Placeholder Image

字幕表 動画を再生する

  • So this is a hotel room, kind of like the one I'm staying in.

  • I get board sometimes.

  • A room like this has not a lot to offer for entertainment.

  • But for a hacker, it gets a little interesting because that television

  • is not like the television in your home,

  • it's a node on a network. Right?

  • That means I can mess with it.

  • If I plug a little device like this into my computer,

  • it's an infrared transceiver, I can send the codes that

  • the TV remote might send and some other codes.

  • So what? Well, I can watch movies for free.

  • (Laughter)

  • That doesn't matter to me so much, but I can play video games too.

  • Hey, but what's this?

  • I can not only do this for my TV in my hotel room,

  • I can control your TV in your hotel room.

  • (Laughter)

  • So I can watch you if you're checking out with one of these,

  • you know, TV based registration things,

  • if you're surfing the web on your hotel TV,

  • I can watch you do it.

  • Sometimes it's interesting stuff.

  • Funds transfer.

  • Really big funds transfers.

  • You never know what people might want to do

  • while they're surfing the web from their hotel room.

  • (Laughter)

  • The point is I get to decide if you're watching Disney or porn tonight.

  • Anybody else staying at the Affinia hotel?

  • (Laughter)

  • This is a project I worked on when we were trying to figure out

  • the security properties of wireless networks; it's called the "Hackerbot".

  • This is a robot we've built that can drive around and find Wi-Fi users,

  • drive up to them and show them their passwords on the screen.

  • (Laughter)

  • We just wanted to build a robot,

  • but we didn't know what to make it do, so --

  • We made the pistol version of the same thing.

  • This is called the "Sniper Yagi".

  • It's for your long-range password sniffing action,

  • about a mile away I can watch your wireless network.

  • This is a project I worked on with Ben Laurie to show passive surveillance.

  • So what it is, is a map of the conference called

  • "Computers, Freedom and Privacy".

  • And this conference was in a hotel, and what we did is we,

  • you know, put a computer in each room of the conference

  • that logged all the Bluetooth traffic.

  • So as everybody came and went with their phones and laptops

  • we were able to just log that, correlate it,

  • and then I can print out a map like this for everybody at the conference.

  • This is Kim Cameron, the Chief Privacy Architect at Microsoft.

  • (Laughter)

  • Unbeknownst to him,

  • I got to see everywhere he went.

  • And I can correlate this and show who he hangs out with

  • (phone dialing) when he got board,

  • (phone dialing) hangs out in the lobby with somebody.

  • Anybody here use cellphones?

  • (Laughter)

  • (Phone ringing)

  • So my phone is calling--

  • (Ringing)

  • calling --

  • Voice mail: You have 100 messages.

  • Palbos Holman: Uh oh!

  • VM: First unheard message --

  • PH: Where do I press --

  • VM: Message skipped. First skipped message.

  • PH: Uh oh!

  • VM: Main menu. To listen to your-- You have pressed an incorrect key --

  • You have two skipped messages. Three saved messages.

  • Goodbye.

  • PH: Uh oh! So we're in Brad's voice mail.

  • (Laughter)

  • And I was going to record him a new message,

  • but I seem to have pressed an invalid key,

  • so we're going to move on.

  • And I'll explain how that works some other day because we're short on time.

  • Anybody here used MySpace?

  • MySpace users? Oh!

  • Used to be popular. It's kind of like Facebook.

  • This guy, a buddy of ours Samy, was trying to meet chicks on MySpace

  • which I think is what it used to be good for.

  • And what he did is he had a page on MySpace about him.

  • It lists all your friends, and that's how you know

  • somebody's cool is that they have a lot of friends on MySpace.

  • Well, Samy didn't have any friends.

  • He wrote a little bit of Javascript code that he put in his page,

  • so that whenever you look at his page

  • it would just automagically add you as his friend.

  • And it would skip the whole acknowledgement response protocol

  • saying "Is Samy really your friend?"

  • But then it would copy that code onto your page,

  • so that whenever anybody looked at your page

  • it would automatically add them as Samy's friend too.

  • (Laughter)

  • And it would change your page to say that "Samy is your hero."

  • (Laughter)

  • So in under 24 hours, Samy had over a million friends on MySpace.

  • (Laughter)

  • Hey, he just finished serving 3-years probation for that.

  • (Laughter)

  • Even better, Christopher Abad, this guy, another hacker,

  • also trying to meet chicks on MySpace but having spotty results.

  • Some of these dates didn't work out so well,

  • so what Abad did is he wrote a little bit of code

  • to connect MySpace to Spam Assassin, which is an open source spam filter.

  • It works just like the spam filter in your email.

  • You train it by giving it some spam

  • train it by giving it a little bit of legitimate email,

  • and it tries to use artificial intelligence

  • to work out the difference. Right?

  • Well, he just trained it on profiles from girls he dated and liked

  • as legitimate email.

  • Profiles from girls he dated and not liked, as spam,

  • and then ran it against every profile on MySpace.

  • (Laughter)

  • Out spits girls you might like to date.

  • What I say about Abad is, I think, there's like three startups here.

  • I don't know why we need Match.com,

  • when we can have Spam dating? You know this is innovation.

  • He's got a problem, he found a solution.

  • Does anybody use these -- bleep -- keys for opening your car remotely?

  • They're popular in, well, maybe not Chicago, OK.

  • So kids these days will drive through a Wal-Mart parking lot

  • clicking open, open, open, bloop.

  • Eventually you find another Jetta or whatever just like yours,

  • maybe a different color, that uses the same key code.

  • Kids will just loot it, lock it up and go.

  • Your insurance company will roll over on you

  • because there's not evidence of a break-in.

  • For one manufacturer we figured out how to manipulate that key

  • so that it will open every car from that manufacturer.

  • (Laughter)

  • There is a point to be made about this which I barely have time for,

  • but it's that your car is now a PC, your phone is also a PC,

  • your toaster, if it is not a PC, soon will be. Right?

  • And I'm not joking about that.

  • And the point of that is that when that happens

  • you inherit all the security properties and problems of PC's.

  • And we have a lot of them.

  • So keep that in mind, we can talk more about that later.

  • Anybody use a lock like this on your front door?

  • OK, good.

  • I do too.

  • This is a Schlage lock. It's on half of the front doors in America.

  • I brought one to show you.

  • So this is my Schlage lock.

  • This is a key that fits the lock, but isn't cut right, so it won't turn it.

  • Anybody here ever tried to pick locks with tools like this?

  • All right, got a few, few nefarious lock pickers.

  • Well, it's for kids with OCD.

  • You've got to put them in there, and finick with them,

  • spend hours getting the finesse down to manipulate the pins.

  • You know, for the ADD kids in the house there's an easier way.

  • I put my little magic key in here,

  • I put a little pressure on there to turn it, (Tapping)

  • smack it a few times with this special mallet

  • and I just picked the lock. We're in.

  • It's easy.

  • And in fact, I don't really know much more about this than you do.

  • It's really, really easy.

  • I have a keychain I made of the same kind of key

  • for every other lock in America.

  • And if you're interested, I bought a key machine

  • so that I can cut these keys and I made some for all of you guys.

  • (Laughter)

  • (Applause)

  • So my gift to you, come afterwards and I will show you

  • how to pick a lock and give you one of these keys

  • you can take home and try it on your door.

  • Anybody used these USB thumb drives?

  • Yeah, print my Word document, yeah!

  • They're very popular.

  • Mine works kind of like yours. You can print my Word document for me.

  • But while you're doing that, invisibly and magically in the background

  • it's just making a handy backup of your My Documents folder,

  • and your browser history and cookies and your registry and password database,

  • and all the things that you might need someday if you have a problem.

  • So we just like to make these things and litter them around at conferences.

  • (Laughter)

  • Anybody here use credit cards?

  • (Laughter)

  • Oh, good!

  • Yeah, so they're popular and wildly secure.

  • (Laughter)

  • Well, there's new credit cards that you might have gotten in the mail

  • with a letter explaining how it's your new "Secure credit card".

  • Anybody get one of these?

  • You know it's secure because it has a chip in it, an RFID tag,

  • and you can use these in Taxicabs and at Starbucks,

  • I brought one to show you, by just touching the reader.

  • Has anybody seen these before?

  • Okay, who's got one?

  • Bring it on up here.

  • (Laughter)

  • There's a prize in it for you.

  • I just want to show you some things we learned about them.

  • I got this credit card in the mail.

  • I really do need some volunteers, in fact, I need

  • one, two, three, four, five volunteers because the winners

  • are going to get these awesome stainless steel wallets

  • that protect you against the problem that you guessed, I'm about to demonstrate.

  • Bring your credit card up here and I'll show you.

  • I want to try it on one of these awesome new credit cards.

  • OK.

  • Do we have a conference organizer,

  • somebody who can coerce people into cooperating?

  • (Laughing)

  • It's by your own volition because --

  • This is where the demo gets really awesome

  • I know you guys have never seen --

  • (Inaudible question)

  • What's that?

  • They're really cool wallets made of stainless steel.

  • Anybody else seen code on screen at TED before?

  • Yeah, this is pretty awesome.

  • (Laughter)

  • OK, great I got volunteers.

  • So who has one of these exciting credit cards?

  • OK, here we go.

  • I'm about to share your credit card number

  • only to 350 close friends.

  • Hear the beep?

  • That means someone's hacking your credit card.

  • OK, what did we get?

  • Valued customer and the credit card number and expiration date.

  • It turns out your secure new credit card is not totally secure.

  • Anybody else want to try yours while you're here?

  • Man: Can you install overdraft protection?

  • PH: Beep, let's see what we got?

  • So we bitched about this and AMEX changed it,

  • so it doesn't show the name anymore.

  • Which is progress. You can see mine, if it shows it.

  • Yeah, it shows my name on it, that's what my Mom calls me anyway.

  • Yours doesn't have it.

  • Anyway, so next time you get something in the mail

  • that says it's secure, send it to me.

  • (Laughter)

  • Oh wait, one of these is empty, hold on.

  • I think this is the one, yep, here you go.

  • You get the one that's disassembled.

  • All right, cool.

  • (Applause)

  • I still have a few minutes yet left, so I'm going to make a couple of points.

  • (Laughter)

  • Oh, shit.

  • That's my subliminal messaging campaign. It was supposed to be much faster.