Mar 19, 2019
Craig is on with Danny Farrantino once more on the Jim Polito show. They talked about the GPS security flaw that is worse than the Y2K bug which could cause havoc in a lot of computer systems on April 6th.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
'Gps Systems Will
Be Struck By Y2k-Like Bug On April 6': Security Expert Says He Will
Not Fly On 'Day Zero' After Governments Warn Global Devices Will
Reset Due To Calendar Glitch
Google Recommends
Windows 7 Users To Upgrade To Windows 10 If Possible, As A Kernel
Vulnerability Allows For Local Privilege Escalation On The
Operating System.
No Guns Or Lockpicks Needed To Steal Modern Cars If They're Fitted With Hackable 'Smart' Alarms
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/19/2019
Major Problems With GPS - Car Security Systems Hackable
Craig Peterson: 0:00
Good morning. Craig Peterson here. I was on this morning with the
Jim Polito show. It was actually Danny because Jim is on a tour. He
is over touring in Italy. He was in Venice yesterday. And he's
going on to Ireland. He sounds like he's just having a great time.
So Danny and I chatted this morning, and I did some explanations
here of GPS, what it is, how it works and how it's going to affect
you. I think this is much better explanation than I did last time
on the radio. Oh, well. Anyways, here we go with Mr. Danny
Farrantino.
Danny Farrantino 0:35
Yes, by now. You know what that music means? Time for Tech Talk
expert, Craig Peterson. And Craig. GPS systems are going to be
struck by a Y2K bug. Come on, this can't be real.
Craig 0:48
Hey, good morning, Danny. Yeah, this is a real problem. And most
people don't understand what's going on. And this is something I
wasn't even aware of just a week and a half, two weeks ago, before
I came across this. You know, we've been having these issues with
the airplanes, right? And, and the Boeing jet that has been
grounded pretty much worldwide. And the reason for that seems to be
new software, some new systems and things on board. But you know,
how long ago that base airplane was designed, Danny?
Danny 1:23
I do not, Craig, know. But I'm sure you do.
Craig 1:27
About 60 years old. 6 zero years old. Yeah. And what's been
happening. And this is common for airplane manufacturers. But
what's been happening is they make small changes to the airplane
and they get it approved. So the whole plane doesn't have to be
rechecked. And they eventually end up with a situation like today,
where it's no longer the pharaohs boat, for those of you from law
school, remember that story. But we will get into that right now.
But the here's the problem we're looking at today. GPS has been
around for many, many decades now. And of course, it works by
having satellites up in the air above us and and in in space, and
they send a signal down and our GPS units pick it up. Well, that
signal is actually a primarily a clock signal.
Craig 2:25
Have you ever been ever heard something loud in the distance, like
lightning? For instance, right?
Danny 2:31
Yep.
Craig 2:31
And you see it before you hear it usually, right? What happens with
lightning? If you see it and hear it at the same time? How far away
is it?
Danny 2:42
Pretty, pretty damn close.
Craig 2:45
Exactly, you know, the closer it is between seeing it and hearing
it, the closer that lightning is. So that's the same basic way that
GPS works. All of these satellites are in orbit, they're all in a
fixed spot. The software knows exactly where they are. So the
satellite identifies itself, and then sends a high precision time
code. So satellites that are further away the time code is going to
be older than satellites that are closer to you, they're going to
have a newer time code. So that's how GPS works. And sitting there
listening to those times code and deciding, oh, that satellite is
further away than that satellite. And it's so much further based on
this real high precision time code. So there you go. There's a geek
moment of the morning. But the problem that we're looking at right
now is these older devices, including older airplanes, bridge
control systems, systems that change traffic from one direction to
another direction at a certain time of day, many of those relies
heavily on GPS, not to position themselves necessarily, but to get
an accurate time. So they will they want to know when 3pm is why
not listen to those high precision atomic clock that are being
broadcasted all over the world?
Danny 4:14
We have one here.
Craig 4:16
And you do exactly. Now I have one at my house, do we use them to
synchronize all of our computers' clocks. Well, older GPS systems
have an overflow problem. I know you mentioned earlier this morning
Y2K. And we were very worried about Y2K, because many programmers
like myself programming in the 70's and the 60's, we were too
worried about whether or not 70 meant 2070 or 1970. We knew that 70
meant that our clock or our timestamp was really 1970. And so we
had that two digit year, here comes 2000 that rolls over, there
were some problems but it wasn't catastrophic. Well, how about all
of these embedded systems, when was the last time you upgraded the
firmware in your car?
Craig 5:09
When was the last time you updated the firmware in your firewall or
your router. And hopefully, you do that pretty frequently. But I
can tell you 99% of people never ever touched them. So about two
weeks ago, in San Francisco, there was a conference, a security
conference, and there was an expert out there saying that he will
not fly, he will not get in an airplane on April 6. And the reason
for that. And this by the ways of VP over at Trend Micro and Bill
Malik is his name. And the reason is because the counters in the
older GPS systems are going to overflow on April 6. It is going to
reach the end of their counters are going to ramp back to zero.
Danny 5:57
So in theory the GPSs might not be set up properly. And you,yeah, I
know, it makes sense why you might not want to fly that day.
Craig 6:03
Exactly. So there's more than him that just isn't going to fly that
day. But this is a warning that was initially issued in April 2018.
We have all of these older systems, and then some of them are
guaranteed to have problems on April 6th. Hopefully, none of our
airplanes do. But this could this could be real catastrophe. He's
saying, now Trend Micro, they deal a lot with computer security
systems. And, and, you know, maybe, maybe he's trying to get a
little bit of news. But I know personally that the GPS systems that
were made 20 years ago were very primitive. They're embedded in all
kinds of devices. And the risk here is substantially greater than
the risk we had with Y2K because the Y2K bug, there were very few
systems that could, if they failed, cause people to die. These GPS
systems that are embedded could cause people to die. And April 6 is
the day. So fingers crossed, the manufacturers and owners of all
these systems have taken care of it.
Danny 7:10
So that was my next question then. So here's the big question is
what's being done to either prevent this, or we just waiting till
April 6 and saying waiting to see what happens?
Craig 7:20
Well, there are a lot of companies that waited until January 1,
2000, to figure out if anything was going to happen. This time
around. I think there's a lot of companies that aren't even aware,
including government agencies that aren't even aware that there
could be a problem. So there's certainly a lot of companies that
have taken care of this already, some government agencies that have
but if there is 20 year old hardware out there somewhere and think
about military systems. And again, think about airplanes, 20 year
old hardware, is it going to have this problem. Commercial
airlines, I would expect to all of them have taken care of this
problem. They've looked into it, these aren't idiots out there. But
when it comes to some of these systems that are sitting in the back
corner, just plugging away every day. That's where I'm getting
really worried.
Craig 8:09
Well, that's it. You have that from Craig. Moving on though, I do
want to hit a couple more topics before we have to let you go. The
hackable smart alarms turns out, thieves may not even need a key or
tools to steal your car from that one.
Craig 8:22
Yeah, this goes back again to so many businesses, just not being
aware of the security implications of what they're doing. Car
security alarm companies for years and decades. I remember buying
these things in the 80's right and earlier, they were very simple.
And if a switch was thrown, the alarm went off. Nowadays, they're
putting APIs, application programming interfaces into their
software, and just all kinds of smart technology. And we now have
some penetration testing companies, including one over in the UK
called Pentest Partners. They've been looking at these smart alarms
after they heard about a problem. So they found that the Viper
smart alarm and products from Pandora who makes alarms were riddled
with all kinds of security flaws. And they found that they could
steal a car fitted with any of these affected devices. They could
steal them, they could shut off the engine and talking about
wrecking havoc, they could cause the cars to go into full throttle
mode while they're out on the road. Which means if you want to kill
a lot of people and create a lot of havoc, sounds like it's simpler
than we would hope.
Danny 9:42
There's a lot more than just stealing a car. It's taking complete
control of that cars there, Craig.
Craig 9:48
Exactly. without doing anything, you know, we had the Chrysler
problem where you could hack their entertainment system and take
over the whole car, but you had to have physical access to that
Chrysler car in order to do it. This doesn't require any physical
access to the car. It can all be done remotely.
Danny 10:09
It's certainly scary stuff Craig. Thank God, we have people like
you keeping us safe. As always, we have so much stuff here. We
never didn't get to somebody wants to hear more. What can they
do?
Craig 10:18
Well, they can text me and I want to put one more quick warning in.
Google's warning, everyone that's using Windows 7 to abandon it
immediately. Windows 7. This is a warning out of Google and their
security department. They say you need to upgrade to Windows 10
immediately. There is a huge security flaw with Windows 7. But you
can text me 855-385-5553. That's 855-385-5553.
Danny 10:50
Standard data and messaging rates do apply. Craig, appreciate the
time and we'll talk again next week.
Craig 10:55
Hey, thanks Danny. Take care.
Danny 10:56
As always. Craig Peterson there with some great stuff for us here
on a Tuesday morning.
Craig 11:03
Hey, everybody. If you enjoy my podcast, make sure you let me know
and subscribe. subscriptions is how we move up in the charts.
That's how other people find us. So go to
http://CraigPeterson.com/iTunes. That'll take you directly to the
800 pound gorilla, which of course is Apple and you can subscribe
right there. You can subscribe on almost anything frankly, I'm out
there all over the place. And then once you subscribe. If you think
I'm worth five stars, by all means, please put in a five star
rating. I'd appreciate it. All right, everybody take care of we'll
be back tomorrow from Maine.
---
Don't miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We're really hitting it out of the park. This will be a great year!
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553