The 5 Coolest Hacks of '07

ancientribe writes "Nothing was sacred to hackers in '07 — not cars, not truckers, and not even the stock exchange. Dark Reading reviews five hacks that went after everyday things we take for granted even more than our PC's — our car navigation system, a trucker's freight, WiFi connections, iPhone, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions."

obvious

[User 956 (568564)]

Page 5: 'Hacking capitalism'

I've heard of that before. [wikipedia.org]

Hack, schmack

[sm62704 (957197)]

I used to be a gay hacker. Then they changed the meanings of all the words, now I'm a happey equipment modifier. No, I'm heterosexual but they changed the meaning of "gay" from "happy and carefree" to "homosexual" and changed the meaning of "hacker" from "someone who writes quick-and-dirty but functional code, or modifies equipment" to "an electronic burglar".

I was incredibly disappointed with the article (RTFA? I must be new here), so much so that I made it no farther than page one of the short five page adfest. I thought it was going to be about hacking a wi-fi connection so that it doubled as a firewall or something. We nerds still use "hacker" in the old fashioned sense, just as we geezers still sing "deck the halls" without thinking about sodomy.

Ok, I know language evolves, but unlike the evolution of organisms the evolution of language is usually stupid. Like "gay", which now means "homosexual", half of whom attempt suicide. I never could understand what was so gay about suicide. Now the kids are twisting the word "gay" to mean clumsy, stupid, or dorky.

As to hacking, fine, now a hacker is a burglar. What do we nerds who write quick single-use code, or those of us who take a soldering iron to a transistor radio to turn it into something besides a radio, call ourselves now?

And could someone please point to an real NERD article somwhere that actually has the ten best hacks of 2007, instead of the ten best cracks of 2007?

I'm glad I can afford to be modded down because this really annoys me and I want to know what the rest of the slashdot audience thinks. I wish I'd seen this when it was fresh, nobody will likely seee this comment to mod it down anyway.

-mcgrew

Re:

[Sigma 7 (266129)]

A corporation is a large-scale version of a street vendor that has access to a larger quantity of inventory/services. It's as much of a hack as using a more powerful processor for a task, no matter how much Tim "The Tool Man" Taylor believes otherwise.

Bluetooth cracking didnt make the list?

[hcmtnbiker (925661)]

I'm surprised the bluetooth cracking didn't make this list. There's just something about being able to hijack bluetooth devices, or even say sniff out bluetooth keyboards for remote keylogging that just seems cool to me.

Re:Bluetooth cracking didnt make the list?

[by Anonymous Coward]

probably because this is the '07 list, not the '04 list.

Your bluetooth is being hijacked right now!

[DigitAl56K (805623)]

Dude, your keyboard is being sniffed! I just saw everything you typed posted on the internet!!

Re:

[el americano (799629)]

And yet they included the Wi-Fi hack that was simple over-the-air packet sniffing and cookie stealing, both of which are not new hacks. That was neither imaginative, nor crafty as promised. Pathetic list (on 6 pages, no less). Thank god it was only a top 5.

GPS

[by Anonymous Coward]

Car navigation systems have canged our lives for the better.

Driving has gone from a scary oddysey where I pray I don't miss some tiny sign to an easy journey that is boring at worst.

It's amazing how a little windshield mounted device can so change your life.

Re:

[GrEmLiN76X (1130251)]

Yeah.. about that..

Didn't someone follow their GPS into a river or something recently?

Oh, maybe I'm thinking of the trucker who followed his GPS into a low bridge on a two-lane parkway that's for non-commercial vehicles only. People need to not rely so much on technology. (Especially while operating a motor vehicle which could potentially kill someone or cause damage to things..)

Re:

[peektwice (726616)]

Not to mention the fact <citation needed> that most people drive their GPS enabled cars near their homes, and already know their way around. When they do venture out, it's usually to some place they've already been, and know well enough to navigate. GPSs foster insecurity and the inability to think analytically.
Go ahead, mod me down, Troll -1.

Re:GPS

[iocat (572367)]

My favorite GPS story was driving cross-country with a friend a few years ago. I was like "we should get Burger King." He was like "there's no Burger King around here. The closest place is a taco bell about 2.1 miles to our east." I was like "let's get Burger King" and he was like "I told you, there's no Burger King around here!" and I was like "Look up" so he did, and realized we were across the street from a Burger King. HAHAHA

GPS is better than a google map, becuase if you mess up there's some ability to recover, but it pales in comparison to actually being able to read a real map, or know your way around someplace. I love maps, and I like my GPS ok, but mostly because I like feeling superior when it's wrong.

Re:

[dave562 (969951)]

it pales in comparison to actually being able to read a real map, or know your way around someplace.

I agree. Being able to find your way around a place and actually find a place on your own seem to engage a completely different part of the brain than simply following directions on a GPS. The only way I can describe it would be it's like the difference between "solving" a math problem by knowing the answer and working the steps to get it, versus actually having confidence in your knowledge of the steps an

Re:

[rikkards (98006)]

I concur. I found that was happening when I used to wear digital (numbered) watches. After about 10 years of pure digital, I ended up getting a nicer dress watch which had hands, I realized it took me about 5 seconds to remember how to read time. Since then I have only had watches with hands on it. Even though I always have a cell phone which will tell me the time, I find I feel naked without a watch.

Re:

[Bill, Shooter of Bul (629286)]

I don't know I love real maps and Google maps. With Google I have to upload the information into my head. I never print it out, I just create a mental map of how to get there what the place looks like from the air etc. Really good maps are expensive. I have one and use it, but its really only good for learning how to get different places, as in what are the different routes I could take to get from point A to Point B. Google helps me figure out where A and B are to begin with. I have both, use both, and lov

Re:

[rmerry72 (934528)]

GPSs foster insecurity and the inability to think analytically.

Mate you nailed it. I was once asked for directions to the nearest fast food joint, which was a couple of hundred metres down the main road and then right at the lights before the freeway. Easy peasy, right? No, not at all, the conversation followed along the lines of

• "Hang on , what was that street? I've got GPS so it will tell me"
  "It's literally just left then right at the lights"
  "no, wait, my nav doesn't recognise the name. Can you spell

site slashdotted...

[Orthuberra (1145497)]

or was it hacked???

Re:site slashdotted...

[ozmanjusri (601766)]

or was it hacked???

It's IIS.

Re:

[Silver Gryphon (928672)]

So... hack-and-slashed?

Financial systems? Nothing new there

[mcsqueak (1043736)]

This isn't quite a real "hack", but more of a "social hack" if you will.

In 1967 Abbie Hoffman and a group of protesters thew fake money onto the floor of the NYSE (it wasn't blocked by glass back then). Trading on the floor *actually stopped* while traders scrambled around trying to collect the money. Kinda ironic that they'd stop to do that, considering how much more they were actually making doing their real trading. Wikipedia has a little bit on it: http://en.wikipedia.org/wiki/Abbie_Hoffman [wikipedia.org]. I don't really know much about Hoffman, but I found the story very amusing myself.

Re:Financial systems? Nothing new there

[Dun Malg (230075)]

This isn't quite a real "hack", but more of a "social hack" if you will.

In 1967 Abbie Hoffman and a group of protesters thew fake money onto the floor of the NYSE (it wasn't blocked by glass back then). Trading on the floor *actually stopped* while traders scrambled around trying to collect the money. Kinda ironic that they'd stop to do that, considering how much more they were actually making doing their real trading. Wikipedia has a little bit on it: http://en.wikipedia.org/wiki/Abbie_Hoffman [wikipedia.org]. I don't really know much about Hoffman, but I found the story very amusing myself.

Eh. I think AH was a really sharp and entertaining dude, but the irony everyone thinks they see there, isn't actually there. Hoffman was making a political statement, that stock trading was just a bunch of money grubbing. Really, those schulbs working the floor trading all those stocks were trading for other people. They weren't all millionaire stock holders. There's no irony behind a $8K/yr floor trader who lives in a fifth floor walk-up studio apartment grabbing at dollar bills in 1967. Five bucks in 1967 was a month of lunches at the hot dog cart outside.

Seems a bit cheap...

[Chris Pimlott (16212)]

Really, those schulbs working the floor trading all those stocks were trading for other people. They weren't all millionaire stock holders. There's no irony behind a $8K/yr floor trader who lives in a fifth floor walk-up studio apartment grabbing at dollar bills in 1967. Five bucks in 1967 was a month of lunches at the hot dog cart outside.

Do you have some sources for that? 8K/year? I get that as about $48K/year adjusted for inflation. Of course they're not the millionaire tycoons themselves, but surely the stockholders wouldn't want to trust deals worth hundreds of thousands of dollars and more to people who weren't highly skilled and thus paid commensurately.

Re:

[rfunches (800928)]

Specialists (the people who help match buyers and sellers in floor trading) can make seven figures [ibtimes.com] and the average salary of a securities industry worker in NYC is nearly $300k [64.233.169.104].

Re:

[locokamil (850008)]

It sounds terrifying: FIX hacking in financial systems. The problem is that it assumes that this information goes over the public internet. In almost 99 out of a 100 cases, this isn't the case. If a company can afford to directly deal with a stock exchange, it can most certainly afford a private line into the stock exchange, thus doing away with the hullabaloo over session hijacking and malicious interception.

Re:

[hughk (248126)]

I know more than a little about this. Traditionally exchange members have used leased data circuits between them and the exchange. This gives predictable performance, particularly around price delivery and execution time. However leased circuits remain expensive. These days an institution tends to be a member of multiple exchanges. They will continue to use circuits for the markets where they execute at high volume but for other markets they may typically use an Internet connection and FIX. The older exchan

Hacking what now..?

[ricebowl (999467)]

"Nothing was sacred to hackers in '07 -- not cars, not truckers..."

Somebody hacked a trucker? Holy hell...I hope never to see that one documented Hackaday [hackaday.com].

3. Eighteen-wheelers

[FudRucker (866063)]

when i drove an 18 wheeler i hauled a some very expensive loads, once i picked up a load of Macintosh computers from Apple's Sacramento's warehouse and hauled them to Omaha Nebraska, another time i picked up wine (the kind you can drink) in several locations in northern California and hauled them to Little Rock Arkansas, thats just two examples, the Macs were the most expensive, (i bet there were close to half a million dollars worth of freight in Macs) when Apple was loading those Macs they told me to only stop at well lighted truck stops & stay away from roadside rest areas and given me a designated route along with the bill of lading...

Re:3. Eighteen-wheelers

[MichaelSmith (789609)]

told me to only stop at well lighted truck stops & stay away from roadside rest areas

You would think that for half a million dollars they would pay someone to follow you and take care of the load.

given me a designated route

Ahh maybe they did.

Re:

[FudRucker (866063)]

RE:["You would think that for half a million dollars they would pay someone to follow you and take care of the load."]

i would not doubt it, at the time i was not looking for anyone following, with that kind of value in merchandise i could understand if they did, people have been killed for far less...

Re:

[lufo (949075)]

When my flatmate bought his new iMac, they told him they really didn't know the date the truck would be ready for delivery, because Apple didn't tell even them (the store staff) the exact date the truck was arriving.

Re:3. Eighteen-wheelers

[gyrogeerloose (849181)]

Former long-haul Big Truck driver here, too (I still drive one locally on occasion), and I often carried high-value loads. One time I hauled a load of cell phones from Texas to California and Motorola paid to have a pair of former FBI agents in a black Lincoln Towncar tail me the entire way. I was driving as part of a team then so there were no stops except for fuel. I was put off by the idea it at first--what, you don't trust me?--but after a while, it made me feel safe. That long stretch of two-lane between Ft. Worth and Amarillo seems pretty remote at 0200...

Re:

[Bender0x7D1 (536254)]

$500k seems a little low for an entire load of Apple products.

Even at a single level deep, (no stacking), you could get about 300 iMacs on a trailer. Call it 15 wide and about 20 deep. If it was laptops, this would be higher - call it 20 wide and 25 deep, for 500 total. Call it a mix of both and we get about 400 units. If we call it an average of $1k each, this is already $400k. Since the lowest retail on these products is about $1k, I figure calling the average value $1k is close enough.

Now, if we s

Re:3. Eighteen-wheelers

[The One and Only (691315)]

Sure, but think about risk management. It may not be the smartest option to have a 1 million dollar truck driving around when you could have 2 500,000 dollar trucks taking different routes in case one gets ambushed by the mafia.

Number one is FUD

[mi (197448)]

RDS-TMC provides broadcasts on traffic conditions, accidents, and detours for the driver. It's main weakness: It doesn't authenticate where the traffic comes from, the researchers say. That leaves the door wide open for a bad guy to reroute drivers to a detour, or to overwhelm it with a DDOS, killing the navigation system as well as its climate-control system and stereo. [...] There's not much you can do until it's too late and your AC and stereo are out, and you're sitting on a hot and dusty, deserted road nowhere near Starbucks.

Uhm, bullshit. The worst this attack can do is to either

1. shut the electronics down completely — in which case you'll know, something is wrong long before the last Starbucks is out of sight
2. fool your GPS into believing, there is some sort of interference (accident, jam) ahead, which will simply cause the device to pick an alternate (and sub-optimal) route. You will not be lost, you'll just arrive later.

In neither case does Kelly's mother need to be concerned with "how a hacker could redirect her brand-new car navigation system to a deserted dead end street far from her intended destination." For that one needs to be able to pretend to be a group of satellites. This possibility the article does not cover — either due to the (mentioned) lack of imagination (on behalf of the author itself), or because it is not really possible (because Pentagon's designers of the system thought about it first, maybe).

Re:

[mangu (126918)]

shut the electronics down completely in which case you'll know, something is wrong long before the last Starbucks is out of sight

Better have a diesel engine in this case. Nothing electric to be hacked.

Re:Number one is FUD

[gyrogeerloose (849181)]

Better have a diesel engine in this case. Nothing electric to be hacked.

Actually, modern diesels are as computer-driven as gasoline engines. Maybe even more so in the case of large trucks--on every 18-wheeler I've driven in the past ten years, there was no physical linkage between the accelerator pedal ("the hammer," in trucker's lingo) and the engine. Instead, there was a digital position sensor and a multi-conductor cable that fed data to the ECU. All the gauges on the instrument panel were computer-controlled as well.

Re:

[Like2Byte (542992)]

I wrote diagnostic software for SNAP-ON a while back. I was completely amazed on how high-tech the trucks are these days. It seemed every physical switch had some sort of digital representation through the CAN bus.

Fuel flow rate, engine temp, etc,...

Learn More (YMMV): (PDF Warning for bottom one)
http://www.specifications.nl/can/protocol/can_UK_protocol.php [specifications.nl]
http://www.freescale.com/files/microcontrollers/doc/data_sheet/BCANPSV2.pdf [freescale.com]

Re:

[bhtooefr (649901)]

A 1980's diesel. Modern diesels have just as much electronics as modern gasoline engines.

Re:

[Dun Malg (230075)]

Better have a diesel engine in this case. Nothing electric to be hacked.

Are you just repeating something someone once told you, or was the last diesel engine you looked at 20 years old? You ever seen the control system for a Volkswagen TDi Diesel? It's non trivial, and very electronic. Modern automotive diesel engines are a lot more complicated than they used to be.

Re:

[Barny (103770)]

More to the point, cause them to detour over and over till they are on a remote, unpopulated road, then hit them with the DoS, once their GPS is dead, they are miles from any recognizable road with no GPS to get them home.

Bonus points for making a cheap cell phone dampener, putting some magnets on it, and tossing it onto the side of their car.

Prediction for 2008 hacks...

[YU5333021 (1093141)]

No.1 hack for 2008 will be the new electronic passports as discussed in the previous Slashdot discussion.

No.2 will be the the voting machines, but that only gets a second place because it's a dupe from 4 years ago.

No.3 will be the poor truckers again. We should really revert back from robotic drivers.

and No.4 will be slashdot's grammar and spelling checking engine, although this will be done in a fairly low-tech manner. The ten submission monkeys will be poisoned and their typewriters tinkered with...

The iPhone hack was a little funny IMO...

[DigitAl56K (805623)]

I personally have to smirk at the Apple brigade who on one hand spent the year touting everything Apple as more secure, and on the other hand rushed to jailbreak their iPhones by simply viewing a web page embedding a malformed image.

My next project

[by Anonymous Coward]

"... built tools for hacking satellite-based navigation systems that use Radio Data System-Traffic Message Channel (RDS-TMC) to receive traffic broadcasts and emergency messages ... The researchers tested their hardware and software tools with a one- to five-kilometer radius of the targeted vehicles, but they say an attacker could target a specific vehicle by adding a directional antenna, for instance ..."

I think I'm going to invest some effort in this, and build a system that allows me to send messages to the NAV display of other vehicles to say things like:

"Pull the fuck out of the fast lane jackass."

or

"Turn your goddamned high beams off you stupid sack of shit."

Radar detectors have had "safety alerts" for years

[vinn01 (178295)]

RDS-TMC, which provides broadcasts (traffic conditions, accidents, etc.) is nothing new. Radar detectors have had "safety alerts" (emergency vehicles, road hazards, and trains) for years. It's the same technololgy. The difference is that the goverment organizations didn't support the feature in radar detectors (used by law breakers) but then supported the feature in navigational systems (used by honest folks).

There was never any authentication of the "safety alerts". I suppose anyone could play some tri

I thought this was a cool hack

[by Anonymous Coward]

Spotted in Sydney and posted to youtube:

http://www.youtube.com/watch?v=ECoA8pi9Rmk [youtube.com]

A road-side advisory sign.

About the eighteen-wheeler one...

[Viceroy Potatohead (954845)]

I don't know if the EPCs would be encrypted, but I seriously doubt it. Anyone know? Because if they're not, I'd hardly consider that a hack. They were broadcasting their information unencrypted. Reading it is no more of a hack, in that situation, than turning on your radio. DIY, homebrew, sure. But not a hack. If the EPCs were encrypted, that's different, but it probably wouldn't make any sense to do so. Making your electronic barcodes secret strikes me as kind of silly.

On a side note, I have compiled a list of the most uncool hacks since 2003. Here is my list:

1. Nickelback.

Re:Yippie, another slashdigg toplist!

[log1385 (1199377)]

Now all we need is a "Top Ten 'Top Ten Lists' of 2007!"

Re:

[Jarjarthejedi (996957)]

Actually I've seen a few of those already. What we really need is a Top Ten 'Top Ten' "Top Ten lists".

Re:Already slashdotted

[paulmac84 (682014)]

Coral Cache:

http://www.darkreading.com.nyud.net/document.asp?doc_id=142127&WT.svl=news1_2 [nyud.net]

Re:

[rts008 (812749)]

Had no trouble reaching the 'print' version here:http://www.darkreading.com/document.asp?doc_id=142127&print=true [darkreading.com]

all pages on one page. coralized print version

[Virgil Tibbs (999791)]

Print version on coral cache. theres no pictures anyway. everything on one page. no ads

http://www.darkreading.com.nyud.net/document.asp?doc_id=142127&print=true [nyud.net]

one up.