68: HackCar with Robert Leale

Chris: Robert Leale is the President of CanBusHack, President of Pivot, and is also founder of Car Hacking Village, which can be seen at Defcon, DerbyCon, GrrCON, Ciphercon, ThotCon, and many more hacking conferences across the globe. Robert, thanks for joining me at Barcode Man. It’s an honor to have you on.

Robert: Thank you.

Robert: Thanks for having me. I appreciate it.

Chris: Absolutely. And I must note that we are doing this interview, or you are doing this interview in a car, so it’s even more fitting.

Robert: Yeah, . Yeah. The situation sort of presents itself that I, the only place that I can do it quietly enough is in a car. So no, man, I wouldn’t have it any other way, so I, it sort of is legit though, so it makes sense.

Chris: If you don’t mind, can you walk me through, you know, your journey. Or rather drive me through your journey Yeah. Of getting into Yeah. The it slash security field, and then ultimately, you know, how you ended up in the, the car hacking realm.

Robert: Yeah. So, I mean, car hacking has sort of been a thing that I’ve been doing since I was, you know, since I got my first car, you know, back when I was 16, was I was really interested in how it works.

Robert: Just like a lot of us actors out there really interested in how does this thing work? How can I, how can I, how can I hack it? Right? And so one of my first vehicles that I owned was a 96 Honda Civic that I got when I was in high school. And I was just really interested in how we can connect to it. I had seen at the time, you know, people tuning them like a, you know, a video of people tuning them.

Robert: I was like, Well, I know we can connect to it. There’s some way that it could happen. And you know, 96 was a long time ago. I dunno if you remember the internet back then, it was, wasn’t very useful at all. Pretty, pretty use useless by today’s standard, so it really wasn’t very helpful. But there was a couple of good websites and forums to figure out how to connect to vehicles and so I just sort of did what I could with the computer parts that I had and put a, a computer in the vehicle and you know, added a NAV system and, and as much as I could to just try to, you know, con and connect the computer and the nav system together and, and, you know, video and, and audio and just, just generally just interested in how I could put a computer and integrate it as much as possible in vehicles.

Robert: So that’s kind of how I started. Fast forward to like, maybe about seven or eight years later, I found myself at a company that specialized in vehicle network tools in Detroit. So kind of in the center of, you know, cars kind of in the center of. Electronics and integration in vehicles. And I really loved it.

Robert: And soon after you know, two, in 2010, I started can bus hack at that point, I’d, I’d done a lot of work with integrating electronics into vehicles, you know, just myself as a hobby and then professionally and then now that’s, that’s essentially what we do. And I, I really, you know, was always interested in going to Defcon ever since I first heard about, heard about it, probably in the late nineties, early odds.

Robert: And when I finally got a chance to go, got the money up, and I was able to, you know, fly myself out to Vegas, I was just, just blown away by Defcon. And so I really wanted to, you know, sort of contribute this, like everybody else was making these villages and things like that. And I asked them, Hey, can I make a village?

Robert: I had no idea how, how to do one. You know, I never consulted a single person running a village on how to do run a village. So I just kind of winged it, you know, , we, we just got a bunch of, you know, other car hackers that I’d worked with in the past and, and companies that I, that had helped, helped me out and worked with me.

Robert: And I’ve trained, I trained people on and said, Hey, you guys wanna make a go of it? Wanna do this car hacking village? And they said, Sure, let’s do it. And I got I got some really cool support from somebody named Kirsten who, who really helped out and a bunch of other people who, who just sort of were really, really pivotal in, in making the village, you know, kind of what it is today and just this crazy, you know, mix of, of hackers and, you know, and, and other people in the info InfoSec place.

Robert: That was really fun. So it’s kind of, kind of a long story because it’s, you know, kind of a 20 year journey, you know, But here we are. Yeah. Nah

Chris: man, you, you took me through that at warp speed, so I appreciate it. Yeah, I was at DEFCON this year and yeah, car hacking Village is just, is just always phenomenal.

Chris: I really

Robert: enjoy it. It’s hard. I’m sure all the villages work really hard, but, you know, car hacking is one of those things that really can bring in a lot of different kind of, you know, hackers, you know, like a really good friend of mine says it’s like the Olympics of hacking, right? Cause it really has all of the other things.

Robert: We, we, we, we make a Venn diagram and then of like, IOT hacking, wireless hacking, you know, you, you name it like, you know, hardware hacking and you look at it, car hacking kind of just sits right in the middle of, of all of those can kind of encapsulate all of them. Now we kind of specialize in that. What makes cars unique?

Robert: Like what’s, what’s kind of on the outside of that Venn diagram is kind of where we try to live in the car hacking village, but we don’t have to. Right? Like it’s just fun to be on the outside because that’s what makes it. The more unique aspect so that we focus on that spot, that spot that’s kind of underserved by other villages maybe.

Robert: But there’s a lot of places that it kind of fits and so it just kind of can bring a lot of, a lot of people together. Plus people love cars, right? Like, it doesn’t even have to be a car hacker that goes and, and does this. So, so we’re working really hard on trying to get like, other things as well inside of the village.

Robert: You know, we’ve always tried to get bigger things. Sometimes. A coup like last year, you know, during, you know, when it was kind of like half, half Defcon, you know, it wasn’t a full off, full Defcon. We tried to get a, a, a combine a John Deere combine, but the dimensions wouldn’t fit in the facility, so we couldn’t fit it in there.

Robert: So we’re like, well, that’s our limitation. If we want to if we wanna hack a big combine, we, we gotta have a bigger place. And so, you know, hopefully. Yeah, hope. Well, actually, our, our goal this year, or for next year actually, is to get large semi trucks. We have, we have somebody who wants to give us some semi trucks to hack on, so we’re excited about that too.

Robert: So that’d be fun. Yeah, that would, that would

Chris: be amazing. Yeah. Yeah. Yeah, man, So that, that is an interesting transition that you made from, you know, hobby to career. Yeah. And you started out with the 96 Civic. When you talk about, you know, the car that you had this year, was it a Tesla?

Robert: So we had, we had a Tesla and we had a, of course, as, as you may have heard, the Ho Hondas got really beat up over this last year.

Robert: Yes. You, if you look, if you were so outsider looking in, you was like all these random cars that, that we’re putting inside the village, but it’s never a random. Every year there’s some sort of manufacturer that kind of gets owned in some way that has some cve, there’s some big story that kind of hits them, and that’s the car we target to bring in to the village.

Robert: Right, Okay. Whatever was like the big one through the year and like last year was Honda, right? Our first, our first Defcon was the Jeep hack. Right. So you’ll notice our first defcon there was a Jeep. And since last one, no, no different. Like the Honda had a had a, a CVE against like the wireless system and how anybody could really just like clone it.

Robert: And a bunch of people had, like, if you got one of those flipper zeros, you could just literally copy the key from somebody who’s pressing the key fob and then change the data and send the, send it back out without really any hacking. It’s just like, by the way, if you wanna steal somebody’s key, you can, No problem.

Robert: And that was, that’s the reason why we do that is like, hey, That’s sort of emphasize there’s cars are still very hackable today as just like they were last time. But yeah, we did add a Tesla as well. Cause a lot of people like to play on the Tesla. Actually. There’s some really interesting things that people were doing with the Tesla as we were closing up and I was helping them out with.

Robert: It was just, there’s some fun, there’s, there’s still a lot of fun to be had with Tesla regardless. Yeah. And I need

Chris: to get my hands on a flipper.

Robert: Zero. Oh yeah. My gosh. Yeah, they’re stuck. Luck . Yeah, I know. I, I noticed that. So Tesla, you can open up the Tesla charge port with the RF and you can clone and copy Honda Key fobs that I’m aware of.

Robert: And there’s a couple other things that I’ve seen people do with, with nfc hotel room. I saw on the Twitter somebody doing some cool, like cloning NFC card for hotel rooms. And so yeah, it’s, it’s got some features that, that you can use, you know. Nice. Not as good as like a proxmark for like RF cloning.

Robert: Okay. You know, it’s not, it’s not nearly as good I should say, but, But it’s very good for a lot of other, like, if you wanna roll everything into one and maybe make a, a multi-tool for, for hacking, it’s very good. Got

Chris: it. So you had the Honda there at, at Car Hacking Village. In general, do you target certain types of vehicles or manufacturers and, you know, what do you look for in terms of targeting a vehicle to hack?

Chris: Is it, is it only vehicles that you know are vulnerable when you seek them out, or do you also, you know yeah, test against other vehicles as well that may be more secure?

Robert: Yeah, I mean, I guess you could just, you can just smell him, You could just smell a hackable car. I don’t know why. It’s funny, you know, when the GPAC came out, back when, you know, if you’re not familiar with like the Jeep hack, there was a massive like hacked, like.

Robert: Hack that happened with Jeep and our first were the, during the first F crime, like, you know, if you looked at, at the time it was owned, Jeep was owned by a company called FCA at the time, an FCA stock actually took like a 10% dip after they, they posted. So, you know what I mean? Like, there’s, there’s definitely implications and, and I actually owned a Jeep at the time, right.

Robert: And there wasn’t a coincidence I owned a Jeep when the GPAC happened because it was a very hackable car, right? And, and you could just smell it. That’s the reason why I got, it’s like, oh man, look at all the, look at all the things you can do on this one. There’s got bound to be something, right? It just, you could just see like, hey, it’s got wireless, it’s connected to the internet, It, it’s got multiple can buses connected to really interesting interfaces, et cetera, et cetera.

Robert: So you could just kind of smell, just like the probability of a hack is much higher for these. And that’s kind of what people do with the Tesla. Actually I own a Tesla right now as well. Because, you know, there’s a, there’s just a lot of just probability. It’s all about probability, Just a much higher probability of success that you’re, Yeah.

Robert: This Jeep is going to be capable of being hacked. I guess it’s, you just look at all of the attack surface and you just kind of make it determinations. This, it’s got wireless, it’s got Bluetooth, it’s got new things that nobody’s ever done before, like autonomous driving, et cetera, et cetera. And you know, there’s there, if, if nobody’s ever done it before, if it’s so cutting edge, moving edge, there’s, there’s no way they knew how to secure it because they didn’t even know what they had at the time.

Robert: Right. So you just kind of know that’s gonna be fun. You’re gonna find something. For sure.

Chris: Yeah. Was that Jeep, I guess, the most hackable vehicle that you’ve seen

Robert: at the time? It was probably the, the most interesting available. Cost effective hackable people, right? Like, you’re not gonna go out and buy a Lamborghini just to hack it.

Robert: And that’s kinda why Lamborghini are pretty safe, right? In that sense. But Lamborghini is owned by fca, right? So if you hack the Jeep, maybe they’ll have some say similar electrical architecture to succeed on it. So what vehicle have you

Chris: found to be the most

Robert: secure? Well, honestly, I, I think Tesla does a great job for sure.

Robert: Like as far as secure, like actively working on security, I would still re the Tesla in that sense. Okay. Just because you get updates, right? Like if that, if that the DPAC had an update, but the update that it had was you know, it took them a very long time for them to have that update dis distributed because you had to get a USB stick and you had to choose to plug it in.

Robert: And it took, you know, 30, 40 minutes for that to happen. And most people didn’t even know how to read the instructions or where to plug it in. Whereas with the Tesla, you just hit the button on the display. It’s like, eh, eh, I wanna update. Sure, no problem. And it just does it. So, so, you know, if a problem is found, you know, you can’t assume that problems won’t be found, but when they’re found, they actually do something about it and then had a means in which to, to distribute it.

Robert: Right. So, so that’s kind of why I like the, the Tesla. And, and during like virtual Defcon, I even like took like a raspberry pie and plugged it into my car and let people remotely over the internet at like pancakes con and at Defcon and a couple o one of the grim con’s as well. Just like plug in and let them wirelessly connect to my vehicles that, and send, you know, whatever they wanted random.

Robert: Anonymous internet people and I drove it afterwards, you know what I mean? So I didn’t feel otherwise watching what they were doing. Like in case I saw this like weird payload of like a bunch of data where they’re re flashing a controller, first of all, that would’ve been awesome because now they just shared how they refl a controller with these idiots.

Robert: But also if they the controller, you know, I wouldn’t have seen it as well, so. Right. Yeah. No, it’s good to hear that

Chris: Tesla is, is you know, security conscious. Yeah. And then that’ll be reassuring when I, when I ultimately get my, my

Robert: cyber truck. Yes. I’m still waiting too, man, I, I dunno, 10 years ago, whenever it came, whenever he decided to come out with it, so yeah, I would like,

Chris: I would like to get one of those in Defcon.

Chris: Yeah. When, when, when that happens. So for the manufacturers that are that are making these, these intensely connected vehicles, right? What are they missing? You know, as they are planning and developing these electronic systems for vehicles, and do you feel like we should be implementing a dedicated security team within the manufacturer?

Robert: It’s so weird. So in several, I mean, all the large ones, you know, if you’re, especially ones in the US and, and external they, they have security teams for sure. Like, you know, they’re, they’re sometimes reliant on, you know, external security as companies as well. But, you know, they have security teams and, and they, you might not notice them, which is good.

Robert: You shouldn’t notice them. But, you know, actually this last Defcon we had our CTF and the security team that won was actually General Motors security team. So, so GM won our, our, our last year’s our. Ctf. So yeah, we’ll get a lot of, we’ve had other manufacturer security teams compete in our ctf, so it’s, so we get to meet them and other events as well, so we know they exist.

Robert: Sometimes they’re not as big as maybe you would anticipate, you know, like you’d think like a multi-billion dollar company would have a security team larger than, you know, 40 or 50 people just, you know, you want it to be like maybe a several hundred people at least. That’s, that, that are verifying all over the lines of code, especially the new code that is, that’s being written out there.

Robert: The biggest challenge, honestly, that, that manufacturers have with securing their own systems is that they’ll make it right. It says DM on the badge, but you know, not all of the electronics, but a significant portion of electronic systems are not made by that manufacturer. They’re made by another one.

Robert: So how big are their security teams, right, if at all? Do they have one? You know, a lot of the, a lot of the manufacturers require them. But maybe they’re not maybe they’re not that good, you know, So we, it’s just, it’s really hard to, even as a man, even the manufacturer who’s ultimately auditing all that information, it’s really hard for them to verify it.

Robert: And then again, it goes back to that big problem. If, if the problem exists in code that’s not yours, how do you fix it? How do you deploy it, et cetera. Tesla got around this by just not having anybody else make their electronics, right? They just vertically integrated everything. But that’s not really the model that does really well in automotive.

Robert: They, they can’t do that back in the 19 hundreds, the early 19 hundreds. Sure. That was a very obvious model. Ford used to do that as well. They should integrate everything, but they had to get away from it ultimately, because as soon as. Problem happens, you know, with rubber production and you can’t get rubber for tires, you gotta find somebody else to get it.

Robert: Same thing for silicon and electronics and things like that. And who’s making most of the innovation are a lot of these suppliers. And the manufacturer doesn’t even know how to build a windshield wiper, you know what I mean? They don’t, you know, there’s plenty of windshield wiper suppliers. They, they do it.

Robert: Manufacturer doesn’t care about how windshield wipers work. They just know how to integrate it. And so they’re big integration companies mostly. And yeah, sure. Nowadays in order for them to stay competitive, they’ve had to bring a lot of their, their development in house. But that’s only a recent trend, maybe in the past 10 years or so, that they’re bringing a lot more electronic development in house.

Robert: So, we’ll see, we’ll see how it ultimately susses out. But I, in, i, in, I anticipate that, you know, it’s just, there’s gotta be a lot of teams of cyber security companies that are, that are involved in the entire process and. It takes a long time and once something was found, how do you distribute it? So a lot of these companies are, are working on, oh, you know, over the air updates similar to Tesla as well.

Robert: Okay.

Chris: Yeah. It’s supply chain, right? Yeah. I mean we’re, we’re

Robert: all dealing with supply chain. Supply chain. Yeah, exactly. And then it was cars that caused the whole supply chain problem in the beginning because they pulled all their orders and they, they made a mistake. Oh shoot, we shouldn’t have canceled that.

Robert: Could we have all that, all that time back that we, we sold off on your, on your fabs and stuff? And they’re like, Oh yeah, sure. That’ll just cost you three times as much. Cause we shut ’em all down. So, Yeah. Yeah, I know it’s a big problem. Is there any

Chris: way you could talk us through sort of high level, like what that computer architecture looks like within a vehicle and, and like what tech within that vehicle is particularly

Robert: vulnerable?

Robert: Yeah, so I mean, let we, when we talk about electronics in vehicles, we, we are kind of. There’s a lot of external interfaces, usually rf, right? So we have, we have RF that’s cellular. We have rf. Bluetooth is becoming very popular as a key fob. Now, like, you know, Bluetooth, your phone is a key. So Bluetooth, we have regular key fob, like RF communications that have been around for a long time, Not just, not just key fob rf, but your tire pressure monitoring also uses RF as well.

Robert: It’s little much lower on that, the security challenge side, but it’s still, there’s some RF involved as well. So between all of those, you know, we think, we talk about, you know, like obviously if, if I walk up to a car and I can unlock it, that sucks for that car. But the manufacturer looks at it and says, Well, what’s, what’s the problem?

Robert: Right? Like, okay, so your stuff got sold out, but if somebody broke your window, the same thing would happen. So what are we really trying to secure here? What the manufacturers are really. Really interested is now they’re trying to connect all these systems to the internet, right? And now all of, they’re all connecting back to their backend, backend servers.

Robert: And they would be very disappointed if somebody were able to get access to their backend server and, you know, maybe update a patch, you know, send a patch out to these, to these vehicles to have them, you know, controllable revoking. Now. And when

Chris: you say it goes back to the internet, can you just talk a little bit about like what type of data’s getting sent back and, and is that data encrypted?

Chris: Like how is that data protected?

Robert: Short answer. It used to not be an interesting, one of the first ones that we looked at. I can’t say who it was obviously, but and obviously it’s still around, you know, these cars 10 years later, you know, I could have looked at it five years ago and it was brand new and it’s still on the road today.

Robert: Right. So that’s a big challenge about talking about certain things in vehicles. Yeah, we, we, we did an assessment on a vehicle and we. We noticed that the, the backend connection, the only security they really used was the fact that they didn’t connect to the normal to a, to your normal network.

Robert: So I don’t know if you’re familiar with cellular, but they have these thing cellular networks, but they call it this thing called APNs. Not really sure to be honest with you what that means off the top of my head. But it’s the network that it connects to. Right. Okay. And if you’re not on the same network, obviously you can’t traverse into their network, right?

Robert: So if you get an IP address, you know, attend IP address from Sprint cuz you use their APN or Verizon, use their APN, you can’t get to Sprint’s APN, right? You can’t get over to their network cause it’s a totally different network. Even though you, you might be using the exact same tower, the exact same exact everything is same is the same.

Robert: You can’t traverse over to their network cause it’s physically separate or, or virtually separate, at least network. And so this other manufacturer used a completely separate APN. A set that wasn’t, you know, Sprint or Verizon. It was like some other it happened to be a satellite phone system. Like, but they had ground based stations as, you know, like they could use like regular GSM traffic as well.

Robert: And it was using their APN. It was like, oh, okay, so that means I couldn’t send it to text message. I couldn’t, you know, which is actually how it, how you could send, you could actually unlock all the doors and do some really interesting things on it. So you weren’t able to do that, but you were able and or were, nor were you able to traverse over and talk directly to this, the system.

Robert: But that being said, if you were in one of the vehicles or you stole one of these sim cards out of one of the vehicles, which was, you know, a lot at the time, some of the vehicles still had sim cards. Now they used a lot of eims, so you can’t really pull the SIM cards out, but one of them see one, we could pull the SIM card out and then.

Robert: We could then use a hot, you know, get on the, have a cell phone, get on that network, and then hotspot that cell phone. Now all of a sudden we’re on that network. So that was their only security. Then we were able to talk to their controllers, right? Like we were able to ping them. Like to the extent we were able to log into them and get them to, to talk, to talk directly to them, we weren’t able to do that.

Robert: That looked like they just sent data up to their, to a particular server. So they weren’t actively, like, you weren’t able to like log in. There didn’t seem to be an SSH or anything like that, but I’m sure there was some way for them to signal and open up ports. But we didn’t, we didn’t have time to do that.

Robert: There was a way for these systems to essentially unencrypted talk to these backend servers and, you know, to the extent that it probably still exists today. You know, that why we don’t talk too much about it, but, you know, these are the things that was, were happening the very beginning of them connecting these systems to the network.

Robert: Since then, we’ve seen other manufacturers, you know, they’re putting, you know, certificates in the devices, verifying not only, you know, mutual authentication with a talk to the backend service. It’s, it’s, it’s mutually authenticated now. They’re even using hardware certificates, hardware based certificates, so that the, the, the certificate isn’t like just a file on a hard drive that you can pull off and change out lives inside of a hardware secure module.

Robert: So, which are very, very secure, you know is what you, that’s what you want them to do. If they’re doing that, then, then you’re doing a good job. But how do you know as a, as a consumer what everybody’s doing? And I, I think the short answer is, is like, kind of look again as a, as a car hacker, I can, I could have told you based off the security posture of one manufacturer before I even looked at him, like, this security posture of this manufacturer is much better than the security posture of this other manufacturer.

Robert: Like, one of the first things you might do is just like, Hey, tell this manufacturer I have a new security bug. Who do I report this to? And if they tell you, just call our customer service reps up and they’ll, they’ll handle it for you. Don’t go near that car. Right? If they say, Oh yeah, use this email address, this is our security team.

Robert: We’ll look into it. You can almost know right away, you know, you got yourself somebody, you know, a company that’s actually focused on security and maybe could handle it. You know, So, so that’s kind of a, you know, it’s not everybody can do that. A while ago, back when the GPAC happened, there was a, a proposition to like create a certification board that sort of certifies, you know, five star cybersecurity for this manufacturer.

Robert: But, you know, that just that kind of legislation never gets put, pushed through, so it never happens. So, Yeah.

Chris: Yeah. Very interesting man. So now you mentioned like the certs embedded within the device. You have the hardware certs now. So it, it sounds to me like it’s almost impossible to either, you know, sniff traffic or even if you’re physically connected, be able to capture traffic and be able to

Robert: read it.

Robert: That’s correct. Yep. That’s the idea is, is they make it so that any of that data that’s going up to their backend servers is, is hopefully uncapturable. And the biggest problem that we used to do, it’s, like I said, I could just pull the SIM card and be on the network. Right. You, you should be authenticated.

Robert: And so it should be a mutual authentication that my hardware isn’t, isn’t, I can’t, I couldn’t fake a car. Like that’s the other direction that we had fun with is like, Hey, can I, can I pretend to be the car that I just pulled the sim out of? Usually the answer is yes. Right. They might just go off of like the sim i e i or something like that, and.

Robert: Or some, some sort of like unique identifier that’s based off that sim and say, Oh yeah, sure, that’s, that car is totally allowed to do that. However, can I be like 10 other cars? Can I flood their backend system with so many alerts and so many notifications that it fails, right? Like if it, if I can, if I can make it so their backend system fails, that would be bad.

Robert: In fact, if you look at Tesla, they, I don’t know if they had this happen. They, they wouldn’t say that they did, but if, if their backend system stops working, people can’t unlock the doors or can’t use their, their phone as a key anymore. This happened when they had a system wide outage a few years ago for some short period of time, maybe a couple hours.

Robert: It was probably some internal, you know, it’s always, usually an intern probably hits the wrong button kind of thing. But for a few hours I could use my, my phone as a key. You open the door, try to open the door, try to start the car. It wouldn’t work. You had to use your physical. They give you a physical card as a backup just in case that system fails or for whatever reason, but like an AFC card.

Robert: But you know, if I was able to like, simulate a bunch of vehicles and, and, and, and go after their backend system, you know, that that’s probably the juiciest target that they should be, You know, you know, holding up is, you know, like putting the most security on. Unfortunately, there’s a lot of people working on that.

Robert: Mm-hmm. , you know, securing those systems. But those systems are definitely the ones that a lot of people are going after nowadays are, are the backend systems, the APIs, the, the, the systems where the, that the cars are connecting to and the, that the apps are connecting to? Those seem to be probably the most interesting for more, more car hackers, even though it’s not car hacking, right?

Robert: Like we could easily say, like, again, the Venn diagram of car hacking, where does it live? You know, backend systems are clearly not cars, Right? You can’t drive them around. But you could drive, you can open up other people, you know, you can open up cars, you can, they’re, they’re just, you know, cars are now IOT devices.

Robert: You can just connect to them over the internet. And, you know, heck, I can drive my car from my app on my phone. I can move it around right? Like that, that Tesla has a summons feature, and I can have it drive itself up to me. So you can drive cars with, with, if you could get ahold of that backend system, you could make everybody’s Tesla move backwards, you know, if you wanted to.

Robert: Yeah, I imagine that’s a, that’s a lot more complicated than I’m making it out to be. I’m, I’m hoping that it is, but I don’t know that it is. I don’t know. I haven’t, I haven’t had fun with that particular system, so I don’t know. Do cars still use OnStar? Yeah, absolutely. Yeah. OnStar is like mandatory 2009 and newer vehicles very much use OnStar.

Robert: In fact, I know somebody who’s, who’s, who’s worked on OnStar, you know, and part of the OnStar team like to build and developed the hardware that OnStar is, and that is, that is a massive team. Like there are, there are a lot of people, there are more people building OnStar than securing, you know, cars. Let me just say that right now.

Robert: And to the extent that they’re work, you know, like the cyber security posture of OnStar, I was always really impressed with it. You know, one of the first things that I used, I did when I, I owned a GM vehicle for a long time, which is OnStar, you know, all GM vehicles have Allstar. And one of the fun things that I used to like to do was like, reprogram the phone number that when you hit the button and on the OnStar is like reprogram the phone number that it dialed back to.

Robert: Right. And you could have it dial your friends and then you didn’t have to pay, you know, for OnStar it was the fun simple hack. Right? Cuz it’s just a, the phone number is just simply stored in what’s called a, did a data identifier. And you could just write those things in. Well, you couldn’t, I don’t, I don’t recall if you could write that one without a, you know, a security if there was any security to write or not.

Robert: But I don’t recall there being a lot of security, if any. So you could just rewrite the phone number that he dialed back to and just like hit when you hit the button and you get all three of ’em. Were just essentially like, they’re like speed dial buttons. It’s all they were right when you hit a button, when you hit the call button, when you hit the 9 0 9, you know, the emergency button.

Robert: It was just like a speed button to call 9 1 1 or a speed button to call emergency services or whatever. Okay. You could just like reprogram it like you have three different buttons that you could say, I wanna call my wife, I wanna call my kid, you know, whatever you wanted and just dial it instead. And it was a very simple hack, you know, ultimately.

Robert: So I don’t know if it still is, probably is. I can’t imagine it changed too much there, but yeah, so a lot of cars still use OnStar. One of the first really interesting hacks was related to OnStar. If you ever look up University of Washington, Carl Kosher did some papers related to Hacking OnStar.

Robert: This was back in, this was like 10 years ago, almost eight, 10 years ago. So probably longer actually probably 12 years ago now. So, yeah, but that was one of the older OnStar systems. I’m sure they’ve fixed a lot of that. I haven’t tested it, but do you know

Chris: if that was an OnStar to OnStar direct line of communication, bypassing the

Robert: manufacturer?

Robert: There are many companies involved in OnStar, right? OnStar to the company, and then there’re like a tier one supplier, and then they have tier two suppliers, which are their hardware. The company that makes their hardware, they have tier three suppliers at the, the hardware supplies that are making the software.

Robert: And they, those tier three suppliers probably have tier four suppliers that handle most of like the integration and cellular aspects and, and in, in hard other hardware integrations and things like that. So it gets really, really complicated Real quick from just one module, right? Just itself, you know, and there’s, and there’s hundreds and hundreds of people, you know, involved in just developing that one module, but that module’s gonna go in every GM vehicle around the world.

Robert: For years, for decades, that’s been in every vehicle. So they put a lot of time and effort into the functionality and making sure that it works. And they also have to work on putting a lot of effort in the cyber security as well. Yeah.

Chris: Getting back to, to the traffic, right. The traffic that is going from the vehicle to the manufacturer.

Chris: Yeah. And I, and I assume this could differ depending on who the manufacturer is, but what are they sending? Are they sending like GPS coordinates? Are they sending your speed? Are they sending, like the music you’re listening to? Like how granular

Robert: does that data get? That’s a great question. I mean, I can’t speak for everyone.

Robert: And really to the extent that I even know the answer to this question, you know, isn’t, I’ll tell you what they can send, they can send whatever they want. Right. Literally, whatever they want. That being said, I, I’ve done some work in this space as far as the privacy implications of this. If you read your terms of service, if, you know when you get one of these vehicles a OnStar went, one with OnStar, one with, you know, a Tesla, I have a Tesla.

Robert: If you read the terms of service, which I, of course I did because I’m one of those people wanna know like, are they gonna sue me for hacking it? Cuz I always read it like you have to, and sometimes the answer is yes, they’re gonna sue you fracking it so , you know, so don’t talk about those ones. But if you read the terms of service, they’ll tell you not necessarily exactly what data they’re collecting, but generally a good idea.

Robert: And I actually did a project with somebody to verify that they actually were doing what they said. And the good news is it seems like that’s the case, at least with the two or three that we tested. So cuz we were really interested. Obviously there’s a, there is obviously, you know, if they’re not doing what they’re supposed to be doing, they’re, if they’re taking more data, they’re, they’re collecting data when you, when you, when they’re not supposed to or when they.

Robert: You explicitly did not give them permission, you opted out of that and then they still are collecting data. That would be a big problem. Right? And you know, there’s a lot of there’s a lot of people who would be very angry with you, you know, if you did that. So, you know, and to the extent that you can test, it’s pretty simple, right?

Robert: Like if, if they’re collecting data or not. If the, if the, if the pipe is on or off, you can just test the power on the module to see if there’s power going to the, the, the radio, you know, front end. And if it’s shut off completely, you’re pretty sure that it’s not yeah, it’s not, it’s not working.

Robert: Or you can test the RF emissions from the radio, et cetera. There, there’s really no limit. Like those, those modules are on all of the networks so they can listen to any bit of data that’s being streamed over and just like passively, like, I wouldn’t even know, like as a car hacker, like they’re passively if those modules are passively listening and then just compile a report and then send that data up.

Robert: Well, they did, You know, I, I, I didn’t get to see it because it was all, they probably encrypted it, sent it to a server that I, I don’t own. Right. So I can’t even spy on that data. So yeah, it’s not, it’s not simple to, it’s not easy to see it, to the extent that I have the data that I have seen. It’s, it’s exactly what you think it is, right?

Robert: It’s like it’s drivability information. It’s, you know, it’s where the vehicle lives and to the extent that you can actually find it on an app, right? Like, like if you have an OnStar app, you can see where your car is, how fast it’s going, Right? So you know that they’re collecting that information, at least that data.

Robert: Yeah. Are they collecting more than that? Yeah, of course. Right? Like they’re, they’re really interested in not who you are and what you are doing necessarily unless you buy their, like OnStar offers insurance, right? There’s OnStar insurance. So you can insure your vehicle through their insurance.

Robert: Yeah. And they’re very, their insurance is very interested in how you drive because you know, they want to know if you’re a bad driver. Really, really, like compared to the rest of the drivers that they ensure and how much that that costs them. You’re in this bucket, right? Like, you, you drive this way. But, you know, they’re also really interested in these man manufacturers are really, really, really interested in that data because, and, and somebody else told, told me this actually from OnStar, like a person from OnStar said, said to me like, Listen, we had this one person who used to hit the gas pedal like this and then like this, they had two modes with the gas pedal, they down or up and like how do you write software to handle that, right?

Robert: Like there’s, there are people who drive crazy, so they’re really looking for these outliers that drive for the drivability. Now, to the extent that they could trace that back to the person who did the original, I’m sure they have the ability to do that. They would say that they anonymize that inform. But everybody knows that anonymous information can really be used against them.

Robert: So yeah, there, there’s, there’s a lot of challenges with that. But he was like, you know, we get these reports that let us know how bad, how, how bad a drivers are. Like, look at these outliers. We have to program cars that work for them because they’re on the road too, right? So it sounds really nefarious, like why would they need all this really highly detailed drive information?

Robert: But the answer is really simple. If they don’t have it, it could actually kill people, right? Because this person’s bad driving could ultimately lead to like the failure of the vehicle, maybe failure of brakes. Maybe they’re doing the same thing to the brakes as they are. So they need to be able to they need to be able to, to solve those problems and to the extent that they actually adhere to the privacy policy, at least since I’ve been testing them, they have succeeded in doing so.

Robert: So if they say they are not tracking you, I have not seen any evidence to suggest that they are they do turn those systems completely off and make it very challenging for them to turn back on. Yeah. But, but they certainly could track you if they wanted to. And, and I sort of complain about this and I did, I added Elon Musk on Twitter because like if you, I bought full self-driving for my car and I bought it, you know, three years ago and they’re still in beta.

Robert: Right. They’re super beta, full self driving and I can’t get access to it because I won’t sign the, like, what I would, what I would call a super draconian. Like they get to track you, they get to look at your cameras, they get to see everything about how you drive. I bought this system, I know it’s still in beta and I know it’s gonna be in perpetual beta for the rest of the rest of its, its existence.

Robert: Right. , at some point you gotta let me, you know, this person who bought it three years ago, get access to it and it’s still, still waiting. Because I wanna hacker, right? I wanna, you know, hackers have a mindset of like, hey, like how do we, like, we don’t wanna be tracked and, and, and know everything known about us.

Robert: So I turn off all of those. Cuz in your, in your Tesla, you could go in and turn off all of those things. No, you can’t see my driving. No, you can’t see my cameras. No, you can’t do any of this stuff. I don’t want that. But at the same time, you have to do it if you wanna have the full self driving. So how can I, as a independent researcher, you know, test that, test these features and I can’t, the sort answer, I, I can’t.

Robert: And so, I don’t know, you know, if full self driving’s really getting the attention that it deserves from, you know, car hackers, because I’m, cuz these, these two, the policy that they have is just so challenging for anybody in this space to really say yes to. Because, you know, like I, I drive my car into my garage.

Robert: My garage is full of, you know, cars that are, we can’t talk about, right? Like, we we’re not talking about this car or that car. So I can’t bring my video cameras into my co my garage and, and, and, and let people, let, let Tesla know, you know, in theory I’m giving them full permission to look at what’s inside of my garage and I don’t want that.

Robert: So it’s, it’s a big challenge kind of, it kind of, it, you know, if you really look at it, it’s at it from my perspective, it really makes it very challenging for us. Yeah. So

Chris: during Defcon in Vegas, I Uber everywhere. Yeah. And Uber and Lyft obviously are rolling out these self-driving vehicles as well.

Chris: Yes. Have you had a chance to really look into that? Do you have any concerns there, or do you feel like they’re gonna be more prone to attacks or

Robert: takeover? Yeah, I mean, yes. Short answer. Yeah. I, I do. You know, we’re talking about the tier one, tier two, you know, like. Imagine now if you’re Uber or Lyft, not only do you have to worry about all of the bugs that are from, from the manufacturer on down, but now you don’t even control any of that.

Robert: You have, you’re so far outside of the system. If you’re Lyft, you know, if you’re Uber, you don’t get access. Like if you asked gm, Hey, can I have access to all this information? They’d be like, Who? What? No. Why? We can’t give you that. Like you’re not, you’re not us. Like we’re trying to make, like GM owns crews, right?

Robert: So they’re trying to make their own taxi system, right? They’re direct competitors in a way. There’s, there’s potentially what’s interesting, there’s, there’s, I smell a lawsuit by the way, eventually coming, you know, like, cause how come GM can make their own self-driving taxis and have all access to, they obviously have all access to all this information and Uber and.

Robert: Well, we can have access to this information. We should definitely deserve it. And I, they have a very good case here. I assure you they do. And I’m sure there’s, there’ll be some sort of litigation that’ll solve that problem. But that being said, you know, should, we can be concerned, I mean, these cars are gonna share the road with us, whether, whether we get in them or not, we are gonna have to be concerned about them.

Robert: Did you see that hack that happened just a couple days ago? Uber Hack in Russia at Moscow? No. Really cool. All the taxis, somebody figured out a way to call hundreds of taxis to a single location that are all use the Uber network. So they called a bunch of Uber taxis to a single location. Now they just maybe compromised multiple accounts, right?

Robert: Just pa probably a password. They just like logged into 150 accounts and then had them all call a taxi to a single location. Imagine doing that same thing on Lyft and Uber. You know, it’s gonna happen, you know it’s gonna happen. And it’s not, it’s not even like a backend hack, right? It’s just all you have to do is hack a bunch of accounts by just logging into them, right?

Robert: Like, oh, just week passwords. Like, you know, that’s just like some password list. Somebody just did some password like, Oh, I look at, I compromised 600 accounts. I’m gonna make ’em all go to this location. And like, Yeah. And this

Chris: isn’t even like you’re talking about just the Uber network,

Robert: not even the, this just happened vehicle itself a couple days ago.

Robert: I mean, this was just, this just made two days ago. Now do that with self-driving vehicles, right? Have ’em all go, Oh, wait, wait, wait, wait. The president’s coming into town. Oh, I have a great idea. Let’s call a bunch of like Ubers and, and keep them, you know, like gridlock with greet. Like what are you gonna do?

Robert: Right. Uber bot it or the Uber bot. It’s exactly what its, So I’m just saying like, it’s not even Uber, like how does like a security research security engineer at Uber. How do they even, Right. Like, I mean, you gotta make sure everybody’s password is so, so secure it can’t be hacked. Nobody has a solution for that, right?

Robert: So you can imagine the challenges related to not only securing the car but securing the back end network are, are just extra, extra challenging now because now these are autonomous vehicles. There’s no logic, like humans are, are susceptible. This, these are all human drivers that got called to one location, didn’t realize, hey, this is probably fake.

Robert: Like, these cars are definitely not gonna realize this is fake at all, you know? Yeah. And, and they’re gonna go and maybe they’re backend systems and notification network will, now that this has happened, once they’ll, they’ll, they’ll be able to like, Hey, look at somebody’s like calling like 150 people. 200 people are calling for a, for a, a taxi in this one location that’s fake.

Robert: You know, we can, we can fix it. You know, they’ll, they’ll, they’ll survive this next attack that’s similar to that. But who knows? The one after that is, and that’s just, that’s just, that’s not even hacking the cars. Right. So, so yeah, we, you know, we’re a long ways away from even doing it, even with real cars to from tipping it.

Robert: So it’ll be interesting to see how that works.

Chris: You know, we think about these vehicle vulnerabilities, right? And the potential for an attacker to exploit them. But I’m curious, you know, what is the actual risk to drivers on the road that, you know, an attacker could just pull up next to you on the highway and pull off some type of an attack on your vehicle?

Chris: Like, how realistic is that to happen?

Robert: I, I personally am not super concerned about it. Probably because I don’t know something that other people might, but the challenge is, and this actually one of the, one of my favorite takeaways from the GPAC itself. One of the things that they said, I forgot who said it was Chris or Charlie, but they said, you know, it.

Robert: The, it was, it was harder to attack one vehicle than it was to attack all of them. Right? So like, to, to attack one vehicle means you have to figure out that, like, you could, like you, you’ve owned the entire backend infrastructure, you know everything about all of that. And you can like simply command them all to do one action, shut down, open up, you know?

Robert: But to figure out where one vehicle was on the map required extra effort. So in that situation, it’s not like insurmountable, like, but you have to know, like, how, how do you gonna differentiate this one vehicle? Like you, you got the back end system. How do you know what it’s, it’s unique identifier is from the backend perspective.

Robert: You know, it just says, Hey, it’s a silver jeep. Okay, I know this is a silver Jeep, but there’s 8,000 other silver Jeeps in this, in this state. Like, which one of it is, is it? You know? So, So to attack one particular vehicle sometimes is more challenging if you have access to the backend system than it is if you’re, if you can like, pivot onto their network remotely.

Robert: Manufacturers just aren’t engineering a method, So there’s just no like conduit in which you can just talk to a single vehicle while right next to it, right? Like there’s Bluetooth, you might be able to unlock the doors, but there’s no, there’s no Bluetooth that lets you turn the steering wheel, Like the steering wheel conduit to the, to the, to the world was via the internet.

Robert: So that means you have to, like, it doesn’t matter that you’re driving next to it, you’re, you’re, you’re 10,000 miles away from it. You can still, it’s just as close, right? So, so you’ve gotta know if you’re driving next to a vehicle, what’s the vehicle identification number of that vehicle while you’re driving 55 miles an hour down the road?

Robert: Yeah, it’s, it’s, it’s unrealistic. It’s super challenging. Not impossible. Maybe you could figure out like how to do a particular flash pattern of the taillights and, and you know, all the gray ones. I flash ’em like this for this period of time and, and when you, when it’s, its turn, you know, hey, I, I was flashing these five and now I know it was this one.

Robert: Sure. That’s one way to do it. There, there’s, there’s some creative methods that you could do, but you know who’s gonna make that extra effort? Somebody really wants you dead, you know, guns work, you know, , you know, I dunno, I dunno to what extent you, you expect people to go after you, but you know, you’re, if you’re that valuable, cool man, now just turn the vehicle off.

Robert: I don’t know. Just hit the, put it in neutral, you know what I mean? Like Yeah. Yeah. Still, you can still put the car in neutral. There’s still a mechanical linkage to put the car in neutral on most vehicles. Some vehicles there isn’t. But I mean, that would make a cool movie though. Yeah. Yeah. Well talk to Alyssa Knight.

Robert: She’s working on him. I dunno if you’re familiar with her, but I am. Yeah, you doing some pretty cool, like car, like Cing stuff. And she was our keynote last year, the car hacking village. So she’s been doing some car hacking for sure. So I’ve, her and I have been involved with some projects in the past, so she’s definitely the right person.

Robert: Cool man. To make that movie. Yeah. Just to ask, you know, like, or you should working on it, I don’t know. I would love to do it,

Chris: but not as a, like a movie, but more as a, as a documentary. Like, Oh yeah. Like a, like MythBusters, like, Yeah. Can you actually

Robert: do this? Can you do it? Yeah, yeah. Do this is, If I could do it, I certainly wouldn’t want to talk about it, like, for a couple of reasons.

Robert: One, I mean, I hate to say it like it’s, it’s tough because we could talk about it in, in like, here’s this manufacturer and here’s how bad they are. Don’t get them. Well, first of all, of course you’re gonna get sued. I mean, that’s just gonna happen. But secondly, they can’t fix it. Mm. That’s the problem with car hacking right now is they can’t fix it unless it’s a Tesla.

Robert: There’s no mechanism which they’re gonna ever distribute a patch for this. There’s no patch if they on cars. Right. That’s, that’s why I drive a Tesla. It really is. Cuz they can patch it and that’s until manufacturers can patch their cars and fix their updates. It’s really, really challenging. Or just, just make sure it doesn’t connect to the internet, please.

Robert: That’s it. You, if you minimum requirement, if you connect that to the internet, you must be able to update it over the air period. You could drive, you could drive a newer vehicle that doesn’t connect to the internet though. Or, or remove the internet from the vehicle. I mean, that’s okay. Return off the internet.

Robert: Like literally, like I said, we we’re test, we tested these things. If you say I don’t want this service on, they disable it in the vehicle and it doesn’t make a connect. Okay. So that could save you as well. I mean, I, I don’t really think a lot of these backend systems can do too much, especially on vehicles that don’t, you know, don’t have any drivability or, or anything like that.

Robert: Like, you don’t have to worry about it in that sense, you know? But it, they can get, if they can do it over the, if it’s connected to the internet, you don’t know what, what kind of what kind of hacker like features they could, like a hacker could add to make your car a little bit less drivable or more, more interesting for them.

Robert: So you gotta be careful there. So yeah, over their updates are huge for me. Well, you just justify

Chris: my Tesla

Robert: purchase. I’m telling you, like a lot, all of the new manufacturers electronic Rivian does over the year updates and, and you know, they didn’t do it for cybersecurity reasons. That wasn’t the reason why they did it.

Robert: They did it because they were releasing a product that was half done and they needed to fix it in the field. But man, it does save them a lot of time and effort like later, you know, I was just talking to somebody who, who bought Rivian the other day and he was like, you know, my car, the riv, the problem with the Rivian is the vehicle never, the electronic systems never shut off and go to sleep, right?

Robert: So that means the battery’s constantly being discharged. And I, and I was telling him like when my, I got my Tesla, that same thing, that that’s exactly how it worked. Now it doesn’t work like that anymore. They fixed that. So they just, they, you know, I, I think about it from a, i I do a lot of like forward engineering, not just reverse engineering stuff, but I do a lot of forward engineering and that’s one of the last things we add to systems is the is for them to go to sleep and use less battery.

Robert: So power management’s really one of the more challenging things to do. And it’s one of the last things you add because you really have to have a very stable system because the unstable system, it’s not a problem for it to go to sleep, but if you have an unstable system, it doesn’t wake up. And that is very, very bad for power management.

Robert: And so I was like, That’s what’s happening. You know, wait a few years, but yeah, it’s gonna be years. They’ll eventually go to sleep and you won’t have to worry about it anymore. But it’s gonna take it a while for sure. So, Gotcha.

Chris: So if someone’s listening to this and they’re interested in learning car hacking Yes.

Chris: Where can they go to learn about car hacking? Is that something that you offer?

Robert: Where would you point them? So I, I, I did a course with Advanced Security training that is a car hacking training. And we built a really, really cool online virtual car. So the number one problem I get with people who wanna get into this space is, Hey, I don’t wanna hack my own car.

Robert: Right. I don’t wanna break it. And I, you know, I laugh initially because I was like, Why would you break your car? Like, don’t do that. Just don’t do that. And one of the things I tell people is like, if you want either car hacking, you better be able to not just break your car because you’ll break it a lot.

Robert: You need to be able to fix it. So you have to have that adventurous fear of, of fixing it. And so, and like a lot of people, it’s their only car. And so like, you know, I spent, you know, a significant portion of my money on this thing. I don’t wanna hurt it. And I was like, Well, does your neighbor have a car?

Robert: Maybe they’ll let you borrow it, you know, But, you know, it’s always, they, that’s always a joke. I mean, obviously you can, there is a whole car rental market, but you know, you’re not allowed to hack those cars, so don’t do that. I would never recommend that totally against that. That being said that was the, that was the big challenge is like, Hey, we don’t, like, cars are expensive.

Robert: We can’t just hack them. So we built a online virtual car. We call it our cloud car. We released it during Defcon so it’s pretty brand new. Come to me, find me on the Twitter. If they don’t know me, I’m, I, I answered the car hacking village. Tweet tweets or direct that messages. So at Car Hack Village, or you can find me personally at Car Food, Car, car Fuck.

Robert: And on the Twitter c a r f u c a R. And just DM me and I’ll, I’ll send you a link and invite to the cloud car. It’s currently very much beta, so we’re just letting people test it and use it. But once it goes non beta, you know, we’re gonna have a small service, but I assure you it’s a lot cheaper than, you know, buying a car.

Robert: So if you’re interested in, in, in getting into this space, we have a training module and a virtual car for you to use so you don’t have to do it on your own yet. Eventually I expect you to, you know, graduate at least to your neighbor’s car .

Chris: Now this is through Car Hacking Village?

Robert: It’s through my own company Can bus hack. Okay. So that Canvas Hack owns the, owns the cloud car. And what’s the website? To, to canvas Hack cloud car. Cloud car dot can Bus hack dot.

Chris: And then tell me about Pivvot.

Robert: So the concept of that company, which we, we actually never really took off with, so I just put it back into Canvas hack cuz Canvas Hack was just like, Hey, we’re just gonna hack cars.

Robert: Pivot was like, Hey, we’re gonna provide services with the data that we hacked the cars with. And so that’s really what it was. So it’s just, it’s really just can bus hack now it’s all put back one into one company and you know, we just, we just wanted to have a way to provide services as well with the data.

Robert: So with CAN Bus hack now we have what we call Happy. It’s our API for companies who are looking to you know, decode the data that’s on vehicles. Like if you wanna know what vehicle, what data is on your vehicle and you wanna make a product based off of that information you can frame the data back to our servers and we’ll decode it for you essentially in Okay, Gotcha.

Chris: Yeah. All right, so I’m gonna downshift I just my bartenders over there. Yeah. Pointing at his watch. Okay. Fair. So, Robert, you’re, you’re located in the epicenter of the automotive industry?

Robert: Detroit, yeah. My office is in Pontiac defunct car company, . So, Really? Yeah. So, yeah, it’s funny. Well, Pontiac was owned by GM and then they canceled Pontiac, but Pontiac, the city still lives on, you know, so, Yeah.

Robert: Nice. You have an office in Pontiac? That’s correct. If

Chris: you hacked a car and programmed it to drive to your favorite bar in

Robert: Detroit. Oh yeah. What bar would that be? My favorite bar in Detroit? Well, I, like I said, I’m sort of outside of Detroit. My favorite bar. My favorite bar is my, my office . We have all the drinks you could possibly manage.

Robert: We have a full stocked bar. We’ve got. You know, a beer fridge. I have just a fridge, just in, Its all, all by itself. It’s just stock full of beer. We’ve got a full, like, like about 20 different liquors that we can make and a, and a mixed kit and everything. So nice. Like my favorite bar is our office. Like, as far as like driving to one, where could I have it drive me?

Robert: Okay. Let’s

Chris: say outside of Detroit, outside of where you are, big

Robert: bar, you travel, right? So let’s, have you been to

Chris: any unique bars, like

Robert: during any of your travels? Oh man, so many. I’m try, I’m so bad with names. I’d have to like open up my Google Maps and tell you like, my favorite bar. Let’s say. I’m trying to think.

Robert: Like Vegas, obviously we get out to Vegas a lot, so we’re really cool in the Luxor that black hat always puts their that always puts one of their it’s like between the Luxor and the Mandalay Bay, it’s like right in that like area, but, oh, it’s the prohibition bar. Yeah. Oh, you know what?

Robert: It’s a really, really good one. Yeah. Prohibition. My favorite B. Okay. You know what? Scratch that. Okay. The best buffer in the world that I travel to, and it’s perfect for hackers, is the anonymous bar in Prague, Check Republic. It’s called Anonymous Bar. It’s the coolest, first of all, you have to bring a black light, if you wanna read the me some parts of the menu.

Robert: Certain, certain drinks are only available if you have their black light and you can shine it on the menu because they’re hidden like in. And it’s like a hackers bar. It’s like four hackers by hackers called Anonymous. And it’s the anonymous bar. And I, the first time I met dualcore was hanging, we were hanging out.

Robert: Like he was in Prague. And I was in Prague. I noticed that. I was like, What are you doing? Like, we gotta go to this bar called, called Anonymous. And that’s where I first met him and until like, or in 80 from Dual Corey. And I was just like, Oh my God, this is, it was exactly it is a perfect place to meet somebody, Another hacker as well.

Robert: So yeah, the anonymous bar in Prague. If there’s one that I have to recommend on a, you know, on barcode, you know, that’s definitely what, so it’s,

Chris: it’s probably one of the better ones I’ve seen.

Robert: Yeah, they’re doing really cool drinks and like, making ’em at the table, like in front of the table. Like one of the drinks, they, I don’t know, they have two pots, like, like mix it with two pots, I don’t know, in front of you.

Robert: Like they’re shooting this like liquors and between two p I don’t know. It’s just like, what is going on? And they light it on fire and I don’t know, it’s really cool. And, you know, phenomenal place, really cool atmosphere. And I’m sure there’s a bunch of like, hidden things you can do. Like, it’s like a, almost like a spy museum, which I’ve been to a really cool spy museum.

Robert: Or not spy, Spy bar speakeasy. Yeah, I think it’s in DC right? There’s one in DC Was it in dc? What conference was that? That was I don’t even remember, man. I’ve been a lot really cool bars, but, Well, dude, this a

Chris: menu for anonymous. I mean, you got. There’s drinks called the St. Mary’s virus. Yep. You’ve got message.

Chris: Yep. Vs. Blood, I assume V for vendetta.

Robert: Yeah, V for vendetta. Obviously there’s a lot of that going on. The guy Fox mess or It’s really cool. It’s like legit, you gotta go. It’s like, it’s a, it’s a, I mean, first of all, Prague is phenomenal city. Beautiful, awesome city. And to just visit that bar, I just can’t, can’t not recommend that bar for sure if I’m talking about barcodes.

Robert: So, yeah, that’s the one. Cool man. Well,

Chris: listen, I just heard last call here. Do you have time for one more? Yeah, sure. Great. All right. If you decided to open a cyber security or car hacking bar Yeah. What would the name be and what would your signature

Robert: drink be called? Oh man, I’m not that creative. I guess you definitely should call it hackers anonymous.

Robert: You know, like we call Vive Anonymous, but I like the, the like, hey, you know, like we’re, we’re a group of people who used to be really hackers, but we gotta, we gotta get away from that and drink instead. And my favorite drink ah, geez. It’s, I’m a huge Manhattan fan, so maybe like the can had, Oh, that’s it.

Robert: Oh, that’s such a pun, such a bad pun.

Chris: Dude, I don’t think there’s anything better than that.

Robert: Yeah, that’s it. That’s it. That’s mine. I own it. I did make my own drink though. If you ever want the worst drink you could possibly ever have to, but to make it better, and I’m not joking on this, I hate Fireball, but I had a boss that he would only let me drink Fireball out when we were in Vegas.

Robert: So we’d have to start the day off with a fireball shot. And I hated it. So I accidentally grabbed orange juice, or not orange juice. Orange pop. Like an orange soda. Yeah. Like drank the orange soda at, like, chased it. I’m like, well that wasn’t so bad. I’m like, What happens if you mix them? And I mixed orange soda and fireball and it’s phenomenal.

Robert: It’s so good. It, ma you wanna drink it again and again. I call it, So my last name’s LEALE. So if you ever wanna make a LEALE, it’s, that’s it. Just, it’s 2 2 2 ingredients equal parts. It’s equal. It’s one ounce of fireball or one ounce of orange soda. Just fanta or Sunkist.

Robert: It doesn’t matter. It’s just something orangey super orangey and it just, what, for whatever reason, it gets rid of all the bad and just keeps the good of the fireball. It’s not much good left, but fortunately you got the orange soda to go with it. So it’s, it’s pretty fun. But dude, so it’s two

Chris: ingredients.

Chris: It’s not a lot of work and

Robert: and it’s like, it’s perfect me because I don’t know how to do any of this stuff. I couldn’t, Once you add three or four things to my brain, I, I lose the fourth thing. Right? I couldn’t do it. If you gimme he orange, soda and fireball, I can make that. Anything past that, my brain just couldn’t, couldn’t possibly store it.

Robert: So it doesn’t have the memory for it.

Chris: Dude, you might be onto something, man. Oh, that’s not bad. You are a true mixologist.

Robert: Yeah. I guess whether you know it or not, I hope not. Geez, I have some real mixologists. Don’t ever equate me with those people. They’re great. They’re phenomenal. But, Well, one thing I wanted to

Chris: tell you, man, whoever did the, the logo for Car Hacking Village, man, that logo was pretty sick.

Robert: Pretty cool. Yeah. We had so remember Kirsten helped us out with she worked for a company called Novetta at the time, and Novetta since been acquired, but one of her coworkers was really, really, really awesome. And made it like we, Nice. We saw, like he, that was the one, like he gave us, he was gonna give us a bunch of proofs.

Robert: I think that was the second of them. Like we had one like minor correction on something that was like technically wrong on it. Okay. But applies, it was just like knocked out on the park on the first one. We were like, okay. His name is Scully, by the way. Oh, nice. Okay. Yeah.

Chris: And, and that’s the, has a skull on it.

Chris: Yeah. All right, Robert, well thanks again for stopping by. I really appreciate the knowledge and, and sharing what you’re doing right now and sort of helping us all understand what car hacking is and what it consists of, where you can point people to, to, to learn it. And I know you mentioned your Twitter handle.

Chris: Is, is that where you would suggest, you know, our listeners reach out to you?

Robert: Yeah, Twitter is probably the easiest way. I, I constantly monitor my Twitter, so yeah, I’m probably on Twitter way too much, so it’s perfect place.

Chris: All right. Cool man. Well, thanks again. Take care. Be safe getting home.