1
00:00:00,080 --> 00:00:06,960
when we heard the Canadian government was moving to B hacking tools like this

2
00:00:04,240 --> 00:00:10,960
one we sprung into action buying as many of them as we could while we still

3
00:00:08,880 --> 00:00:16,000
couldn't guys some of this stuff is flipping wild like this electromagnetic

4
00:00:13,759 --> 00:00:22,600
fault injector which basically EMP bombs anything that you

5
00:00:19,520 --> 00:00:25,480
pointed at how she doing oh whoopsy

6
00:00:22,600 --> 00:00:30,359
Doodles but there was one device that stood out from the rest all the Jammers

7
00:00:27,880 --> 00:00:36,079
sniffers looters and tutors that hack rf1 with the portter PAC H2 Mayhem

8
00:00:33,239 --> 00:00:40,000
Edition now being a decade old radio transceiver you'd think it's got to be

9
00:00:37,760 --> 00:00:45,200
pretty outdated by now but thanks to its robust developer ecosystem open- Source

10
00:00:42,600 --> 00:00:50,399
design and ample tutorials for users of any level the hack rf1 has turned into a

11
00:00:47,879 --> 00:00:54,600
virtually unmatched Wireless hacking Swiss army knife it's capable of

12
00:00:52,719 --> 00:00:59,079
stealing a car breaking into a house stampeding cattle through the Vatican

13
00:00:56,800 --> 00:01:04,479
and even creating a small pirate FM radio station that plays skibbidy toilet

14
00:01:01,079 --> 00:01:07,320
on Loop but how exactly is this being

15
00:01:04,479 --> 00:01:12,640
used by nefarious and law-abiding people alike should it be banned and what would

16
00:01:10,400 --> 00:01:18,360
that even look like well we have some ideas just like we have some ideas on

17
00:01:15,439 --> 00:01:22,479
how to Segway to our sponsor next too say hello to the hello cam Pro and give

18
00:01:20,759 --> 00:01:27,400
your setup an upgrade thanks to its 1080p 60 frames per second resolution

19
00:01:25,040 --> 00:01:32,720
and Windows hello facial recognition learn more using our Link in the

20
00:01:29,240 --> 00:01:32,720
description and Next To

21
00:01:40,240 --> 00:01:47,399
Go part of this device's superpower is its ability to read and transmit radio

22
00:01:45,640 --> 00:01:52,840
signals and I already know what you're thinking so could my grandpa's TransAm

23
00:01:50,200 --> 00:01:59,200
but Pea's whip was limited in both the frequencies that it could tune into and

24
00:01:55,520 --> 00:02:01,600
in how it could use them not so for us

25
00:01:59,200 --> 00:02:06,079
with the right setup we can detect and even glean useful information from radio

26
00:02:04,200 --> 00:02:11,520
signals that you probably didn't even know existed like the ones coming from

27
00:02:08,679 --> 00:02:16,560
this display cable it's stuck in grayscale but look at this you can

28
00:02:14,319 --> 00:02:21,200
totally make out what this person is doing on their screen this style of

29
00:02:18,599 --> 00:02:26,920
eavesdropping is called then e freaking and was first outlined in a 1985 paper

30
00:02:23,959 --> 00:02:32,599
by its namesake whim van e of course that was 40 years ago surely Modern

31
00:02:30,560 --> 00:02:37,640
Display protocols protect against this kind of snooping

32
00:02:34,239 --> 00:02:41,560
right right well as long as you're

33
00:02:37,640 --> 00:02:45,640
talking about DisplayPort VGA DVI and

34
00:02:41,560 --> 00:02:48,599
yes even HDMI can all be monitored pun

35
00:02:45,640 --> 00:02:54,080
intended with the hack RF provided that you are within range how far is that

36
00:02:50,760 --> 00:02:55,959
range well for our relatively small

37
00:02:54,080 --> 00:03:01,080
omnidirectional antenna we're looking at inches rather than meters but in his

38
00:02:58,920 --> 00:03:06,360
original paper on the topic Vanek was able to spy on a CRT display several

39
00:03:03,879 --> 00:03:10,480
hundred meters away using a directional FN antenna similar to the kind that was

40
00:03:08,400 --> 00:03:14,640
found on home rooftops in the 20th century I mean sure that was an analog

41
00:03:12,959 --> 00:03:20,560
signal coming from a type of display that oozed radiation but modern

42
00:03:17,440 --> 00:03:23,040
techniques aren't that far off just a

43
00:03:20,560 --> 00:03:29,439
few weeks ago researchers in Uruguay managed to train an AI to descramble

44
00:03:26,319 --> 00:03:31,400
images at much greater ranges now the

45
00:03:29,439 --> 00:03:35,640
quality of these images not to mention the model's likelihood to hallucinate

46
00:03:33,360 --> 00:03:40,519
have yet to be seen let's not forget the Samsung pictures of the Moon debacle but

47
00:03:38,360 --> 00:03:44,840
this still has major implications for people who are working with highly

48
00:03:42,159 --> 00:03:47,840
sensitive information luckily most people aren't in possession of

49
00:03:46,280 --> 00:03:52,840
information that's worth stealing at least not while it's this much effort to

50
00:03:49,920 --> 00:04:00,480
do so but what most people do have is material things like this and this and

51
00:03:57,519 --> 00:04:05,200
this and what's very little effort is using the hack rf1 to sneak past a

52
00:04:03,200 --> 00:04:10,840
wireless security camera whether they're for Wi-Fi car

53
00:04:08,000 --> 00:04:15,439
keys or cell phones Jammers all work roughly the same

54
00:04:12,319 --> 00:04:18,160
way by sending out as much junk traffic

55
00:04:15,439 --> 00:04:23,040
as possible at the same frequency to mask or disrupt legitimate traffic kind

56
00:04:20,840 --> 00:04:27,880
of like shouting between two people trying to have a conversation and the

57
00:04:25,160 --> 00:04:32,600
portter pack interface when it's updated with the jamming software plugin makes

58
00:04:29,720 --> 00:04:37,280
makes jamming terrifyingly easy Once you know the channel a device is using which

59
00:04:34,639 --> 00:04:42,440
you can often find with the hack rf1 all you need to do is Click transmit Jammer

60
00:04:40,000 --> 00:04:48,880
select the channel from a list and hit go now obviously a GoPro would be a

61
00:04:46,160 --> 00:04:54,080
pretty odd choice for a security camera but our point is that this kind of

62
00:04:51,199 --> 00:05:01,960
technique is useful aha on pretty much any Wi-Fi camera and

63
00:04:58,880 --> 00:05:04,560
unless it has local storage for backup

64
00:05:01,960 --> 00:05:10,800
that's exactly what's going to happen you're going to get if anything little

65
00:05:08,080 --> 00:05:14,919
bits and pieces of what's going on that's one of the main reasons that we

66
00:05:12,759 --> 00:05:20,280
avoid wireless security cameras here at the office now this type of jamming is

67
00:05:18,120 --> 00:05:24,560
illegal in most countries including Canada so you can safely assume that

68
00:05:22,400 --> 00:05:30,960
everything you just saw was movie Magic and was shot in a Brazilian jail

69
00:05:27,039 --> 00:05:32,479
Romanian one got to go

70
00:05:30,960 --> 00:05:38,160
the question that must be in your mind now then is why don't they just ban

71
00:05:35,319 --> 00:05:43,199
these things well as I mentioned before the Canadian government is certainly

72
00:05:39,759 --> 00:05:45,720
trying but it's not really a simple task

73
00:05:43,199 --> 00:05:51,600
for one thing like a hammer these devices have nefarious uses but they

74
00:05:49,039 --> 00:05:56,240
also have many legitimate uses for example you can use the hack rf1 to

75
00:05:54,319 --> 00:06:00,520
monitor for interference that might be affecting your Wi-Fi or your Bluetooth

76
00:05:57,960 --> 00:06:05,520
devices you can get data on flights that are passing overhead you can listen to

77
00:06:02,240 --> 00:06:08,680
FM radio and do so much more it's like a

78
00:06:05,520 --> 00:06:10,639
full toolkit for learning about RF

79
00:06:08,680 --> 00:06:16,280
another issue preventing a Crackdown on these is that not every type of jamming

80
00:06:13,360 --> 00:06:22,160
requires easily detectable brute for spam a Wi-Fi deauthentication attack for

81
00:06:19,400 --> 00:06:26,759
example finds the Mac Address of a Wi-Fi access point it copies it then

82
00:06:24,360 --> 00:06:30,759
continuously sends deauthentication packets to every connected device

83
00:06:28,960 --> 00:06:36,919
preventing them from staying connected the pagi or this deor watch are perfect

84
00:06:35,000 --> 00:06:42,000
examples of devices that can perform these types of attacks literally from

85
00:06:39,960 --> 00:06:46,400
your wrist and all they're doing is exploiting a perfectly legitimate

86
00:06:43,840 --> 00:06:51,240
feature of the Wi-Fi protocol I mean you can Outlaw this behavior and they do but

87
00:06:49,680 --> 00:06:56,720
how do you prove it didn't happen by accident how do you prove who did it the

88
00:06:55,000 --> 00:07:01,080
last big obstacle to Banning these devices is that pretty much all of them

89
00:06:58,800 --> 00:07:04,879
are based on cheap readily available single board Computers Plus parts that

90
00:07:03,360 --> 00:07:09,520
can be easily found in a children's robotics Club I mean it's already

91
00:07:07,360 --> 00:07:14,199
illegal in just about every country Canada included to be carrying around a

92
00:07:11,680 --> 00:07:17,560
break-in instrument and the burden of proving you have a legitimate use for it

93
00:07:15,960 --> 00:07:24,639
falls on the accused but even this relies on officers

94
00:07:20,960 --> 00:07:27,199
to recognize that that video game or

95
00:07:24,639 --> 00:07:32,879
Smartwatch looking thing is what it actually is so there's nothing we can do

96
00:07:31,039 --> 00:07:38,240
to keep these tools out of the hands of Nells so what do we do now well we

97
00:07:36,160 --> 00:07:44,199
contacted Great Scott gadgets creators of the hack rf1 to discuss this topic

98
00:07:40,560 --> 00:07:46,120
and politely they told us to pound sand

99
00:07:44,199 --> 00:07:51,039
fair enough I mean we did call their device aoral in our coverage of the

100
00:07:48,039 --> 00:07:53,240
flipper zero but they also weren't alone

101
00:07:51,039 --> 00:07:57,919
in denying our request for comment every hacking tool company that we contacted

102
00:07:55,159 --> 00:08:01,560
from electronic cats to deike to our friends over at hack five where

103
00:07:59,720 --> 00:08:05,840
completely unwilling to engage in conversation about the legality of their

104
00:08:03,520 --> 00:08:09,879
products which makes a lot of sense I mean they build them for Security

105
00:08:07,639 --> 00:08:14,479
Professionals but they're clearly being used by shadier folks with recent car

106
00:08:12,199 --> 00:08:18,599
theft Trends grabbing a lot of headlines and putting them in an uncomfortable

107
00:08:16,199 --> 00:08:23,240
position so I'm going to say what I believe they would say if they were

108
00:08:20,639 --> 00:08:27,639
willing to say it the better solution is to beef up our security though this is

109
00:08:25,599 --> 00:08:32,440
easier said than done in our flipper zero video we briefly explained how the

110
00:08:29,800 --> 00:08:36,959
hack rf1 can be used to defeat rolling code security for a vehicle's keyless

111
00:08:34,279 --> 00:08:40,399
entry system and if you're an avid Tik Tok user you're probably already

112
00:08:38,399 --> 00:08:44,920
familiar with the Kia boys a trend where teenagers were stealing Kia and Hyundai

113
00:08:42,560 --> 00:08:48,959
Vehicles made after 2012 by breaking open the steering column usually with a

114
00:08:46,839 --> 00:08:54,000
screwdriver not purchased at LTD store.com and plugging a bog standard

115
00:08:51,480 --> 00:08:59,440
USB cable into the ignition that doesn't even require a hack rf1 or anything

116
00:08:56,440 --> 00:09:01,600
fancy so what's clear is that in the

117
00:08:59,440 --> 00:09:06,760
interest of saving a buck modern devices can often take a painfully LAX approach

118
00:09:04,240 --> 00:09:11,680
to Security even ones that cost tens of thousands of dollars like the Honda CRV

119
00:09:09,880 --> 00:09:16,000
that vehicle holds the title of most stolen car in Canada because while it

120
00:09:14,279 --> 00:09:21,040
would normally take a fair bit of effort to defeat rolling code not to mention

121
00:09:18,519 --> 00:09:26,040
specialized equipment the rolling pone attack exploits a flaw that causes the

122
00:09:23,120 --> 00:09:30,480
CRV to reset the code counter allowing previously used codes to both open and

123
00:09:28,279 --> 00:09:35,880
start the vehicle and it took an embarrassing amount of time for Honda to

124
00:09:32,560 --> 00:09:37,839
identify and address this issue so yeah

125
00:09:35,880 --> 00:09:42,880
are these devices actually making it easier to steal cars and generally cause

126
00:09:40,279 --> 00:09:46,279
trouble of course they are especially by making them so easily available to folks

127
00:09:44,720 --> 00:09:51,560
who wouldn't have the wherewithal to build one themselves but the same could

128
00:09:49,480 --> 00:09:55,640
be said for a hammer this could help you break into a car more easily are we

129
00:09:53,399 --> 00:10:00,519
going to get rid of them so I think the focus should be on the big automakers

130
00:09:57,880 --> 00:10:04,959
and how they manage to fail so so hard and on the organized crime networks that

131
00:10:02,560 --> 00:10:08,680
are engaging in these practices at scale rather than on the makers of softwar

132
00:10:07,200 --> 00:10:14,079
defined radio devices and the focus should be on our

133
00:10:11,120 --> 00:10:17,079
sponsor Squarespace having a website is key to establishing an online presence

134
00:10:15,760 --> 00:10:21,279
for your brand or business you understand and Squarespace makes it easy

135
00:10:18,959 --> 00:10:25,240
thanks to Squarespace blueprint a tool designed to give you great layouts and

136
00:10:23,399 --> 00:10:29,320
styling options so your website is optimized for every device there's so

137
00:10:27,240 --> 00:10:34,040
many devices these days they also have integrated optimized SEO tool so you can

138
00:10:31,839 --> 00:10:38,279
show up more often to more people in the right place on the first page and if you

139
00:10:36,079 --> 00:10:42,360
plan on selling products on your website Squarespace makes checkout seamless with

140
00:10:40,200 --> 00:10:45,920
simple yet powerful payment tools they accept credit cards PayPal and even

141
00:10:44,279 --> 00:10:49,680
Apple pay to give your customer flexibility just give me the money

142
00:10:47,880 --> 00:10:53,480
however you want we love Squarespace so much we even use it here for our own

143
00:10:51,839 --> 00:10:59,920
website so start building your website today and receive 10% off your first

144
00:10:55,560 --> 00:11:01,120
purchase by visiting squarespace.com LT

145
00:10:59,920 --> 00:11:07,000
if you guys enjoyed this video and you want to know more on this subject check out our video on The Flipper zero

146
00:11:04,600 --> 00:11:10,000
another Swiss army knife of Homebrew hacking