Mar 20, 2019
Craig is on the WGAN Morning News with Ken and Matt. They talked about the Y2K-like bug that would strike GPS systems on April 6th, the hackable smart alarms, and Craig's stern warning to ditch Windows 7 and upgrade to Windows 10.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
No Guns Or
Lockpicks Needed To Steal Modern Cars If They're Fitted With
Hackable 'Smart' Alarms
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/20/2019
Dangers Of Smart Remotes - GPS Y2K
Craig Peterson 0:00
Hey, good morning, everybody. Craig Peterson here again. And I was
on this morning being Wednesday with three stations up in Maine, up
in Maine's capital city, as well, and I was on with Ken and Matt.
We chatted about a few different things. I ask them some questions
about demonetizing deplatforming. What are the legal requirements
there? And it was kind of interesting because of course Ken is an
attorney to find out what's going on. The mom in Arizona with the
kids on YouTube. Boy, what a mess that is. We've got representative
Nunez who is threatening suit due to something very similar and
we've seen this happen a lot so where is this line supposed to be
drawn? Kind of interesting we also of course talked a little bit
about technology and Matt's problem where Matt had his fob
reprogrammed for his car and tied right in to a story this week
about the smart alarms and how imminently hackable they are. So
here we go.
Matt Gagnon1:09
Alright, we are back again on 7:37 on the WGAN Morning News.
Wednesday morning and get a matter here. And so is Craig Peterson,
our tech guru. He joins us now. Craig, how are you?
Craig 1:22
Hello. I'm doing well. I am I'm really interested in what's
happened here. You guys have been reporting on this case of the
Arizona mother who was abusing their children. And we also have I'm
trying to remember who this was, someone in Congress just
threatened suit or bringing suit against I think it's Twitter.
Matt 1:48
Yeah. You were thinking about Mr. Nunez.
Craig 1:48
Yeah, yeah. Exactly.
Ken Altshuler 1:51
That's what you call a publicity stunt.
Matt 1:52
Yes. He's gonna fail miserably.
Craig 1:53
You think so? You think that's what it is?
Ken 1:54
Of course. Of course.
Matt 1:55
Because he knows he's gonna lose. So what else would it be?
Ken 1:51
Public figure.
Craig 1:56
Yeah. Well that's a really good point. How about we've got the
Hallmark Channel cutting ties with Laurie we know this whole
college admissions scandal and stuff. How far can that go
ultimately? Because, again, they've got clauses in their contracts
on saying that they have to be a good character,
Ken 2:21
By the way, I pay nearly half a million dollars for my children to
go to college, I don't see what the big deal is.
Craig 2:28
In Arizona again, obviously, this woman what she's charged with is
just absolutely crazy. But can we have all of these social media
platforms and other ways that people are making money and trying to
get messages out? Can people be deplatformed at the drop of a hat?
And should they be? It's an interesting question. I don't know how
far this goes. I've heard Nunez and and his complaints. And I've
heard other people, particularly conservatives saying that their
messages are being stopped or they've been deplatformed. And we've
certainly seen that with Alex Jones and some others who Alex isn't
accused of anything illegal. It just being a real jerk, I think is
is kind of the bottom line for him. But is it again, interesting
territory? I don't know. Ken, had the courts really settled any of
this stuff yet?
Ken 3:20
I think it's basic libel and slander law. I think if you're a
public figure it's virtually impossible to be...
Matt 3:22
But as it relates to like deplatforming and stuff like that,
that's
their company, they can do whatever they want with it. I mean, it's
if they want to, they want to ban me for having brown hair or blue
eyes. I mean, they could do that. Whenever. And perhaps it's not
the wisest thing for them to do. And I think it opens a gigantic
door for a competitor that isn't such a, you know, terrible company
to actually operate. But you know, they want to do that they could
do that.
Craig 3:51
Yeah, yeah, I agree on that part. That's certainly the libertarian
to me coming out for that. Anyhow, it was interesting, I thought I
would ask the experts this morning.
Ken 4:00
Well, talking about experts, since you're the expert guru in
computers, are we going to have another Y2K thingamajiggy?
Craig 4:09
Oh, this this is really weird. This one that hit me a few weeks ago
and hit my inbox as it were. And Y2K of course, we have a problem
with the rollover from a computer is able to use just a two digit
year to figure out the time and elapsed time, you know, where they
were just use, like 74, I wrote code that just choose the last two
digits of the year back in the you know, in the 70s and and it's
been going on for a long time. So everyone was worried what's going
to happen when it turns from being able to issues 99 to zero,
because they're always lower than 99. But it turns out most
businesses had fixed the problems and none of these problems were
were anything that would have been really earth shattering if they
had to get at least not in most cases. Now we've got a security
expert who about two weeks ago out at a security conference in San
Francisco said that he's not going to fly on April 6 and the reason
for that is that older GPS systems don't have the ability to handle
dates past April 6 it's actually a specific time on April 6. But
here's the problem the counters in the old GPS systems don't have
enough digit so they are going to roll back to zero. And we look at
what's happening right now with Boeing's jet, the 737 Max 8 right
and that jet airliner. How long ago was that designed? Do you guys
know?
Matt 5:57
The 737?
Craig 6:00
What is it? Is that it? Yeah, the Max 8.
Matt 6:01
Yes, Max. Yeah, the 737 Max. I have no idea what it is. No, I can't
even begin to claim that I have any idea
Craig 6:07
Such a 50 year old design and what's been happening over the years
is they've been making a minor changes kind of, you know, few
changes of the time. So the whole jet airliner has not had to be
retested. So for instance, right now they added this system that
people are saying like be the problem could be the problem. Boeing
saying it's more along the lines of the pilots weren't trained
enough, they only had a few hundred hours of flight time. But
inside these airplanes are systems that were designed 50 years ago.
And so this expert is saying, Hey, listen, this could be a real
problem because the GPSs from 20 years ago, cannot handle the
rollover the guy's name is Bill Malik. He's a VP over Trend Micro
which is a basically a security company and he's concerned because
these GPS systems aren't just to use in things like airports and
airplanes although I'm sure in pretty much every case the airplane
have been updated, right? I'm I don't have a problem with flying on
April 6 personally. But we also have these embedded systems that
are used for their clock source for that signal. And they're using
everything from traffic control systems through a computer systems.
Some of the older ones, the bridges, some of the automatic bridges
that we have in Maine, like one going down to New Hampshire that
that goes up and down based on what the traffic is on the on the
water below. A lot of these systems are based on using clocks from
GPSs. So Ken we could have a Y2K type problem with anything with an
older embedded GPS in them on April 6. And it does bring up the
problem of, again, updating our software, our firmware, our
hardware, you know, when was the last time you updated the software
in your firewall in the router in your home. This statistics on the
more or horrific. People just aren't updating them. So it brings it
to light. And yeah, GPS could be a problem. And you might even have
it with your car GPS, if you have an old GPS for your car. It might
just plain old completely stopped working on April 6.
Matt 8:38
And we're talking to Craig Peterson, our tech guru joins who us on
Wednesdays at this time to go over what's happening in the world of
technology. Craig, I had a little bit of a car issue a while back a
couple weeks ago had to get somebody to basically break into my car
and reprogram a fob which he was able to do by basically plugging
in a little computer to my car. And about 30 seconds later, he had
now taken over the entire security system and it was able to start
it remotely and basically we had complete and total control over
the car by plugging something in. Is my car a little
vulnerable to being taken over by surreptitious evil people trying
to steal it in some fashion, or maybe perhaps taking it over for
other nefarious purposes?
Craig 9:25
You know what kind of car I drive, right?
Matt 9:29
Yeah, like an old one. Yeah.
Craig 9:30
1980 Mercedes diesel okay. There is missing electronics on it.
Yeah, actually, you are. And it's yet another reason to lock your
car. Because if they get can gain access to that little computer
port inside, many of the cars can be totally hacked. Now, the
manufacturers are trying to keep that technology kind of secret.
But man is it gotten out and it's in the hands of even people that
change locks, you know, the fob you talked about. But we've got
this week as a British firm. They're called Pentest Partners. And
they had heard about some vulnerabilities with some of the smart
alarms that people have been putting in their cars. So they did
some testing. And they've come out with a warning and they're
warning is that they found that the Viper Smart Start alarm Viper
Smart Start alarm, which I'm sure many people here have in their
cars get is great to start your car get warmed up in the wintertime
and get into a nice warm car. But the Viper Smart Alarms as well as
product from Pandora where they're making, not Pandora, the radio
app that you might be using, but Pandora, the guys that make the
smart alarms. Both of them are riddled with flaws. According to the
report. That's a direct quote from them. And it turns out that the
manufacturers had inadvertently exposed around 3 million cars to
theft and users to hijack. Because what they can do is without even
having access to that computer port in the car, they're able to get
on remotely and do anything that that smart alarm could do and do
it to your car. And it turns out even more than you think the smart
alarm might be able to do just like with your car Matt where he
could get in and do a whole bunch of different things inside your
car. These can too and they found they could remotely hack the car
that they could then from that car not only unlock it or start the
engine but if you're driving down the highway in that car, they
could control the accelerator so they could take you for ransom,
floor the car have that car going full speed down the turnpike as
fast as it could possibly go with you sitting behind the wheel
unable to do anything about it you know. Burn outs, your brakes,
etc. So there they did a live proof of concept demo, they could do
geo-locate the target car using the Viper Smart Start account.
Built in functionality. They set off the alarm so that the driver
went out to investigate and stopped, activated the cars and
mobilizer once it was stationary, remotely unlock the cars doors.
They clone the key fob. They issued RS commands from a user's
mobile phone. And even worse, they discovered this function in the
Viper API that remotely turned off the cars engine. There, these
devices can do a whole lot. So check your smart alarm, your smart
remote start, see if it's vulnerable, what the vulnerabilities are
not all of the vulnerabilities I mentioned are true for both of
these alarms. But they have been shown in the past. We've seen
Chrysler's be able to be taken over. Remotely driven off the road.
But the hacker had to have access to the car first. Now we're
seeing that some of these smart alarms have way more access than we
thought they did. And could turn out to be very, very
dangerous.
Ken 13:15
We are talking to Craig Peterson, our tech guru. By the way you can
go to https://CraigPeterson.com anytime you want to know anything
about technology. Thank you, Mr. Peterson. We'll talk to you on
next Wednesday at 7:38.
Craig 13:27
Hey, take care. Gentlemen, I want to make one quick warning. Before
I go. Google has now issued a warning to everyone to abandon
Windows 7 right now. They say there's a major security problem with
Windows 7 there. Google is advising you to upgrade to Windows 10.
And this is a kernel vulnerability problem. Local privilege
escalation something.
Ken 13:55
I think I have Windows 7.
Matt 13:57
I think I have Mac.
Ken 13:58
But I have Windows on my Mac.
Matt 14:00
That's old.
Craig 14:00
Well, it's true for that too. So if you're still running Windows 7,
if this isn't the siren call to upgrade, quote unquote, to Windows
10 do it now. But you might be better off and upgrade to a Mac.
That's what I did.
Ken 14:14
Yeah. But I have a Mac but have Windows on it.
Craig 14:16
Yeah, but you're still gonna have to do it. You're gonna have to
upgrade your Windows on your Mac that's living in the VM or the
dual boot loader
Ken 14:23
That's living in VM. That's where it's living.
Craig 14:26
Yeah. Which is good that helps keep it separate but you're gonna
have to upgrade it. This is bad, this is really bad.
Ken 14:33
Okay, thanks for the warning.
Matt 14:35
Craig Peterson. Thanks a lot. Alright, we are going to take a quick
break here are we not?
Craig 14:41
Hey everybody. Plan is to be here tomorrow and Friday as well
with my security thing, you know, it's just a security thing. Well,
how does it matter, right? So hopefully I'll be able to get those
done today and we'll get those out. But it's stories of individuals
and companies who have been hacked or who averted a hack, what
happened? What they did? And what could have been done better about
it?. So if you're enjoying those let me know.
me@CraigPeterson.com.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553