Security Researchers Hack Car

[Mohawk70]

http://ct.zdnet.com/clicks?t=543251939- ... =ZDNET&s=5

[Kaeru Gaman]

.zdnet.com/clicks?t=543251939- ... =ZDNET&s=5

http://www.smartplanet.com/technology/b ... -car/4133/

[SFSxOI]

Old news, nothing really new, just different more dedicated methods. The only reason they are coming forth now is that almost two years ago they went to the car manufacturers and pointed this out to them waiting for correction, they were not taken seriously. So, if the car manufacturers don't care then why should the public not be made aware that all those bells and whistles they spent money on can be hacked and stolen as easy as 1-2-3 if you know how. Plus, its in vogue lately to go after car manufacturers.

[Mohawk70]

Old news, nothing really new, just different more dedicated methods. The only reason they are coming forth now is that almost two years ago they went to the car manufacturers and pointed this out to them waiting for correction, they were not taken seriously. So, if the car manufacturers don't care then why should the public not be made aware that all those bells and whistles they spent money on can be hacked and stolen as easy as 1-2-3 if you know how. Plus, its in vogue lately to go after car manufacturers.

True - but the important bit is "almost two years ago they went to the car manufacturers and pointed this out to them waiting for correction, they were not taken seriously." That and the fact that these
are everywhere !
One more reason I'm glad I'm a huge fan of older muscle cars, classic cars and the like. That and the fact I know how to build & repair them myself !

[aaron]

This is stupid scare mongering as near as i can tell. They connected to the OBDII port on the car... this requires physical access to the interior of the car. They then were able to monitor the car system and access the various bits of the car. OMG! :roll: This is on the same order as breaking into your car and then pressing your brake pedal.

With physical access, complete control of any system is possible. This is news? I mean, they could have removed the brake pads or disconnected some steering linkage. Its no different than what they "accomplished".

[netmaestro]

Unfortunately not enough details are given as to how these cars were "hacked". If it was done wirelessly, with no physical access to the vehicle whatsoever, that's one thing. A slimjim is another thing altogether, and if the university team needed one of these then they've reduced themselves to the level of any thrillseeking fourteen-year-old, and the term "hack" doesn't come close to applying. Which is it? Does anyone know? Or is this just more fearmongering, scaring the great unwashed with the big bad technology steamroller?

[Mohawk70]

From article

Although these experiments are not easy to do (yet) — they require physical or wireless access to the car and some sophisticated tools — the researchers believe they are the first to look at cars as networked systems and to systematically exploit actual security holes instead of talking about holes in theory.

That's what I was wondering - if they were accessed remotely via wireless connections. I remember when I was in high
school that the radio communication system that was used by the transportation company that managed the school bus
fleet in my county interfered with and caused problems with the electronic brake systems on some of the buses and there
were a few ( thankfully minor ) accidents. I only know this because my dad was the head mechanic.

[SFSxOI]

This is stupid scare mongering as near as i can tell. They connected to the OBDII port on the car... this requires physical access to the interior of the car. They then were able to monitor the car system and access the various bits of the car. OMG! :roll: This is on the same order as breaking into your car and then pressing your brake pedal.

With physical access, complete control of any system is possible. This is news? I mean, they could have removed the brake pads or disconnected some steering linkage. Its no different than what they "accomplished".

Even the article is outdated. They have also found a better way to do it for the ones that have BlueTooth recently. They have even developed an experimental BlueTooth device, they walk up to the car and do what they want including unlocking the doors, starting the car, and on some models disabling the factory provided lo-jack system and alarm system. Takes about 3 seconds with pre-programmed commands.

I would imagine that such a device would sell for a pretty penny in the criminal car theft market.

Better hurry up and develop that PureBasic BlueTooth library

[aaron]

Even the article is outdated. They have also found a better way to do it for the ones that have BlueTooth recently. They have even developed an experimental BlueTooth device, they walk up to the car and do what they want including unlocking the doors, starting the car, and on some models disabling the factory provided lo-jack system and alarm system. Takes about 3 seconds with pre-programmed commands.

Do you have a link for that? I have to admit that I'm a little skeptical. Bluetooth is limited to just audio in any of the cars that I've seen. I'm having a hard time imagining that Bluetooth is linked into the main car system in that manner. Searching for hack car with bluetooth turns up some 5 year old articles on a 'car whisperer' where some guys who can hardly be called hackers are pairing with bluetooth devices in a car and then monitoring audio.

The link with more info on these latest guys shows that they are just using the existing OBDII ports:
http://www.neowin.net/news/car-electron ... ments=true

Any speculation on hacking a car wirelessly is basically hand waving on possible future flaws that could potentially exist.

[SFSxOI]

Even the article is outdated. They have also found a better way to do it for the ones that have BlueTooth recently. They have even developed an experimental BlueTooth device, they walk up to the car and do what they want including unlocking the doors, starting the car, and on some models disabling the factory provided lo-jack system and alarm system. Takes about 3 seconds with pre-programmed commands.

Do you have a link for that? I have to admit that I'm a little skeptical. Bluetooth is limited to just audio in any of the cars that I've seen. I'm having a hard time imagining that Bluetooth is linked into the main car system in that manner. Searching for hack car with bluetooth turns up some 5 year old articles on a 'car whisperer' where some guys who can hardly be called hackers are pairing with bluetooth devices in a car and then monitoring audio.

The link with more info on these latest guys shows that they are just using the existing OBDII ports:
http://www.neowin.net/news/car-electron ... ments=true

Any speculation on hacking a car wirelessly is basically hand waving on possible future flaws that could potentially exist.

No, I don't have a link that describes it, not everything in the world appears on the internet ya know. I found out about it because the company I work for does contract work for a car manufacturer (i'm not able to disclose the name due to NDA reasons) for their network security vunlerability testing, and their manufacturing people contacted us asking about the possibility of testing one of their models for vunlerability against this. They told us what was going on and believed their model was vunlerable. They sent some documents along and part of those included the latest research from (i'm not able to disclose the name due to NDA reasons) which outlined the bluetooth attack method against the type of system used in the model. In this model bluetooth is not just limited to audio, its also linked into the core system, and may not outwardly do anything well known but audio to the consumer but its does more when "approached" properly.

So no, its not just "hand waving" its just that its not widely know yet on the internet, things like this tend to be kept secret for business reasons. Can you imagine the outcry if all of a sudden it was known. If you think the recent Toyota thing was something with a sticking gas pedal wait until it gets spashed all over the internet that any 13 year old kid with the right hardware/software can do drive by hackings of their vehicles in motion. You know how these things work, someone will post the way to do it on the internet and the next thing you know some fool is producing devices to do it and selling them on ebay or something.

There is a very vague and obscured reference to the bluetooth thing here > http://arstechnica.com/security/news/20 ... -speed.ars in the next to last paragraph where it says; " but there's bad news on that front too: the researchers found that the wireless access to their car (like many, it had integrated Bluetooth and similar capabilities) was inadequately secure, and they could break in that way, too." Other then that I do not have anything I can show you at this time. Its not widely known, hasn't leaked on to the web, and is being held very close and quiet. The good news is that not all cars with bluetooth are vunlerable via this vector (right now), only a few models and they will be fixed.

[Rook Zimbabwe]

OnStar...

It is EVIL!!! It allows you to remotely open the door locks... the windows and sunroof, remotely KILL a car as well...

They had the onstar access codes and accessed it AFTER the cracked their own car. I suspect that they somehow recorded the datta stream sent to the car for various activities and then recreated them.

In Houston OnStar has managed to locate stolen cars not currently in a metal building or in a tunnel (and we have precious few of them tunnel things as everything is flat!)



My sisters BMW sends her EMAIL!!!

[SFSxOI]

OnStar...

....It is EVIL!!! It allows you to remotely open the door locks... the windows and sunroof, remotely KILL a car as well......

OMG! Its leaked out! The BRICK hack is in the wild ! A single BRICK attack can do part of that, but multiple BRICK attacks can kill a car!

[aaron]

I found out about it because the company I work for does contract work for a car manufacturer (i'm not able to disclose the name due to NDA reasons) for their network security vunlerability testing, and their manufacturing people contacted us asking about the possibility of testing one of their models for vunlerability against this. They told us what was going on and believed their model was vunlerable. They sent some documents along and part of those included the latest research from (i'm not able to disclose the name due to NDA reasons) which outlined the bluetooth attack method against the type of system used in the model.

Fair enough. If you have some personal experience with it, that's more convincing.