 Just to keep you awake. We wanted to give you a very light very simple topic something you would see like on HGTV On those lines it will kill or harm you and it's in you that you right there It's in you. Don't worry. Got it. We got an off switch It's in you or your home with Ryan Satterfield give Ryan a warm welcome Because he's dangerous And that off switch could kill you, but I'm not HGTV that would be cool even though that's sort of suck a channel, okay so today I'm talking about what they have just said and One of the issues I'm discussing is concerning because it's capable of killing more people than several mass shootings Combined by a push of a button This is factual I'm based off a situation I was in and I hate it and no I don't have slides because I didn't feel like making them because I was working on trying to make this great. I Am hoping that by talking about these issues today people will want to take action research more and Protect against these issues when developing systems and fix these issues to prevent travesties if they are deployed Now what am I talking about and what heck am I up here, right? I'm talking about how easy it is to hack or access electric grids Devices in your tests like medical devices and light bulbs that can literally explode They're connected to the internet So why am I qualified to talk about any of this anyone could talk about anything, right? Well I've legally hacked threat models or access the majority of what I'm discussing here today Including the device that was in my chest, which I I'm going to be discussing and I'm running a conference only accepting talks that harm kill or assault the user excluding monetary damage called critical con and we're accepting talks and I'm also in a row of the Calvary. So no, there are no Zero days that aren't already Public and public on I mean when I say public I mean The hacker community probably doesn't know but the medical community does know so it's probably near to you So Well back, I just want to know how Safe is the world's critical infrastructure It's not unfortunately in under 60 seconds. I found a link into an airport's infrastructure And this is a SCADA system but I didn't find that very interesting and so I kept looking and what I found was Equally fascinating terrifying and oh, no If I report this, I'll be killed because that's how this government handles these types of issues So I asked that I accessed legally another country's electric grid. I Say accessed not hacked to distinguish the difference of being able to get administrator powers Over an electric grid for a large swath of a country by simply using Google cash of all things come on crying out loud Protecting stat and but doing that it gave me their admin side and abilities shut down power for large person in the country What I did was not a hack in my opinion and not by most of our opinions and that is troubling that the the There's troubling now since I was on Google's property and Not their property the entity that would be trouble was Google not me. That's viewing the thing that Google took It's very nuanced, but that's how law is so The amount of data you could access at the time Has now dropped by half a billion search results Because I worked with Google and law enforcement to on this issue and I'll expand further on that Now back to electric grid the admin side was like looking at the 1990s seriously like flashback mode Maybe if we brought up a layer one from 1999 it looked like that, but no one probably looked better it had The site had letters scrolling on the top of the page telling you where you were and below had nice little squares of the names of Areas that covered a very wide area of the population Followed by a nice little button that said shut down for each one of the name of the Area cities and everything that was just lovely now for an admin that sounds nice If you're an administrator you want things to be straightforward But whoever did this didn't think about their threat model The threat was every hacker in the world and their security to deal with all those hackers was to kill them Literally kill them their their threat model was only only worked for the hackers within their country and the promise of death Based on the hackers in that country and what I know I would have to say that policy is probably working very well And this policy was on all government websites of said country Because none of those hackers in that country They aren't protecting can stat and they aren't talking about that these type of issues Now hackers from that country are talking about more trivial issues that Don't bother their governments But what I say to the governments of the world is you need to be bothered a little if something endangers your population's freaking life so So what if we find it if we tell you you need to fix it because Someone else can come along and kill everyone if That issue allows you to be killed So stop threatening and kill us and try to protect your people now Now all right told you that this country had it in their fine print They even put in their headers They put that they took the time to put in their headers that they'll kill you and rather than fix them try and fix their issues That's just lovely So it wasn't incentivized to contact this country at all rather I Because I sort of I sort of think being alive is interesting. I've been dead I've been temporarily dead a few times. I was really boring So being alive is too interesting to try to contact the company the country that's gonna kill me So I contacted with all that combined I talked to the FBI about it since I was already working with them on another scattered issue So it took no if you contact our law enforcement, you think they could talk to the other country get fixed real quick, right? Well, since this isn't a close ally it took Six months to fix this issue and during that time anyone could access their grid But so got fixed that's the positive side some things never get fixed Now how is being able to shut down a large loss of power of a country a life or death scenario? That's a good question. I mean they have to be asked Any form of system to direct traffic was shut down which would lead to Car accidents further. Let's look at this country's inability to have the majority of their hospitals have generators So shutting down their power for a long period of time might result in death for those on on May life support in certain areas Even a short period of time is enough to cause chaos at the hospitals not be able to triage properly Resulting in death Death and a click and a click of a button is no longer a joke for the tabloids like it was in 1999 for the inquire It's rather a real life if I got the paper wrong. I'm sorry, but it's rather a real life Issue now and we have to update our threat models due to this Now How do researchers How do researchers? Find this information. Well, I'm the way I Got a lead on it was a now defunct site called strange scat a love to help locate this information And then I wrote my own personal guide from the information But I'm not allowed to share that information today. Unfortunately Apologize to that Because it's scat a so it's critical infrastructure to talk and I was told not to discuss that part of it unfortunately Now if you run into issues like this Be careful on how you report these issues Because did you break the law to access these systems? If so, I went into law enforcement Nor do I encourage you to break the law or anyone else in this room Or anyone on the watching this in YouTube This is something I had to think through and rationalize reporting to our law enforcement and plus since we're handling another issue Like I like I said, I had an easy point of contact Getting things to the government is a bugger and a half Without having friends who have points of contacts are you yourself having a point of contact if you believe What you found is worth a potential jail time even if you broke the law then make your decision and live with it and Simply doing threat modeling from my point of view on how to live your life But you ultimately decide how you should live your life. No one else can tell you how to do how to live your life Now I can say that instances like this coordination and cooperation with law enforcement That is if you have the proper channels is more powerful and safely solving issues and any blog post ever will be so Now let's move on To what I call abnormal weaponry. I Had a device called a vagus nerve stimulator in my chest That's connect that was connected to my brain. You guys can see this wire right here It's an RF transmit coil that connects to my brain Well, I had that device removed a few months ago That device had some problems and but it wasn't interconnected in the sense that most think IOT devices are No, are the newer models Rather it was is only supposed to be accessible by a couple feet of the user and you can make the device send electricity to the brain when you aren't expecting it if there's enough Magnetic energy Took a 50 gas magnet and activate it and and just reboot reboot reboot no authentication in place just magnets Which is pretty weak But that's that's not a major issue because did they have it as a little problem, so This device is actually in my opinion pretty secure, but let's go on to see other problems in it It's accessible by radio frequencies and they have something they call a wand updates the software Deactivates it changes the voltages, etc. Which requires access near your chest A lid if you're using their system, so sure if you're if you're within a couple of feet of someone some's chest you could turn their device off and Sending them their deserts of electricity to the vehicle nerve More often than I supposed to get but that's extremely close Unless you're doing something really crazy that you can send it further away and for hackers were crazy We probably could find a way to do that This device considered more electricity than is meant to and I know that but not hacking it rather certain commands appeared to have gotten overridden When my lovely insurance company, which I do appreciate but I don't appreciate for this Society placing my batteries in my chest wasn't worth paying for The device didn't know how to handle the unexpected amount of energy from the batteries Which shows how well the company plans are unexpected input Do the improper metal electricity the device seems to have potentially triggered some commands and the system that probably left over from debugging and Took the company an extended period of time to figure out how to fully shut it down Since there appeared to no longer be a cap on how much electricity would be sent to my brain every five minutes I stopped breathing every five minutes When it was programmed to turn on if I didn't have a 50 gas magnet taped to my chest that is why battery replacement is very important when building devices and Because and battery and and in long-lasting batteries. So those don't have to be replaced Because that's an important step to protect people against these devices going crazy now You need to have a system in place that if it isn't life-critical meaning you'll die if it turns off to deactivate something if it is life-critical you need a way to warn the patients far before shut down and Will occur and you need to explicitly be clear with insurance companies that the batteries will be replaced now moving on a Simple unauthorized access hack that's been known to all the patients and doctors in the medical field for nearly 20 years Is a little frightening but not that frightening because I would cost about a million dollars to do it You would need about almost three tests of Strength of three Teslas To be able to fry this RF transmit coil because until recently they did not do shielding in this coil And this coil is connected to my brain So if you fry the vehicle nerve, I'm just like this But still alive So you can really you can really kill you can really kill someone or highly mess them up this way Now with all of this cameras aside, I still think this is one safest devices out there Our former vice president. I believe it was Cheney Had to have his pacemaker modified to avoid attacks that would have killed him One person wrote about how they had to have a medical device put in them that has Wi-Fi And they now fear for their life, but they did it because it was the only thing to save their life Now what stood out to me Was when they have it installed the doctors didn't have a section of the problems Cybersecurity wise which they should have Rather they only found out about the issues after it was in them and after is installed And there's nothing they can do about it unless have it uninstalled and then they die Because they rely on the I believe it was a pacemaker Now if a popular brand of pacemaker was attacked by remote code execution if it was Make it potentially have people dropping dead, which we all know, but it's unfortunate because it's easier than that As hacker news notes You can simply kill some patients in the hospitals through their infusion pump Which is a certain brand is IOT and the certs Which is an arm of the DHS is most of us know Handles internet security issues and they send out a warning about this pump because people could be killed by it By overdosing and other issues So That's just lovely. We need to think about what we're building folks So don't fear though some doctors are actually starting to care about protecting your health from every angle But the most important part to them is being able to save your life from a non Internet security threat or as they might say cyber security threat Both have to be adaptable hospitals have to be Hospitals are very vulnerable because in every sense of the word they have to be able to do their job and every second counts But they also need security. So someone remotely can't Kill their patients. It's a delicate balance that needs to be fixed and hopefully We can hopefully some hospitals will start working in unison with Researchers to fix the devices while and or just get them fixed from deployment And then they can focus on what they need to focus on So I found it to be our duty to try educate others on what needs to be done Now let's switch off the IOT devices Mmm. The thought the I was a company hired me to hack an IOT device I thought the cross around mind was Since this is sold widely to the masses What twisted thing could some crazy hacker do with it? Well, I thought it wouldn't accept more voltage to the light bulb than the light bulb was supposed to output, right? Right, we wouldn't do that, right? No, no wrong My co-author which I forgot to ask permission to say his name, so I can't say it my co-author and I Ran the attack as proposed within the safe confines of metal box and the glass shattered everywhere of from room light bulb Light bulbs are by people's beds. They're they're everywhere in your home Those type of attacks are not acceptable by any means of imagination Now if you're willing to offer a location for more hazardous absurd testing Things catching on fire and such let me know because there's some stuff I wanted to completely blow up to make or try to blow it up to prove it Disprove how safe it is to to and let everyone know My Twitter handle from a company is planet Zura. Mine is I underscore AM underscore Ryan underscore s so I Did say in the description I was going to talk about a way to blind people and make them vomit I'm going to talk about that slightly Because but I can't I'm not gonna say how since it's not patched There are certain frequencies people consider to be brown notes But what if you can modify those frequencies and put code in them So you're sending code over audio? There's programs out there to do that Now what happens if you change that frequency to be pretty high so it's almost outside the human hearing range It's almost near sonic Ultrasonic near ultrasonic. Well, then I put myself as guinea pig And I started going temporarily blind Bombarding and had a migraine for a day every single time I did it you I was but Something like that that got broadcasted over Say an ad on the radio or got uploaded maliciously to a popular podcast Could be very dangerous to people driving. I want to talk more on this issue But until there's a fix or something I can't Now I'm opening the floor to any questions or criticism and I really appreciate everyone being here And if you want to submit any talks to critical con Please do so it's critical con dot com Any question