 16:07

Our team is right now working on
16:07 - 16:09

characterizing what they
need to do the same thing for
16:09 - 16:13

the pest that has wiped out
about two thirds
16:13 - 16:16

of the Orange groves in Florida.
16:18 - 16:21

So people laughed at first.
16:21 - 16:23

This is a video of our system working.
16:23 - 16:26

We are tracking mosquitos live
as they fly around.
16:26 - 16:29

Those crosshairs are put there
by our computer.
16:29 - 16:30

It just watches them,
finds them moving
16:30 - 16:34

and then it aims a laser at them
to sample their wing beat frequency.
16:34 - 16:37

Figure out from that,
is this a mosquito?
16:37 - 16:40

Is it Anopheles Stephensi?
Is it female?
16:40 - 16:45

And if all that's true then
we shoot it down with lethal laser.
16:45 - 16:47

(Laughter)
16:47 - 16:49

So we have this working in a lab.
16:49 - 16:52

We're working on taking
that project into the field now.
16:52 - 16:56

All this happens at the Intellectual
Ventures Lab in Seattle where I work
16:56 - 17:02

and we try and take on some
of the hardest problems that humans have.
17:02 - 17:03

This is the money shot.
17:03 - 17:07

You can see we just burned
his wing off with a UV laser.
17:07 - 17:09

He's not coming back.
17:09 - 17:12

(Applause)
17:12 - 17:16

Kind of vaporized
his wing right there, yeah.
17:16 - 17:19

They love it.
I mean, you know.
17:19 - 17:21

Never got called by PETA or anyone else.
17:21 - 17:23

I mean, it's the perfect enemy.
17:23 - 17:26

There's just no one coming
to the rescue of mosquitos.
17:26 - 17:30

Sometimes we overdo it.
17:30 - 17:32

So anyway, I'm going to get off stage.
17:32 - 17:35

This is the Intellectual Ventures Lab
where I work.
17:35 - 17:38

Basically we use every kind of scientist
17:38 - 17:42

and one of every tool in the world
to work on crazy invention projects.
17:42 - 17:44

Thanks.
17:44 - 17:45

(Applause)

Title:: Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
Description:: You think your wireless and other technology is safe? From Blue Tooth to automobile remotes, PCs, and "secure" credit cards, Hacker extraordinaire shows how nearly every secure system is vulnerable.

more » « less
Video Language:: English
Team:: closed TED
Project:: TEDxTalks
Duration:: 17:51

	TED Translators admin edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom approved English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ivana Korom edited English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests
	Ariana Bleau Lugo accepted English subtitles for Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests

Show all

English subtitles

Revisions Compare revisions

Revision 18 Edited

TED Translators admin
Revision 17 Edited

Ivana Korom

	Revision Number	Author	Created
	18	TED Translators admin
	17	Ivana Korom

Top Hacker Shows Us How It's Done: Pablos Holman at TEDxMidwests

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)