Hacking Case Studies
Are you looking for a taste of the hacking stories
that Ted weaves into all keynotes?
​
... if so, read on
Cars
The Challenge
Car immobilizers were considered to be “unbreakable.” We wanted to verify that claim!
​
The Problem
At that time, companies were very unwelcoming to security research, and often responded with lawsuits rather than fixes.
​
The Exploit
Nevertheless, we pushed ahead, even at our own peril. We reverse engineered the cryptographic algorithm, built a weaponized software radio, and demonstrated the exploit by starting a Ford Escape without the authentic key!
​
The Impact
We empowered Ford and its cryptography partners to fix an exploitable security vulnerability that pertained to one of the most pressing problems facing car makers: more than 720,000 automobiles are stolen every year in the United States alone, totaling a property loss of more than $4.3b!
Phones
The Challenge
We wanted to be first! When the iPhone first came out, we wanted to be the first researchers to discover an exploitable vulnerability in it.
The Problem
We didn't have access to early release versions of the device; our contacts at Apple wouldn't give us a heads up about what might be new in this game-changing technology. We couldn't even cut the line at the retail store! Furthermore, every other researcher at the time also wanted to be first.
The Exploit
We addressed the time problem by exploring known issues in the existing desktop version of the Safari web browser, and investigating how similar issues might appear in the mobile version. This strategy succeeded: we discovered an exploitable buffer overflow vulnerability in the mobile version of the browser. This enabled us to take full administrative control of a victim phone; we could send and receive text messages, operate the camera, turn on the microphone, add or remove contacts, etc.
​
The Impact
We empowered Apple with how to fix this exploitable issue, and they had a patch issued shortly thereafter, thereby protecting the millions of consumers who would go on to buy the original iPhone. As the press coverage on this went very wide, this also sent a message worldwide that although this new technology had security issues just like any other technology, the manufacturer was all over fixing it.
Password Managers
The Challenge
Millions of users assume password managers to be a trustworthy option for storing all of their most valued credentials. We wanted to determine the validity of this trust that users place in password managers.
The Problem
As these are security products, we assumed they would be very resilient, and difficult hard to exploit. This would require more effort and resources.
The Exploit
Instead of being hard to break, we found many of the most widely used password managers to be trivial to exploit. Most had overwhelming foundational issues, lack of adherence to security principles etc. We discovered that a user's credentials can be extracted from a password manager, even in its locked state.
The Impact
This is profoundly important because it undermines the claims by vendors and confidence by users about the ability for these systems to make users more secure.
Medical Devices
The Challenge
Most healthcare cybersecurity focuses on privacy of patient data; we considered a much bigger issue and wanted to investigate the ease and likelihood of an attacker causing patient harm or fatality.
The Problem
Medical devices are exceedingly hard to get your hands on: they’re very expensive, and most suppliers don’t have a sales channel to anyone that is not a healthcare provider. We could buy used devices on resales sites like eBay, but the devices available there are so old that the findings would not be relevant to patient use cases today, and could engender unnecessary fear.
The Exploit
To address these access issues, we partnered with a number of healthcare organizations, one of whom allowed us access to their medical devices for research purposes. We struck gold: we found exploitable vulnerabilities in patient monitors, drug dispensary equipment, and blood work systems. The key takeaway of all of these exploits is that each of them would enable an attacker to manipulate the behavior of physicians, in such a way that the physician unwittingly delivers harm to the patient.
The Impact
The primary impact has been awareness. When we published our 2-year study Hacking Hospitals, it quickly garnered media attention worldwide. Many conferences across the globe, from D.C. to Dubai, asked us to come present the research. It made its way around the halls of Congress; and medical device manufacturers have even donated devices to us for further testing. Such awareness is a critical first step in moving the industry forward, but due to the highly regulated, highly bureaucratic nature of the medical device industry, there is still a tremendously long way to go before these issues are solved.
Cryptocurrency
The Challenge
We wanted to understand if people’s money -- in the form of cryptocurrency -- is at risk of theft.
The Problem
Knowing that attackers will go for the easiest targets, we allowed ourselves only limited time to do this. Could we figure out how an attacker might steal money in just a few man-hours of effort?
The Exploit
After developing a simple exploit kit, writing up some code to scan, and then letting the scanner run for roughly 1.5 weeks, we found nearly 800 vulnerable Ethereum keys! As we looked closer, we discovered that these keys were used in more than 50,000 transactions, which told us these are heavily used wallets. We anticipated that these keys and their associated wallets would have at least some currency at risk, but we discovered all of them to be empty. Or more accurately, looted.
​
The Impact
So what had happened? It turns out, there is an attacker out there exploiting Ethereum using the exact same method we had developed! And now we could track him. As all transactions on the blockchain are publicly visible, we could trace all of the looted wallets back to a single wallet, that had more than $54m of stolen Ethereum sitting in his single wallet!! This was a wild outcome; we were trying to see if or how this could happen, and in the process we bumped into the real guy doing the real thing! It’s like 2 burglars robbing the same house at the same time!
Internet of Things (IoT)
The Challenge
Security isn’t a development priority for most IoT makers; we wanted to change that.
The Problem
The extreme pace at which IoT is being adopted, combined with the vast scope of device types, meant that as a single organization we’d have a hard time keeping up and making a difference.
The Exploit
To address these issues, we galvanized a security research movement, known as IoT Village. Since its inception, IoT Village as a community has published hundreds of previously unknown security vulnerabilities. These affect both known brands such as Samsung, Sharp, and GE, as well as unknown brands, such as nascent startups. These affect more than 50 different device types and counting!
The Impact
The movement is accelerating! What started as a few people behind a folding table in the corner of a small room is now a massive traveling event series, that visits conferences all across the U.S. as well as locations abroad. Countless articles are written every year about the research that the IoT Village community publishes, and now even device makers themselves are involved.