When you think of hackers, you might think of someone hacking into your bank account and stealing money, or someone infecting your computer with a virus.

MATT WEBER: Or you might think of Anonymous, the international group of activist hackers, or hacktivists, who take down websites and attack corporations and organizations in the name of social justice.

Or if you experience life only through Hollywood movies, like me, you might think of this.

[music playing] There's a new virus in the database.

Run antivirus.

Give me a systems display.

But the world of hacking remains a mystery to most.

And the vast majority of the public has a skewed, misinformed view of hackers.

Because in reality, hacking might not be as bad as you think.

In fact, some hackers are making our increasingly connected and technology dependent world a safer place.

[music playing] NICK PERCOCO: I don't use the term hacking as sort of a criminal term, sort of a bad term.

I think of hacking as people who really want to explore technology, explore systems and devices, learn how to change them, learn how to circumvent the controls, and just use that knowledge to sometimes create better technology.

CRAIG BENZINE: This is Nick Percoco, organizer of Thotcon, a hacker conference in Chicago, Illinois, were hackers from all across the country come to talk shop.

Nick is a hacker himself, but security researcher might be a more accurate term for what he does.

We're talking about using the term researchers, which I find is interesting.

I think the word hacker kind of has a negative connotation still to the general public.

Yeah, certainly.

I think the word hacker-- in my view, and if you go to a hacker conference, and you ask people who are attending that hacker conference, it's not a bunch of criminals there, because the folks there are truly interested in learning.

The skill sets may be very similar.

They have the ability to go through a process and circumvent controls and systems.

But there's a whole criminal enterprise around those cybercriminals and the folks who exist there.

These are typically well-funded organizations that are in the business of doing crime.

And obviously, that's very different.

There's an ethical choice that someone who has skills, has capabilities, chooses to be part of that or make their way down that path.

Ethical hacking as a profession is something where organizations like a bank, or a manufacturer will hire people to try to break into their systems in order to show them their flaws.

Especially now that it seems like every new device is Cloud, and Wi-Fi, and Bluetooth.

It's all connected now.

Certainly.

That goes down into the Internet of Things when you're talking about that.

Unfortunately, most of that technology is riddled with security flaws.

We usually picture hackers breaking into computers or databases.

But as our TVs, thermostats, kitchen appliances, and cars become connected to the internet, they become more susceptible to hacking.

A study by Hewlett Packard Security Research found that on average, these Wi-Fi enabled internet connected devices have up to 25 security flaws.

And because these devices are often connected to our phones or home computers, these security flaws can make our personal information and privacy vulnerable.

NICK PERCOCO: Say, for example, like a home camera that you might install inside your home for security reasons.

Well, there's a mobile app that goes with that home camera that connects up to the Cloud, some web services component of that.

And then that camera also phones home up to the Cloud.

Where there's a security flaw, it could mean that I might be able to gain access to your camera and view your family when you didn't know about it.

That's not really pleasant.

This is where the security researcher comes in.

He or she will take the product apart, figure out how it's supposed to work, and then hack it in ways that it isn't supposed to work, exposing any security flaws before those flaws become a problem.

MATT JAKUBOWSKI: So a lot of the stuff I do is online research that is just scannings of the internet, and finding flaws, and categorizing those flaws, and stuff.

CRAIG BENZINE: This is Matt Jakubowski, aka Jaku, full-time security researcher and lifelong hacker.

MATT JAKUBOWSKI: But I do a lot of hardware research, as well.

There's time where I will look into Internet of Things devices, web cameras, light bulbs, things like that, Barbie dolls, even.

OK, you're going to have to elaborate on Barbie dolls really quickly.

Recently there was a Hello Barbie that came out.

It's basically a way for your children to talk to a doll.

And the will talk back, sort of like Siri, where she can actually give you some replies that sound legit.

But people were really concerned with where that data's going, who can access that data.

MATT WEBER: Researchers found that the doll could potentially be turned into a surveillance device, listening in on the child's conversations with the doll and any conversations within the vicinity of the microphone.

CRAIG BENZINE: Jaku also found that the doll could be used to take over a home Wi-Fi network, making any device connected to that network vulnerable to attack, and any personal information on those devices accessible.

But I think they've been pretty good with fixing things up.

And I think at this point, it should be in a fairly stable state.

When did you kind of get interested in this world?

It was over 16 years ago.

I got really into modifying video games as a teenager.

Learning how video games worked really taught me an underlining way of how a lot of applications worked.

And games got me interested in it.

But then when I learned how other things worked, it just grew from there.

It seems like for a lot of hackers and security research and stuff, it just comes from general curiosity.

Yeah.

And then it just goes from there.

Oh, yeah.

So we're always curious.

It's always just the question of, what if?

Whenever I get something, I don't think of reading the instructions.

I throw those away.

And then I'm like, what is the way they don't want me to use this?

And how can I use it in ways that they're not expecting?

Most people who are doing research in that area, when they find flaws, they want to report it to the vendor in order for them to fix it.

This usually means contacting the security department within the company, if they even have a security department.

Some companies are small enough that they don't have personnel dedicated to security.

Sometimes is just an IT guy.

Sometimes it's nobody's responsibility.

That's where the security researchers step in.

They fill the gap and help the company improve their product.

The researchers and the company work together to fix the flaws.

Companies even offer bug bounties, rewards for finding defects in their products.

Often, these take the form of cash incentives.

Facebook, Google, and Yahoo have all been known to compensate hackers for finding security issues with their websites.

But sometimes these bug bounties come in other varieties.

In 2015, United Airlines rewarded two hackers who found security flaws in their website with a million free flight miles each.

DAVID WOLFF: So that always happens, though?

No.

I feel like companies want to have the best product out there, so this is always the case.

They'll always talk to you.

And you'll fix it.

And everyone's happy, right?

No, not always.

Now, there have been issues where a person has found a flaw in a system and have legitimately tried to contact that manufacturer, and no one gets back to them.

Most professional researchers would typically give a manufacturer about 90 days to basically respond and say yeah, we're working on it, and build up a dialogue.

Typically, after about 90 days, most researchers would say enough is enough.

And I'm just going to release it, release an advisory about this.

What the researchers do, the hacking and modifying of a company's product to reveal a security flaw, could be considered, from the company's point of view, a criminal act.

In many cases, the product was never meant to be used that way.

And the very fact that researchers hacked it could be considered illegal.

So instead of being thanked for their hard work, the researcher could be facing prosecution.

But sometimes, the company does nothing at all.

MATT JAKUBOWSKI: A few years ago, a researcher named Cody Brocious, he found a flaw in this hotel security door.

TV ANCHOR: World News getting answers tonight as hotel chains and their guests have a new high-tech problem on their hands this evening.

Electronic locks on guest rooms can open without a key.

MATT JAKUBOWSKI: You can hook up an Arduino, something just like this, actually, right to a door.

There was a small port on the bottom of the door that you could plug into.

And you could download its memory.

And you could find the private key.

And if you send that key right back, essentially, to the door, it unlocks.

So it's a huge flaw, because it takes no authentication.

It's physically easy to do.

And the only problem with it was that it was an Arduino.

It was sort of big.

He had to have a battery pack attached to it.

The manufacturer didn't seem to really take much notice.

So one of the things I did was I miniaturized his research.

And I fit inside an Expo marker.

TV ANCHOR: Hackers first exposed the problem earlier this summer, posting videos like this one on YouTube.

MATT JAKUBOWSKI: You know, anyone that has a marker on them in their bag, it's not going to be weird.

So if they're being searched, it's probably not even going to be noticed.

And so it was perfect.

You take the cap off, plug it right in, door would open.

Put the cap back on, close it, you're done.

I've recently actually got it down to the size of Chapstick.

Wow, really?

Just for fun.

So has this since been fixed at all?

I mean, it seemed like obviously, you guys were just trying to see if this would work, but-- The company released a patch.

That was a hardware patch that literally just covered up that port.

And all it takes was, like, one T6 torque screwdriver to unscrew that panel and get access to that.

Great fix, guys.

Yeah, that was the short-term fix.

They claimed that updating the firmware would require new hardware changes, and so that would cost money.

So it's definitely possible that it's fixed.

But I think really, it's being phased out just as hotels renovate and go like new technologies for the locks.

But it didn't seem like it was taken as serious as it needed to be.

The Internet of Things will continue to grow.

As more and more of these devices that we use on a daily basis become hackable, we'll need these researchers more than ever.

What role do you think hackers will be playing in the future, as everything around us is becoming more connected?

A huge role.

I mean, a lot of manufacturers, a lot of technology companies that I interact with-- I mean, I interact with brand name companies that had a little bit of a security focus as a company.

They maybe had an IT security person that made sure that their spam filters were up to date, and their firewalls were up to date, right, you know, firewalls configured correctly.

And today, they're sort of having more of an awakening around, we're building all this technology that is becoming embedded in our lives.

And if we don't have a real strong focus on security, we're going to be in trouble.

And so a lot of these companies are now looking to hire people, lots of people.

They want to bring on-- they want to build a hacker team within their company to be able to find flaws for them on a continuous basis.

What are you most excited to research in the coming years, with all this new technology coming out?

I'm really excited to research self-driving cars.

It's definitely going to be a big field.

As technology advances, there's always going to be some sort of flaw.

We're all human.

It's always going to be a cat/mouse type game.

I would say today, there's not a job shortage for someone that's in this field.

If you have the wherewithal and the ability to get into this space and really do great work, you don't have to worry about trying to find a job.

The jobs will find you.

We're always on the lookout for things.

And we're always doing research.

There's tons of us out there.

You don't have to be paranoid like us, but it helps.

Good.

Good advice, good advice.

So what do you guys think?

Is hacking good or bad?

How much good could a good hacker hack, if a good hacker could hack good?

Let us know in the comments.

Thank you.

I hope you enjoyed our video.

If you did, click Enjoy or Like, and consider subscribing.

And if you want to help us make the show, go to Patreon and become a financial supporter.

If you're interested in Thotcon, Chicago's only hacker conference, it's happening on May 5 and 6 this year at a top secret location.

A link to their website in the dooblydoo.

Last week, we talked about dark matter.

And you had some things to say.

Plexus said that we forgot to point out that dark matter was just a concept, and one of many possibilities.

Well, you're right that it is one of many possibilities, but it seems to be the most likely possibility.

And I'd hesitate to say that it isn't real, since it has real-world, observable consequences on the universe.

And the kind of gravitational lensing we're seeing and the galaxy rotational rates that we're measuring are exactly the kind of things we expect to see if there was a bunch of unseen matter out there.

Of course, it could be something else.

But it is most certainly real.

And dark matter is the best guess we have right now.

A few of you brought up some alternate theories for dark matter.

And many of you were big fans of the modified gravity theory, where dark matter isn't gravity at all, but just gravity behaving in a way we didn't expect.

This is a pretty cool theory, because it has the largest consequences of our understanding of the universe.

There's another cool theory out there, and Azivegu brings this up, that gravity might be leaking into another dimension-- those pesky other dimensions.

And this could account for the effects of dark matter without dark matter actually being matter.

Or maybe we've got the physics of gravity all wrong, and we don't fully understand it yet.

Or maybe the gravity of a parallel universe is affecting our universe.

There's a lot of possibilities here.

It's the universe we're talking about.

But dark matter as a particle seems to be the most likely explanation.

And it's also the simplest explanation, since what we are observing is what we'd expect to observe if there was a bunch of extra matter out there.

But if we don't find dark matter particles after an exhaustive search, we might need to move on to more exotic theories.

Garret Harreman was wondering about MACHOs, massive astrophysical compact halo objects, which are things that are made of normal matter, but they don't emit much light, like black holes and brown dwarfs.

Since these are hard to detect, it's been theorized that dark matter is actually these objects, and not some kind of new particle.

However, there's just too much dark matter for it all to be black holes.

Physicists have calculated how much normal matter the Big Bang could have created, and it's just not enough to account for all the dark matter that must be out there.

Thanks for all your comments.

You're beautiful.

I love what you've got to say.

This ends our "Secrets" playlist.

Tell no one.

In two weeks, we have the last playlist of the season.

It's all about persistence.

We went the extra mile for this one.

Or should I say 26.2 miles?

[laughs] Maybe.

It's a marathon.

I might have ran one [inaudible].

You're going to have to watch to see.

[music playing]