The new British Prime Minister Theresa May announced six members of her cabinet today.

Amid a sweeping crackdown on dissent in Egypt, security forces have forcibly disappeared hundreds of people since the beginning of 2015, according to a new report from Amnesty International.

It's an "unprecedented spike," the group says, with an average of three or four people disappeared every day.

The Republican Party, as it prepares for its convention next week has checked off item No. 1 on its housekeeping list — drafting a party platform. The document reflects the conservative views of its authors, many of whom are party activists. So don't look for any concessions to changing views among the broader public on key social issues.

Many public figures who took to Twitter and Facebook following the murder of five police officers in Dallas have faced public blowback and, in some cases, found their employers less than forgiving about inflammatory and sometimes hateful online comments.

As Venezuela unravels — with shortages of food and medicine, as well as runaway inflation — President Nicolas Maduro is increasingly unpopular. But he's still holding onto power.

"The truth in Venezuela is there is real hunger. We are hungry," says a man who has invited me into his house in the northwestern city of Maracaibo, but doesn't want his name used for fear of reprisals by the government.

The wiry man paces angrily as he speaks. It wasn't always this way, he says, showing how loose his pants are now.

Ask a typical teenage girl about the latest slang and girl crushes and you might get answers like "spilling the tea" and Taylor Swift. But at the Girl Up Leadership Summit in Washington, D.C., the answers were "intersectional feminism" — the idea that there's no one-size-fits-all definition of feminism — and U.N. climate chief Christiana Figueres.

Copyright 2016 NPR. To see more, visit http://www.npr.org/.

Copyright 2016 NPR. To see more, visit http://www.npr.org/.

Copyright 2016 NPR. To see more, visit http://www.npr.org/.

Copyright 2016 NPR. To see more, visit http://www.npr.org/.

Pages

With Smarter Cars, The Doors Are Open To Hacking Dangers

Jul 30, 2013
Originally published on July 30, 2013 7:46 am

Chris Valasek and Charlie Miller have been hacking into products for a long time. But they don't steal stuff or mess with people; instead, their purpose is to pressure companies into making their products more secure.

This week, they scored big. Their research on hacking cars has captured the attention of millions and has been featured in Forbes and on the Today show.

Miller and Valasek are not the first guys to hack a car, but they demonstrated like few have before just how dangerous these kinds of attacks could be.

"That's really where Charlie and I came in," says Valasek, a security researcher at IOActive. "We really wanted to see, once someone was inside your car network, to what extent could you control the automobile?"

The pair got a grant from the Defense Advanced Research Projects Agency (DARPA) and bought two modern, connected cars: a Toyota Prius and a Ford Escape. Then they tapped into the network of little built-in computers that run on virtually every car sold today.

Car makers began embedding electronic control units, or ECUs, in cars more than 30 years ago. These simple little computers were developed during the first gas crisis. Initially, they were used as tiny computerized carburetors.

"Engineers figured out that computers were much better at figuring out how to mix gas and air than a mechanical device," Valasek says. "They were much more efficient and you could get better gas mileage."

But soon these little computers were being used for a lot of things, like cruise control or anti-lock brakes.

"Now we're to the point where cars parallel park themselves," Valasek says. "And that's not just magic. There's computers in the car that have sensors and actuators."

Remote Control Havoc

All these little devices talk to each other on an open network. They listen in to every message that's sent, and they don't verify where a specific command is coming from. Miller says all of this makes cars easy to attack.

Any sensor attached to the processor on the network is vulnerable. So after Miller and Valasek learned the code that controlled the ECUs on the two cars they were testing, they were able to cause all kind of havoc.

They were able to jerk the wheel at high speeds in the Prius. They could cause the car to accelerate or brake. They could beep the horn or set off the crash preparation system and jerk the seatbelts back.

In the Ford Escape, if the driver was moving slowly, they could turn the wheel or even kill the brake. In fact, once Miller forgot that the hack was running on his Ford Escape and he drove it into his garage.

"Luckily, these weren't our cars," Valasek says.

But Miller did crush his lawnmower.

"My lawnmower — it was destroyed, utterly," Miller says. "The lawnmower was perhaps the first cyber-attack-in-a-car victim."

Car Companies Not Worried

Miller and Valasek tried to share their findings with Toyota and Ford before they went public. Both companies say while they are taking the research seriously, they're still convinced their cars are safe. They say if someone has to wire a computer into your car to get an attack to work, you are going to notice.

"I've actually been very disappointed with the reaction from these companies," says Don Bailey, a security researcher who has hacked into cars remotely via the cell phone network.

Bailey says Miller and Valasek have proven that "once you are through that initial barrier, you can and will be able to do almost anything you want to."

It's unlikely, however, that malicious hackers will take advantage of these attacks any time soon. All cars don't all use one operating system and they don't all speak one single language. So before a hacker can take control, he or she has to learn the specific code that runs the systems for that specific car.

That's tough, and it takes time. But Valasek says it's not impossible.

By going public with their research, Valesek hopes car companies will be forced to fix these problem before anyone — aside from a lawnmower — gets hurt.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

Transcript

DAVID GREENE, HOST:

Technology in cars has made a lot of things easier for drivers: parking, climate control, picking the music you want to listen to. But there is one downside: Cars can now be hacked. That reality is getting a lot of attention this week in Las Vegas, where hackers, hacktivists and security researchers have all gathered for two annual computer security conferences: Defcon and Black Hat. Here's NPR's Steve Henn.

STEVE HENN, BYLINE: Chris Valasek and Charlie Miller have been hacking into products for a long time. But they don't steal stuff or mess with people. Instead, their purpose is to pressure companies into making their products more secure. And this week, they scored big when their research on hacking cars made it onto the "Today" show.

(SOUNDBITE OF TV SHOW, "TODAY")

UNIDENTIFIED MAN #1: Well, good morning. We're back now with something to think about before you hop behind the wheel this morning of your car.

HENN: Miller and Valasek are not the first guys to hack a car, but they perhaps like no one who's come before it, they demonstrated just how dangerous these kinds of attacks could be.

CHRIS VALASEK: And that's really where Charlie and I came in.

HENN: Chris Valasek.

VALASEK: We really wanted to see, once someone was inside your car network, to what extent could you control the automobile?

HENN: They got a grant from DARPA, the Defense Advanced Projects Research Agency, and bought two modern, connected cars: a Toyota Prius and a Ford Escape. Then they physically plugged into the network of little computers built into these cars that run virtually everything.

VALASEK: Those are electronic control units.

HENN: The first of these little computers were used to replace carburetors, but soon, they were being used for lots of stuff: cruise control, antilock brakes.

VALASEK: And now we're to the point where cars parallel park themselves. And that's not just magic. There's computers in the car that have censors and actuators.

HENN: And all these little devices talk to each other on an open network. They listen in to every message that's sent. And they don't verify where a specific command is coming from. Charlie Miller says all of this makes cars easy to attack.

CHARLIE MILLER: If I'm an attacker and I break into, say, your radio, I can send messages and say, hey, I'm the brakes, and I'm telling the engine to do this.

HENN: Any processor on the network is vulnerable, and that let Miller and Valasek create all kinds of havoc.

VALASEK: We were able to turn the wheel at high torque, jerky motions at high speeds. We were able to administer the brakes.

HENN: They could yank on the seatbelt, set off the horn, press the accelerator, turn off the engine.

MILLER: And I could make your brakes not work anymore.

HENN: That's right: no brakes. And once, Charlie Miller forgot that that hack was running on his Ford Escape as he drove it into his garage.

VALASEK: Yeah, luckily, these weren't our cars.

MILLER: My lawn mower, it was destroyed, utterly. So the lawn mower was, like, perhaps the first cyber-attack-in-a-car victim.

HENN: Miller and Valasek tried to share their findings with Toyota and Ford before they went public. Now, both companies say while they're taking this research seriously, they're still convinced their cars are safe. They say if someone has to physically wire a computer into your car to get this attack to work, you're going to notice. But...

DON BAILEY: Well, I've actually been very disappointed with the reaction from these companies.

HENN: Don Bailey is a security researcher who's hacked into cars remotely, using the cell phone network.

BAILEY: Once you are through that initial security barrier, you can and will be able to do almost anything you want to.

HENN: Now, before a hacker could really create havoc, he or she has to learn the specific code that each car uses to talk on its internal network. That's tough. It takes time. But Chris Valasek says it's not impossible.

VALASEK: Charlie and I hope by releasing all this information that more and more people will get interested.

HENN: And give car companies the little push they need to make some security improvements. Steve Henn, NPR News, Silicon Valley. Transcript provided by NPR, Copyright NPR.