Dangers Of Smart Remotes – GPS Y2K: AS HEARD ON WGAN: [03-20-19]
Craig is on the WGAN Morning News with Ken and Matt. They talked about the Y2K-like bug that would strike GPS systems on April 6th, the hackable smart alarms, and Craig’s stern warning to ditch Windows 7 and upgrade to Windows 10.
- ‘Gps Systems Will Be Struck By Y2k-Like Bug On April 6’: Security Expert Says He Will Not Fly On ‘Day Zero’ After Governments Warn Global Devices Will Reset Due To Calendar Glitch
- Google Recommends Windows 7 Users To Upgrade To Windows 10 If Possible, As A Kernel Vulnerability Allows For Local Privilege Escalation On The Operating System.
- No Guns Or Lockpicks Needed To Steal Modern Cars If They’re Fitted With Hackable ‘Smart’ Alarms
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/20/2019
Dangers Of Smart Remotes – GPS Y2K
Craig Peterson 0:00
Hey, good morning, everybody. Craig Peterson here again. And I was on this morning being Wednesday with three stations up in Maine, up in Maine’s capital city, as well, and I was on with Ken and Matt. We chatted about a few different things. I ask them some questions about demonetizing deplatforming. What are the legal requirements there? And it was kind of interesting because of course Ken is an attorney to find out what’s going on. The mom in Arizona with the kids on YouTube. Boy, what a mess that is. We’ve got representative Nunez who is threatening suit due to something very similar and we’ve seen this happen a lot so where is this line supposed to be drawn? Kind of interesting we also of course talked a little bit about technology and Matt’s problem where Matt had his fob reprogrammed for his car and tied right in to a story this week about the smart alarms and how imminently hackable they are. So here we go.
Alright, we are back again on 7:37 on the WGAN Morning News. Wednesday morning and get a matter here. And so is Craig Peterson, our tech guru. He joins us now. Craig, how are you?
Hello. I’m doing well. I am I’m really interested in what’s happened here. You guys have been reporting on this case of the Arizona mother who was abusing their children. And we also have I’m trying to remember who this was, someone in Congress just threatened suit or bringing suit against I think it’s Twitter.
Yeah. You were thinking about Mr. Nunez.
Yeah, yeah. Exactly.
Ken Altshuler 1:51
That’s what you call a publicity stunt.
Yes. He’s gonna fail miserably.
You think so? You think that’s what it is?
Of course. Of course.
Because he knows he’s gonna lose. So what else would it be?
Yeah. Well that’s a really good point. How about we’ve got the Hallmark Channel cutting ties with Laurie we know this whole college admissions scandal and stuff. How far can that go ultimately? Because, again, they’ve got clauses in their contracts on saying that they have to be a good character,
By the way, I pay nearly half a million dollars for my children to go to college, I don’t see what the big deal is.
In Arizona again, obviously, this woman what she’s charged with is just absolutely crazy. But can we have all of these social media platforms and other ways that people are making money and trying to get messages out? Can people be deplatformed at the drop of a hat? And should they be? It’s an interesting question. I don’t know how far this goes. I’ve heard Nunez and and his complaints. And I’ve heard other people, particularly conservatives saying that their messages are being stopped or they’ve been deplatformed. And we’ve certainly seen that with Alex Jones and some others who Alex isn’t accused of anything illegal. It just being a real jerk, I think is is kind of the bottom line for him. But is it again, interesting territory? I don’t know. Ken, had the courts really settled any of this stuff yet?
I think it’s basic libel and slander law. I think if you’re a public figure it’s virtually impossible to be…
But as it relates to like deplatforming and stuff like that, that’s
their company, they can do whatever they want with it. I mean, it’s if they want to, they want to ban me for having brown hair or blue eyes. I mean, they could do that. Whenever. And perhaps it’s not the wisest thing for them to do. And I think it opens a gigantic door for a competitor that isn’t such a, you know, terrible company to actually operate. But you know, they want to do that they could do that.
Yeah, yeah, I agree on that part. That’s certainly the libertarian to me coming out for that. Anyhow, it was interesting, I thought I would ask the experts this morning.
Well, talking about experts, since you’re the expert guru in computers, are we going to have another Y2K thingamajiggy?
Oh, this this is really weird. This one that hit me a few weeks ago and hit my inbox as it were. And Y2K of course, we have a problem with the rollover from a computer is able to use just a two digit year to figure out the time and elapsed time, you know, where they were just use, like 74, I wrote code that just choose the last two digits of the year back in the you know, in the 70s and and it’s been going on for a long time. So everyone was worried what’s going to happen when it turns from being able to issues 99 to zero, because they’re always lower than 99. But it turns out most businesses had fixed the problems and none of these problems were were anything that would have been really earth shattering if they had to get at least not in most cases. Now we’ve got a security expert who about two weeks ago out at a security conference in San Francisco said that he’s not going to fly on April 6 and the reason for that is that older GPS systems don’t have the ability to handle dates past April 6 it’s actually a specific time on April 6. But here’s the problem the counters in the old GPS systems don’t have enough digit so they are going to roll back to zero. And we look at what’s happening right now with Boeing’s jet, the 737 Max 8 right and that jet airliner. How long ago was that designed? Do you guys know?
What is it? Is that it? Yeah, the Max 8.
Yes, Max. Yeah, the 737 Max. I have no idea what it is. No, I can’t even begin to claim that I have any idea
Such a 50 year old design and what’s been happening over the years is they’ve been making a minor changes kind of, you know, few changes of the time. So the whole jet airliner has not had to be retested. So for instance, right now they added this system that people are saying like be the problem could be the problem. Boeing saying it’s more along the lines of the pilots weren’t trained enough, they only had a few hundred hours of flight time. But inside these airplanes are systems that were designed 50 years ago. And so this expert is saying, Hey, listen, this could be a real problem because the GPSs from 20 years ago, cannot handle the rollover the guy’s name is Bill Malik. He’s a VP over Trend Micro which is a basically a security company and he’s concerned because these GPS systems aren’t just to use in things like airports and airplanes although I’m sure in pretty much every case the airplane have been updated, right? I’m I don’t have a problem with flying on April 6 personally. But we also have these embedded systems that are used for their clock source for that signal. And they’re using everything from traffic control systems through a computer systems. Some of the older ones, the bridges, some of the automatic bridges that we have in Maine, like one going down to New Hampshire that that goes up and down based on what the traffic is on the on the water below. A lot of these systems are based on using clocks from GPSs. So Ken we could have a Y2K type problem with anything with an older embedded GPS in them on April 6. And it does bring up the problem of, again, updating our software, our firmware, our hardware, you know, when was the last time you updated the software in your firewall in the router in your home. This statistics on the more or horrific. People just aren’t updating them. So it brings it to light. And yeah, GPS could be a problem. And you might even have it with your car GPS, if you have an old GPS for your car. It might just plain old completely stopped working on April 6.
And we’re talking to Craig Peterson, our tech guru joins who us on Wednesdays at this time to go over what’s happening in the world of technology. Craig, I had a little bit of a car issue a while back a couple weeks ago had to get somebody to basically break into my car and reprogram a fob which he was able to do by basically plugging in a little computer to my car. And about 30 seconds later, he had now taken over the entire security system and it was able to start it remotely and basically we had complete and total control over the car by plugging something in. Is my car a little vulnerable to being taken over by surreptitious evil people trying to steal it in some fashion, or maybe perhaps taking it over for other nefarious purposes?
You know what kind of car I drive, right?
Yeah, like an old one. Yeah.
1980 Mercedes diesel okay. There is missing electronics on it. Yeah, actually, you are. And it’s yet another reason to lock your car. Because if they get can gain access to that little computer port inside, many of the cars can be totally hacked. Now, the manufacturers are trying to keep that technology kind of secret. But man is it gotten out and it’s in the hands of even people that change locks, you know, the fob you talked about. But we’ve got this week as a British firm. They’re called Pentest Partners. And they had heard about some vulnerabilities with some of the smart alarms that people have been putting in their cars. So they did some testing. And they’ve come out with a warning and they’re warning is that they found that the Viper Smart Start alarm Viper Smart Start alarm, which I’m sure many people here have in their cars get is great to start your car get warmed up in the wintertime and get into a nice warm car. But the Viper Smart Alarms as well as product from Pandora where they’re making, not Pandora, the radio app that you might be using, but Pandora, the guys that make the smart alarms. Both of them are riddled with flaws. According to the report. That’s a direct quote from them. And it turns out that the manufacturers had inadvertently exposed around 3 million cars to theft and users to hijack. Because what they can do is without even having access to that computer port in the car, they’re able to get on remotely and do anything that that smart alarm could do and do it to your car. And it turns out even more than you think the smart alarm might be able to do just like with your car Matt where he could get in and do a whole bunch of different things inside your car. These can too and they found they could remotely hack the car that they could then from that car not only unlock it or start the engine but if you’re driving down the highway in that car, they could control the accelerator so they could take you for ransom, floor the car have that car going full speed down the turnpike as fast as it could possibly go with you sitting behind the wheel unable to do anything about it you know. Burn outs, your brakes, etc. So there they did a live proof of concept demo, they could do geo-locate the target car using the Viper Smart Start account. Built in functionality. They set off the alarm so that the driver went out to investigate and stopped, activated the cars and mobilizer once it was stationary, remotely unlock the cars doors. They clone the key fob. They issued RS commands from a user’s mobile phone. And even worse, they discovered this function in the Viper API that remotely turned off the cars engine. There, these devices can do a whole lot. So check your smart alarm, your smart remote start, see if it’s vulnerable, what the vulnerabilities are not all of the vulnerabilities I mentioned are true for both of these alarms. But they have been shown in the past. We’ve seen Chrysler’s be able to be taken over. Remotely driven off the road. But the hacker had to have access to the car first. Now we’re seeing that some of these smart alarms have way more access than we thought they did. And could turn out to be very, very dangerous.
We are talking to Craig Peterson, our tech guru. By the way you can go to https://CraigPeterson.com anytime you want to know anything about technology. Thank you, Mr. Peterson. We’ll talk to you on next Wednesday at 7:38.
Hey, take care. Gentlemen, I want to make one quick warning. Before I go. Google has now issued a warning to everyone to abandon Windows 7 right now. They say there’s a major security problem with Windows 7 there. Google is advising you to upgrade to Windows 10. And this is a kernel vulnerability problem. Local privilege escalation something.
I think I have Windows 7.
I think I have Mac.
But I have Windows on my Mac.
Well, it’s true for that too. So if you’re still running Windows 7, if this isn’t the siren call to upgrade, quote unquote, to Windows 10 do it now. But you might be better off and upgrade to a Mac. That’s what I did.
Yeah. But I have a Mac but have Windows on it.
Yeah, but you’re still gonna have to do it. You’re gonna have to upgrade your Windows on your Mac that’s living in the VM or the dual boot loader
That’s living in VM. That’s where it’s living.
Yeah. Which is good that helps keep it separate but you’re gonna have to upgrade it. This is bad, this is really bad.
Okay, thanks for the warning.
Craig Peterson. Thanks a lot. Alright, we are going to take a quick break here are we not?
Hey everybody. Plan is to be here tomorrow and Friday as well with my security thing, you know, it’s just a security thing. Well, how does it matter, right? So hopefully I’ll be able to get those done today and we’ll get those out. But it’s stories of individuals and companies who have been hacked or who averted a hack, what happened? What they did? And what could have been done better about it?. So if you’re enjoying those let me know. me@CraigPeterson.com.