Notes to 21 Immortals - Car Hacking

In 21 Immortals author Rozlan Modh Noor introduces us to the newest cybercrime - car hacking. Below you will find some information and links to learn more.





In the early hours of 18 June, a Mercedes coupé travelling at extremely high speed along a Los Angeles street smashed into a palm tree. It exploded into flames, killing the driver; the impact ejected the engine 50 metres clear of the car. Was it an accident? Or was the car hacked, allowing it to be driven off the road by remote control?

The very idea might sound crazy – but it’s one that Richard Clarke, a former counterterrorism adviser to the US National Security Council, has raised after the driver was identified as Rolling Stone journalist Michael Hastings. Known for his revealing articles on the US military and its intelligence agencies, Hastings had emailed colleagues the day before he died to say that he was going “off the radar for a bit” to chase down a “big story”.

“What evidence is available publicly is consistent with a car cyberattack,” says Clarke in a Huffington Post interview. Intelligence agencies, he says, can remotely seize control of a car to make it accelerate wildly or brake suddenly, for instance.

That looks set to change on 27 July, when Spanish engineers Javier Vázquez Vidal and Alberto Garcia Illera will give a demonstration at the Black Hat security conference in Las Vegas, Nevada. They have built a $25 device that lets them bypass security in a car’s electronic control unit.

read more here @ New Scientist



From CNBC:
As modern cars evolve towards becoming fully autonomous, security experts are warning of a new form of cybercrime: Car hacking.

Premium: Keyboard CarCar hacking- --where criminals can either remotely directly or take control of your car from their laptops – has become a bigger and bigger headache for car manufacturers and law enforcement bodies as in-car technology becomes more sophisticated.

There are already thousands of semi-autonomous cars already on the market that contain in-car computer systems, or electronic control units (ECU), responsible for safety functions such as detecting skids, predicting crashes and performing anti-lock braking.

However, along with other computer systems, in-car technology is not hacker-proof, as tests by academics and “white hat” hackers – those that break into computer systems to highlight security issues -- have shown.

Demonstrating their Pentagon-funded work at the global “DefCon” hackers conference in Las Vegas in August, Charlie Miller and Chris Valasek showed global security experts in attendance how they could take control of a 2010 Toyota Prius and Ford Escape model using just a laptop.

They were able to remotely take control of the cars’ electronic smart steering, braking, displays, acceleration, engines, horns and lights. They could even make the fuel tanks show a full tank of gas when there wasn’t. To top it all, they did all this using an old Nintendo handset.

read more @ CNBC


Let’s say you’re driving and otherwise minding your own business, when like a scene out of Mission Impossible, a malicious hacker launches a “Self Destruct” attack on your vehicle. It could happen according to the Center for Automotive Embedded Systems Security. “It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.” McAfee executive Bruce Snell told Reuters, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary." Conversely, in regard to how vulnerable vehicles are to high tech hack attacks, John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said "You can definitely kill people."

"Basically anything under computer control in a car is vulnerable to malicious attack," reported computer scientist Stephen Checkoway. “This includes the brakes, engine, lights, radio, wipers and electronic display. If a computer controls it, it can be controlled by an attacker.” Checkoway warned, that malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers."

read more here @ ComputerWorld


From Wired:
I was drivingat  70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Though I hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car's digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

read more here @ Wired

No comments:

Post a Comment