esaj Posted July 22, 2015 Share Posted July 22, 2015 I always thought it would only be a matter of time, if too many of the car's systems (brakes, steering, engine, transmission etc) were computerized...http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Link to comment Share on other sites More sharing options...
Jag_Rip Posted July 22, 2015 Share Posted July 22, 2015 When I saw in 2013 that some carmakers had wi-fi modules built in to synchronize music when in range of their home wi-fi, I figured the day was nigh already.CANBUS has no security, so if you can manipulate the lights, nothing is stopping you from turning off the engine. Link to comment Share on other sites More sharing options...
Jason McNeil Posted July 22, 2015 Share Posted July 22, 2015 Pretty stupid of auto-makers to be making these primary controls accessible over the Internet. What conceivable need would there be to take over the steering, acceleration & braking? At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. Link to comment Share on other sites More sharing options...
cg Posted July 22, 2015 Share Posted July 22, 2015 At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. Don't give the power away goddamit,Also, if someone can have access, anyone can have access... right now is obviously horrible since nobody thinks about security, I actually swearer I wanted my next cart to be with a minimum of electronics... and ended up with a Renault Laguna 2005 packed with electronics (most advanced at the time they say ) Link to comment Share on other sites More sharing options...
Jag_Rip Posted July 22, 2015 Share Posted July 22, 2015 Security costs money you dont easily get back from the customer before something happened. So you go without it as long as you can. Its also much easier to implement cool features when all the data is freely accessible. That does in no way mean I like that fact. Not at all. I'd rather like to see a carmaker (Tesla could do it) take it up to themselves and create a secure protocol standard for all to use, but it seems nobody takes the plunge yet. They all wait for the next Elk-Test... Link to comment Share on other sites More sharing options...
esaj Posted July 22, 2015 Author Share Posted July 22, 2015 Pretty stupid of auto-makers to be making these primary controls accessible over the Internet. What conceivable need would there be to take over the steering, acceleration & braking? At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. Actually, the primary controls are NOT accessible directly over the internet. What these guys figured out was that the best attack-vector is the Uconnect-system, that controls navigation, phone class,entertainment system etc., and shares the CAN-bus with the primary controls, and the UConnect is the component that has a vulnerability over which they can rewrite the entertainment system firmware, and then attack the rest of the systems over the CAN-bus:Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels.So it's not something that works on EVERY car, "only" around 400000+ cars already driving around in US... But no doubt similar vulnerabilities are found on all cars which have incoming internet access. Like Kevin Mitnick said long ago, "If it's connected to the Internet, you could as well roll out the red carpet" (or something along those lines). Link to comment Share on other sites More sharing options...
John Eucist Posted July 23, 2015 Share Posted July 23, 2015 Reminds me of this:http://edition.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-systems/ Link to comment Share on other sites More sharing options...
esaj Posted July 24, 2015 Author Share Posted July 24, 2015 Yup, 1.4 million cars called back: http://gizmodo.com/chrysler-recalls-1-4-million-cars-for-being-easily-hack-1719980321 Link to comment Share on other sites More sharing options...
Tilmann Posted August 24, 2015 Share Posted August 24, 2015 Link to comment Share on other sites More sharing options...
MetricUSA Posted August 25, 2015 Share Posted August 25, 2015 I know, it's great now I can just remote drive the cars to my secret garage, instead of breaking into cars, then piece the cars out way more efficient, the internet is great thing.... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.