Interview with Samy Kamkar, security and Privacy Researcher, car hacker
As part of our ‘Interviews’ series, We had the pleasure of having interview with Samy Kamkar, white hat hacking researcher who was able to unlock nearly any car by “RollJam,” a device he built for around $30 in parts, which can unlock many different types of car remotely.
Bk team : Can you please introduce yourself to security Kaizen magazine readers (bio, experience, history)
Samy : I originally learned software development and have always been interested in hacking and security with a recent interest in hardware and radio frequency. I dropped out of high school and began working in technology early (around age of 15).
BK team : Could you tell us more about the company that you have founded ?
Samy : I confounded a Voice over IP company, Fonality, which produces phone systems for businesses.
BK team : you’ve created a tool that named Evercookie.. can you please give us an overview about it ?
Samy : Evercookie is an API that allows persistent tracking of a user in a browser even after they’ve removed cookies. I developed it to demonstrate the issues that are in browsers and have already been exploited by corporations and governments with little knowledge by users. By creating it as free and open source, it shed light on the issue and allowed browser vendors to produce more effective controls for privacy for users.
BK team : why did you get prohibited from using a computer for a 3 years ?
samy : In 2005 when I was 19 years old I released a worm onto MySpace, the number one site on the Internet at the time, that made a user add me as a friend and add the text “but most of all, samy is my hero” to their profile. The code would also copy to their profile, so if someone visisted their profile, they would also add me as a friend and hero. Within a day, over one million users added me, making it the fastest spreading virus of all time to date. MySpace had to shut down to remove the worm and in 6 months I was raided by the Secret Service, and 6 years later I was banned from computer for three years.
Bk team : you’ve demonstrated weaknesses in Visa, MasterCard and Europay credit cards with Near field communication (NFC) and Radio-frequency identification (RFID) chips… what were your major findings ?
Samy: The issue is that while there is encryption within the NFC cards, the chips that perform decryption are readily available to anyone with little cost (under $100 USD) for Point of Sale systems for merchants. The chips are necessary to decrypt the communication and transfer the credit card to gateway. Because anyone can purchase them, I was able to enhance existing software to decrypt additional credit cards and demonstrate stealing credit cards through a portable, wireless system.
Bk Team : Why did you create Samy Worm “ the most infectious computer worms in existence” ?
This was a prank as a 19 year old and had no idea it would spread as quickly as it did!
BK team: how were you able to take control over GM Cars? why did you choose GM cars specifically ?
Samy: While I’m a fan of the cars GM is creating and the quality they produce, it’s important to note they have recently been a proponent of preventing researchers such as myself investigate how the software works within their vehicles. They’ve requested that reverse engineering their software, similar to how I learned about the attack, should be illegal in the USA based off of the DMCA (http://www.wired.com/2015/04/dmca-ownership-john-deere/). I believe my demonstration is important to show that by preventing researchers such as myself from investigating security in their products, the only ones left to find the issues are malicious users. My demonstration allowed GM to fix the issues for more than three million users who use their RemoteLink app, according to their site (https://www.onstar.com/us/en/services/remotelink.html), however if I’m prevented from researching these issues, the only ones who will do the research illegally are criminals who will likely exploit consumers afterwards.
BK team : you revealed that you can attack BMW Remote, Mercedes-Benz mbrace, and Chrysler Uconnect. How is it possible ?
Samy : The same way GM/OnStar RemoteLink were exploited, by exploiting mobile devices to join networks they willingly share the name to, and by performing SSL man-in-the-middle attacks.
Bk Team: How did you hack any garage door Using a child’s toy from Mattel ? and how to protect ourselves against garage hacking ?
Samy: Many garages use a very limited key space, similar to the number of possible passwords you can use to get into a website. In combination with another attack I discovered on how the garages interpret these passwords, I was able to reprogram a Mattel toy to wirelessly send every possible password for garages in under 10 seconds, opening many of these fixed code garages.
Bk Team: Is this possible in every modern car to be hacked?
Samy: Every car I have tested, including models from 2015, have had vulnerabilities that I was able to exploit to, at the very least, unlock the vehicle after the user performed an unlock command from their own car remote.
BK team: What kinds of things do you do in your daily life to protect yourself?
Samy: I use different passwords for each website, however many things are difficult to protect and I remain as vulnerable as anyone 🙂
BK team: As a Security Expert, How do you judge the WikiLeaks’ decision of publishing the full database of Hacking Team data?and How vulnerable Arab Governments after this kind of disclosure ? Do you fear that the diffusion of their softwares could be used by criminal groups?
Samy: I believe the more important question is not wether criminals are using the information now, but if they were using it before the data was ever released. As soon as the data was leaked, many patches and resolutions to the issues were resolved — this seems like a good thing for the world as a whole. How long were organizations using these vulnerabilities to exploit users before it became leaked…who knows? That’s what’s much scarier than the short period of time criminals were able to abuse the data post-leak.
BK team : Do different governments including the US government ask for your help in certain Cyber Crime cases? Examples?
Samy: Occasionally, however I can’t provide examples. I typically only work with companies I believe are producing a positive impact in the world.
BK team: How can you see the Future of Security industry in The Middle East ?
Samy: It will be similar to the rest of the world with new vulnerabilities and important to secure each machine.
BK team: what is your advice for Governments, users and organization to stay secure ?
Samy: Use strong passwords and encryption.