July 24, 2015 - The WAN Show Document

[LinusTech]

 

soundcloud link: https://soundcloud.com/thewanshow/the-wan-show-adultery-site-ashley-madison-hacked-jeep-cherokee-hacked-july-24-2015

 

Main News Topics

Hackers remotely kill a Jeep on the highway

Source 1: linustechtips.com/hackers-remotely-kill-a… OP: jos

Source 2: wired.com/hackers-remotely-kill…

• showcase piece done by Wired featuring hackers Charlie Miller and Chris Valasek

• result of car-hacking research they had done over the past year

• zero-day exploit targeting Jeep Cherokees that gives the hacker wireless control of the vehicle

• able to send commands to the 2014 Jeep’s dashboard functions, steering, brakes, and transmission through its entertainment system

• the hackers were 10 miles West of the vehicle in this case, but the exploit isn’t limited by distance

• the hackers messed with the AC, radio, windshield wipers, then cut the transmission

• they can also kill the engine entirely at low speeds, abruptly engage the brakes, or completely disable the brakes

• only able to hijack the wheel while the vehicle is in reverse

• can also track the GPS coordinates, measure its speed, and drop pins on a map to trace its route

• this isn’t the first time Wired has done a piece with these hackers about car hacking, though it is the first time it was carried out wireless, a much more unnerving thought

• the hack is made possible by Uconnect, the entertainment, nav, phone management, and Wi-Fi hotspot aspect of Chrysler (and their sub-brands’) vehicles

• the vulnerable element won’t be revealed until next month when the hackers give a Black Hat talk, but anyone who knows the IP address of the car can gain access from anywhere in the country

• “From an attacker’s perspective, it’s a super nice vulnerability,” said Miller (lol)

• once the hacker has entry they can mess with the firmware in the car’s head unit to gain access to the physical components (engine, wheel, etc.)

• attack only works on Chrysler vehicles with Uconnect from late 2013-early 2015

• has only been fully tested on a Jeep Cherokee, though they believe they could access any car with a Uconnect head unit

• Miller and Valasek have been sharing their research with Chrysler for nearly 9 months, enabling the patch mentioned below (though that patch has to be installed manually, meaning many people may not even hear about it)

• Chrysler stated that they “appreciate” Miler and Valasek’s work, but “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”

• Miller and Valasek believe that releasing the portion of code is important since it allows their peers to prove their work, and holds automakers accountable for their digital security

• “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.”

• carmakers have had ample time to work to secure their systems as a team of researchers from the University of Washington and University of California San Diego showed that they could wirelessly disable the locks and brakes on a sedan back in 2011

• “The regulators and the industry can no longer count on the idea that exploit code won’t be in the wild. They’ve been thinking it wasn’t an imminent danger you needed to deal with. That implicit assumption is now dead.” - Stefan Savage, UCSD comp sci professor

• Uconnect computers are linked to the Internet through Sprint’s cellular network, which allows other Sprint devices to talk to them

• Miller demonstrated scanning for target vehicles in his 3G network on a burner phone connected to his laptop and acquiring GPS coordinates, VIN numbers, and IP addresses of each car by doing so

• Miller and Valasek ranked the Jeep Cherokee as the most hackable car, with Cadillac’s Escalade and Infiniti’s Q50 coming in 2nd and 3rd

• estimated to be as many as 471,000 vehicles on the road with vulnerable Uconnect systems in the US

• US congress is now working to have the National Highway Traffic Safety Administration and the Federal Trade Commision set new standards and create privacy and security ratings for consumer automobiles

• US Senator Markey (one of the leads on the new security legislation) sent a letter to 20 automakers, asking them a seies of questions about security practices, the answers to which showed “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.”

• only seven of sixteen respondents said they hired independent security firms to test their vehicles’ digital security, and only two said their vehicles had monitoring systems that checked their CAN (car’s internal network) networks for malicious digital commands

• important takeaway is not that Jeeps are more vulnerable than other vehicles, but that all modern vehicles could be vulnerable to a hack

• closing statement from the hackers “We shut down your engine—a big rig was honking up on you because of something we did on our couch. This is what everyone who thinks about car security has worried about for years. This is a reality.”

Fiat issues software patch after hackers take over car

Source 1: linustechtips.com/fiat-issues-software… OP: Suika

Source 2: timesofindia.indiatimes.com/fiat-issues-software…

• Wednesday this patch was released for some internet-connected vehicles

• direct result of the hack on the 2014 Jeep Cherokee

• “Fiat Chrysler claimed no first-hand knowledge of any of its vehicles being hacked and released a statement saying that software updates are sometimes required ‘for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems.’”

Chrysler to recall 1.4 million vehicles after remote hijack bug found

Source 1: linustechtips.com/chrysler-to-recall-14-million… OP: Alexp10v2

Source 2: theverge.com/chrysler-announces…

• voluntary recall

• 1.4 million vehicles affected

• affected cars include Dodge Vipers, Ram trucks, Jeep Cherokees and Grand Cherokees, Dodge Durangos, Chrysler 200 & 300, Dodge Charger, and Dodge Challenger

• Chrysler owners can enter their VINs at a provided website to check if their vehicle is included in the recall

• no need to take your car to a dealership, they provide you with the patch on a USB drive (can’t receive over the air security updates like the Model S)

• with that said, Chrysler says they have taken “network-level security measures to prevent the type of remote manipulation” demonstrated this week

• Chris Valasek (one of the hackers), Tweeted “Looks like I can’t get to Charlie’s Jeep from my house via my phone. Good job FCA/Sprint!”

• “The company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents — independent of the media demonstration.” said a Chrysler spokesperson

• issues will be discussed more deeply at next months’ Defcon, but again, full details of the vulnerability will not be released to the public

• not clear if the message was fully received as “Chrysler insists it's only taking this step out of ‘an abundance of caution.’”

• from Chrysler’s statement “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”

Right to destroy drones coming

Source 1: linustechtips.com/right-to-destory-drones… OP: jos

Source 2: nakedsecurity.com/dreams-of-legally…

• wildfires took place on a Los Angeles freeway leading to Las Vegas

• helicopters were not able to dump water on the fires from above due to 5 drones flying close to the fire

• third time in a few weeks that this has happened

• “Planes or helicopters being flown by pilots focusing on the fire and flying in smoky, low-visibility fire zones just can't risk the danger of a mid-air collision with a drone, so firefighting aircraft get grounded when unmanned aircraft systems (UAS) get in the way.”

• firefighters have tried educating the public, reasoning with them, and fining drone owners who choose to fly during these situations

• many of these unmanned aircrafts are flying well above the legal height limits, and it is illegal for unmanned aircraft to fly in restricted airspace around a fire

• currently illegal to shoot drones down

• legislation has now been introduced to exonerate emergency workers who take out drones

• would be able to disable the drones using jamming technology, which would end up blocking Wi-Fi, GPS signals to drones, as well as calls and messages to mobile devices

• “This bill will help make sure the skies are clear of drones and that the brave men and women fighting these fires can do their job of protecting the public without worrying about frivolous lawsuits.”

• TL;DR from Assemblyman Gatto in California, “Just because you have access to an expensive toy that can fly in a dangerous area doesn’t mean you should do it.”

Toshiba CEO and eight other executives resign after the company lied about $1.2 billion in profits

Source 1: linustechtips.com/toshiba-ceo-and-eight-other… OP: Bouzoo

Source 2: money.cnn.com/toshiba-ceo-resigns…

• current chairman named interim president

• overstated profits by $1.2 billion over 7 years

• Toshiba started an internal accounting investigation on their energy division, with an independent committee taking over in May

• year-end dividends and postponed earnings have been cancelled

• Toshiba stock has dropped around 20% since early April when accounting issues first came to light

Doping in eSports - ESL takes action

Source 1: linustechtips.com/so-apparently-theres-doping… OP: Bloodyvalley

Source 2: pcgamer.com/esl-perparing-new-anti-doping…

• this is in response to an interview with Kory “Semphis” Friesen, formerly of team Cloud 9, that took place after a recent CS tournament

• he was discussing the lack of coordination showed by the team at a tournament for ESL One in Katowice before he was kicked, and he responded saying “I don’t even care. We were all on Adderall.”

• Adderall is a psychostimulant used to treat ADHD

• Adderall and similar drugs have been pervasive in FPS games like Quake and Counter Strike for many years (especially in North America), according to industry sources

• there was a lot of backlash from the community, and using drugs such as Adderall for performance enhancement is against the ESL One rulebook

• ESL is making changes due to these comments and the community reaction

• “The Industry of our sport is and always will be our biggest concern,” said their head of communications. “When we first saw [Friesen's comments], we focused immediately on kickstarting a policy-making process and adjusting the rules. We have worked on changes in our rules, reached out to authorities for support, and will be ready to announce our next steps in a couple of days.”

• working with national and world drug organizations to make sure they have policies in place that make sense for testing players

• “We're taking the steps to level with traditional sports, and it's going to take a while before any esports organization will administer regular drugs tests. We hope to speed this process up by proactively seeking advice from authorities and starting small. Full blown drug tests at esports events are far away, but that doesn't mean we can't and shouldn't try to tackle the issue.”

Chris Roberts speaks out about the time it’s taking for Star Citizen to release

Source 1: linustechtips.com/chris-roberts-speaks-out-about… OP: Bloodyvalley

Source 2: pcgamer.com/chris-roberts-speaks…

• acknowledged the fact that it’s taking longer than expected

• says it’s a consequence of the open development cycle they have

• recent delay of Star Marine FPS module has been “mischaracterized by many sites as ‘being put on indefinite hold or canceled.’”

• internal headcount is up to 255 now

• “The turnover at CIG is no mmore or less than it was at Origin, EA, Digital Anvil or Microsoft when I was making games there. The difference is that since we conduct our development in an open manner people get the opportunity to know some of the invididuals working on the game, in a way you wouldn’t with a normal  publisher, so a departure becomes more noticeable.”

• “Anyone with knowledge about game development can assess our spending based on the information we share every month. It speaks for itself that form the outset our TOS provides for an accounting to be published if we ever had to stop development before delivering.”

• 3000AD founder Derek Smart received an unrequested refund on his Star Citizen Kickstarter pledge after calling for an FTC investigation into Cloud Imperium on his blog, is calling anyone who thinks Star Citizen will come out as advertised “is delusional”

• “From an economics standpointt, what people fail to realize is that most games don’t sell 927K copiess. So this $85m, at this point, are pre-sales because people expect something in return for their money. Thus, any money needed to continue ops after that money runs out within this year (no source), has to come from somewhere… with 255 employees, plus an undisclosed number of contractors, that monthly burn rate is killer.”

NASA discovers “Earth 2.0”

Source 1: linustechtips.com/nasa-discover-earth-20… OP: Ohino Shinobu

Source 2: bbc.co/science-environment…

• Kepler-452b shares many characteristics with Earth

• orbits at a similar distance from its star, radius is 60% larger

• mission scientists believe it was the most Earth-like planet yet

• around 1,400 years away from Earth

•  

Rapid Fire

[Leaked] Everything about the new Moto G

Source 1: linustechtips.com/leaked-everything-about-the… OP: Lord Sparklebottom

Source 2: theverge.com/motorola-new-moto-g-details…

• tons of color options

• 16GB with 2GB of RAM or 8GB (not sure how much RAM)

• assumed to be in the same price range as current model ($179.99)

• “HD” display (720p?), “all-day battery life”

• 13-megapixel camera, 5-megapixel selfie cam, quad-core Snapdragon processor, microSD (up to 32GB) and dual SIM support

• shipping with Android 5.1.1

iOS8 at 85% adoption, Google quiet about Lollipop

Source 1: linustechtips.com/ios-at-85-adoption… OP: Suika

Source 2: theinquirer.net/ios-8-hits-85…

• Apple updated iOS developer portal to show 85% running iOS 8, 13% running iOS 7, and 2% running an earlier version

• Google usually updates adoption figures monthly, but have not done so since June 1

• no word from Google on why that is

• Lollipop running on 12.4% of phones & tablets as of June 1, 4.4 Kitkat still sitting at 39.2%, Jelly Bean at 37.4%

Timed exclusives - dates for Rise of the Tomb Raider

Source 1: linustechtips.com/timed-exclusives-rise-of… OP: zMeul

• Square Enix announced on July 23

• coming to Windows 10 and Steam in early 2016 after the Xbox release in holiday 2015

• not coming to PS4 until holiday 2016

• releasing on Xbox One and 360 November 10, 2015, the same day as Fallout 4

Qualcomm to lay off 15% of workforce

Source 1: linustechtips.com/qualcomm-to-lay-off-15… OP: Suika

Source 2: theverge.com/qualcomm-layoffs-shrinking…

• part of a “major initiative to restructure the company and improve financial performance.”

• revenue of $5.8 billion for the last quarter is down 14% from one year ago

• net income dropped 35% to $1.6 billion

• also cutting their earnings forecast for the year after already having done so twice this year

Nvidia GP100 Pascal GPU to feature 17 Billion Transistors and 32 GB HBM2 VRAM

Source 1: linustechtips.com/nvidia-gp100-pascal-gpu… OP: ChrisxlxCross

Source 2: fudzilla.com/nvidia-pascal-gpu-has-17…

[Aytex]

tl:dr

[shanmu54321]

You linked the wrong video

[comicsansms]

@LinusTech WRONG VIDEO!!!!

[STRMfrmXMN]

tl:dr

Linus got shirtless and they ordered a firepole for the new office and you missed it

[Aytex]

Linus got shirtless and they ordered a firepole for the new office and you missed it

[Stanvard]

Linus got shirtless and they ordered a firepole for the new office and you missed it

Yes. He got a ''firepole'' for the new office.

[STRMfrmXMN]

Yes. He got a ''firepole'' for the new office.

Indeed he got a firepole.

[STRMfrmXMN]

snip

Hey Linus buddy you forgot to put the correct video link in

[LinusTech]

fixed.

[Mr_Flynn]

Doesn't look like the iFixit offer code is working. Their checkout says the offer code has expired.

[Master Disaster]

And on today's WAN show....

Everything got hacked, like everything.

Thanks guys

[TheKDub]

fixed.

 

Firepole?

[tiny6996]

you can check caffine levels and excess amounts of caffine. Caffeine is on the NCAA band substance list shown here

http://www.ncaa.org/health-and-safety/policy/2014-15-ncaa-banned-drugs

[samcool55]

Linus Y did u say something so rude! D:

Android phones that are 5 year old are good if you know how to keep them going!

I have an LG C-800 (or known as the T-mobile exclusive Mytouch Q) and is almost 4 years old (it's 3 years and 9 months old) and it runs CM9, and tbh it still works great!

I did some tweaks to keep it smooth, but still, nothing magic. I do overclock it, and of course gaming isn't a good idea, but things like Skype and other light apps just works as you would expect... If you are a light user and you know how to properly keep your phone going, you can have a 4-5 year old android phone without problems.

I want to stick with the LG as long as i can, and unless apps get a lot more demanding, it will stay with me for a long time.

[Master Disaster]

@LinusTech

Your badminton fact is wrong, there's a few equestrian events where men and women compete against each other too.

[Juanse]

My laptop and my rigs HDD are TOSHIBA

[unijab]

No update on the virtual instances of Adobe media encoder?

[Ralph Schaddelee]

@LinusTech

Your badminton fact is wrong, there's a few equestrian events where men and women compete against each other too.

 

On the same field at the same time? Which one is that?

 

@LinusTech

On the consumer side Toshiba is a player in storage, together with Samsung they formed TSST - Toshiba Samsung Storage Technologies.

And the outtro was loud. very loud.

[Master Disaster]

On the same field at the same time? Which one is that?

@LinusTech

On the consumer side Toshiba is a player in storage, together with Samsung they formed TSST - Toshiba Samsung Storage Technologies.

And the outtro was loud. very loud.

Both cross country and dressage

Obviously they can't be on the same field at the same time when doing dressage but I'd still count it as they compete head to head with a totally equal rule set, its just they only compete one at a time anyway. On cross country they all ride the same course at the same time with a timed delay for the start, again they're going head to head with an equal rule set. The timed delay is for obvious reasons, 30 riders fighting over the same gates is dangerous.

They do ride individually as well, they do male,female then team event.

[JustChilliing]

About touchscreens in cars - very difficult to operate while on the move AND keeping your eyes on the road. No feedback, you have NO idea if you've pressed the button and it's dangerous to take your eyes off the road to look at the console. Which is why swivels and actual buttons are still more popular, or work in situ with touchscreens. Aston Martin consoles were changed to have fewer touch buttons, as owners complained about the 0 feedback that a button would give. They still have touch, but eh.

[fishy]

about using drugs in e-sports

i started watching it quite regularly after the international last year, though moba isn't my thing so i was more focused on csgo

but it never even occurred to me, that they might be using some performance enhancing drugs

red bulls and such i don't consider as an performance enhancer, or caffeine for that matter, it has no effect on me, so it's hard to believe for me that it has on others

but then again, i've never heard of adderall and other drugs either

i'm 25 years old, live in EU and never even heard of these drugs, other than what i see on TV here and there, here, we don't give drugs to kids like candy, i don't even know of anyone that had to use any drugs like that when we were kids, or now even

i do believe that in the NA they have more drugged up kids tho, so it might be more common there and it was obvious for you folks

[Stagea]

They probably disabled the brakes on the Jeep by hacking to the ABS system. The system is just releasing the brake pressure applied by the master cylinder.

[Ralph Schaddelee]

Both cross country and dressage

Obviously they can't be on the same field at the same time when doing dressage but I'd still count it as they compete head to head with a totally equal rule set, its just they only compete one at a time anyway. On cross country they all ride the same course at the same time with a timed delay for the start, again they're going head to head with an equal rule set. The timed delay is for obvious reasons, 30 riders fighting over the same gates is dangerous.

They do ride individually as well, they do male,female then team event.

 

Yeah but that means that Linus' quote still stands.

https://youtu.be/YvpOi2KgU54?t=35m11s

'same field, same time' is what he said. a 30 sec delayed start is (arguably) not at the same time.

[Ralph Schaddelee]

About touchscreens in cars - very difficult to operate while on the move AND keeping your eyes on the road. No feedback, you have NO idea if you've pressed the button and it's dangerous to take your eyes off the road to look at the console. Which is why swivels and actual buttons are still more popular, or work in situ with touchscreens. Aston Martin consoles were changed to have fewer touch buttons, as owners complained about the 0 feedback that a button would give. They still have touch, but eh.

 

But in a lot of car models the dial and buttons a next to the screen.

For example, the Volkswagen Group, uses this model (touch)screen for low end to premium models. Here's a video for a newer version of the system: 

 

The only one i've seen in real life where you can change the settings without really having to take your eyes off the road is BMW i-Drive.