Major Problems With GPS – Car Security Systems Hackable: AS HEARD ON: WTAG: [03-19-19]

TRANSCRIPT

Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/19/2019

Major Problems With GPS – Car Security Systems Hackable

Craig Peterson: 0:00
Good morning. Craig Peterson here. I was on this morning with the Jim Polito show. It was actually Danny because Jim is on a tour. He is over touring in Italy. He was in Venice yesterday. And he’s going on to Ireland. He sounds like he’s just having a great time. So Danny and I chatted this morning, and I did some explanations here of GPS, what it is, how it works and how it’s going to affect you. I think this is much better explanation than I did last time on the radio. Oh, well. Anyways, here we go with Mr. Danny Farrantino.

Danny Farrantino 0:35
Yes, by now. You know what that music means? Time for Tech Talk expert, Craig Peterson. And Craig. GPS systems are going to be struck by a Y2K bug. Come on, this can’t be real.

Craig 0:48
Hey, good morning, Danny. Yeah, this is a real problem. And most people don’t understand what’s going on. And this is something I wasn’t even aware of just a week and a half, two weeks ago, before I came across this. You know, we’ve been having these issues with the airplanes, right? And, and the Boeing jet that has been grounded pretty much worldwide. And the reason for that seems to be new software, some new systems and things on board. But you know, how long ago that base airplane was designed, Danny?

Danny 1:23
I do not, Craig, know. But I’m sure you do.

Craig 1:27
About 60 years old. 6 zero years old. Yeah. And what’s been happening. And this is common for airplane manufacturers. But what’s been happening is they make small changes to the airplane and they get it approved. So the whole plane doesn’t have to be rechecked. And they eventually end up with a situation like today, where it’s no longer the pharaohs boat, for those of you from law school, remember that story. But we will get into that right now. But the here’s the problem we’re looking at today. GPS has been around for many, many decades now. And of course, it works by having satellites up in the air above us and and in in space, and they send a signal down and our GPS units pick it up. Well, that signal is actually a primarily a clock signal.

Craig 2:25
Have you ever been ever heard something loud in the distance, like lightning? For instance, right?

Danny 2:31 
Yep.

Craig 2:31
And you see it before you hear it usually, right? What happens with lightning? If you see it and hear it at the same time? How far away is it?

Danny 2:42
Pretty, pretty damn close.

Craig 2:45
Exactly, you know, the closer it is between seeing it and hearing it, the closer that lightning is. So that’s the same basic way that GPS works. All of these satellites are in orbit, they’re all in a fixed spot. The software knows exactly where they are. So the satellite identifies itself, and then sends a high precision time code. So satellites that are further away the time code is going to be older than satellites that are closer to you, they’re going to have a newer time code. So that’s how GPS works. And sitting there listening to those times code and deciding, oh, that satellite is further away than that satellite. And it’s so much further based on this real high precision time code. So there you go. There’s a geek moment of the morning. But the problem that we’re looking at right now is these older devices, including older airplanes, bridge control systems, systems that change traffic from one direction to another direction at a certain time of day, many of those relies heavily on GPS, not to position themselves necessarily, but to get an accurate time. So they will they want to know when 3pm is why not listen to those high precision atomic clock that are being broadcasted all over the world?

Danny 4:14  
We have one here.

Craig 4:16 
And you do exactly. Now I have one at my house, do we use them to synchronize all of our computers’ clocks. Well, older GPS systems have an overflow problem. I know you mentioned earlier this morning Y2K. And we were very worried about Y2K, because many programmers like myself programming in the 70’s and the 60’s, we were too worried about whether or not 70 meant 2070 or 1970. We knew that 70 meant that our clock or our timestamp was really 1970. And so we had that two digit year, here comes 2000 that rolls over, there were some problems but it wasn’t catastrophic. Well, how about all of these embedded systems, when was the last time you upgraded the firmware in your car?

Craig 5:09
When was the last time you updated the firmware in your firewall or your router. And hopefully, you do that pretty frequently. But I can tell you 99% of people never ever touched them. So about two weeks ago, in San Francisco, there was a conference, a security conference, and there was an expert out there saying that he will not fly, he will not get in an airplane on April 6. And the reason for that. And this by the ways of VP over at Trend Micro and Bill Malik is his name. And the reason is because the counters in the older GPS systems are going to overflow on April 6. It is going to reach the end of their counters are going to ramp back to zero.

Danny 5:57
So in theory the GPSs might not be set up properly. And you,yeah, I know, it makes sense why you might not want to fly that day.

Craig 6:03
Exactly. So there’s more than him that just isn’t going to fly that day. But this is a warning that was initially issued in April 2018. We have all of these older systems, and then some of them are guaranteed to have problems on April 6th. Hopefully, none of our airplanes do. But this could this could be real catastrophe. He’s saying, now Trend Micro, they deal a lot with computer security systems. And, and, you know, maybe, maybe he’s trying to get a little bit of news. But I know personally that the GPS systems that were made 20 years ago were very primitive. They’re embedded in all kinds of devices. And the risk here is substantially greater than the risk we had with Y2K because the Y2K bug, there were very few systems that could, if they failed, cause people to die. These GPS systems that are embedded could cause people to die. And April 6 is the day. So fingers crossed, the manufacturers and owners of all these systems have taken care of it.

Danny 7:10
So that was my next question then. So here’s the big question is what’s being done to either prevent this, or we just waiting till April 6 and saying waiting to see what happens?

Craig 7:20
Well, there are a lot of companies that waited until January 1, 2000, to figure out if anything was going to happen. This time around. I think there’s a lot of companies that aren’t even aware, including government agencies that aren’t even aware that there could be a problem. So there’s certainly a lot of companies that have taken care of this already, some government agencies that have but if there is 20 year old hardware out there somewhere and think about military systems. And again, think about airplanes, 20 year old hardware, is it going to have this problem. Commercial airlines, I would expect to all of them have taken care of this problem. They’ve looked into it, these aren’t idiots out there. But when it comes to some of these systems that are sitting in the back corner, just plugging away every day. That’s where I’m getting really worried.

Craig 8:09
Well, that’s it. You have that from Craig. Moving on though, I do want to hit a couple more topics before we have to let you go. The hackable smart alarms turns out, thieves may not even need a key or tools to steal your car from that one.

Craig 8:22
Yeah, this goes back again to so many businesses, just not being aware of the security implications of what they’re doing. Car security alarm companies for years and decades. I remember buying these things in the 80’s right and earlier, they were very simple. And if a switch was thrown, the alarm went off. Nowadays, they’re putting APIs, application programming interfaces into their software, and just all kinds of smart technology. And we now have some penetration testing companies, including one over in the UK called Pentest Partners. They’ve been looking at these smart alarms after they heard about a problem. So they found that the Viper smart alarm and products from Pandora who makes alarms were riddled with all kinds of security flaws. And they found that they could steal a car fitted with any of these affected devices. They could steal them, they could shut off the engine and talking about wrecking havoc, they could cause the cars to go into full throttle mode while they’re out on the road. Which means if you want to kill a lot of people and create a lot of havoc, sounds like it’s simpler than we would hope.

Danny 9:42
There’s a lot more than just stealing a car. It’s taking complete control of that cars there, Craig.

Craig 9:48
Exactly. without doing anything, you know, we had the Chrysler problem where you could hack their entertainment system and take over the whole car, but you had to have physical access to that Chrysler car in order to do it. This doesn’t require any physical access to the car. It can all be done remotely. 

Danny 10:09
It’s certainly scary stuff Craig. Thank God, we have people like you keeping us safe. As always, we have so much stuff here. We never didn’t get to somebody wants to hear more. What can they do?

Craig 10:18
Well, they can text me and I want to put one more quick warning in. Google’s warning, everyone that’s using Windows 7 to abandon it immediately. Windows 7. This is a warning out of Google and their security department. They say you need to upgrade to Windows 10 immediately. There is a huge security flaw with Windows 7. But you can text me 855-385-5553. That’s 855-385-5553.

Danny 10:50
Standard data and messaging rates do apply. Craig, appreciate the time and we’ll talk again next week.

Craig 10:55
Hey, thanks Danny. Take care.

Danny 10:56
As always. Craig Peterson there with some great stuff for us here on a Tuesday morning.

Craig 11:03
Hey, everybody. If you enjoy my podcast, make sure you let me know and subscribe. subscriptions is how we move up in the charts. That’s how other people find us. So go to  http://CraigPeterson.com/iTunes. That’ll take you directly to the 800 pound gorilla, which of course is Apple and you can subscribe right there. You can subscribe on almost anything frankly, I’m out there all over the place. And then once you subscribe. If you think I’m worth five stars, by all means, please put in a five star rating. I’d appreciate it. All right, everybody take care of we’ll be back tomorrow from Maine.

 

Malcare WordPress Security