Tweet
Long article, well worth the read. Here are some excerpts:
Another reason to love my Crown Vic. It's just nice, safe, reliable transportation with no aspirations to be a mobile office or home entertainment system. What a concept!
Hacks on the Highway
Automakers rush to add wireless features, leaving our cars open to hackers
... Among the most vivid examples came this week, when security researchers Charlie Miller and Chris Valasek demonstrated that they could briefly hijack a vehicle over the Internet, without any dealership-installed device to ease access. By hacking into a 2014 Jeep Cherokee, the researchers were able to turn the steering wheel, briefly disable the brakes and shut down the engine.
The drive-by hack
Cars sold today are computers on wheels, with dozens of embedded chips running millions of lines of code. These vehicles can talk to the outside world through remote key systems, satellite radios, telematic control units, Bluetooth connections, dashboard Internet links and even wireless tire-pressure monitors. Security experts call these systems “attack surfaces,” meaning places where intrusions can start.
Once inside, most computer systems on modern vehicles are somehow connected, if only indirectly. Researchers who have hacked their way into computers that control dashboard displays, lighting systems or air bags have found their way to ones running transmission systems, engine cylinders and, in the most advanced cars, steering controls. Nearly all of these systems speak a common digital language, a computer protocol created in the 1980s when only motorists and their mechanics had access to critical vehicle controls.
The overall security on these automotive systems is “15 years, maybe 20 years behind where [computer] operating system security is today. It’s abysmal,” said researcher Peiter Zatko, who once directed cybersecurity research for the Pentagon’s Defense Advanced Research Projects Agency (DARPA) and now is developing an independent software security research group.
Attackers don’t need to crash cars to cause trouble. A jealous, malicious hacker could use a vehicle’s navigation system to track his spouse’s movements while remotely activating the built-in microphone to secretly record conversations that happen in the car. Thieves are already using mysterious “black boxes” that, through the radio signals that control modern entry systems, unlock cars as the crooks walk by; some simply climb in, start the engine and drive away.
The next wave of attacks, researchers say, could include malicious software delivered over the Internet to disable your car’s engine, with the sender offering to revive your vehicle for a few hundred dollars. Or the new generation of wireless links between cars and their surroundings — designed to improve traffic flow and avert crashes — could enable drive-by hacks. Imagine a single infected WiFi beacon on a stretch of highway delivering a virus to every passing vehicle. More...
Automakers rush to add wireless features, leaving our cars open to hackers
... Among the most vivid examples came this week, when security researchers Charlie Miller and Chris Valasek demonstrated that they could briefly hijack a vehicle over the Internet, without any dealership-installed device to ease access. By hacking into a 2014 Jeep Cherokee, the researchers were able to turn the steering wheel, briefly disable the brakes and shut down the engine.
The drive-by hack
Cars sold today are computers on wheels, with dozens of embedded chips running millions of lines of code. These vehicles can talk to the outside world through remote key systems, satellite radios, telematic control units, Bluetooth connections, dashboard Internet links and even wireless tire-pressure monitors. Security experts call these systems “attack surfaces,” meaning places where intrusions can start.
Once inside, most computer systems on modern vehicles are somehow connected, if only indirectly. Researchers who have hacked their way into computers that control dashboard displays, lighting systems or air bags have found their way to ones running transmission systems, engine cylinders and, in the most advanced cars, steering controls. Nearly all of these systems speak a common digital language, a computer protocol created in the 1980s when only motorists and their mechanics had access to critical vehicle controls.
The overall security on these automotive systems is “15 years, maybe 20 years behind where [computer] operating system security is today. It’s abysmal,” said researcher Peiter Zatko, who once directed cybersecurity research for the Pentagon’s Defense Advanced Research Projects Agency (DARPA) and now is developing an independent software security research group.
Attackers don’t need to crash cars to cause trouble. A jealous, malicious hacker could use a vehicle’s navigation system to track his spouse’s movements while remotely activating the built-in microphone to secretly record conversations that happen in the car. Thieves are already using mysterious “black boxes” that, through the radio signals that control modern entry systems, unlock cars as the crooks walk by; some simply climb in, start the engine and drive away.
The next wave of attacks, researchers say, could include malicious software delivered over the Internet to disable your car’s engine, with the sender offering to revive your vehicle for a few hundred dollars. Or the new generation of wireless links between cars and their surroundings — designed to improve traffic flow and avert crashes — could enable drive-by hacks. Imagine a single infected WiFi beacon on a stretch of highway delivering a virus to every passing vehicle. More...
Comment