Profile: Tadayoshi Kohno

Can Science Stop Crime?

PBS Airdate: October 17, 2012

DAVID POGUE: A new kind of criminal activity is on the rise, thanks to computers: it's cybercrime. And Yoshi Kohno has mastered its tools.

CBS NEWS ANNOUNCER (Film Clip): It's being called a security breach of staggering proportions.

TARYN KOHNO (Yoshi Kohno's wife): Yoshi could hack anything. If a bank says, "Our site is secure," in my head, I'm always like, "No it's not. Yoshi could get into it."

ABC NEWS ANNOUNCER (Film Clip): A pack of cyberthieves allegedly managed to infect computers at NASA, Netflix, iTunes.

DAN HALPERIN (Graduate Student): He comes up with the most creative attacks and the most scary things you could imagine.

DAVID POGUE: Yoshi has hacked into cars…

Voting machines…

NEWS ANNOUNCER (Film Clip): Even worse, the fear that an election could be hacked.

DAVID POGUE: And medical devices.

CNBC NEWS ANNOUNCER (Film Clip): Somebody could remotely amp up a heart device. Hacking can literately become a matter of life and death.

DAVID POGUE: These days, we're surrounded by computerized and networked devices. Yoshi sees each one as a potential doorway that he can break down and then take control of what's inside.

DAN HALPERIN: The fact that everything has a computer in it is really alarming, from a security point of view. And the fact that those computers are all generally on networks is even more so.

TARYN KOHNO: The comment that people mostly say is "Thank goodness Yoshi's on our side."

DAVID POGUE: Yoshi is a computer hacker, but, lucky for us, he works for the good guys.

TADAYOSHI "YOSHI" KOHNO (University of Washington Security and Privacy Lab): Jokingly, amongst the lab, we say, you know, we're trying to save the world.

DAVID POGUE: As a security expert at the University of Washington, he's on the frontlines of the fight against cybercrime.

YOSHI KOHNO: Our privacy is slowly eroding over time, and we need to either make a conscious decision to let it continue to happen or try to stop it.

TARYN KOHNO: When we share some of Yoshi's research with friends or family, they're like, "oh my, g…. I never would have thought about that. Where does Yoshi get these ideas?"

DAVID POGUE: As part of his strategy, he is constantly trying to get into the heads of the bad guys.

YOSHI KOHNO: This is the ability to see the world the way an adversary might see the world.

DAVID POGUE: And if you look at the world this way, you're going to find weaknesses in the security armor everywhere, even in the etched glass of an office door, designed to prevent people from seeing in.

YOSHI KOHNO: As a security person, the first question that came to my mind was, "Well, does it really work? And is it possible to see through?"

DAVID POGUE: Yoshi knew that the jagged surface of the glass was bending the light, making it hard to see through. If he could find a way to smooth the surface, he would be able to spy on someone.

YOSHI KOHNO: This was as simple as actually putting honey on the surface of the glass.

DAVID POGUE: And just like that, with a drop of honey and a smooth layer of glass, Yoshi figured out how to straighten the light, make the glass transparent and, perhaps, invade someone's privacy.

YOSHI KOHNO: This is a perfect example of how, just looking at the world in a slightly different way, you can uncover potential privacy or security issues.

DAVID POGUE: By all accounts, Yoshi has been looking at the world this way for most of his life.

YOSHI KOHNO: I think I learned a lot about security and privacy in the real world from my parents, you know: the need to always lock the door or the need to be cautious about how you walk, when you walk to school.

DAVID POGUE: Yoshi was a computer whiz from a young age.

YOSHI KOHNO: On the side you see: "You're entering into the world of cyberpunks, hackers, freakers and programmers, beware."

DAVID POGUE: He was fascinated by cryptograms, an old spy technique of creating secret codes.

YOSHI KOHNO: I was intrigued by cryptography, because it had an element of, kind of, adversarial tension between me and the person who made this cryptogram, you know: can I figure out what they did to try to make this message secret, so that I could try to solve it?

DAVID POGUE: Today, Yoshi leads a team of young security experts who are trying to outsmart their adversaries, any potential computer hackers with ill intent.

KARL KOSCHER (University of Washington Security and Privacy Lab): It's always an arms race. You're trying to stay one step ahead of the criminals, and the criminals will try to stay one step ahead of you.

DAVID POGUE: Yoshi's team has the know-how to hack into pretty much any machine that broadcasts or receives digital information wirelessly. Yoshi believes, if it's connected to the outside world, then there's no such thing as an unhackable computer; like the Nike + iPod Sport Kit, a gadget designed for runners to put in their shoes to help track their speed and distance.

YOSHI KOHNO: It really was an example of a technology that pervades your life in different ways than a traditional laptop or a desktop.

DAVID POGUE: Yoshi figured out how to hack into the signal sent out by this tiny transmitter and keep tabs on anyone wearing the device.

YOSHI KOHNO: There she is. I see her, the sensor, on my laptop.

DAVID POGUE: And the news took notice.

NEWS ANNOUNCER (Film Clip): …one of TIME magazine's gadgets of the year.

NEWS ANNOUNCER (Film Clip): …, but it also has a serious security problem that could leave innocent users vulnerable to invasions of their personal privacy.

DAVID POGUE: But Yoshi's goal isn't to make us all paranoid. Instead, he wants the makers of these devices to plug their security holes before they go on the market.

Even if you don't have the Sport Kit, there's a good chance you're carrying around something else that could compromise your personal data without your knowing it.

New generations of passport cards and enhanced drivers' licenses have computer chips that Yoshi and his team have been able to read, some up to 50 yards away.

YOSHI KOHNO: We, as consumers, need to be aware that our privacy is being exposed by the technologies we have on our bodies and around us.

DAVID POGUE: And it's not just your privacy that Yoshi is trying to defend. If a machine is controlled by a computer and connected to a network, then hackers could potentially take over the reins, even a machine as complex as a car.

FRANZI ROESNER: (University of Washington Security and Privacy Lab): The car project was one of these examples where we look at an existing, on-the-market device to see if it's vulnerable to attack. Essentially, could we hack the car and control it remotely?

DAVID POGUE: You might not realize it, but if you drive a car made in the last few years, it's full of computer software.

YOSHI KOHNO: We have computers controlling the brakes, the steering, the door locks.

DAVID POGUE: You can also order some cars with built-in cell phones systems, designed to connect to operators in an emergency.

YOSHI KOHNO: There are cars that can call 911 for you, if you get into an accident.

DAVID POGUE: Yoshi saw the car's cell phone as another potential security hole, one that could serve as a portal to a vehicle's computer system, to be exploited by a cyber car thief.

DAN HALPERIN: If someone else can use that remote connection to do security attacks, it makes you a lot more vulnerable.

DAVID POGUE: Yoshi and his team set out to hack into one of those cars, so the first thing they do is buy one. They want to see if their car's phone can give them a direct line to its computer system. Their fear is that an evil hacker could set up a computer to call thousands of random numbers to locate and then take control of a car.

ALEXEI CZESKIS: There's that number. Ready to dial it?

KARL KOSCHER: Sure.

ALEXEI CZESKIS: Okay.

KARL KOSCHER: I'm dialing the number.

DAVID POGUE: Once they have the car's number, they call it, hoping they'll be able to install their own software over the phone line and onto the car's computer.

ALEXEI CZESKIS: The sound is going to come over those headphones, play into the phone that's going to get received by the car.

KARL KOSCHER: All right, and send.

All right, went through successfully.

ALEXEI CZESKIS: Awesome.

DAVID POGUE: Now they could have the car report its G.P.S. location, and they send the coordinates to Yoshi, who stands in as a thief.

YOSHI KOHNO: Hello?

FRANZI ROESNER: Hi, Yoshi? We've got a car for you that we're going to unlock.

YOSHI KOHNO: Ah, great.

FRANZI ROESNER: And we're going to flash the lights, so that you can find it.

DAVID POGUE: Now that they have a direct line to the car's computers, they want to see if they can take control and make the vehicle think that someone is flashing the lights.

FRANZI ROESNER: Okay, flashing lights now.

YOSHI KOHNO: Let me see, flashing lights, flashing lights. Ah, yes, I see the vehicle. Okay. And I'm walking up to it now.

DAVID POGUE: But could they unlock the doors and start the engine?

FRANZI ROESNER: Now we're going to initiate the unlock sequence. The car should unlock and the engine should start.

YOSHI KOHNO: Okay, the car is on. Getting in the car, and I'm going to start driving. Here I am driving.

DAVID POGUE: Yoshi's team took over the car from an office a few blocks away, but with this technique, they could, theoretically, do it from almost anywhere in the world, using a wireless connection.

KARL KOSCHER: What really surprised us was how easy it was to do these things. We could take over almost anything in the car that was electronically controlled.

DAVID POGUE: And these days, even your brakes are electronically controlled. Does that mean that Yoshi could hack into a car's brakes?

YOSHI KOHNO: So Alexei will be in the driver's seat, and we'll be up in the bleachers.

DAVID POGUE: The team takes a car to a closed track to find out.

YOSHI KOHNO: Okay, are we ready?

Okay, Alexei, we've unlocked the brake controller and, uh, just to verify: you have your helmet on and all your safety precautions in place, right?

ALEXEI CZESKIS: That's right, helmet on, gloves on, strapped in and ready to go.

YOSHI KOHNO: Great. Okay, go ahead and go, and we will apply your brakes when you get to the checkered flag area.

DAVID POGUE: By sending their malicious code to the car, could Yoshi trick it into jamming on the brakes?

TARYN KOHNO: It is a very scary thought that you're driving in a car and some kid could be messing with you just for fun.

YOSHI KOHNO: And we'll be applying your brakes shortly, right about now.

Oh, ooh, yeah, that worked! Ooh, is he going to go to the wall? No. Are you okay, Alexei?

FRANZI ROESNER: Did you do the right brake?

ALEXEI CZESKIS: Woo hoo!

FRANZI ROESNER: Wow, okay, that worked.

DAVID POGUE: What Yoshi can do looks pretty scary, but it's the result of months of painstaking research by the sharpest minds in the security business.

FRANZI ROESNER: We don't believe that there are hackers out there attacking today's cars. Our goal, really, is to show that these kind of attacks are possible, so that the manufacturers of the cars, and the government, and the various policy organizations take it seriously for the next generation of cars.

DAVID POGUE: Yoshi is one of our most vigilant guards against cybercrime. He has consulted with government and industry, even companies like Microsoft, pushing them to examine things like car security, electronic voting and the safety of implantable medical devices.

DAN HALPERIN: Yoshi's goal is to secure the future, to make the world a safer place.

YOSHI KOHNO: I really do want to understand how we can protect the security of future technologies, so that when my kids are my age they're in an environment where technologies are safe, reliable, secure.

DAVID POGUE: So Yoshi will continue to hunt down the holes, the weaknesses all around us, conquering the criminals by outwitting them at their own game, long before they can make their move.

KARL KOSCHER: He has all sorts of devious thoughts that would be pretty harmful, if he was on the wrong side of the law.

DAN HALPERIN: We thank our lucky stars that Yoshi is on the side of the good guys.

DAVID POGUE: It's a good thing, because when Yoshi looks at the world, he sees a lot of hacking left to do.

YOSHI KOHNO: You see computers in transportation systems, stoplights, our power distribution grids, the sewage and water lines, airplanes. There's computers everywhere, and I think we've only begun to scratch the surface.

What's your password?
Shhh! Don't tell us!
Did it make the list of
25 WORST passwords?
Including…
abc123
trustno1
…and the #1 most common
And worst password:
Password
Check out all the bad passwords at
Pbs.org/novasciencenow
And be secure!

DAVID POGUE: And now it's time to put you on the case. Follow us on Facebook or Twitter, or log onto our Web site and tell us what you think. You can see any of these stories again, you can watch exclusive short Web videos, hear from experts, or you can check out our Web-only series, The Secret Life of Scientists and Engineers.

You can find it all at pbs.org/novasciencenow.

The vultures, the vultures, they're coming!

CAN SCIENCE STOP CRIME?

HOST

David Pogue

WRITTEN, PRODUCED AND DIRECTED BY

Scott Tiffany

Tadayoshi Kohno Profile

WRITTEN AND DIRECTED BY

Joshua Seftel

PRODUCED BY

Joshua Seftel & Erika Frankel

NOVA scienceNOW

EXECUTIVE PRODUCER

Julia Cort

PRODUCTION MANAGER

Stephanie Mills

BUSINESS MANAGER

Elizabeth Benjes

INTERSTITIALS PRODUCED BY

Brian Edgerton

ORIGINAL MUSIC BY

Christopher Rife

SENIOR RESEARCHER

Kate Becker

CAN SCIENCE STOP CRIME? EDITED BY

Brian Cassin
Steve Audette

PROFILE EDITED BY

Marc Vives

PRODUCTION MANAGER

Maureen Lynch

PROFILE PRODUCTION SUPERVISOR

Jill Landaker Grunes

ASSOCIATE PRODUCERS

Mary Beth Griggs
Ben Sweeney
Catherine Bright

ARCHIVAL RESEARCH

Minna Kane
Adam Talaid

RESEARCH

Christopher O'Brien
Rachel Nuwer

CAMERA

Jason Longo
Jeremiah Crowell
Ben McCoy
Mark Carroll
Paul Mailman

SOUND RECORDISTS

Alex Altman
Mike Bellaccio
Steve Bonarrigo
Adriano Bravo
Steve Clack
Jason Pawlak

Scott Snyder

Charles Tomaras

ANIMATION BY

Hero4Hire Creative, LLC

ADDITIONAL MUSIC

Scorekeeper's Music

COLORIST

Michael H. Amundson

AUDIO MIX

Heart Punch Studio, Inc.

ADDITIONAL EDITING

Rob Tinworth
Jean Dunoyer

ADDITIONAL CAMERA

Zach Kuperstein
Jess Bichler
Ian Blair
A.J. Marson
Victoria Resendez
Oren Soffer
Alfonso Solis

MEDIA MANAGER

Andrew Clark

ASSISTANT EDITORS

Rob Chapman
Steve Benjamin
Ben Sweeney

PRODUCTION ASSISTANTS

Lee Stevens
Siena Brown
Nicole Beaudopin
Rebecca Brinson
Lauren Love
Matt Mohebalian
Gavin Murray
Stephanie Santos

POST PRODUCTION ASSISTANT

Olaf Steel

ARCHIVAL MATERIAL

Pond5
Marcus R. Donner
Framepool
Shutterstock Images LLC
Dr. Arthur W. Toga, Laboratory of Neuro Imaging at UCLA
Library of Congress, Prints & Photographs Division
Denver Public Library, Western History Collection, Harry Rhoads
-------
Mice footage courtesy "A Tale of Two MAO Genes" (2010),
produced by Prof. Jean Chen Shih and Prof. Marsha Kinder,
University of Southern California
Library of Congress, Prints & Photographs Division

Data Visualization by Arction Ltd.

SPECIAL THANKS

Academy for Scientific Investigative Training
Tim Acosta
Brookhaven National Laboratory
-------
Cold Springs Harbor Laboratory
ECS Elite Combat Sports
Evergreen Speedway/High Road Promotions
Joshua Buckholtz
Adele Testani
HurryDate
Forensic Anthropology Center at Texas State
Clark Freshman
Rex Jung, Ph.D, Department of Neurosurgery, University of New Mexico
Minakami Karate
-------
Hank Levy
David Matsumoto
Derek Mitchell
Jeff Moss
Stephen Porter
Rocktagon MMA
Rogue Empire Gym
Saloon NYC
University of Washington
Vanderbilt University Law School
Michael Warren

ADVISORS

Sangeeta Bhatia
Charles Jennings
Richard Lifton
Neil Shubin
Rudy Tanzi

NOVA SERIES GRAPHICS

yU + co.

NOVA THEME MUSIC

Walter Werzowa
John Luker
Musikvergnuegen, Inc.

ADDITIONAL NOVA THEME MUSIC

Ray Loring
Rob Morsberger

POST PRODUCTION ONLINE EDITOR

Spencer Gentry

CLOSED CAPTIONING

The Caption Center

MARKETING AND PUBLICITY

Karen Laverty

PUBLICITY

Eileen Campion
Victoria Louie

NOVA ADMINISTRATOR

Kristen Sommerhalter

PRODUCTION COORDINATOR

Linda Callahan

PARALEGAL

Sarah Erlandson

TALENT RELATIONS

Scott Kardel, Esq.
Janice Flood

LEGAL COUNSEL

Susan Rosen

DIRECTOR OF EDUCATION

Rachel Connolly

DIGITAL PROJECTS MANAGER

Kristine Allington

DIRECTOR OF NEW MEDIA

Lauren Aguirre

ASSOCIATE PRODUCER
POST PRODUCTION

Patrick Carey

POST PRODUCTION EDITOR

Rebecca Nieto

POST PRODUCTION MANAGER

Nathan Gunner

COMPLIANCE MANAGER

Linzy Emery

DEVELOPMENT PRODUCERS

Pamela Rosenstein
David Condon

COORDINATING PRODUCER

Laurie Cahalane

SENIOR SCIENCE EDITOR

Evan Hadingham

SENIOR PRODUCER

Chris Schmidt

SENIOR SERIES PRODUCER

Melanie Wallace

MANAGING DIRECTOR

Alan Ritsko

SENIOR EXECUTIVE PRODUCER

Paula S. Apsell

A Time Frame Films Production for NOVA

NOVA scienceNOW is a trademark of the WGBH Educational Foundation

NOVA scienceNOW is produced for WGBH/Boston

This material is based upon work supported by the National Science Foundation under Grant No. 0917517. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

© 2012 WGBH Educational Foundation

All rights reserved

Image credit:

(Tadayoshi Kohno)

© WGBH Educational Foundation

Dan Halperin

Graduate Student

Tadayoshi Kohno

University of Washington

Taryn Kohno

Yoshi's wife

Karl Koscher

Yoshi's Graduate Student

Franzi Roesner

Yoshi's Graduate Student