NASA Satellites: 6 Things That Are Surprisingly Easy To Hack
When I'm not up here writing important comedy on the Internet, I am working as the weird dude who fixes your computer. Part of my job involves Internet security, which is a fancier way of saying, "I make sure your shitty browsing habits don't lead to your PC getting fucked up and down the street." If you want to call me a hero, hey, that's your prerogative and a title I will modestly accept. But in the past decade or so of protecting you from being exploited, I have learned one important, deeply disturbing thing about modern technology: All of it can be hacked. And not lifehacked into efficiency. I'm talking eee-vil hacking.
Now, I don't want to fear-monger and get you all worked up, so I'll just start by simply saying that, in my professional opinion, all of these things are 100 percent waiting to kill you. Things like ...
Of all the networking protocols named after Danish kings born before the year 1000, Bluetooth would definitely be on my Top 10 list. For those unfamiliar with the concept: It's basically a tiny wireless connection between two devices. I say "tiny" because Bluetooth range is very small, about 32 feet before you'll lose your signal. But, like I always plead with women, it's not about the size; it's how you use it. Bluetooth is all up in everything -- PCs, laptops, printers, car stereos, people's heads.
All douchebags are cyborgs.
But if someone was trying to hack into your Bluetooth from 32 feet away, you would know about it, right? Well, let me introduce you to two hilarious new words for your vocabulary: "bluebugging" and "bluesnarfing." Bluesnarfing, while sounding like a bizarre sexual act involving that thing from ThunderCats, is actually the act of a hacker gaining access to your phone via the Bluetooth connection and downloading all the information he can before the connection breaks. It kind of makes you wonder how someone would even know your phone was near enough to hack. So, on a whim, I Googled "Bluetooth radar," and within five minutes I had this on my laptop:
That little blip on the radar is my iPhone. Now I know that it's within range of me and is accessible via Bluetooth. Someone a whole lot craftier than I am might already be able to do some damage. Now, this is just me sitting in my house. But imagine if I were using this on, say, a college campus. I'd see blips all over that radar just waiting to get their blues snarfed. Creepy, sure, but bluebugging is even worse. Now that I know your Bluetooth is there, I would activate my second bit of software, which can connect to your device, giving me access to your phone's features. I can track your location, listen to your calls, make my own calls, read and send text messages, and load your phone with pictures of an old man's wiener if I wanted to.
Now, let's talk about John Hering.
He's a student who developed something called the BlueSniper Rifle, a device that can see Bluetooth connections from up to a mile away. Hering says that this is to sniff out vulnerabilities and not to exploit anyone, which is exactly what an unassuming supervillain would say if prompted. So that whole 32-foot-range thing I mentioned earlier is a bit of a moot point. Now we're dealing with Batman-esque Bluetooth tech, where people can listen to your phone calls from a mile away. Don't believe me, though. Take it from the NSA. They have some experience in the field.
Before smartphones, we used to have to physically print out map directions and PlayStation cheat codes if we wanted to take them anywhere. And sometimes it would take like 30 seconds for a single page! Before the cloud, big-ass printers were a necessity for any kind of office environment.
Plus they were a great place to hit on Rhonda from accounting.
When you work in IT, part of the job is to figure out which equipment you purchase will be best for long-term use. In the case of printers, I've found that older model HP printers stand the test of time best of all. Some old HP printers were built like brick shit houses. They're never going to die. So when you find yourself a good workhorse like that, you won't need to upgrade for a long time. But it's that kind of frugal attitude that will get you killed, because those old printers are just ripe for exploitation.
When you send a print job, your document is sent over the network to the print server, which then zaps the words onto paper before running it through a heating element that dries the ink immediately.
Here, let me start over. This is a "printer."
That part about the network? That's how they get you! They can sneak in the back door and see everything your printer prints. But you're not stupid enough to print anything personal like tax information or banking materials or nude pictures, are you? Just kidding; those are the only things anyone ever prints anymore. So that's a concern.
Then you've got the heating element, called a fuser, which is also known in hacking circles as "harbinger of death." With only a couple lines of code, a hacker can make that sucker so hot that the paper actually burns as it runs through. If a hacker were to time a printer fire for the exact moment some little goth kid started printing out demonic incantations they found on an archived GeoCities page, it would be the most wonderful thing that ever happened.
Medical science is pretty amazing stuff. When implantable pacemakers came on the scene in the 1950s, people had to have been amazed at a robotic device that electrocutes you to keep you alive. Sci-fi movies loved trying to frighten people with futuristic technology, more often than not being the catalyst in the creation of some kind of hilarious machine/monster.
Now we know that pacemakers rarely turn people into space gorillas.
The technology has gotten even better since then. So much so that now doctors don't have to open you up to tinker with your ticker. They can just access it remotely using software. But the technology that allows a better quality of life is the same technology that people just love to exploit. So, if a doctor can control that device in your chest, why couldn't a hacker?
The FDA doesn't get involved with the security of medical devices, so often the security measures in place (or lack thereof) don't do a whole heck of a lot to prevent tampering. Because of these lax security measures, an attack on your pacemaker could go undetected in a coroner's office. If someone were to get at the pacemaker's regulatory software and speed your heart up to 10,000 beats per minute, your death would just look like you died of a heart attack. No muss, no fuss.
"GODDAMN YOU, ANONYMOUS!"
Turns out that moment in Homeland where the vice president is assassinated after his pacemaker is hacked wasn't a stupid plot contrivance at all. It was a real thing that could happen.
So far, there are no reports of anyone successfully pulling off an assassination in this manner. But experts have tested the possibility of these attacks, and it is totally something that can be executed if the right person decides to graduate from hacker to murderer.
Imagine you're cruising on the highway at a comfortable 55 mph. How prepared would you be if your brakes slammed on at that exact moment without you touching them?
About this prepared.
It would kind of suck, right?
That's what you get for buying a nice car, chump! Every year, the computer systems in cars get better and better, controlling more and more on-board features. Better technology means better safety features. But with great technology comes great vulnerability. Watch what happens when 60 Minutes' Lesley Stahl drives a car that's had its emergency-communication system hacked and controlled remotely:
The hacker sprayed the wiper fluid and honked the horn before straight-up disabling her brakes as she tried to stop -- all this from his laptop. It turns out it's really not all that difficult to hack someone's car. When you think about it, it makes sense. Example: Most key fobs are equipped with a door unlock button as well as a remote start. What more does a car thief need? And the key fob is just a tiny little box. Imagine what an entire computer could do.
The enemy in your pocket.
Imagine if some asshole got a hold of this kind of power. Good thing a device capable of doing this is way too expensive for the average hacker. Surely, the technology is priced in the high thousands? Nope. Try 60 bucks. Why spend $60 on a video game when you can cut someone's breaks, crash them into a wall so their head is sticking out the windshield, and then spray them with wiper fluid for an extra dose of humiliation?
Ever since The Jetsons made it look so enticing, humankind has been striving to make our homes smarter. Whether you want to control your thermostat from your cellphone or show off to your neighbors that you can close a garage door with your iPad, it can all be done by transforming your home into a smart home. The problem, aside from your wife not turning off the dog-walker treadmill when it malfunctions, is security. I'm about to show you a really dumb thing about smart homes.
Dumber than not just stepping slightly to the left to save yourself.
Let's all take a field trip to Google real quick. Search this:
"inurl viewerframe mode=motion"
You should come to a page of results that are a mix of IP Addresses as well as website names. Each one of those IP addresses is a webcam somewhere in the world that you can view and sometimes even control. When you install a webcam like this, it also includes remote-operation software. The software used to display the webcam in a web browser sets it in such a way that you can access it anywhere at any time. But if you don't lock that shit down, you could end up with a bunch of randos on the Internet accessing your personal webcam.
Webcams use code strings that are easily searchable in Google. The same thing works for the software running smart homes; without proper security, the access page is publicly accessible by anyone. The webcam thing was no big deal. A lot of places leave the webcams open so you can go to their website and watch it. Smart homes are a bit different. When you connect to their access page, you could potentially see every smart device in the home along with an on/off switch to control it.
A "Burn This Bitch To The Ground For The Insurance Money" feature
will be included in the next update.
This isn't a hypothetical situation, either. There was a vulnerability discovered in the Insteon brand of smart home that allowed this very thing to happen. So they'll open my garage door and switch my porch light on and off. What's the worst thing that they could do, really? How about turning your heat off in 20-degree weather? Or what if they were able to gain access to any other connected devices in your house, say, your router or laptop? If you were as lax about securing those devices as you were about your smart home software, your personal information may be in a bit of a pickle. But, of course, hackers always have the option to just bypass all that shit and go right for the front doors.
If you suspect your house might be haunted due to unexplained things happening, at least you can take solace in knowing that it's probably not a ghost but some psychopath on the Internet just having a laugh while rolling around in your pension fund.
A NASA Satellite
We've got to assume that NASA is a pretty secure place. We've told you before about their website getting hacked a few years ago when someone mistook them for the NSA, but that was just a website. When you get into things like satellites, we're talking about billion-dollar NASA technology here. They wouldn't skimp on the security, would they? Unfortunately, hackers aren't just getting into trouble down here on Earth; they're taking this fight into space.
In space, no one can hear you congratulate yourself for pulling off a basic-ass DDOS attack.
Two attacks happened on NASA's Terra EOS satellite in 2007 and 2008. The first attack lasted only two minutes, which seemed to be the hackers saying, "Holy shit! Totally didn't expect that to work!" before they disconnected. The second attack, in 2008, lasted a total of nine minutes after the hackers had gained complete control of the satellite. Luckily for the American tax payer, they chose to do nothing. Another attack, also in 2008, took over the Landsat 7 satellite, which takes infrared pictures, like this one of Washington, D.C.:
The red represents where senators are currently screwing prostitutes.
The attack was purportedly carried out by some hackers in China. Fortunately, they were nice hackers who only accessed the satellite but, again, did not change anything. If they had wanted to, they could have easily downloaded everything the satellite saw then disabled the whole shebang, disconnecting any further communication with it and leaving it to float over our heads as a small, glimmering reminder of our terrible cyber-security measures in the night sky.
You know what? Changed my mind -- let's all ditch our electronics and go live in the woods. It's the only way to be safe. Hopefully no one figures out how to hack trees.
Erik Germ promises not to hack your things if you promise to follow him on Twitter
For more from Erik, check out 7 Fake Movie And TV Drinks That Got Us Drunk In Real Life and 6 Fictional Alcoholic Beverages That Actually Get You Drunk.