Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,180 --> 00:00:00,960 Welcome, David. 2 00:00:01,740 --> 00:00:02,250 Welcome. 3 00:00:02,250 --> 00:00:03,570 It's wonderful to be here. 4 00:00:03,660 --> 00:00:04,440 Thanks for having me. 5 00:00:04,560 --> 00:00:08,580 Thank you so much for, for spending the time with us, and thank you for being with 6 00:00:08,580 --> 00:00:11,430 us here in in the Cyber Security Podcast. 7 00:00:11,940 --> 00:00:16,050 Uh, first I welcome you also, Andrea, since this is not 8 00:00:16,140 --> 00:00:17,490 your first time here in Saudi. 9 00:00:17,910 --> 00:00:21,450 And uh, I would like to just give us quick, brief. 10 00:00:22,634 --> 00:00:24,705 Yeah, it's, it's gonna be a long story. 11 00:00:24,794 --> 00:00:27,255 So let me first start off with, as you mentioned, rd. 12 00:00:27,255 --> 00:00:28,335 It's beautiful to be here. 13 00:00:28,335 --> 00:00:31,725 It's my first time in Rya and it, it's great to see all of the things 14 00:00:31,729 --> 00:00:33,945 happening here regarding myself. 15 00:00:33,945 --> 00:00:35,655 That's, Yeah, it's a long story. 16 00:00:35,925 --> 00:00:39,224 So let me just start from the beginning and we can go from there. 17 00:00:39,435 --> 00:00:39,735 Yes. 18 00:00:40,215 --> 00:00:41,535 I'm a very curious person. 19 00:00:42,089 --> 00:00:45,690 And when I got my first smartphone, I was actually nine years old and 20 00:00:45,720 --> 00:00:48,810 this was kind of cool, you know, it was like tech and you could do 21 00:00:48,810 --> 00:00:50,010 things there, but it wasn't much. 22 00:00:50,015 --> 00:00:52,140 It was running Android, four point something. 23 00:00:52,199 --> 00:00:54,900 And then for my 10th birthday, I got my first laptop. 24 00:00:55,199 --> 00:00:58,650 And that's really what got me into the tech and cybersecurity 25 00:00:58,650 --> 00:01:00,260 industry in the end because. 26 00:01:01,005 --> 00:01:02,625 I just wanted to know how do things work. 27 00:01:02,625 --> 00:01:05,145 I was so curious to figure out how do things work because 28 00:01:05,565 --> 00:01:06,225 everyone was using them. 29 00:01:06,225 --> 00:01:08,025 You know, everyone was using those devices. 30 00:01:08,365 --> 00:01:12,015 Everyone was doing Google searches, and I asked myself like, How does work, because 31 00:01:12,015 --> 00:01:13,695 it's not magic, it's only technology. 32 00:01:14,025 --> 00:01:17,175 And then I also figured out that I am now living in the best age I could ever 33 00:01:17,180 --> 00:01:21,015 grow up in because I can leverage that technology to learn about how it works. 34 00:01:21,375 --> 00:01:22,605 And that's exactly what I did. 35 00:01:22,725 --> 00:01:25,725 So I started coding because that's apparently how all 36 00:01:25,725 --> 00:01:26,895 of those things were built. 37 00:01:26,955 --> 00:01:31,425 And I started coding my own apps and I was uh, I think I was 11 when I backed 38 00:01:31,425 --> 00:01:35,595 my dad to get like a robotic arm so I could connect that robotic arm to 39 00:01:35,600 --> 00:01:39,795 a respiratory pie and then build my own software to control all of that. 40 00:01:40,245 --> 00:01:43,815 It was a lot of fun back then, so that's why I learned all the basics. 41 00:01:44,085 --> 00:01:46,875 And a few years after that, I was finding my first vulner. 42 00:01:47,744 --> 00:01:50,625 And that was really interesting because now I could do things with the commuter 43 00:01:50,625 --> 00:01:54,735 system I shouldn't be able to do, and that's that what really got me into 44 00:01:54,735 --> 00:01:57,405 the industry because for one, it's super interesting to learn about a 45 00:01:57,405 --> 00:01:59,265 topic of cyber security and hacking. 46 00:01:59,270 --> 00:02:01,965 But on the other side, you could already see it's going to be one of the most 47 00:02:01,965 --> 00:02:05,715 pressing challenges of tomorrow when we are digitalizing our, our whole life. 48 00:02:05,744 --> 00:02:06,164 Basically. 49 00:02:06,169 --> 00:02:10,005 It starts off with smart homes, autonomous cars, but even creating infrastructure 50 00:02:10,005 --> 00:02:12,315 is fully digitalized in most parts now. 51 00:02:12,704 --> 00:02:14,445 So I was seeing that and I was. 52 00:02:15,450 --> 00:02:19,710 That is, I found my passion basically, and I was spending like all my time on, 53 00:02:20,040 --> 00:02:21,840 on learning it and getting into the space. 54 00:02:21,840 --> 00:02:25,590 So even though school wasn't the next day, I was staying up until 4:00 AM sitting in 55 00:02:25,590 --> 00:02:27,570 front of my, my screen going into this. 56 00:02:27,780 --> 00:02:32,970 That's amazing because I was thinking what, being the young, usually you 57 00:02:32,975 --> 00:02:38,070 will drive into gaming and, and, uh, a lot of, you know, having a PlayStation 58 00:02:38,070 --> 00:02:41,790 or a PC and playing with it and you decided not going there and having 59 00:02:41,790 --> 00:02:44,070 your dad to buy your raspberry. 60 00:02:44,820 --> 00:02:46,350 That's like, that's changed. 61 00:02:47,190 --> 00:02:48,330 Like what is the passion? 62 00:02:48,330 --> 00:02:50,010 Why did you decide going there? 63 00:02:50,010 --> 00:02:56,070 Is it your, uh, family interested in the, the area or is it just yourself 64 00:02:56,070 --> 00:02:57,930 being just passionate about it? 65 00:02:58,170 --> 00:03:00,570 So, yeah, it's, it's only me and my family. 66 00:03:00,575 --> 00:03:02,610 So no one in my family is into tag. 67 00:03:02,730 --> 00:03:06,390 Um, no one is, , my family doesn't even speak English. 68 00:03:06,390 --> 00:03:06,690 Right. 69 00:03:06,870 --> 00:03:07,260 Okay. 70 00:03:07,410 --> 00:03:09,720 And, and now I'm here going ahead like this. 71 00:03:09,720 --> 00:03:13,740 So it was really, because that's also when I got into tech and I was , all 72 00:03:13,740 --> 00:03:14,730 the good stuff was in English. 73 00:03:14,734 --> 00:03:16,530 So it was like, I better learn the language right 74 00:03:16,530 --> 00:03:18,240 to, to understand all of it. 75 00:03:18,240 --> 00:03:19,410 So that's how I started there. 76 00:03:19,410 --> 00:03:20,220 I, I don't know. 77 00:03:20,265 --> 00:03:23,475 Where exactly that that passion really originates from. 78 00:03:23,475 --> 00:03:24,795 But I was just curious. 79 00:03:24,795 --> 00:03:26,714 I wanted to understand how it works and that's basically 80 00:03:26,714 --> 00:03:28,035 how the world works nowadays. 81 00:03:28,394 --> 00:03:29,774 Everything is digitalized now. 82 00:03:29,984 --> 00:03:30,464 Interesting. 83 00:03:30,464 --> 00:03:35,024 And that, that it was so great to first learn the, the fundamentals and then going 84 00:03:35,029 --> 00:03:38,174 into cyber's security because I'm the opinion if you want to hack something, 85 00:03:38,174 --> 00:03:39,554 you have to understand how it works. 86 00:03:39,870 --> 00:03:42,450 Because then you're able to see what the gaps are and where 87 00:03:42,450 --> 00:03:43,470 you might find your ways in. 88 00:03:43,680 --> 00:03:43,950 Yes. 89 00:03:43,950 --> 00:03:47,130 And also if you wanna secure something, you cannot secure it while 90 00:03:47,130 --> 00:03:48,359 you don't understand the baselines. 91 00:03:48,359 --> 00:03:49,950 And I think what you did is, is great. 92 00:03:50,220 --> 00:03:50,730 And tell me. 93 00:03:51,405 --> 00:03:55,334 The, the first vulnerability that you talked about, like, I think 94 00:03:55,334 --> 00:03:56,954 you were young during that time. 95 00:03:56,984 --> 00:04:00,356 Yeah, I think I was 13 or something at this point, and was actually an 96 00:04:00,674 --> 00:04:03,885 S Square injection, and that is a vulnerability that has been there for, 97 00:04:03,890 --> 00:04:05,565 for so long and it never goes away. 98 00:04:05,625 --> 00:04:08,234 So even, even today, you have developers still building that 99 00:04:08,234 --> 00:04:09,825 vulnerability and I, I don't know how. 100 00:04:10,380 --> 00:04:14,610 Why, but it's, it's, it's been there for forever and it's probably also 101 00:04:14,610 --> 00:04:16,230 gonna stay for quite some more time. 102 00:04:16,290 --> 00:04:20,220 And it's quite funny because that's where you're able to manipulate, um, 103 00:04:20,250 --> 00:04:24,030 user input to then manipulate the database that is underlying there. 104 00:04:24,035 --> 00:04:29,740 So you can bypass authentication there, or you can, you can even delete the 105 00:04:29,740 --> 00:04:31,110 full database and things like that. 106 00:04:31,410 --> 00:04:33,960 So it was really interesting to, to discover that because then I 107 00:04:33,960 --> 00:04:37,205 was able to do, Something with a system I shouldn't be able to do. 108 00:04:37,205 --> 00:04:37,535 Right. 109 00:04:37,955 --> 00:04:41,465 By abusing that, that vulnerability there and, and I didn't use it to cause 110 00:04:41,465 --> 00:04:44,735 any, any problems or something, but it was really interesting to see that. 111 00:04:45,005 --> 00:04:45,335 Yes. 112 00:04:45,340 --> 00:04:45,455 Yeah. 113 00:04:45,455 --> 00:04:48,635 And, and a lot of people would call that an ethical hacking is you are 114 00:04:48,635 --> 00:04:51,935 responsible of finding it and then helping to fix it, not rather than just 115 00:04:51,940 --> 00:04:53,985 abusing it, which is, which is great. 116 00:04:55,355 --> 00:05:00,425 Then tell me why did you come here in reality and why are you here in. 117 00:05:01,500 --> 00:05:04,109 So it's, it's really exciting here. 118 00:05:04,289 --> 00:05:04,950 That is something. 119 00:05:04,950 --> 00:05:07,440 So I'm from Germany and in Germany. 120 00:05:09,179 --> 00:05:13,590 It's, Yeah, well we are, Technology and innovation isn't as present as it is here 121 00:05:13,590 --> 00:05:16,799 in the region, and it's just beautiful to see you have so many young people 122 00:05:16,799 --> 00:05:20,909 that are excited about creating a great future and take a look at this event. 123 00:05:20,909 --> 00:05:24,359 It's the first ever blackhead in the Middle East, and it's an incredible event. 124 00:05:24,570 --> 00:05:28,260 I think we have nearly 50,000 people signed up, and it's just 125 00:05:28,260 --> 00:05:31,200 wonderful to see that excitement, to see that passion that is here. 126 00:05:32,864 --> 00:05:35,534 that is just wonderful when you have so many passionate people in 127 00:05:35,534 --> 00:05:38,745 the same room talking about the important topics that are really 128 00:05:38,745 --> 00:05:40,784 gonna gonna affect our, our future. 129 00:05:41,294 --> 00:05:45,224 And something to actually also continue in, in my own story here. 130 00:05:45,614 --> 00:05:49,604 So I was intoa Rudy, spending all my time on it, getting really 131 00:05:49,604 --> 00:05:53,445 good at it, and then I was sitting in a 10th grade in school in. 132 00:05:54,165 --> 00:05:55,485 In the middle of nowhere in Germany. 133 00:05:55,485 --> 00:05:56,505 I was sitting there in school. 134 00:05:56,775 --> 00:05:58,245 I was 15 at this point actually. 135 00:05:58,245 --> 00:06:02,205 And then I asked myself like, why should I sit here and learn Latin or do 136 00:06:02,205 --> 00:06:06,195 like power analysis if I could be out there helping to protect organizations 137 00:06:06,195 --> 00:06:09,585 from cyber techs, maybe even helping to protect credit infrastructure. 138 00:06:10,065 --> 00:06:11,145 So it was like, have to quit. 139 00:06:11,745 --> 00:06:14,805 And here's where Germany kicks in again, because in Germany you can't do it. 140 00:06:14,895 --> 00:06:17,455 You have to go to school by law until you are 18. 141 00:06:17,475 --> 00:06:18,015 Oh, wow. 142 00:06:18,105 --> 00:06:21,735 So that is, that is something that also should be changed in my opinion. 143 00:06:22,245 --> 00:06:25,415 And it was quite interesting because I, I thought there must be a way. 144 00:06:25,620 --> 00:06:28,980 You know, if you code something and you have a bug in your, in your 145 00:06:28,980 --> 00:06:31,860 code, you don't relax it back and you're like, Well, there's a bug. 146 00:06:31,860 --> 00:06:32,850 You know, That's the way it is. 147 00:06:33,120 --> 00:06:34,740 You get into it and you fix it. 148 00:06:34,860 --> 00:06:38,460 So I was trying to apply the same principle there until I found someone 149 00:06:38,460 --> 00:06:42,060 at the Chairman Chamber of Commerce and he kind of understood what I was saying. 150 00:06:42,330 --> 00:06:45,240 So it was literally driving, He was driving to where I live and 151 00:06:45,240 --> 00:06:46,320 it was in the middle of nowhere. 152 00:06:46,650 --> 00:06:49,020 So like he was driving there for two hours, taking a look at what I'm 153 00:06:49,020 --> 00:06:50,490 doing and speaking with me, right? 154 00:06:50,490 --> 00:06:54,745 So I showed him, showed him the stuff, and then he gave me, Yeah, he gave me 155 00:06:54,745 --> 00:06:59,094 a kind of special permission to only go to school one or two days a week. 156 00:06:59,094 --> 00:07:01,495 So they make the legal stamp on that, and I can use the rest of 157 00:07:01,495 --> 00:07:03,055 the time to, to further go ahead. 158 00:07:03,565 --> 00:07:06,805 So yeah, that was, that was beautiful because then I had, You can spend 159 00:07:06,805 --> 00:07:11,260 more time now studying the, the, the cybersecurity and then, and improving 160 00:07:11,695 --> 00:07:13,525 yourself and skills and, and all that. 161 00:07:13,825 --> 00:07:14,515 Exactly. 162 00:07:14,844 --> 00:07:20,305 So, but that is something that con also continued throughout the years that in 163 00:07:20,305 --> 00:07:25,065 some places, , it's, it's very limited when it comes to the will to innovate. 164 00:07:25,365 --> 00:07:29,565 And to circle back to your initially question, why I'm here now in, in Rya, 165 00:07:29,565 --> 00:07:34,755 because here you, you really see the will present to innovate, to change something. 166 00:07:34,755 --> 00:07:37,155 And that is just, in my opinion, really beautiful to see. 167 00:07:37,575 --> 00:07:37,845 Yes. 168 00:07:37,845 --> 00:07:43,725 And uh, I mean, having black hat here was, was one of the anything thing that Saudis 169 00:07:43,785 --> 00:07:45,885 is trying to do is to bring them and, and. 170 00:07:47,474 --> 00:07:51,585 like you, like all of, I don't know if you walked around the, the black hat 171 00:07:51,705 --> 00:07:55,485 and the venue, you can see the CTFs, the book bounties, the car hacking 172 00:07:55,485 --> 00:07:59,685 villages, what we are gonna talk about and even the drones and lock picking, 173 00:08:00,645 --> 00:08:03,224 bringing all these together is amazing. 174 00:08:03,224 --> 00:08:07,414 And having them and having all 50 plus people, a thousand people are, 175 00:08:07,414 --> 00:08:09,885 are here to learn and, and improve. 176 00:08:10,965 --> 00:08:15,855 I see that you wrote, uh, in, in, in social media that you are, are a Tesla. 177 00:08:16,620 --> 00:08:21,390 Yes, I, I'm a huge Tesla and I think yourself and, and me in the morning. 178 00:08:21,390 --> 00:08:23,219 We were having fun with Tesla. 179 00:08:25,349 --> 00:08:26,130 Tell me about that. 180 00:08:27,120 --> 00:08:31,109 And you told me about the story you told me back then, uh, about, about how 181 00:08:31,109 --> 00:08:33,240 you got into the Tesla a Absolutely. 182 00:08:33,240 --> 00:08:35,250 So let's start off with, uh, being a Tesla. 183 00:08:35,309 --> 00:08:42,059 And so I'm not a car guy, I'm a tech guy, but a Tesla is a computer on wheels. 184 00:08:42,210 --> 00:08:45,210 So obviously that is something that is just wonderful to see. 185 00:08:46,275 --> 00:08:48,825 It really in, in the core, it's softer. 186 00:08:48,825 --> 00:08:51,345 It's, it's, it's not the car, it's the software that is running on it. 187 00:08:51,345 --> 00:08:52,665 So that is really exciting. 188 00:08:52,725 --> 00:08:53,175 Yes. 189 00:08:53,205 --> 00:08:55,785 So I've been a Tesla fan for, for a number of years. 190 00:08:56,025 --> 00:08:59,025 I don't have one yet, but I'm really looking forward. 191 00:08:59,475 --> 00:09:00,285 So, yeah. 192 00:09:00,285 --> 00:09:03,345 It was really funny this, this morning when we did all of 193 00:09:03,350 --> 00:09:05,945 our tricks with, with the car. 194 00:09:06,285 --> 00:09:06,645 Yes. 195 00:09:06,885 --> 00:09:09,735 And I mean, for us it's fun to demonstrate it here and it's 196 00:09:09,735 --> 00:09:12,944 really cool to see, but it's, it's really a critical vulnerability. 197 00:09:12,944 --> 00:09:13,275 Right. 198 00:09:13,515 --> 00:09:16,814 And we can directly dive into the story of how all of that unfolded. 199 00:09:16,905 --> 00:09:17,834 Yes, yes, for sure. 200 00:09:17,834 --> 00:09:23,564 So, uh, being a test fan, and you mentioned a lot of tech guys 201 00:09:23,564 --> 00:09:27,135 like Tesla because of, it's, it's a technology that runs the car. 202 00:09:27,285 --> 00:09:33,074 And some, and I would include myself is I am also a car guy and, and, and 203 00:09:33,074 --> 00:09:34,935 tech, and this is a combination for me. 204 00:09:35,535 --> 00:09:36,825 Have a car that does both. 205 00:09:37,305 --> 00:09:41,385 Uh, and tell me about the finding and the one that you, you, the 206 00:09:41,385 --> 00:09:42,615 administration did this morning. 207 00:09:42,885 --> 00:09:43,425 Absolutely. 208 00:09:43,425 --> 00:09:47,955 So the whole story started in January, which is a, a few months already. 209 00:09:48,015 --> 00:09:48,435 Okay. 210 00:09:48,765 --> 00:09:54,585 So, . Originally I didn't even plan to hack a car so that that wasn't even So 211 00:09:54,855 --> 00:09:56,685 you were not just having a car to attack? 212 00:09:56,685 --> 00:09:57,255 Exactly. 213 00:09:57,375 --> 00:09:59,925 So I, I, I said I don't have a Tesla. 214 00:09:59,925 --> 00:10:00,135 Right. 215 00:10:00,135 --> 00:10:03,615 So I was just sitting there in Germany and again, it was 216 00:10:03,615 --> 00:10:04,965 curiosity that striked again. 217 00:10:04,965 --> 00:10:05,355 Right. 218 00:10:05,955 --> 00:10:07,845 This is basically the key for cybersecurity. 219 00:10:07,850 --> 00:10:08,685 You need to be curious. 220 00:10:08,685 --> 00:10:09,705 Exactly, exactly. 221 00:10:09,705 --> 00:10:12,285 That really is the, one of the keys there. 222 00:10:12,885 --> 00:10:15,315 And I just wanted to underst. 223 00:10:15,975 --> 00:10:17,535 How do things work? 224 00:10:17,535 --> 00:10:20,055 Exactly, because here's something that is quite interesting. 225 00:10:20,055 --> 00:10:24,405 When we take a look at modern cars, all of them call back to the 226 00:10:24,405 --> 00:10:27,375 manufacturer and speak with their bag and infrastructure constantly. 227 00:10:27,380 --> 00:10:28,635 That's not only limited to Tesla. 228 00:10:28,640 --> 00:10:30,045 A lot of other cars also do that. 229 00:10:30,765 --> 00:10:35,564 So I was thinking from, from a hackers perspective, if you can try to find 230 00:10:35,564 --> 00:10:38,985 a vulnerability in wifi or Bluetooth, but then you have to be near a car. 231 00:10:38,985 --> 00:10:41,954 You can only have access to one car at a time. 232 00:10:42,495 --> 00:10:46,875 But if you would be able to get access to that centralized entry point that we are 233 00:10:46,875 --> 00:10:51,135 creating that single attack vector on the manufacturer side that is connected to all 234 00:10:51,135 --> 00:10:54,704 of the cars out there, then you would be able to have a lot more impact remotely. 235 00:10:55,935 --> 00:10:59,445 Okay, so I was actually just by accident, taking a look at how some 236 00:10:59,445 --> 00:11:01,035 of the things work on Tesla side. 237 00:11:01,515 --> 00:11:04,995 And it's quite interesting because all of those cars communicate with something 238 00:11:04,995 --> 00:11:06,735 on Tesla side called the mothership. 239 00:11:06,735 --> 00:11:09,645 That is their main, main server on the backend infrastructure. 240 00:11:10,035 --> 00:11:12,405 So I was just trying to understand how exactly that works. 241 00:11:12,410 --> 00:11:14,205 What, what technologies are built in their. 242 00:11:14,470 --> 00:11:17,680 And then I was discovering that a piece of third party code was 243 00:11:17,680 --> 00:11:18,790 connected to that mothership. 244 00:11:18,790 --> 00:11:22,870 So that mothership is providing interfaces for a lot of internal Tesla services. 245 00:11:22,870 --> 00:11:24,040 Also some external stuff. 246 00:11:24,460 --> 00:11:27,160 There was this piece of third party code connected there, so I was 247 00:11:27,400 --> 00:11:28,870 trying to dig deeper into that. 248 00:11:28,870 --> 00:11:31,570 You know, I, I didn't even expect to find a vulnerability. 249 00:11:31,575 --> 00:11:33,220 I didn't even want to find a vulnerability. 250 00:11:33,220 --> 00:11:36,640 I was just curious digging into this, um, trying to understand how it. 251 00:11:37,080 --> 00:11:37,740 Exactly. 252 00:11:37,740 --> 00:11:40,320 You're trying to see how things works and how things connected. 253 00:11:40,500 --> 00:11:42,990 Exactly, because that, that's what you have to learn if you want 254 00:11:42,990 --> 00:11:46,110 to figure out how exactly what is going on behind the scenes. 255 00:11:46,755 --> 00:11:50,355 So I was taking a look at this third party piece of code and I figured 256 00:11:50,355 --> 00:11:55,305 out that it's having access to some kind of digital car keys and tos, 257 00:11:55,310 --> 00:11:56,535 and it's, it's also storing them. 258 00:11:56,775 --> 00:11:57,975 And I figured out it's storing them. 259 00:11:57,980 --> 00:12:00,705 So they haven't been encrypted so far from what I've seen. 260 00:12:00,705 --> 00:12:03,975 And then they got stored into something called repo, and I thought repo is 261 00:12:03,975 --> 00:12:05,805 going to be a secure storage mechanism. 262 00:12:05,805 --> 00:12:09,315 It's going to be evolved, it's gonna take care of encryption and every, everything. 263 00:12:10,275 --> 00:12:13,125 So I was trying to figure out what repo is and it wasn't a 264 00:12:13,125 --> 00:12:15,525 secure storage mechanism at all. 265 00:12:15,530 --> 00:12:18,045 It was just a normal postgre scale database. 266 00:12:18,555 --> 00:12:22,814 So that was really interesting, um, to know that there was a major flag. 267 00:12:23,594 --> 00:12:26,594 And then I also figured out that this piece of third party code, 268 00:12:26,594 --> 00:12:29,535 you can read like some charging statistics and, and stuff like that. 269 00:12:30,135 --> 00:12:34,214 So I was like, What if I, I didn't expect this to work, but what if I would be 270 00:12:34,214 --> 00:12:37,905 able to craft a malicious request that is like, Hey, you know, give me the charging 271 00:12:37,905 --> 00:12:41,594 statistics, but then also hop a few tables in the database and read me those 272 00:12:41,625 --> 00:12:43,515 digital car keys and bring them to me. 273 00:12:44,175 --> 00:12:46,875 So I was crafting that malicious request and send it. 274 00:12:47,505 --> 00:12:51,975 And really to my surprise, I got back some of those digital car keys and I was 275 00:12:51,980 --> 00:12:53,845 like, That is, that is really interesting. 276 00:12:54,285 --> 00:12:59,325 So I was, I was pulling them and with those you can approach 277 00:12:59,325 --> 00:13:03,405 the Tesla mothership and be like the, the car owner or, or Tesla, 278 00:13:03,405 --> 00:13:04,785 and then issue some commands. 279 00:13:04,790 --> 00:13:07,695 And those commands get sent from the mothership to the car, and the car isn't 280 00:13:07,695 --> 00:13:10,845 gonna question it because it comes from, from Tesla's backend infrastructure. 281 00:13:10,845 --> 00:13:11,295 Right, Exactly. 282 00:13:11,295 --> 00:13:12,585 And with the, with the, with the proper. 283 00:13:13,155 --> 00:13:13,785 Exactly. 284 00:13:14,085 --> 00:13:15,435 So that was really interesting. 285 00:13:15,435 --> 00:13:18,375 And at first I thought, you know, I can read data that that's, that's 286 00:13:18,375 --> 00:13:21,945 what I thought, you know, like where a car is or what a car is doing. 287 00:13:22,335 --> 00:13:26,835 But I also knew that there, there would be a way to, to run commands on, on, 288 00:13:26,835 --> 00:13:31,695 on their ride, but I didn't have a car so needed to try it somewhere else. 289 00:13:32,045 --> 00:13:35,595 Jump before jumping to the, the, the changes that you have 290 00:13:35,595 --> 00:13:36,555 done or the commands that you. 291 00:13:37,200 --> 00:13:38,670 What kind of data you've seen? 292 00:13:38,700 --> 00:13:41,100 You told me that the locations and what else? 293 00:13:41,190 --> 00:13:43,260 Yeah, you can see a lot of stuff. 294 00:13:43,260 --> 00:13:46,650 So you can see the actual location, you can see where the car is heading to. 295 00:13:46,650 --> 00:13:51,120 You can see where it's navigating to the speed you, you can see the speed, 296 00:13:51,120 --> 00:13:55,830 you can see, You can even see like what, what shift is selected, like what gear 297 00:13:55,830 --> 00:13:57,780 the car is in and, and things like that. 298 00:13:57,810 --> 00:14:01,620 You can see if music is playing, you can see the AC settings, you. 299 00:14:02,550 --> 00:14:03,990 Pretty much see all of it basically. 300 00:14:03,990 --> 00:14:04,200 Yeah. 301 00:14:04,230 --> 00:14:08,190 You know exactly what the car's doing and where they're heading and, and, 302 00:14:08,490 --> 00:14:13,080 and even I believe even if the seats are, uh, the heaters of the seats 303 00:14:13,080 --> 00:14:15,210 are running or, That's interesting. 304 00:14:15,630 --> 00:14:20,160 And then now you collected all the, these data, you know, all this information, but 305 00:14:20,165 --> 00:14:22,710 these are, we would call them be donley. 306 00:14:22,950 --> 00:14:23,790 You are collecting. 307 00:14:24,720 --> 00:14:27,569 Now what, what is the changes or the commands that you have done 308 00:14:27,720 --> 00:14:32,040 exactly or we could have done, So I needed a car to test it somehow. 309 00:14:32,040 --> 00:14:32,370 Right. 310 00:14:32,760 --> 00:14:34,590 So I'm not quite sure. 311 00:14:34,890 --> 00:14:36,240 You also drive a Tesla, right? 312 00:14:36,310 --> 00:14:36,510 Yes. 313 00:14:36,510 --> 00:14:39,120 So do you have, do you have a custom name set for your Tesla? 314 00:14:39,180 --> 00:14:39,900 Yes, I do. 315 00:14:39,900 --> 00:14:42,360 I, I put, I put a custom name for my Tesla. 316 00:14:42,420 --> 00:14:42,930 Exactly. 317 00:14:42,935 --> 00:14:46,770 Because a lot of Tesla owners, students, and some of them are very creative. 318 00:14:46,920 --> 00:14:49,079 So I was pulling the names for those Tesla. 319 00:14:49,439 --> 00:14:52,830 And there was one name that was very unique, so I was just taking that 320 00:14:52,830 --> 00:14:56,010 name, putting it into Google and wrote like Tesla next to it and Google. 321 00:14:56,100 --> 00:15:00,120 And then a few tweets showed up from the guy who was tweeting about his Tesla. 322 00:15:00,120 --> 00:15:01,740 It was a Model X with that name. 323 00:15:01,780 --> 00:15:02,060 Okay. 324 00:15:02,060 --> 00:15:04,949 So I was texting him on Twitter and I was like, Hey, do you still have 325 00:15:04,955 --> 00:15:06,569 your Tesla, you know, with that name? 326 00:15:06,569 --> 00:15:10,199 And interesting, he actually came back and he was like, Like, what are 327 00:15:10,260 --> 00:15:11,970 last six stitches of the VIN number? 328 00:15:12,090 --> 00:15:13,290 Like if you actually have access. 329 00:15:13,290 --> 00:15:16,199 So I was pulling that up and I sent him like the VIN number 330 00:15:16,560 --> 00:15:18,569 and he was like, That is my car. 331 00:15:18,719 --> 00:15:19,530 And I'm like, Great. 332 00:15:19,530 --> 00:15:23,010 And if you now give me the permission please to, to run commands, that would 333 00:15:23,010 --> 00:15:24,989 be great if, if we could do that. 334 00:15:24,989 --> 00:15:26,520 And he was like, Yeah, I tried to do it. 335 00:15:26,520 --> 00:15:27,000 Whatever. 336 00:15:27,449 --> 00:15:29,849 So I was, at first I was doing homeless stuff, you know, like 337 00:15:29,849 --> 00:15:33,420 honking jo Horn and flashing the lights and, and then he allowed it. 338 00:15:33,425 --> 00:15:34,469 He exactly. 339 00:15:34,469 --> 00:15:35,069 Feel free to do it. 340 00:15:35,130 --> 00:15:35,849 Exactly. 341 00:15:35,880 --> 00:15:36,329 Interesting. 342 00:15:36,359 --> 00:15:39,829 And then I asked him to confirm that he's a good guy and he, 343 00:15:39,834 --> 00:15:41,040 he luckily was also into tech. 344 00:15:41,040 --> 00:15:42,719 A lot of Tesla owners are Yes, exactly. 345 00:15:43,500 --> 00:15:46,620 So he was seeing that, that it worked and that was really, that was 346 00:15:46,620 --> 00:15:51,930 surprising because, you know, that car was in California, it always has been 347 00:15:51,930 --> 00:15:53,160 in California, it's its whole life. 348 00:15:53,160 --> 00:15:56,340 The Tesla owner is also in California and he now, there's this random 349 00:15:56,340 --> 00:16:00,300 request from Germany to like, at first honk the horn, but then also 350 00:16:00,300 --> 00:16:02,400 to unlock the doors from Germany. 351 00:16:02,700 --> 00:16:03,720 And it just went through. 352 00:16:03,910 --> 00:16:05,520 I, I expected this to be blocked, right? 353 00:16:05,520 --> 00:16:06,240 Yes, exactly. 354 00:16:06,240 --> 00:16:10,140 I mean, you, why would someone send it from a different continent? 355 00:16:10,470 --> 00:16:10,890 Exactly. 356 00:16:11,595 --> 00:16:15,194 And sent all these requests, which is interesting that it, it allowed it. 357 00:16:15,824 --> 00:16:19,574 And also, so I logged into my Twitter account and also my sum 358 00:16:19,580 --> 00:16:21,645 account here in, in Saudi Arabia. 359 00:16:21,645 --> 00:16:25,215 And then it showed me like those messages where it was like, Hey David, it's very 360 00:16:25,215 --> 00:16:28,665 unusual that you log in from here, so please, now we just send your code. 361 00:16:28,665 --> 00:16:29,595 Please put in the code. 362 00:16:29,835 --> 00:16:30,824 You know, things like that. 363 00:16:31,170 --> 00:16:34,920 And that wasn't present when sending commands to the commands to the car. 364 00:16:35,010 --> 00:16:36,360 And you could do a lot of things. 365 00:16:36,480 --> 00:16:40,500 So to you can actually also combine some of those things, which are interesting. 366 00:16:40,505 --> 00:16:44,579 So you can locate where a car is, you can turn off the century mode, which is the 367 00:16:44,584 --> 00:16:46,439 security mode that watches those cars. 368 00:16:46,439 --> 00:16:49,140 And the one also takes the cam the videos for Exactly. 369 00:16:49,145 --> 00:16:49,920 For everyone around it. 370 00:16:50,130 --> 00:16:50,550 Exactly. 371 00:16:50,699 --> 00:16:53,819 And then you can unlock the doors, get in, and. 372 00:16:54,735 --> 00:16:58,185 Start keyless driving, which means you don't know who the owner is. 373 00:16:58,185 --> 00:16:59,655 You've never seen the car before. 374 00:16:59,655 --> 00:17:00,615 You just walk up. 375 00:17:00,675 --> 00:17:02,295 You don't have the key, You just walk up. 376 00:17:02,324 --> 00:17:04,274 You get in and you take it for a road trip. 377 00:17:04,665 --> 00:17:06,194 That's, that's, that's the scary part. 378 00:17:06,194 --> 00:17:08,024 Now someone can steal your car. 379 00:17:08,444 --> 00:17:11,865 I mean, the keyless part is to help people. 380 00:17:11,869 --> 00:17:15,345 If someone want to drive it or move it, you can allow it. 381 00:17:15,405 --> 00:17:18,375 As a test owner, I can allow someone to move the car. 382 00:17:18,494 --> 00:17:18,855 Exactly. 383 00:17:18,855 --> 00:17:22,530 But now, Leveraged from a attacker perspective you 384 00:17:22,530 --> 00:17:23,580 can, You can steal the car. 385 00:17:23,760 --> 00:17:24,210 Exactly. 386 00:17:24,210 --> 00:17:25,020 Which is the scare part. 387 00:17:25,880 --> 00:17:29,010 Sometime you go out and then you cannot find your car cause someone 388 00:17:29,010 --> 00:17:31,140 just turn it on and then left it. 389 00:17:31,530 --> 00:17:32,010 Exactly. 390 00:17:32,010 --> 00:17:34,830 But you can also do a lot of things to mess with the owner itself. 391 00:17:34,830 --> 00:17:35,100 Right. 392 00:17:35,340 --> 00:17:38,550 So let's say you have a very important business meeting you have to get to. 393 00:17:38,940 --> 00:17:42,240 So you go out to your car, you unlock it, and the car just lock. 394 00:17:42,810 --> 00:17:44,010 So you unlock it again. 395 00:17:44,010 --> 00:17:44,730 Car locks again. 396 00:17:44,760 --> 00:17:45,150 Yes. 397 00:17:45,180 --> 00:17:49,050 So eventually you get into your car and you sit down and you want to start 398 00:17:49,050 --> 00:17:50,730 driving, but then the triangle opens. 399 00:17:50,850 --> 00:17:52,260 So you close the triangle again. 400 00:17:52,265 --> 00:17:54,330 Triangle opens again, and you close it again. 401 00:17:54,390 --> 00:17:58,950 And then your car randomly starts blasting music, you know, like very 402 00:17:58,950 --> 00:18:00,780 loud that that would be quite an issue. 403 00:18:00,780 --> 00:18:01,080 Right. 404 00:18:01,320 --> 00:18:05,490 And then a YouTube video pops up, which is like, Hey, so, So your car 405 00:18:05,490 --> 00:18:06,990 has been hacked and it's quite funny. 406 00:18:08,340 --> 00:18:11,160 When I posted about this on Twitter, there was this one guy and he was like, 407 00:18:11,160 --> 00:18:12,720 Yeah, that's the start of drive somewhere. 408 00:18:13,080 --> 00:18:14,580 And I was like, What is drive somewhere? 409 00:18:14,790 --> 00:18:18,960 He was like, Well, driving in ransomware combined, uh, because that 410 00:18:18,960 --> 00:18:22,050 is probably what we are gonna add to because I could show you a message 411 00:18:22,080 --> 00:18:24,600 to the Tesla under there and be like, Hey, so either you pay me Bitcoin 412 00:18:24,690 --> 00:18:25,860 or you miss your important meeting. 413 00:18:26,520 --> 00:18:28,290 And it's also quite interesting because. 414 00:18:29,010 --> 00:18:31,800 Dismiss all of that and, and you, you get to start driving. 415 00:18:31,800 --> 00:18:35,130 But what if I then set you a speed limit to like five kilometers power? 416 00:18:35,670 --> 00:18:38,700 You're not gonna make it to your appointment on a, on a highway. 417 00:18:38,700 --> 00:18:39,750 It will be dangerous as well. 418 00:18:39,750 --> 00:18:41,700 It's not just messing with them. 419 00:18:41,700 --> 00:18:44,490 You, it's, it's becoming also dangerous and that's, that's 420 00:18:44,490 --> 00:18:45,900 when it's becoming critical. 421 00:18:45,905 --> 00:18:46,550 Absolutely. 422 00:18:47,475 --> 00:18:50,035 and something that's also quite interesting. 423 00:18:50,035 --> 00:18:52,875 You have full control over the AC so you can just blast someone 424 00:18:52,875 --> 00:18:54,135 with like 40 degrees heat. 425 00:18:54,165 --> 00:18:56,355 And you know how powerful a Tesla AC is. 426 00:18:56,635 --> 00:18:57,195 It's incredible. 427 00:18:57,315 --> 00:18:57,885 Yes, yes. 428 00:18:57,885 --> 00:19:01,935 And, and, and blasting is, is gonna be also scary if it's, 429 00:19:01,940 --> 00:19:03,495 let's say in a heat area. 430 00:19:03,495 --> 00:19:08,205 Let's say in Saudi we are, we have a, a heat, it's, it's very hot. 431 00:19:08,655 --> 00:19:13,245 And having a heated, uh, seats on is gonna be even worse. 432 00:19:13,905 --> 00:19:15,915 Uh, which is interesting. 433 00:19:16,800 --> 00:19:21,720 All these components are now connected and not just Tesla, every, everyone else, 434 00:19:21,720 --> 00:19:23,550 even other cars, they have the same thing. 435 00:19:24,090 --> 00:19:28,470 They start putting a sticker saying this, This car can connect and send 436 00:19:28,470 --> 00:19:30,930 data, and you can unlock and unlock. 437 00:19:33,090 --> 00:19:35,580 It's a usability right now. 438 00:19:35,880 --> 00:19:39,180 You are helping making things convenient and easier. 439 00:19:39,300 --> 00:19:41,910 But it is also scary because now it's. 440 00:19:43,095 --> 00:19:45,945 Uh, uh, leverage for the attackers to attack. 441 00:19:45,945 --> 00:19:47,655 It's more attacking service. 442 00:19:47,745 --> 00:19:47,985 Yes. 443 00:19:49,155 --> 00:19:51,435 So how are we gonna protect this? 444 00:19:51,675 --> 00:19:56,055 But that is actually a, a conversation that is very, that has been brought up 445 00:19:56,055 --> 00:19:58,275 in cyber's acuity since, since some time. 446 00:19:58,545 --> 00:20:01,335 And I like, Usability versus security. 447 00:20:01,395 --> 00:20:01,665 Exactly. 448 00:20:01,665 --> 00:20:04,695 Because you know, the, the customers demand, you know, like those convenience 449 00:20:04,695 --> 00:20:08,715 features and the project managers warned and the management of companies also 450 00:20:08,720 --> 00:20:12,855 warned because it's probably gonna bring in more revenue and things like that. 451 00:20:12,855 --> 00:20:13,155 Right. 452 00:20:13,605 --> 00:20:15,615 So how do we deal with that? 453 00:20:16,545 --> 00:20:19,335 And that is, I don't have the final answer for this. 454 00:20:19,335 --> 00:20:21,855 That is a conversation we are having as an industry, right? 455 00:20:21,855 --> 00:20:24,615 How do we navigate between usability and cybersecurity? 456 00:20:24,915 --> 00:20:28,125 But what was interesting to point out were two things that I think 457 00:20:28,125 --> 00:20:29,505 are great learnings from this. 458 00:20:29,715 --> 00:20:34,335 So one is we are connecting things that haven't been previously connected to the 459 00:20:34,335 --> 00:20:36,465 internet now in a massive extent to the. 460 00:20:37,139 --> 00:20:40,530 You know, we don't do this to a few hundred cars to see if it works. 461 00:20:40,530 --> 00:20:41,820 Those aren't concept cars. 462 00:20:42,060 --> 00:20:45,389 We are doing this to millions of cars, tens of millions of 463 00:20:45,389 --> 00:20:46,860 cars within the next decade. 464 00:20:47,250 --> 00:20:49,530 So that is gonna be incredible. 465 00:20:49,530 --> 00:20:49,860 Right. 466 00:20:50,820 --> 00:20:54,239 And you know, if, if we see the, the history, you know, like 80 years ago in 467 00:20:54,239 --> 00:20:55,750 a car, there was no technology at all. 468 00:20:56,190 --> 00:21:00,570 Then we had our traditional cars with Canvas, a wifi and GSM interface, 469 00:21:00,600 --> 00:21:02,220 your tire pressure monitoring system. 470 00:21:02,490 --> 00:21:05,470 But what we are doing now is we are connecting those cars to so 471 00:21:05,475 --> 00:21:06,360 many more things, you know, like. 472 00:21:07,290 --> 00:21:10,530 V tweaks, communication, like communicating with other cars, 473 00:21:10,530 --> 00:21:14,550 communicating with smart roads, communicating with traffic lights, and 474 00:21:14,550 --> 00:21:18,870 also over the year updates, APIs, fleet service apps, as we just talked about, 475 00:21:18,870 --> 00:21:23,130 whether a third party app, an official Tesla app, or also app stores that are 476 00:21:23,130 --> 00:21:24,540 known that are now getting considered. 477 00:21:24,855 --> 00:21:27,495 And something that's quite interesting is the EV charging port. 478 00:21:27,495 --> 00:21:30,945 Because if you fill your gas car, I mean gas goes in and that's it. 479 00:21:30,945 --> 00:21:31,185 Right? 480 00:21:31,185 --> 00:21:33,195 But as soon as you plug in, in an V charging port, 481 00:21:33,465 --> 00:21:34,725 constant data communication. 482 00:21:34,965 --> 00:21:35,145 Yes. 483 00:21:35,145 --> 00:21:36,495 So that is what happening here. 484 00:21:36,500 --> 00:21:38,805 We are connecting things that haven't been previously connected 485 00:21:38,805 --> 00:21:40,425 to, to a massive extent. 486 00:21:40,425 --> 00:21:43,635 Now the other thing is that innovation is happening so far. 487 00:21:43,895 --> 00:21:45,905 I mean, innovation is exciting, right? 488 00:21:45,905 --> 00:21:49,295 I'm also excited about innovation and it's wonderful to see what is happening there. 489 00:21:49,295 --> 00:21:53,045 You have large companies, you have global enterprises that want to, to innovate and 490 00:21:53,050 --> 00:21:54,905 release some of those cool new features. 491 00:21:54,905 --> 00:21:56,105 You have a lot of startups. 492 00:21:56,165 --> 00:21:56,915 Exactly. 493 00:21:56,915 --> 00:22:00,605 That's, that's what I'm, that's what I'm trying to add to, because that 494 00:22:00,605 --> 00:22:04,475 innovation is happening so fast now and so many exciting people are working on 495 00:22:04,475 --> 00:22:06,785 it, but at some point we have to pause. 496 00:22:06,785 --> 00:22:10,024 We have to take a step back and make sure the right security is implemented 497 00:22:10,415 --> 00:22:13,014 and that is something that is, I. 498 00:22:13,560 --> 00:22:16,890 That Tesla is already a huge cyber, physical thing. 499 00:22:16,890 --> 00:22:17,100 Right. 500 00:22:17,100 --> 00:22:18,480 But it's still bound to the roads. 501 00:22:18,630 --> 00:22:20,040 Let's take a look at drones. 502 00:22:20,130 --> 00:22:22,290 I mean, drones are gonna be a huge topic now. 503 00:22:22,530 --> 00:22:22,950 Exactly. 504 00:22:22,950 --> 00:22:24,240 Especially also here in the region. 505 00:22:24,245 --> 00:22:24,330 Right. 506 00:22:24,990 --> 00:22:27,030 So how are we gonna tackle the steer? 507 00:22:27,030 --> 00:22:31,139 And as you also mentioned, smart cities, that is a very, very huge topic and 508 00:22:31,139 --> 00:22:33,120 we see the exact same progress here. 509 00:22:33,120 --> 00:22:36,719 You know, 80 years ago there was no technological city there. 510 00:22:36,725 --> 00:22:38,550 There was nothing, It wasn't offline city. 511 00:22:38,610 --> 00:22:42,570 And then we had somewhat connected cities, you know, where we pulled data from, we 512 00:22:42,574 --> 00:22:46,530 got statistics from, from certain data points that we collected, and now we 513 00:22:46,530 --> 00:22:51,629 are heading towards smart or cognitive cities, which are gonna be interconnected. 514 00:22:51,629 --> 00:22:52,560 There's gonna be a. 515 00:22:53,025 --> 00:22:57,435 IOT and OT infrastructure, there's gonna be a lot of interconnected systems that 516 00:22:57,435 --> 00:22:59,865 can control certain aspects of that city. 517 00:23:00,015 --> 00:23:03,345 And that's where we are gonna see the exact same challenges, but we have to 518 00:23:03,345 --> 00:23:08,415 really prevent them because when we take a look at the cyber physical space, we 519 00:23:08,415 --> 00:23:09,975 can't wait for a attacks to happen there. 520 00:23:09,980 --> 00:23:10,755 We have to secure it. 521 00:23:10,755 --> 00:23:12,915 Now let's take a look at some other things. 522 00:23:12,915 --> 00:23:14,325 I always take Uber as an example. 523 00:23:14,325 --> 00:23:15,765 Let's say Uber gets hacked. 524 00:23:16,125 --> 00:23:17,385 I mean, what's the effect on us? 525 00:23:17,445 --> 00:23:20,895 We, we, we have to call a taxi instead of using the app. 526 00:23:21,075 --> 00:23:21,165 Yes. 527 00:23:21,405 --> 00:23:21,765 But that's. 528 00:23:22,455 --> 00:23:26,355 On cyber physical systems that is gonna have direct impact on human lives 529 00:23:26,625 --> 00:23:28,515 and we have to secure it right now. 530 00:23:28,515 --> 00:23:30,405 We can't wait 10 years for that, you know? 531 00:23:30,555 --> 00:23:34,395 And that is something where a lot of people here agree. 532 00:23:34,455 --> 00:23:36,705 I would say nearly everyone agrees here with that. 533 00:23:37,065 --> 00:23:40,905 And it's quite interesting also to, just to mention that quickly, you, for 534 00:23:40,905 --> 00:23:45,335 that blackhead here, you brought all the guys, like all the names, everyone, 535 00:23:45,340 --> 00:23:49,455 like Chris Roberts is here, the guy who who hacked an airplane with flight. 536 00:23:49,785 --> 00:23:51,495 I was just walking on the other side of. 537 00:23:52,575 --> 00:23:56,415 Of the event location and you had the car hacking village from Defcon and, and 538 00:23:56,415 --> 00:23:58,185 Robert Lee, Ellie and, and those people. 539 00:23:58,185 --> 00:23:59,055 So, Exactly. 540 00:23:59,055 --> 00:24:03,045 And also the, the drones hacking, uh, the, the smart city hacking also there 541 00:24:03,045 --> 00:24:08,355 is, they have a, they built a great city, uh, and they, they try to do some 542 00:24:08,504 --> 00:24:12,705 things and the lights will shut off, the signals will open, and, uh, you might 543 00:24:12,705 --> 00:24:16,215 have car accidents and that's why it's, it's becoming dangerous rather than 544 00:24:17,115 --> 00:24:19,455 us, let's say five, 10 years ago, it. 545 00:24:20,490 --> 00:24:23,490 if the system wind down as, as you mentioned, if, if Uber winds 546 00:24:23,490 --> 00:24:28,830 down, you will start going to the streets and then just having a taxi. 547 00:24:29,280 --> 00:24:33,300 But now it's, it's affecting us directly and this is when it becomes dangerous. 548 00:24:33,659 --> 00:24:39,240 And what you showed this morning is, is basically proof 549 00:24:39,240 --> 00:24:40,649 that is, it's getting there. 550 00:24:40,649 --> 00:24:43,050 We need to be prepared before we jump into it. 551 00:24:43,620 --> 00:24:47,010 Uh, but I'm gonna go back few. 552 00:24:48,900 --> 00:24:53,460 You did the show for the Tesla, and I saw a lot of that show we were together over 553 00:24:53,460 --> 00:24:56,160 there, and a lot of high profiles come in. 554 00:24:57,300 --> 00:24:58,350 How do you see that? 555 00:24:58,560 --> 00:25:01,260 How do you see the people who are interested in seeing this 556 00:25:01,530 --> 00:25:06,540 attacks and, and you did some chit chat, small chit chat with them. 557 00:25:07,080 --> 00:25:10,320 Tell me about them because these, these are interesting people would love to hear 558 00:25:10,320 --> 00:25:15,630 about them and, and see the perspective from your i from your vision also from. 559 00:25:16,425 --> 00:25:17,055 How do you see? 560 00:25:17,115 --> 00:25:17,985 How do they see this? 561 00:25:18,075 --> 00:25:18,765 Absolutely. 562 00:25:18,975 --> 00:25:22,725 So it was quite interesting because I was speaking with quite a few people 563 00:25:23,175 --> 00:25:29,685 and also high profile people, and they also share that passion and that 564 00:25:29,685 --> 00:25:33,795 excitement and that interest, and that was beautiful to see because you 565 00:25:33,795 --> 00:25:36,375 know when you have that backing of. 566 00:25:37,335 --> 00:25:40,905 High profile people like that you can accelerate all of those initiatives to, 567 00:25:40,935 --> 00:25:43,095 to really make impact and drive progress. 568 00:25:43,545 --> 00:25:47,055 So it was really great and I think they also love to, to see the demo 569 00:25:47,060 --> 00:25:50,955 and sitting in the car and the car is doing things it shouldn't do, right? 570 00:25:51,135 --> 00:25:51,345 Yes. 571 00:25:51,735 --> 00:25:53,745 So it was great to have those, those conversations. 572 00:25:53,745 --> 00:25:56,595 And with some people I also had long on conversations. 573 00:25:56,600 --> 00:25:56,925 Right. 574 00:25:57,225 --> 00:26:00,015 And it was really great to see that on a lot of things. 575 00:26:00,015 --> 00:26:03,135 We are really on the same page and we are driving the progress now. 576 00:26:04,725 --> 00:26:08,685 Yeah, I, I think it was, it was really great to see having those high profile 577 00:26:08,685 --> 00:26:12,765 people also invested in the topic and, and wanting to put, to push something there. 578 00:26:13,035 --> 00:26:16,185 And also they did also send some commands, right? 579 00:26:16,755 --> 00:26:17,175 Yes. 580 00:26:17,295 --> 00:26:20,985 That, that was, that was fascinating because they, they, the, not just 581 00:26:20,990 --> 00:26:24,315 seeing it, but also they send the commands and seeing it on action. 582 00:26:24,315 --> 00:26:25,965 And even no keys, no nothing. 583 00:26:25,965 --> 00:26:27,645 Just the laptop and sending these commands. 584 00:26:27,645 --> 00:26:28,005 Exactly. 585 00:26:28,005 --> 00:26:29,025 It was, it was amazing. 586 00:26:29,205 --> 00:26:29,745 Hands on. 587 00:26:30,015 --> 00:26:30,795 Yes, it was. 588 00:26:36,390 --> 00:26:40,290 So I, by the way, fun, fun fact at this point. 589 00:26:40,410 --> 00:26:44,340 So when we had the Tesla honking multiple times, then nearby 590 00:26:44,340 --> 00:26:45,810 executive stage, they heard it. 591 00:26:46,200 --> 00:26:49,770 And I was speaking with Chris Roberts who was having a talk while our Tesla was 592 00:26:49,800 --> 00:26:53,940 honking and he was, every time he had to honk, he was like, Yeah, . There we go. 593 00:26:55,410 --> 00:26:56,010 This is great. 594 00:26:56,760 --> 00:27:00,030 Uh, that, that's, that's the beauty of the community and this is what Black 595 00:27:00,030 --> 00:27:03,990 Hat is, is bringing, is just having all these people interconnecting 596 00:27:03,990 --> 00:27:06,630 with the same thoughts and they're just jumping at, and, and this is the 597 00:27:06,630 --> 00:27:10,680 amazing part, uh, moving with the Tesla. 598 00:27:12,000 --> 00:27:16,920 That might be like some, some of the things that, uh, I mean, you've 599 00:27:16,920 --> 00:27:20,730 been into Dubai, you've been into the region, not just Saudi, uh, not 600 00:27:20,760 --> 00:27:22,980 just the uae, other, other countries. 601 00:27:25,140 --> 00:27:26,370 digitalization is huge. 602 00:27:26,580 --> 00:27:31,020 And you mentioned a lot of that part is moving with the smart cities and 603 00:27:31,020 --> 00:27:36,420 the the others, but how do you see the future of the cybersecurity? 604 00:27:37,020 --> 00:27:41,070 It's, it's, I, I'd like to hear your perspective because, 605 00:27:41,130 --> 00:27:42,240 uh, it's a big picture. 606 00:27:42,810 --> 00:27:44,730 We don't know, it's the unknown. 607 00:27:45,450 --> 00:27:48,030 We are heading there, but we, we don't know where we are going. 608 00:27:49,230 --> 00:27:50,790 We know what we have now. 609 00:27:50,790 --> 00:27:54,000 We can protect, protect some, some of the things that might happen. 610 00:27:54,000 --> 00:27:56,850 But what, five, 10 years? 611 00:27:57,300 --> 00:27:58,710 Uh, what do you think? 612 00:27:59,400 --> 00:28:04,470 So it's a very broad question, and let me start off with, we are 613 00:28:04,470 --> 00:28:05,850 the ones creating that future. 614 00:28:05,940 --> 00:28:09,540 So it's really on us to define how it's gonna look like, and 615 00:28:09,540 --> 00:28:11,110 I think it can go multiple. 616 00:28:12,030 --> 00:28:14,850 and there are ways that I would prefer, and there are ways that I 617 00:28:14,850 --> 00:28:16,439 really wouldn't like to to happen. 618 00:28:17,010 --> 00:28:21,570 So one thing that can happen is that we are going to see some of those massive 619 00:28:21,570 --> 00:28:26,220 cyber attacks happening because as we've seen it in the enterprise base, all of 620 00:28:26,220 --> 00:28:28,290 those enterprises act after the hack. 621 00:28:28,294 --> 00:28:32,459 Right after the hack, there's a budget to do it, but if we try to apply 622 00:28:32,459 --> 00:28:36,000 the same concept for cyber physical systems, that's not gonna work because. 623 00:28:37,139 --> 00:28:40,860 How is an after an airplane is crashing because of a cyber attack gonna look like, 624 00:28:41,280 --> 00:28:42,959 We can't wait for that to happen, right? 625 00:28:43,439 --> 00:28:45,780 So we really need to step in and accelerate. 626 00:28:45,784 --> 00:28:49,590 Now we don't, we can't wait five or 10 years to have attacks like that 627 00:28:49,770 --> 00:28:52,080 before we start acting in those spaces. 628 00:28:52,260 --> 00:28:54,120 And that is really what we have to speak about. 629 00:28:54,120 --> 00:28:58,409 You know, like, Just a few weeks ago, it was in England, uh, threat actors 630 00:28:58,409 --> 00:29:02,040 managed to hack into water infrastructure and they would have been able to dump 631 00:29:02,100 --> 00:29:06,899 a lot of chemicals, toxic chemicals into the water for 1.6 million people. 632 00:29:06,960 --> 00:29:10,950 So attacks like that are already starting to happen, and I think as soon as those 633 00:29:10,955 --> 00:29:15,480 threat actors realize how much pressure they can build by taking that, the 634 00:29:15,480 --> 00:29:17,129 world is gonna look a lot different. 635 00:29:17,370 --> 00:29:20,520 Because imagine you hack a company, you encrypt the data there. 636 00:29:21,689 --> 00:29:22,889 That's how you build the pressure, right? 637 00:29:22,919 --> 00:29:26,879 We have all of your company data of if you wanted back pay, pay us money. 638 00:29:27,179 --> 00:29:31,110 But imagine you have those ransomware groups being able to call up an 639 00:29:31,110 --> 00:29:33,870 airline and be like, Hey, so either you pay us a hundred million or we 640 00:29:33,870 --> 00:29:35,090 are gonna crash two of your planes. 641 00:29:35,715 --> 00:29:40,095 I mean, that builds a whole nother set of, of pressure, and I really fear that 642 00:29:40,095 --> 00:29:43,935 as soon as the threat actors realize the value in it, they are gonna go ahead. 643 00:29:43,935 --> 00:29:47,685 Because right now those things, they, they get demonstrated by security researchers. 644 00:29:47,689 --> 00:29:47,715 Right? 645 00:29:47,720 --> 00:29:48,735 But we are the good guys. 646 00:29:49,004 --> 00:29:52,125 Yes, we do it to, to make sure that things are secure, but I feel 647 00:29:52,125 --> 00:29:55,284 like the threat actors are slowly, slowly picking up there and. 648 00:29:56,385 --> 00:29:57,225 We should prevent this. 649 00:29:57,225 --> 00:30:01,305 So it can either go that route that we see those massive attacks, and then we 650 00:30:01,305 --> 00:30:06,405 really start to, to act or we manage with the, with the backing that we have. 651 00:30:06,795 --> 00:30:09,135 Um, and this is, this is gonna be a global task, right? 652 00:30:09,135 --> 00:30:10,395 That's not gonna be very easy, but. 653 00:30:11,235 --> 00:30:14,625 Let's say we are able to really accelerate cybersecurity now, we 654 00:30:14,625 --> 00:30:18,375 are able to solve some of the press pressing problems that we have here, 655 00:30:18,435 --> 00:30:21,975 and that is gonna, that is gonna come down to a few, few key pillars there. 656 00:30:22,455 --> 00:30:27,315 But if we are able to do that, then we are able to build, uh, a more secure future 657 00:30:27,320 --> 00:30:29,425 where cybersecurity is gonna enable. 658 00:30:29,985 --> 00:30:32,205 The things that we are gonna build in the great future. 659 00:30:32,205 --> 00:30:34,875 Now we, we spoke about smart cities, we spoke about drones. 660 00:30:35,024 --> 00:30:37,815 Cyber security is not gonna prevent them from happening. 661 00:30:37,815 --> 00:30:41,925 Cyber security is gonna enable them to operate securely and to 662 00:30:41,925 --> 00:30:44,385 be an amazing experience, right? 663 00:30:44,385 --> 00:30:48,524 Instead of being a total disaster, imagine a hack smart city in the Saudi 664 00:30:48,530 --> 00:30:50,415 desert and someone turns off the. 665 00:30:51,285 --> 00:30:52,695 That, that would, that would be a problem. 666 00:30:52,695 --> 00:30:52,965 Right. 667 00:30:53,295 --> 00:30:56,475 So that, that's really where now we have to accelerate and go ahead. 668 00:30:57,045 --> 00:30:59,145 And for, for me, it comes down to a few things. 669 00:30:59,145 --> 00:31:01,365 I mean, technology obviously is a huge part of it. 670 00:31:01,965 --> 00:31:04,095 We need to build more efficient technology. 671 00:31:04,095 --> 00:31:07,605 We need to automate some of the things because smart city example, 672 00:31:07,605 --> 00:31:11,565 again, there will be so many data points and we, we can't just throw 673 00:31:11,565 --> 00:31:14,775 people on that because they will be overwhelmed by everything coming in. 674 00:31:14,775 --> 00:31:16,005 So we need to automate that. 675 00:31:16,005 --> 00:31:18,975 We need to build more robust detection and prevention. 676 00:31:19,245 --> 00:31:22,305 Cyber Trudy, for me, on a technical level, comes down to three things. 677 00:31:22,635 --> 00:31:23,895 First one is visibility. 678 00:31:24,165 --> 00:31:25,785 You need to have visibility into. 679 00:31:27,389 --> 00:31:28,590 And smart city, great example. 680 00:31:28,590 --> 00:31:31,919 Again, because it's so complex, you need to have visibility into 681 00:31:31,919 --> 00:31:34,469 the status of your drones that are flying around in the status of your 682 00:31:34,475 --> 00:31:35,879 water infrastructure, your heating. 683 00:31:36,149 --> 00:31:38,429 It's, it's, you know, in a, in a enterprise environment, it's just 684 00:31:38,435 --> 00:31:41,639 we have our endpoints, we have our cloud, but in a smart city, 685 00:31:41,639 --> 00:31:42,719 it's also gonna look different. 686 00:31:42,989 --> 00:31:47,070 Second part then is protection or, or prevention, however you want to call it. 687 00:31:47,070 --> 00:31:50,040 That's why, that's why we also have to take a look at the basics, right? 688 00:31:50,429 --> 00:31:54,870 A lot of high profile cyber attacks in in the past happened because the basics were. 689 00:31:55,620 --> 00:31:59,159 I mean, having, having a, I'm not patching systems and a lot 690 00:31:59,159 --> 00:32:00,659 of the basics is, is not there. 691 00:32:00,690 --> 00:32:01,200 Exactly. 692 00:32:01,200 --> 00:32:02,370 Default passwords. 693 00:32:02,909 --> 00:32:04,170 Default passwords, Yeah. 694 00:32:04,170 --> 00:32:07,409 Default policies instead of setting secure policies. 695 00:32:07,710 --> 00:32:10,350 So that's, that's, that comes in the second pillar. 696 00:32:10,350 --> 00:32:12,270 Like securing all of that. 697 00:32:12,300 --> 00:32:14,879 Preventing, preventing those, those things there. 698 00:32:15,060 --> 00:32:18,300 But we all know there's no 100% security, so that's why the third 699 00:32:18,300 --> 00:32:19,649 pillar comes in and that's really huge. 700 00:32:19,649 --> 00:32:21,540 One detection and response. 701 00:32:22,230 --> 00:32:26,570 We need to be able to, Effective detection and response. 702 00:32:26,575 --> 00:32:30,600 So as soon as we have a threat actor anywhere in the network, we 703 00:32:30,600 --> 00:32:34,350 should be able to detect it very fast and respond to it efficiently. 704 00:32:34,500 --> 00:32:36,930 But if we take a look at some of these statistics, I mean, how 705 00:32:36,930 --> 00:32:40,920 long does it take for, for cies to detect threat actors in the network? 706 00:32:40,925 --> 00:32:45,330 I think it, it's, it's, it's six months from, from what I've recently read. 707 00:32:45,360 --> 00:32:45,540 Yes. 708 00:32:45,780 --> 00:32:50,490 Some, some people, the, the time to detect, time to prevent it, it's huge. 709 00:32:50,550 --> 00:32:51,570 So a lot of people. 710 00:32:52,275 --> 00:32:55,215 Actors will stay there, will live there, and it's not 711 00:32:55,215 --> 00:32:58,695 detected and it's, it is hard. 712 00:32:58,695 --> 00:33:03,435 I mean, a lot of the things that happen during that, these attacks, and 713 00:33:03,440 --> 00:33:07,035 you mentioned the detection and the response, but what if they are blinded? 714 00:33:07,485 --> 00:33:12,855 Or what if the attackers advance enough to bypass all these security controls? 715 00:33:14,025 --> 00:33:17,775 That's, I believe one of the things that cybersecurity talk 716 00:33:17,775 --> 00:33:19,395 about is, is the security. 717 00:33:20,115 --> 00:33:24,045 And is is the layer of security where you need to protect multiple layers. 718 00:33:24,945 --> 00:33:27,375 But here's, here's a wonderful point to that. 719 00:33:27,375 --> 00:33:29,025 I'm not quite sure where I heard it. 720 00:33:29,865 --> 00:33:31,755 Um, so, but I'm, I'm gonna quote it. 721 00:33:31,815 --> 00:33:36,495 So someone said, I wish I could recall who said it because it's, it's, it's 722 00:33:36,495 --> 00:33:41,695 a very genius quote, but someone said, As soon as nation state actors. 723 00:33:42,345 --> 00:33:45,945 You know, they have, they have capability, they have, uh, they have funding. 724 00:33:46,215 --> 00:33:51,555 So as soon as nation state actors start using zero days to target to get access 725 00:33:51,555 --> 00:33:55,335 to their target, then the world already made a lot of progress because right 726 00:33:55,335 --> 00:33:59,925 now, nation state actors who really could go ahead and develop, develop zero days 727 00:33:59,925 --> 00:34:03,735 that the world has never seen before to get access to their target, they, they 728 00:34:03,735 --> 00:34:08,534 literally still use those basic security failures to get into their targets. 729 00:34:08,540 --> 00:34:08,835 Right. 730 00:34:08,895 --> 00:34:09,975 And that is so. 731 00:34:10,409 --> 00:34:11,700 We really need to change. 732 00:34:11,700 --> 00:34:16,590 So we need to up the game now and security and death is, is great, but 733 00:34:16,590 --> 00:34:20,520 if we are still failing at the basics that that's what we have to talk about. 734 00:34:20,525 --> 00:34:20,880 Right? 735 00:34:21,150 --> 00:34:25,620 And that is something just in, in Australia there was this massive 736 00:34:25,620 --> 00:34:29,430 data breach that exposed private data of millions of Australians. 737 00:34:29,760 --> 00:34:32,970 You know, like credit card data, passports, driver's licenses. 738 00:34:34,049 --> 00:34:38,489 A lot of sensitive stuff, and it was called a sophisticated cyber 739 00:34:38,489 --> 00:34:41,370 tech and everything, but it was, again, a basic security failure. 740 00:34:41,729 --> 00:34:46,529 So we have to first start really tackling this now, and then we can, we absolutely 741 00:34:46,529 --> 00:34:51,600 have to talk about defense in, in depth then, And that's, that's really also where 742 00:34:51,600 --> 00:34:53,790 we can take a look at ransomware, right? 743 00:34:54,029 --> 00:34:57,720 Because I was pulling, I started doing that a few months ago. 744 00:34:57,990 --> 00:35:02,069 I was pulling in the forensics reports of ransomware cases and I was taking a. 745 00:35:02,790 --> 00:35:06,720 And it's quite funny because none of those ransomware cases was like 746 00:35:07,170 --> 00:35:10,500 in initial intrusion and 10 minutes later everything was encrypted. 747 00:35:10,770 --> 00:35:13,440 Most of them were like two days, three days. 748 00:35:13,980 --> 00:35:17,700 So you had the initial exploitation and then the threat actors wandered around 749 00:35:17,700 --> 00:35:20,790 the network for like two or three days and then they encrypted everything. 750 00:35:21,330 --> 00:35:25,290 And for me, there was so many red flags in, in the timeline of 751 00:35:25,295 --> 00:35:26,550 what the threat actor did, right? 752 00:35:26,910 --> 00:35:27,540 I mean, if you. 753 00:35:28,185 --> 00:35:32,475 If you exchange server randomly starts doing, you know, like network discovery 754 00:35:32,475 --> 00:35:36,705 or is enabling your default administrator account and things like that, those are 755 00:35:36,705 --> 00:35:38,745 red flags that we should be able to catch. 756 00:35:38,745 --> 00:35:42,075 And I think we have great technology to do that. 757 00:35:42,315 --> 00:35:44,085 So technology is, is one part. 758 00:35:44,115 --> 00:35:46,305 To circle back to the, to the bigger question. 759 00:35:46,545 --> 00:35:49,935 The other part really is people, talent and knowledge. 760 00:35:49,935 --> 00:35:51,765 That is gonna be so incredibly important. 761 00:35:51,770 --> 00:35:55,035 And, and you jump into that because I was, I was thinking about what, 762 00:35:55,065 --> 00:35:59,835 when you talked about it a lot, , protecting the technologies, improving 763 00:35:59,835 --> 00:36:03,734 the technologies, and having all these, But what about the people? 764 00:36:04,125 --> 00:36:08,685 And you mentioned that you jump into people awareness, but what else? 765 00:36:09,015 --> 00:36:12,345 The talent and Yeah, we need to develop the talent. 766 00:36:12,435 --> 00:36:16,754 So I was speaking with someone, uh, who's he was, I think he 767 00:36:16,754 --> 00:36:18,225 still sits on, on the board. 768 00:36:18,375 --> 00:36:23,625 So he was sitting on the board of a bank and they, they had a major, So 769 00:36:23,625 --> 00:36:24,975 I was asking him like, what happened? 770 00:36:24,975 --> 00:36:28,365 And he was like, Well, so our intrusion detection system actually 771 00:36:28,425 --> 00:36:30,195 was lighting up like a Christmas tree. 772 00:36:30,615 --> 00:36:33,195 There was just no one sitting there being able to respond to it. 773 00:36:33,285 --> 00:36:33,585 Wow. 774 00:36:33,705 --> 00:36:37,725 And if we take a look at this globally, there definitely is skill shortage and 775 00:36:37,725 --> 00:36:40,275 the lack of, of talents in, in the space. 776 00:36:40,365 --> 00:36:44,535 So it's really on us, on the people who already are in the space to, to 777 00:36:44,535 --> 00:36:47,625 develop that talent, to inspire those younger generations to get them in. 778 00:36:47,625 --> 00:36:50,265 Because cyber security is an awesome field, you know? 779 00:36:51,390 --> 00:36:55,200 Some people, uh, I can speak about it from, from a German perspective. 780 00:36:55,200 --> 00:36:58,140 A lot of people in German, you have the perception know, like cybersecurity, 781 00:36:58,140 --> 00:37:01,740 sitting with a hoodie in a windowless basement, never going out and, and 782 00:37:01,740 --> 00:37:03,480 just sitting in front of a PC all day. 783 00:37:03,660 --> 00:37:04,919 But that's not the reality, right? 784 00:37:04,919 --> 00:37:06,899 I mean, just take a look around here at the event. 785 00:37:06,904 --> 00:37:07,799 It's, that's wonderful. 786 00:37:08,009 --> 00:37:08,430 Exactly. 787 00:37:08,939 --> 00:37:14,609 And so one of the things that I, I wanna hear about it from, from your 788 00:37:14,609 --> 00:37:17,040 perspective is you talked about the. 789 00:37:18,060 --> 00:37:21,839 And probably a lot of, uh, the, the, the listeners now is from that 790 00:37:21,839 --> 00:37:24,270 area, uh, and, and young usually. 791 00:37:25,410 --> 00:37:28,350 What do you wanna tell them to improve themselves? 792 00:37:28,350 --> 00:37:30,509 To, to be skilled, to be talented. 793 00:37:30,600 --> 00:37:34,169 That they will help the nation, they will help their organizations 794 00:37:34,500 --> 00:37:35,970 to protect from these attacks. 795 00:37:36,270 --> 00:37:39,419 Uh, a lot of a lot of these questions comes from the young 796 00:37:39,419 --> 00:37:41,009 saying, We don't know where to go. 797 00:37:41,549 --> 00:37:42,509 We don't know what to do. 798 00:37:42,600 --> 00:37:46,560 We need to jump, We have the passion, but they don't have the route. 799 00:37:47,069 --> 00:37:47,430 Yes. 800 00:37:47,580 --> 00:37:49,620 Tell me what do you wanna tell them? 801 00:37:49,649 --> 00:37:53,459 So that is actually a huge issue that I see right now that I'm also actively 802 00:37:53,464 --> 00:37:55,529 working on, um, on solving right now. 803 00:37:56,220 --> 00:37:59,490 That there isn't really that, that route to get into this if you're 804 00:37:59,490 --> 00:38:03,839 interested, but it's also important, really important to say that you can't 805 00:38:03,839 --> 00:38:05,819 jump into cyber security straight away. 806 00:38:06,029 --> 00:38:07,589 You have to start with the basics. 807 00:38:07,799 --> 00:38:09,509 And we already heard in my story, right? 808 00:38:09,569 --> 00:38:11,399 You have to understand how the things. 809 00:38:12,540 --> 00:38:14,339 and then you're able to find a vulnerability. 810 00:38:14,339 --> 00:38:17,850 So everyone who wants to get into cybers security, I really recommend 811 00:38:17,850 --> 00:38:21,210 to first learn the basics of how the things work, and then you can put the 812 00:38:21,210 --> 00:38:25,140 cybersecurity aspect on top because cybers security really isn't just running some 813 00:38:25,145 --> 00:38:28,440 automated tools that you downloaded and then going at, that's really not it. 814 00:38:28,710 --> 00:38:31,770 It's about understanding how the technology works, understanding 815 00:38:31,770 --> 00:38:34,860 how the things interconnect, and then understanding where gaps. 816 00:38:36,075 --> 00:38:37,995 So that, that's, that's the first part of that. 817 00:38:38,475 --> 00:38:41,714 And then it's, it's an exciting field and if you develop the 818 00:38:41,714 --> 00:38:43,575 passion, just, just go all in. 819 00:38:43,935 --> 00:38:45,345 That is something that is so important. 820 00:38:45,345 --> 00:38:48,585 You don't need to go to university, you don't need a degree, you don't need a 821 00:38:48,589 --> 00:38:50,444 bootcamp, you don't need any certificates. 822 00:38:50,685 --> 00:38:52,964 As long as you have the passion, you have the curiosity. 823 00:38:53,205 --> 00:38:54,944 You can go ahead and you get into it. 824 00:38:55,245 --> 00:38:55,785 Exactly. 825 00:38:55,785 --> 00:38:57,765 And you mentioned the basics. 826 00:38:58,484 --> 00:38:59,654 What are the basics? 827 00:38:59,714 --> 00:39:00,285 What do you think? 828 00:39:00,314 --> 00:39:02,564 What is the things that is important? 829 00:39:03,210 --> 00:39:06,720 Well, it then it also, you talked about the, the programming and the coding. 830 00:39:06,720 --> 00:39:06,840 Yes. 831 00:39:06,870 --> 00:39:10,940 That's probably one of the major ones, but what, what others that they need to. 832 00:39:11,430 --> 00:39:12,089 Absolutely. 833 00:39:12,089 --> 00:39:16,319 So it kind of also depends on where exactly you want to go into the space. 834 00:39:16,380 --> 00:39:19,770 So if you want to focus on web applications, you need to understand 835 00:39:19,770 --> 00:39:23,850 how web application is built, how web application is deployed, and, and that's, 836 00:39:23,850 --> 00:39:26,790 that's the things where you can just, you know, you can set up a web server, 837 00:39:26,790 --> 00:39:30,509 just set up a virtual Linux machine, install Apache, go ahead there, right? 838 00:39:30,779 --> 00:39:35,520 So you can actually use all of those technologies and then set them up, Learn, 839 00:39:35,580 --> 00:39:37,560 learn how they work, learn how they inter. 840 00:39:38,385 --> 00:39:40,965 So, you know, if you want to get into web applications, I was included. 841 00:39:41,025 --> 00:39:42,195 Those are the points you need. 842 00:39:42,495 --> 00:39:46,645 So I would recommend you learn at least one language in the 843 00:39:46,650 --> 00:39:48,615 space at best, multiple, right? 844 00:39:48,615 --> 00:39:51,675 So you know how web applications are built, where one abilities could be there. 845 00:39:51,885 --> 00:39:54,105 You learn how the underlying infrastructure is, you know, 846 00:39:54,110 --> 00:39:55,665 like how does a web server work? 847 00:39:55,670 --> 00:39:58,245 How does that, that server itself work? 848 00:39:58,245 --> 00:39:59,985 Like that operating system of that, right? 849 00:40:00,075 --> 00:40:02,055 And then you can go ahead there if you want to learn. 850 00:40:03,570 --> 00:40:07,080 App, you know, like apps for example, and the security there. 851 00:40:07,260 --> 00:40:10,530 Then you can take a look at some of those programming languages and then 852 00:40:10,530 --> 00:40:14,110 you can take a look at the SWIFT for, for iOS or or Java for Android. 853 00:40:14,565 --> 00:40:16,455 Just build, build apps yourself. 854 00:40:16,545 --> 00:40:20,535 And once you build apps yourself, you understand how they get deployed, 855 00:40:21,045 --> 00:40:24,404 how they work internally, and then you're able to find those gaps. 856 00:40:24,555 --> 00:40:28,395 And something that might be very interesting, if you code your first 857 00:40:28,395 --> 00:40:31,935 app, you might be able to find vulnerabilities in your own app, Right. 858 00:40:32,205 --> 00:40:33,105 That you just coded. 859 00:40:33,375 --> 00:40:33,795 Exactly. 860 00:40:33,855 --> 00:40:37,875 And, and so coding and applications, that, that is huge now because 861 00:40:37,875 --> 00:40:39,375 of a lot of the, the digital. 862 00:40:40,335 --> 00:40:45,135 But also I believe that the network, Yes, the networking, the, the system 863 00:40:45,135 --> 00:40:47,085 admins, the, the engineering part. 864 00:40:47,325 --> 00:40:48,765 Were building these systems. 865 00:40:48,825 --> 00:40:51,585 Cause a lot of the configurations, as you mentioned, the the gaps that 866 00:40:51,585 --> 00:40:54,945 happen is because of missing some conflicts that should be there. 867 00:40:55,425 --> 00:40:58,275 Uh, these are also areas that to be improved. 868 00:40:58,545 --> 00:41:02,445 Yes, Cloud is also a huge topic now, but to circle back to the networking aspect. 869 00:41:02,835 --> 00:41:06,195 So what I always like to do when speaking with people is to ask 870 00:41:06,200 --> 00:41:08,685 them, when you open Google, what? 871 00:41:09,795 --> 00:41:13,365 And that's very interesting because the answers they, they really, they vary. 872 00:41:13,425 --> 00:41:16,515 You know, some people are like, Well, you know, like Google shows up and 873 00:41:16,515 --> 00:41:19,695 other people are like, Well, so the first thing that is gonna happen is 874 00:41:19,695 --> 00:41:23,325 your device is gonna do a DNS request to figure out what is the IP address of 875 00:41:23,325 --> 00:41:26,205 that server behind the domain google.com. 876 00:41:26,205 --> 00:41:26,445 Right. 877 00:41:26,445 --> 00:41:28,245 And then we are gonna have our. 878 00:41:29,234 --> 00:41:31,694 Um, well, it, and some people go with it deeper, right? 879 00:41:31,694 --> 00:41:34,154 Some people started with your TCP handshakes. 880 00:41:34,185 --> 00:41:34,395 Yes. 881 00:41:34,665 --> 00:41:36,044 And, and going ahead from there. 882 00:41:36,044 --> 00:41:40,065 So, so that is a wonderful, wonderful question to ask, and if 883 00:41:40,069 --> 00:41:42,984 you are able to answer that question at a, at a certain level, then. 884 00:41:43,725 --> 00:41:46,694 So that is something that I would recommend anyone and 885 00:41:47,085 --> 00:41:48,105 everyone out there to learn. 886 00:41:48,105 --> 00:41:50,595 What happens when, when you open Google, because it's not 887 00:41:50,654 --> 00:41:52,065 Google showing up, you know? 888 00:41:52,395 --> 00:41:53,295 It's not that magic. 889 00:41:53,565 --> 00:41:57,944 There's so much happening technically under the hood, and 890 00:41:57,944 --> 00:41:59,115 just learning how that works. 891 00:41:59,115 --> 00:42:01,154 It's, it's gonna give you some, some great insights, right? 892 00:42:01,154 --> 00:42:04,634 Because then you learn about dns, you learn about tcp, you learn 893 00:42:04,634 --> 00:42:05,865 about how those, the packets. 894 00:42:06,885 --> 00:42:10,245 Exactly this, this is, this is very good example because, and, 895 00:42:10,245 --> 00:42:12,915 and this is, I'm probably gonna use this question for, for the others. 896 00:42:13,215 --> 00:42:16,455 Tell me how, how did you access Google, what happened? 897 00:42:16,785 --> 00:42:17,865 And that, that is amazing. 898 00:42:18,615 --> 00:42:20,175 So what's next for David? 899 00:42:20,925 --> 00:42:23,865 And if you have final thoughts? 900 00:42:24,045 --> 00:42:24,255 Yes. 901 00:42:24,255 --> 00:42:30,285 Uh, you wanna tell the, the, the listeners, uh, So let me start off 902 00:42:30,285 --> 00:42:31,875 with the, what's next question? 903 00:42:32,025 --> 00:42:35,145 When is this podcast gonna get released so far? 904 00:42:36,015 --> 00:42:38,775 It should, it should be within these, these days. 905 00:42:38,805 --> 00:42:39,615 Okay. 906 00:42:39,620 --> 00:42:39,715 Okay. 907 00:42:39,720 --> 00:42:40,575 Uh, we'll see. 908 00:42:40,665 --> 00:42:43,605 So maybe, maybe it's gonna be outdated when it's released. 909 00:42:43,635 --> 00:42:44,355 Yeah, No, no, no, no. 910 00:42:44,360 --> 00:42:48,315 But I'm, I'm just wondering how much I can tell because it, the question 911 00:42:48,315 --> 00:42:51,875 is if it's gonna be launched when a podcast is, is getting out there, so. 912 00:42:51,875 --> 00:42:52,435 Oh, interesting. 913 00:42:52,435 --> 00:42:55,455 But it's, if, if, if it's gonna get out there very soon, it's not. 914 00:42:55,665 --> 00:42:57,615 So I'm actually working on a project right now. 915 00:42:58,710 --> 00:43:01,920 I can't speak too much about it, but after the Tesla story happened, 916 00:43:01,920 --> 00:43:05,310 you know, as you mentioned, I was in Dubai, I was, uh, in Tel Aviv. 917 00:43:05,310 --> 00:43:09,509 I was in the Silicon Valley for a few weeks speaking with, uh, high profile 918 00:43:09,509 --> 00:43:13,529 C cells from Fortune 500 colonies to really figure out where, where 919 00:43:13,535 --> 00:43:15,839 the massive gap in cyber acuity is. 920 00:43:15,900 --> 00:43:20,339 And I really brought it down to a few points that I think I can start tackling. 921 00:43:20,339 --> 00:43:22,779 So that's what I'm actually, that's what I'm actually 922 00:43:22,785 --> 00:43:24,540 looking, looking into right now. 923 00:43:25,335 --> 00:43:27,555 Um, to start a company to That's amazing. 924 00:43:27,555 --> 00:43:28,875 Tackle some of those problems. 925 00:43:29,444 --> 00:43:35,279 What I definitely will do is leave Germany because, I already mentioned 926 00:43:35,279 --> 00:43:37,470 that technology and innovation really isn't present there. 927 00:43:37,470 --> 00:43:41,790 We still use telefax machines, and then on the other side, you have awesome places. 928 00:43:41,850 --> 00:43:43,680 Uh, it's, it's great what is happening in Dubai. 929 00:43:43,685 --> 00:43:45,340 It's great what is happening in Riyad. 930 00:43:45,420 --> 00:43:48,840 So seeing those places, seeing so many passionate people in one 931 00:43:48,845 --> 00:43:50,259 place, it, it's really great. 932 00:43:50,740 --> 00:43:54,730 So I'm gonna leave Germany and most certainly, it's actually gonna be 933 00:43:54,730 --> 00:43:56,380 the region here that I'm moving to. 934 00:43:57,070 --> 00:43:58,810 So, yeah, those are two things. 935 00:43:58,810 --> 00:44:02,799 And maybe the next time when we speak, I can tell you about, Yeah, you can tell 936 00:44:02,880 --> 00:44:06,700 me more about what the plan, and you are more than welcome to be here with us and, 937 00:44:06,705 --> 00:44:14,680 and we will welcome you heavily on having us here in in, uh, uh, rdo, in the gcc. 938 00:44:15,825 --> 00:44:18,975 Uh, last thoughts before we close this, this podcast. 939 00:44:19,035 --> 00:44:22,215 So something that is really important, if we have listeners that are 940 00:44:22,215 --> 00:44:25,245 young that aren't into the topic at all yet, something that is really 941 00:44:25,250 --> 00:44:28,245 important is, and now listen closely. 942 00:44:28,575 --> 00:44:29,865 You can do it. 943 00:44:30,585 --> 00:44:31,965 That is the most important part. 944 00:44:31,965 --> 00:44:36,765 You can do it, you know, hearing from, from the Tesla hiking guy or 945 00:44:36,765 --> 00:44:38,095 whatever that, that sounds crazy. 946 00:44:38,535 --> 00:44:40,575 But I was like all the people out there. 947 00:44:40,845 --> 00:44:43,245 At one point I was just sitting there being curious about the 948 00:44:43,245 --> 00:44:46,485 technology, just developing my passion, and it went from there. 949 00:44:46,905 --> 00:44:49,815 And if you just follow your passion, if you have it, great 950 00:44:49,815 --> 00:44:50,895 things are gonna happen, right? 951 00:44:50,895 --> 00:44:53,445 And in cyber security, we have so many awesome people. 952 00:44:53,445 --> 00:44:56,265 We really have awesome people here that want to help you, 953 00:44:56,270 --> 00:44:57,975 that are gonna help you grow. 954 00:44:58,185 --> 00:45:02,460 So, Yeah, the space is wonderful and I, I can just recommend everyone 955 00:45:02,520 --> 00:45:06,450 to get into it and it's nothing you have to be afraid of or scared of. 956 00:45:06,450 --> 00:45:11,279 It's a wonderful field, wonderful people, great opportunities, and no 957 00:45:11,279 --> 00:45:13,140 matter who is listening, you can do it. 958 00:45:13,620 --> 00:45:16,710 So yeah, I'm really excited about the future. 959 00:45:16,710 --> 00:45:21,120 It's gonna be wonderful and I'm looking forward to, to what's next. 960 00:45:21,390 --> 00:45:22,200 Thank you very much. 961 00:45:22,200 --> 00:45:22,710 That's great. 962 00:45:22,710 --> 00:45:23,160 Thank you. 963 00:45:23,160 --> 00:45:26,310 Thank you for your, your time here, and I'm really happy 964 00:45:26,310 --> 00:45:27,580 and thrilled to have you here. 965 00:45:28,170 --> 00:45:30,270 In the podcast and I appreciate your thoughts. 966 00:45:30,270 --> 00:45:35,190 I learned few things from you, uh, here and there and these stories also is, is 967 00:45:35,190 --> 00:45:39,480 great to hear and hopefully, uh, everyone here listening to us is, is enjoying it. 968 00:45:39,810 --> 00:45:44,220 Thank you so much David and uh, enjoy the, the show here and uh, we 969 00:45:44,225 --> 00:45:45,630 will look for you to have you again. 970 00:45:46,410 --> 00:45:47,230 Thank you very much. 971 00:45:47,290 --> 00:45:48,270 Bye bye bye. 82877