Skip to main content

Mmansoor

Mmansoor's Public Library

  • <header ng-controller="ArticleHeaderController" src="article_header_template" class="article-header ng-scope" ng-include=""><div class="header-meta-wrapper ng-scope"><small class="article-meta"><time itemprop="datePublished" class="ng-binding" content="2016-08-06T15:50:00-04:00">Aug 6, 2016 @ 03:50 PM</time> <span ng-show="show_page_views" ng-controller="ArticlePageViewController" class="view-count ng-scope"><strong class="ng-binding">444</strong> <span class="sub-line">views</span></span> &lt;!-- ngIf: ::article.article.editorsPick -->&lt;!-- ngIf: edit_link -->&lt;!-- ngIf: circ_link --><a rel="nofollow" target="_self" ng-if="circ_link" ng-href="http://bit.ly/29fF72b" class="circ-link ng-binding ng-scope" data-track="circ-link" href="http://bit.ly/29fF72b">The Little Black Book of Billionaire Secrets</a>&lt;!-- end ngIf: circ_link --></small>&lt;!-- logo ad -->&lt;!-- ngIf: !is_mobile && article.type === 'article' --><div ng-if="!is_mobile &amp;&amp; article.type === 'article'" class="spon-logo-ad ng-scope ng-isolate-scope" dynamic-ad-unit="spon-logo" id="spon-logo-ad-article-0"></div>&lt;!-- end ngIf: !is_mobile && article.type === 'article' --><h1 itemprop="headline" class="article-headline ng-binding">This Guy Let Me Control His Hacked Wheelchair With An Xbox Gamepad</h1>&lt;!-- Featured Image : .article-featured-image -->&lt;!-- ngIf: article.article.images.featured && article.article.page === 0 --></div></header><div class="stream-body-container clearfix"><div ad-rail="" ng-class="article.article.templateType === 'takeover' ? 'hidden' : ''" class="fbs-ad-rail clearfix" id="fbs-ad-rail-article-0">&lt;!-- ngRepeat: ad_unit in ad_units -->&lt;!-- ngIf: !is_mobile && article.article.templateType !== 'takeover' && article.type === 'article' --><div ng-if="!is_mobile &amp;&amp; article.article.templateType !== 'takeover' &amp;&amp; article.type === 'article'" class="ng-scope" ng-repeat-start="ad_unit in ad_units">&lt;!-- ngIf: ad_unit.slot === 'rec' --><div ng-if="ad_unit.slot === 'rec'" class="rec-ad-sticky rec-ad-sticky-article ng-scope ng-isolate-scope" style="height: 0px;" sticky-ad-unit="rec_ad_sticky_options">&lt;!-- ngIf: init_ads --><div ng-if="init_ads" class="rec-ad rec-ad-article ng-scope ng-isolate-scope absolute" dynamic-ad-unit="rec" style="margin-top: 1080px;" id="rec-ad-article-0"></div>&lt;!-- end ngIf: init_ads --></div>&lt;!-- end ngIf: ad_unit.slot === 'rec' -->&lt;!-- ngIf: ad_unit.slot === 'loge' && init_ads -->&lt;!-- ngIf: ad_unit.slot === 'recx' && init_ads --></div>&lt;!-- end ngIf: !is_mobile && article.article.templateType !== 'takeover' && article.type === 'article' -->&lt;!-- ngIf: $first && $last -->&lt;!-- end ngRepeat: ad_unit in ad_units -->&lt;!-- ngIf: !is_mobile && article.article.templateType !== 'takeover' && article.type === 'article' --><div ng-if="!is_mobile &amp;&amp; article.article.templateType !== 'takeover' &amp;&amp; article.type === 'article'" class="ng-scope" ng-repeat-start="ad_unit in ad_units">&lt;!-- ngIf: ad_unit.slot === 'rec' -->&lt;!-- ngIf: ad_unit.slot === 'loge' && init_ads --><div ng-if="ad_unit.slot === 'loge' &amp;&amp; init_ads" class="loge-ad loge-ad-article ng-scope ng-isolate-scope" dynamic-ad-unit="loge" id="loge-ad-article-0"></div>&lt;!-- end ngIf: ad_unit.slot === 'loge' && init_ads -->&lt;!-- ngIf: ad_unit.slot === 'recx' && init_ads --></div>&lt;!-- end ngIf: !is_mobile && article.article.templateType !== 'takeover' && article.type === 'article' -->&lt;!-- ngIf: $first && $last -->&lt;!-- end ngRepeat: ad_unit in ad_units --></div><div ng-class="::(article.article.templateType === 'takeover' ? 'no-rail' : '')" class="article-rail">&lt;!-- Article Body --><div article-body="" data-article="0"><div class="article-article-body"><div class="article-top-sharing article-sharing ng-isolate-scope" article-sharing="" data-track="body-top"><ul ng-click="toggleExpanded()" class="social-expand-control "><li class="share-expanded icon icon-share" ng-attr-data-track="{{track}}-expand-button" data-track="body-top-expand-button"></li><li class="icon icon-facebook" ng-attr-data-track="sidebar-expand-button"></li><li class="icon icon-twitter" ng-attr-data-track="sidebar-expand-button"></li><li class="icon icon-email" ng-attr-data-track="sidebar-expand-button"></li><li class="icon icon-linkedin" ng-attr-data-track="sidebar-expand-button"></li><li class="share-text" ng-attr-data-track="sidebar-expand-button">share<i class="icon icon-chevron-right"></i></li></ul><ul class="article-fbs-sharing "><li class="email"><a rel="nofollow" ng-href="mailto:?subject=This%20Guy%20Let%20Me%20Control%20His%20Hacked%20Wheelchair%20With%20An%20Xbox%20Gamepad%20-%20Forbes&amp;body=Hi%2C%0A%0AI%20thought%20you'd%20like%20this%3A%0Ahttp%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2016%2F08%2F06%2Fhacking-wheelchairs-xbox-def-con-zero-security%2F%2319f1d77d18d0%0A%0AThis%20Guy%20Let%20Me%20Control%20His%20Hacked%20Wheelchair%20With%20An%20Xbox%20Gamepad%20-%20Forbes" class="button" ng-attr-data-track="{{track}}-email" data-track="body-top-email" href="mailto:?subject=This%20Guy%20Let%20Me%20Control%20His%20Hacked%20Wheelchair%20With%20An%20Xbox%20Gamepad%20-%20Forbes&amp;body=Hi%2C%0A%0AI%20thought%20you'd%20like%20this%3A%0Ahttp%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2016%2F08%2F06%2Fhacking-wheelchairs-xbox-def-con-zero-security%2F%2319f1d77d18d0%0A%0AThis%20Guy%20Let%20Me%20Control%20His%20Hacked%20Wheelchair%20With%20An%20Xbox%20Gamepad%20-%20Forbes"><i class="icon icon-email" ng-attr-data-track="{{track}}-email" data-track="body-top-email"></i></a></li><li class="facebook expandable"><button ng-click="postFacebook()" class="button" ng-attr-data-track="{{track}}-facebook" data-track="body-top-facebook"><i class="icon icon-facebook" ng-attr-data-track="{{track}}-facebook" data-track="body-top-facebook"></i></button><span class="expand-this share-counts">Share</span></li><li class="twitter expandable"><button ng-click="postTwitter()" class="button" ng-attr-data-track="{{track}}-twitter" data-track="body-top-twitter"><i class="icon icon-twitter" ng-attr-data-track="{{track}}-twitter" data-track="body-top-twitter"></i></button><span class="expand-this share-counts">Tweet</span></li><li class="linkedin expandable"><button ng-click="postLinkedin()" class="button" ng-attr-data-track="{{track}}-linkedin" data-track="body-top-linkedin"><i class="icon icon-linkedin" ng-attr-data-track="{{track}}-linkedin" data-track="body-top-linkedin"></i></button><span class="expand-this share-counts">Share</span></li><li class="chat"><a rel="nofollow" ng-href="sms:?body=This Guy Let Me Control His Hacked Wheelchair With An Xbox Gamepad http://www.forbes.com/sites/thomasbrewster/2016/08/06/hacking-wheelchairs-xbox-def-con-zero-security/#19f1d77d18d0#19f1d77d18d0" class="button" ng-attr-data-track="{{track}}-chat" data-track="body-top-chat" href="sms:?body=This Guy Let Me Control His Hacked Wheelchair With An Xbox Gamepad http://www.forbes.com/sites/thomasbrewster/2016/08/06/hacking-wheelchairs-xbox-def-con-zero-security/#19f1d77d18d0#19f1d77d18d0"><i class="icon icon-chat" ng-attr-data-track="{{track}}-chat" data-track="body-top-chat"></i></a></li><li class="google expandable"><button ng-click="postGoogle()" class="button" ng-attr-data-track="{{track}}-google" data-track="body-top-google"><i class="icon icon-google" ng-attr-data-track="{{track}}-google" data-track="body-top-google"></i></button><span class="expand-this share-counts">Share on g+</span></li><li class="permalink expandable"><button class="button" ng-attr-data-track="{{track}}-permalink" data-track="body-top-permalink"><i class="icon icon-link" ng-attr-data-track="{{track}}-permalink" data-track="body-top-permalink"></i></button><span class="expand-this"><input name="share" type="text" value="http://www.forbes.com/sites/thomasbrewster/2016/08/06/hacking-wheelchairs-xbox-def-con-zero-security/#19f1d77d18d0" class="input-permalink" ng-attr-data-track="{{track}}-permalink" data-track="body-top-permalink"></span></li></ul></div>&lt;!-- logo ad -->&lt;!-- ngIf: is_mobile && article.type === 'article' --><div ng-class="{'article-gallery': article.article.templateType === 'gallery', 'has-tweetquotes': article.article.tweetQuotes }" class="article-body-content clearfix">&lt;!-- Contrib block --><div class="article-contrib-container" data-track="article-contrib-container">&lt;!-- ngIf: article.type === 'article' --><div ng-if="article.type === 'article'" class="article-contrib-block " contrib-block=""><div class="contrib-preview"><section class="contrib-author-container"><div class="contrib-image"><a rel="nofollow" target="_self" ng-href="http://www.forbes.com/sites/thomasbrewster/" href="http://www.forbes.com/sites/thomasbrewster/"><img src="http://blogs-images.forbes.com/files/2015/01/Thomas-Fox-Brewster_avatar_1421266835-400x400.jpg" data-pin-nopin="true" alt="" ng-src="http://blogs-images.forbes.com/files/2015/01/Thomas-Fox-Brewster_avatar_1421266835-400x400.jpg"></a>&lt;!-- ngIf: contrib_block.display_author.badges.length > 0 --></div>&lt;!-- ngIf: contrib_block.display_advoice_brand -->&lt;!-- ngIf: !contrib_block.display_advoice_brand --><div ng-if="!contrib_block.display_advoice_brand" ng-class="{'women-forbes-contrib': contrib_block.display_author.authorType === 'women', 'no-disclaimer-offset': contrib_block.display_author.type === 'Forbes Staff' || contrib_block.display_author.type === 'AdVoice'}" class="contrib-byline ng-scope no-disclaimer-offset"><p ng-class="{group: contrib_block.group_blog}" class="contrib-byline-author"><a rel="nofollow" target="_self" ng-href="http://www.forbes.com/sites/thomasbrewster/" class="link ng-binding" href="http://www.forbes.com/sites/thomasbrewster/">Thomas Fox-Brewster&lt;!-- ngIf: contrib_block.display_author.authorType === 'ad' --></a> &lt;!-- ngIf: !contrib_block.group_blog --><span ng-if="!contrib_block.group_blog" class="author-comma ng-scope">, &nbsp;</span>&lt;!-- end ngIf: !contrib_block.group_blog --></p>&lt;!-- ngIf: contrib_block.display_author.authorType === 'individual' --><p ng-if="contrib_block.display_author.authorType === 'individual'" class="contrib-byline-title ng-scope" ng-switch="contrib_block.display_author.type">&lt;!-- ngSwitchWhen: Forbes Staff --><span class="ng-binding ng-scope" ng-switch-when="Forbes Staff">Forbes Staff <i class="icon icon-staff-verified"></i></span>&lt;!-- end ngSwitchWhen: --> &lt;!-- ngSwitchWhen: Under 30 --> &lt;!-- ngSwitchDefault: --></p>&lt;!-- end ngIf: contrib_block.display_author.authorType === 'individual' -->&lt;!-- ngIf: ::(contrib_block.display_author.authorType === 'women') --></div>&lt;!-- end ngIf: !contrib_block.display_advoice_brand --><p class="contrib-tagline">&lt;!-- ngIf: !contrib_block.group_blog --><span ng-if="!contrib_block.group_blog" class="ng-binding ng-scope" ng-bind-html="contrib_block.display_author.shortBio">I cover crime, privacy and security in digital and physical forms.</span>&lt;!-- end ngIf: !contrib_block.group_blog --> &lt;!-- ngIf: contrib_block.group_blog --> <span ng-click="toggleContrib();" class="entity-bio-trigger"><span class="label"></span> <span class="entity-toggle "><span class="icon icon-chevron-down"></span></span></span></p>&lt;!-- ngIf: contrib_block.writtenByForbesStaff !== true && contrib_block.authors[0].authorType !== 'ad' --></section><div class="entity-dive bio "><div class="masked-content"><section class="entity-follow-links"><div author="contrib_block.display_author" class="author-follow-links ng-isolate-scope" author-follow-links=""><ul>&lt;!-- ngIf: author.facebookName -->&lt;!-- ngIf: author.facebookPage -->&lt;!-- ngIf: author.twitterName --><li ng-if="author.twitterName" class="ng-scope"><a rel="nofollow" target="_blank" ng-href="https://twitter.com/iblametom" data-track="contributor-twitter-link-click" href="https://twitter.com/iblametom"><i class="icon icon-twitter"></i> <span class="label">Twitter</span></a></li>&lt;!-- end ngIf: author.twitterName -->&lt;!-- ngIf: author.linkedIn -->&lt;!-- ngIf: author.instagramHandle --><li><a rel="nofollow" target="_blank" ng-href="/sites/thomasbrewster/feed/" data-track="contributor-rss-link-click" href="/sites/thomasbrewster/feed/"><i class="icon icon-rss-feed"></i> <span class="label">RSS</span></a></li>&lt;!-- ngIf: author.webSite --><li ng-if="author.webSite" class="ng-scope"><a rel="nofollow" target="_blank" ng-href="http://tombjournalist.com" data-track="contributor-website-link-click" href="http://tombjournalist.com"><i class="icon icon-home"></i> <span class="label">Website</span></a></li>&lt;!-- end ngIf: author.webSite -->&lt;!-- ngIf: author.googlePlus -->&lt;!-- ngIf: author.amazon -->&lt;!-- ngIf: author.email && author.enableContribContact --><li ng-if="author.email &amp;&amp; author.enableContribContact" class="email ng-scope"><a rel="nofollow" target="_self" ng-click="initialized?displayForm($event):hideForm()" ng-class="unireg_class" class="ajaxify unireg_login" data-track="contributor-email-link-click"><i class="icon icon-email"></i> <span class="label">Email</span></a></li>&lt;!-- end ngIf: author.email && author.enableContribContact --></ul></div></section><nav class="toggles"><ul><li ng-click="toggleContribTab('bio')" class="bio" data-track="contrib-toggle-bio">Full Bio</li><li ng-click="toggleContribTab('recent')" class="recent-posts" data-track="contrib-toggle-recent">Recent Posts</li><li ng-click="toggleContribTab('popular')" class="popular-posts" data-track="contrib-toggle-popular">Popular Posts</li></ul></nav><div class="full-bio"><p class="ng-binding" ng-bind-html="contrib_block.display_author.description">I cover security and privacy for Forbes. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals. I like to hear from hackers who are breaking things for either fun or profit and researchers who've uncovered nasty things on the web. You can email me at TFox-Brewster@forbes.com, or tbthomasbrewster@gmail.com. If you are worried about prying eyes, here's my PGP fingerprint for the Gmail address: 19A0 3F37 B3B7 4C1E C1D1 9AA4 5E37 654C 1660 B817</p>&lt;!-- ngIf: contrib_block.writtenByForbesStaff !== true && contrib_block.authors[0].authorType !== 'ad' --></div><div class="entity-recent-posts post-list ng-binding" ng-bind-html="recent">Loading...</div><div class="entity-popular-posts post-list ng-binding" ng-bind-html="popular">Loading...</div></div>&lt;!-- .masked_content --></div></div></div>&lt;!-- end ngIf: article.type === 'article' --></div>&lt;!-- Article Guest Contributor Top -->&lt;!-- ngIf: article.article.guestContributor && article.article.guestContributor.position === 'top' --><div article-contrib-byline="" class="contrib-group">&lt;!-- ngIf: article.article.group_blog && article.article.authors[0].bylineFormat !== 0 --></div>&lt;!-- ngIf: article.article.magazine -->&lt;!-- Article Text : .article-text --><div itemprop="articleBody" class="article-text clearfix"><div class="article-injected-body ng-scope"><p><img data-width="1200" data-height="796" src="http://blogs-images.forbes.com/thomasbrewster/files/2016/08/DEF-CON-Stephen-Chavez-hacking-a-wheelchair-1200x796.jpg" class=" size-large wp-image-5389" alt="DEF CON Stephen Chavez hacking a wheelchair"></p><br/><p>We were all ready for a sedate confab when, with no hand on the control joystick, Stephen Chavez, sat in his electric wheelchair, started careening across a dimly-lit hallway at the <a rel="nofollow" target="_blank" href="https://www.defcon.org/">DEF CON</a> conference in Las Vegas. He span, then zoomed forward at an alarming speed. Some of the young hacker contingent idling their way to the next talk put their backs to the wall. Others were on the verge of calling for help, your reporter included. Chavez looked like he was having fun.</p><br/><p>After another panicked ten seconds, during which the $8,000 power chair would twitch into action and then stop, we noticed a man hiding in a corner, his face lit by a laptop and, if you looked at him at the right angle, his thumb was fiddling with an Xbox 360 controller concealed behind his back. Chavez had just played a trick on us. The man, his co-troublemaker who goes by the name Specter, was secretly hacking the chair with Chavez’s permission. Chavez simply laughed. He would later tell me: “I’m glad I made you s**t your pants.”</p><br/><p>I convinced Specter to let me play with the thing. We went backstage to a less cluttered area as Specter was anxious about me controlling the device using the attack code; he feared that if something went wrong and we hurt either Chavez or an unfortunate passerby, there would be some awkward liability issues. Ignoring the temptation to cause chaos, I submitted.</p><br/><div class="inread ng-isolate-scope" article-ad-inbody="inread" id="article-0-inread">&lt;!-- ngIf: initialized && active --></div><br/><p>But if you think I’d have any compunction about controlling a hacked wheelchair with a guy sitting in it, you’d be wrong. There I was happily twiddling the joystick on the Xbox pad, spinning the 23-year-old Chavez around, sending him along the corridor and reversing him towards the walls. I chose not to cause any collisions only out of fear of giving Specter a heart attack.</p><br/><p>I was able to mess with Chavez because the security on that wheelchair sucked. That’s according to Chavez, a computer science student at <a rel="nofollow" target="_self" href="http://www.forbes.com/colleges/metropolitan-state-college-of-denver/">Metropolitan State University of Denver.&nbsp;</a>Chavez hacked his own wheelchair by hooking up a <a rel="nofollow" target="_blank" href="https://www.raspberrypi.org/products/raspberry-pi-3-model-b/">Raspberry Pi 3</a> and a <a rel="nofollow" target="_blank" href="http://skpang.co.uk/catalog/pican2-canbus-board-for-raspberry-pi-23-p-1475.html">PiCAN2 CAN-Bus Board</a> that allowed him to communicate with the chair’s on-board network. They also allowed him and Specter to funnel exploits from a remote PC or phone to connect to the chair and start controlling it. Chavez and Specter then&nbsp;ported the controls to the Xbox pad. An evil hacker would, of course, have to quickly hook up the hardware, which also includes a four-port device for connecting everything, but Chavez thinks that’s possible in seconds without the person siting in the chair&nbsp;noticing. And all the required equipment can be bought for less than $100; the software tools are free, but the coding skills required take years of investment.</p><br/><div vest-pocket="" class="vestpocket">&lt;!-- ngIf: vestpockets --><div ng-if="vestpockets" ng-class="article.article.templateType === 'takeover' ? 'hi-rise' : 'standard'" class="article-vp-wrapper ng-scope standard" ng-attr-data-track="{{vestpockets.length}}" data-track="9" id="vest-pocket-container-0"><span class="vp-topper ng-binding">Recommended by Forbes</span><div class="vp-slick-slider slick-initialized slick-slider"><div class="slick-list" aria-live="polite"><div class="slick-track" role="listbox" style="opacity: 1; width: 2805px; left: -561px;"><div data-slick-index="-3" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div><div data-slick-index="-2" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div><div data-slick-index="-1" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div><div data-slick-index="0" class="vp-box ng-scope slick-slide slick-current slick-active" aria-hidden="false" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/sites/thomasbrewster/2016/08/04/tesla-autopilot-hack-crash/" class="thumb ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-1" href="http://www.forbes.com/sites/thomasbrewster/2016/08/04/tesla-autopilot-hack-crash/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --> <span class="icon"></span>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope" style="background-image: url(&quot;http://specials-images.forbesimg.com/imageserve/545144514/340x0.jpg?fit=scale&amp;background=000000&quot;);"></div>&lt;!-- end ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand && vest_pocket_item.advoiceBrand !== 'Community' --> &lt;!-- ngIf: vest_pocket_item.advoiceBrand === 'Community' --></span> Hackers Fool Tesla Autopilot Into Making Obstacles 'Disappear' -- But Don't...</h5></div></a></div></div><div data-slick-index="1" class="vp-box ng-scope slick-slide slick-active" aria-hidden="false" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/sites/thomasbrewster/2016/08/01/1000-solar-panels-tigo-vulnerable-hackers/" class="thumb ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-2" href="http://www.forbes.com/sites/thomasbrewster/2016/08/01/1000-solar-panels-tigo-vulnerable-hackers/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --> <span class="icon"></span>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope" style="background-image: url(&quot;http://specials-images.forbesimg.com/imageserve/bf5c9558da0d45abb3a7bd4f5eea382a/340x0.jpg?fit=scale&amp;background=000000&quot;);"></div>&lt;!-- end ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand && vest_pocket_item.advoiceBrand !== 'Community' --> &lt;!-- ngIf: vest_pocket_item.advoiceBrand === 'Community' --></span> This Man Hacked His Own Solar Panels... And Claims 1,000 More Homes Vulner...</h5></div></a></div></div><div data-slick-index="2" class="vp-box ng-scope slick-slide slick-active" aria-hidden="false" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><div class="bv-0">&lt;!-- ngIf: bv_ads --><div ng-if="bv_ads" class="bv-ad ng-scope ng-isolate-scope" dynamic-ad-unit="ntv-belt" style="display: none;" id="bv-pocket-0-2"></div><style type="text/css">.PtFnJsyHwA{;display:block !important;visibility:visible !important;}</style><div ng-if="bv_ads" class="bv-ad ng-scope ng-isolate-scope PtFnJsyHwA" dynamic-ad-unit="ntv-belt" id="kdMtEI"><style type="text/css">.mDNwLnPPH {border:0;vertical-align:bottom;margin:0;width:2px;height:3px;}.mDNwLnPPH {width:2px; height: 3px;}</style><div style="border: 0pt none;" id="LsRIJcB_0__container__"><iframe data-integralas-id="2cb391f0-84dc-f7e4-4133-307fcb7416a7" name="LsRIJcB_0" class="mDNwLnPPH" id="LsRIJcB_0"></iframe></div><iframe frameborder="0" scrolling="no" name="LsRIJcB_0__hidden__" marginwidth="0" title="" height="0" style="border: 0px; vertical-align: bottom; visibility: hidden; display: none;" marginheight="0" width="0" id="LsRIJcB_0__hidden__"></iframe></div>&lt;!-- end ngIf: bv_ads --></div></div></div><div data-slick-index="3" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/sites/thomasbrewster/2016/08/02/hack-tool-brute-forces-hotel-keys-opens-cash-registers/" class="thumb ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-4" href="http://www.forbes.com/sites/thomasbrewster/2016/08/02/hack-tool-brute-forces-hotel-keys-opens-cash-registers/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --> <span class="icon"></span>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope" style="background-image: url(&quot;http://specials-images.forbesimg.com/imageserve/39200291/340x0.jpg?fit=scale&amp;background=000000&quot;);"></div>&lt;!-- end ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand && vest_pocket_item.advoiceBrand !== 'Community' --> &lt;!-- ngIf: vest_pocket_item.advoiceBrand === 'Community' --></span> This $6 Hacker Tool Pops Cash Registers And Hotel Rooms Wide Open</h5></div></a></div></div><div data-slick-index="4" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/sites/thomasbrewster/2016/08/02/charlie-miller-chris-valasek-jeep-hackers-steering-brake/" class="thumb ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-5" href="http://www.forbes.com/sites/thomasbrewster/2016/08/02/charlie-miller-chris-valasek-jeep-hackers-steering-brake/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --> <span class="icon"></span>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="!vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope"></div>&lt;!-- end ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand && vest_pocket_item.advoiceBrand !== 'Community' --> &lt;!-- ngIf: vest_pocket_item.advoiceBrand === 'Community' --></span> How Jeep Hackers Took Over Steering And Forced Emergency Stop At High Speed</h5></div></a></div></div><div data-slick-index="5" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-href="http://www.forbes.com/pictures/fflf45fkhe/the-richest-person-in-ev/" class="thumb gallery-container ng-scope" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-6" href="http://www.forbes.com/pictures/fflf45fkhe/the-richest-person-in-ev/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --><span ng-if="vest_pocket_item.reason_parsed" ng-class="vest_pocket_item.reason_parsed.display_class" class="reason ng-binding ng-scope popular-video-gallery">Most Popular</span>&lt;!-- end ngIf: vest_pocket_item.reason_parsed --> <i class="icon icon-gallery"></i>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="!vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope"></div>&lt;!-- end ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand -->&lt;!-- ngIf: vest_pocket_item.advoiceBrand --> Photos:</span> &lt;!-- ngIf: vest_pocket_item.authorType == 'AdVoice' --> The Richest Person In Every State</h5></div></a></div></div><div data-slick-index="6" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/sites/brucejapsen/2016/08/07/how-obamacare-costs-are-hammering-insurers/" class="thumb ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-7" href="http://www.forbes.com/sites/brucejapsen/2016/08/07/how-obamacare-costs-are-hammering-insurers/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --><span ng-if="vest_pocket_item.reason_parsed" ng-class="vest_pocket_item.reason_parsed.display_class" class="reason ng-binding ng-scope popular-video-gallery">Active Conversation</span>&lt;!-- end ngIf: vest_pocket_item.reason_parsed --> <span class="icon"></span>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="!vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope"></div>&lt;!-- end ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand && vest_pocket_item.advoiceBrand !== 'Community' --> &lt;!-- ngIf: vest_pocket_item.advoiceBrand === 'Community' --></span> How Obamacare Costs Are Hammering Insurers</h5></div></a></div></div><div data-slick-index="7" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-href="http://www.forbes.com/pictures/feki45ehfge/15-high-paying-jobs-in-n/" class="thumb gallery-container ng-scope" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-8" href="http://www.forbes.com/pictures/feki45ehfge/15-high-paying-jobs-in-n/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --><span ng-if="vest_pocket_item.reason_parsed" ng-class="vest_pocket_item.reason_parsed.display_class" class="reason ng-binding ng-scope popular-video-gallery">Most Popular</span>&lt;!-- end ngIf: vest_pocket_item.reason_parsed --> <i class="icon icon-gallery"></i>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="!vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope"></div>&lt;!-- end ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand -->&lt;!-- ngIf: vest_pocket_item.advoiceBrand --> Photos:</span> &lt;!-- ngIf: vest_pocket_item.authorType == 'AdVoice' --> 15 High-Paying Jobs In New York In 2016</h5></div></a></div></div><div data-slick-index="8" class="vp-box ng-scope slick-slide" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --><div src="vest_pocket_item.template_src" class="vp-inner ng-scope" ng-include=""><a rel="nofollow" target="_self" ng-attr-target="{{::$root.linkTarget(vest_pocket_item.uri)}}" ng-class="{'hasimage':vest_pocket_item.image}" ng-href="http://www.forbes.com/video/5070923397001/" class="thumb video-container ng-scope hasimage" ng-attr-data-track="vest-pocket-entry-{{$index+1}}" data-track="vest-pocket-entry-9" href="http://www.forbes.com/video/5070923397001/"><div class="vp-overlay"></div>&lt;!-- ngIf: vest_pocket_item.reason_parsed --><span ng-if="vest_pocket_item.reason_parsed" ng-class="vest_pocket_item.reason_parsed.display_class" class="reason ng-binding ng-scope popular-video-gallery">Most Popular</span>&lt;!-- end ngIf: vest_pocket_item.reason_parsed --> <i class="icon icon-video"></i>&lt;!-- ngIf: vestpocket_initialized[$index] && vest_pocket_item.image -->&lt;!-- ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div ng-if="!vestpocket_initialized[$index] &amp;&amp; vest_pocket_item.image" class="ratio1x1 image-bg ng-scope"></div>&lt;!-- end ngIf: !vestpocket_initialized[$index] && vest_pocket_item.image --><div class="box-overlay"><h5 class="ng-binding"><span class="label">&lt;!-- ngIf: vest_pocket_item.advoiceBrand --></span> Exclusive: Bret Hart Lets Loose On Seth Rollins, Goldberg, WWE Creative, Cody...</h5></div></a></div></div><div data-slick-index="9" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div><div data-slick-index="10" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div><div data-slick-index="11" class="vp-box ng-scope slick-slide slick-cloned" aria-hidden="true" style="width: 177px;">&lt;!-- ngInclude: --></div></div></div><button type="button" class="slick-next slick-arrow" data-track="vest-pocket-arrow-next"><div class="knob icon icon-chevron-right" data-track="vest-pocket-arrow-next"></div></button></div></div>&lt;!-- end ngIf: vestpockets --></div><br/><p>The security weaknesses reside in the chair’s <a rel="nofollow" target="_blank" href="http://www.cw-industrialgroup.com/About/PG-Drives-Technology.aspx?Redirect=/">PG Drives Technology motor controllers</a> – manufactured by British company Curtiss-Wright Industrial Group. In particular, issues lay in the way commands were sent to the controls. By looking at every message sent across the control area network (CAN) of the chair to determine what action they caused, the researchers learned what messages led to certain actions. It was then possible to create exploits, injecting commands to take control of the chair.</p><br/><p>To hack the joystick, the researchers found that if they could force a&nbsp;system error, the chair would shut down the stick, presumably as a protection mechanism. But they found the network&nbsp;continued listening for messages, would accept their commands and allowed them to move the chair around.</p><br/><p>Chavez, who presented his findings alongside Specter at the <a rel="nofollow" target="_blank" href="https://www.iotvillage.org/">DEF CON Internet of Things Village</a> this morning, believes the same security issues reside in any chair using the RNET protocol – a previously-unstudied service (<a rel="nofollow" target="_blank" href="https://github.com/redragonx/can2rNET">until now</a>) that sits on top of the CAN to connect devices, such as the joystick and the lights. “It boils down to no security,” he said.</p><br/><p>The video below shows an early experiment, Chavez hacking&nbsp;Specter’s chair and sending him fizzing round a parking lot:</p><br/><div class="youtube-wrapper"> <br/> <iframe frameborder="0" type="text/html" src="http://www.youtube.com/embed/BSzmiZIDhJk" class="youtube-player" height="365" width="100%"></iframe> <br/></div><br/><p><b>Modding wheelchairs</b></p><br/><p>Hacking is, most of the time, a good thing. And Chavez didn’t start probing the network of his chair to find security weaknesses – he set out to modify his chair, so he could have it follow a person. Not for any stalkerish purposes, but so he could talk through typing on his computer screen and continue to move. Chavez has a condition called <a rel="nofollow" target="_blank" href="http://www.ninds.nih.gov/disorders/schizencephaly/schizencephaly.htm">schizencephaly</a>, a rare brain condition that has made it almost impossible for Chavez to speak or walk. Given the limitations imposed by schizencephaly, it’s obvious why he’d want to expand the pre-defined uses of technology to make his life easier. He also wanted to add some uber-cool LED lights to his chair…</p><br/><div class="wp-caption alignnone" id="attachment_5400"> <br/> <img data-width="1200" data-height="900" src="http://blogs-images.forbes.com/thomasbrewster/files/2016/08/IMG_2016-08-04_16-43-13.36-1200x900.jpeg" class="wp-image-5400 size-large" alt="Security researcher Stephen Chavez hacks wheelchair so he can add LED lights"> <br/> <p class="wp-caption-text">Stephen Chavez hacked his chair so he could power some swish LED lights.</p> <br/></div><br/><p>“I found people online who wanted more control,” Chavez told me. “This research is cool for people who want to mod.”</p><br/><p>Chavez’s hacking should go some way to convincing wheelchair manufacturers to improve their security designs, but also to inspire anyone else who wants to tinker with their chair to make practical or just-plain-sexy mods to their chairs. Double-win.</p><p><em>Tips and comments are welcome at TFox-Brewster@forbes.com or tbthomasbrewster@gmail.com for <a rel="nofollow" href="https://pgp.mit.edu/pks/lookup?op=get&amp;search=0x5E37654C1660B817">PGP mail</a>. Get me on Twitter @iblametom and tfoxbrewster@jabber.hot-chilli.net for Jabber encrypted chat.</em></p></div></div></div></div></div></div></div>
1 - 20 of 2541 Next › Last »
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo