Remote Car Hacking Just Got Real

[G.Irish]

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

<!-- m --><a class="postlink" href="http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">http://www.wired.com/2015/07/hackers-re ... p-highway/</a><!-- m -->

These guys also were able to remotely put the transmission in neutral while the car was on the highway. What's even worse is that they can attack Jeep's with the Uconnect feature anywhere on the Sprint wireless network. And that's just one manufacturer's cars, it stands to reason that other manufacturers have vulnerabilities like this as well.

The scary thing is that even if your car is not vulnerable, if a vulnerable car gets attacked you might end up in the ensuring traffic jam at the least, or in the accident at the worst. A mass attack in a region could cause easily caus massive gridlock and a bunch of casualties. Just think of all the chaos that happened that time it snowed during rush hour, but imagine the same number of accidents happened while people were traveling at normal speeds.

TL;DR: Haxx0rz can remotely disable brakes, throttle on vulnerable vehicles without ever having physical access to the vehicle

[.RJ]

I'm just going to stick to cars with carbamaphones.

[SlimKlim]

The tinfoil-hat crowd on VWVortex are taking their cars apart to remove the CarNet module even if they don't have it activated because they don't want VW to know where they drive. I suppose this gives their argument a little more validity.

[WRXtranceformed]

Wow, not surprising at all. There is no *good* reason why a car should be connected to the internet anyway. This is why I also refuse to make our home a "smart" home. I'll take my vehicles somewhat old fashioned thx

[HAULN-SS]

Quit clicking shitty links in your car, and you'll be alright. For real though, I hate when they call this shit hacking. Give me unfettered access to your ride and I can do any number of things to it, but the reality is most cars have a pretty small attack vector, because they only actually connected to a handful of highly controlled services (or at least they should be controlled)

[G.Irish]

Quit clicking shitty links in your car, and you'll be alright. For real though, I hate when they call this shit hacking. Give me unfettered access to your ride and I can do any number of things to it, but the reality is most cars have a pretty small attack vector, because they only actually connected to a handful of highly controlled services (or at least they should be controlled)

Clearly you didn't read the article.

[.RJ]

Quit clicking shitty links in your car, and you'll be alright. For real though, I hate when they call this shit hacking. Give me unfettered access to your ride and I can do any number of things to it, but the reality is most cars have a pretty small attack vector, because they only actually connected to a handful of highly controlled services (or at least they should be controlled)

:?: :thumbup:

[HAULN-SS]

I did, but based on previous scares about this shit, I'm going to bet $10 that the exploit on the one they are actually controlling is pre-installed. They might be able to scan the network to see other vehicles out there, but it'd be a stupidly large security hole to think that is what would allow them to plant the initial exploit. I guess anything is possible if chrysler designs their computer systems like they do their interiors, which is why my bet is only $10.

[G.Irish]

It would be a stupidly large hole but the auto industry has rolled cars off the lines with stupidly bad mechanical defects before. This is an industry that in the past has gone forward with potentially lethal defects because they thought the cost of lawsuits would be less than the cost of a recall. In many of these cases the severity of the issue was lost on the powers that be, who went on the ignore defects that ended up costing the company dearly.

Now move on to something like cyber security where the people implementing these systems may not have taken the issue as seriously as they need to, and may not have even imagined that vulnerabilties would be exploited in this manner. That risk wouldn't even be properly recognized by decision makers.

We're moving into an era where the cost of information security is going to be a LOT higher and a lot of big, slow-moving organizations are gonna be caught with their pants down, with dire consequences in some cases. Just recently OPM got hacked and over 20 million security clearance applications were stolen. That information is just about as sensitive as they come and *boom*, gone. Or how about the United Airlines computer "incident" that grounded their whole fleet? One would think these organizations would be smarter and more proactive about computer vulnerabilities but with these big bureaucracies it's so easy for security to be pushed down the priority list.

[ScottyB]

it'll be interesting to see the arms race for this. automotive anti-hacking scramblers vs hackers finding new ways to exploit the vulnerabilities in the cars.

old cars keep looking better these days

[G.Irish]

On the bright side, maybe you could brick all of the cars in your area before rush hour to make your commute faster. Or when a douche shows up to a track day in a Hellcat you can limit him to 120 hp.

[rherold9]

On the bright side, maybe you could brick all of the cars in your area before rush hour to make your commute faster. Or when a douche shows up to a track day in a Hellcat you can limit him to 120 hp.

My thoughts are similar on how I would use this.

Sent from my SM-G900V using Tapatalk

[BLINGMW]

Problem solved. Do not buy 2014 Jeep Cherokee. :dunno:

[WRXtranceformed]

I would pay good money for a hack that would shut down any car before it was able to park next to me on either side.

[Jake]

This is both oddly cool and somewhat scary. I'm wondering if all Uconnect systems are vulnerable, or only the versions that have all the "apps" and shit as part of their feature lists. Sort of like how BMW has iDrive for audio, navi, climate, etc, and then iDrive with "ConnectedDrive" that includes Facebook/Twitter/office apps.

I like my in-dash navigation and all the tech goodies, but I'm fine with a head unit that doesn't have an IP address.

[JPolen01]

itter/office apps.

I like my in-dash navigation and all the tech goodies, but I'm fine with a head unit that doesn't have an IP address.

This exactly. Also what Lee said about smart homes. I decided against a Nest partly for that reason. Same thing with a smart fridge. Not that anyone really needs one of those, but it seems like a smart appliance would be an easy way into a wireless network. Can't imagine your nest or smart fridge have high security measures.

[Beej]

Problem solved. Do not buy 2014 Jeep Cherokee. :dunno:

dammit.

I'm not usually part of the tin foil battery, but I just got my new recycling bin from the city today - it has an RFID tag registered to my address. :evileye:

[D_Eclipse9916]

itter/office apps.

I like my in-dash navigation and all the tech goodies, but I'm fine with a head unit that doesn't have an IP address.

This exactly. Also what Lee said about smart homes. I decided against a Nest partly for that reason. Same thing with a smart fridge. Not that anyone really needs one of those, but it seems like a smart appliance would be an easy way into a wireless network. Can't imagine your nest or smart fridge have high security measures.

ZOMG! What am I going to do about my Nest being hackzored!?!?!?!?!!

Especially when OMB just gives away all my sensitive information anyway :roll:

[Jake]

ZOMG! What am I going to do about my Nest being hackzored!?!?!?!?!!

Especially when OMB just gives away all my sensitive information anyway :roll:

Some strapping young lad might just turn your heat on... in the middle of the summer :lol:

I think the one "smart" home thing I'd be concerned about is a WiFi-enabled door lock.

[navin]

ZOMG! What am I going to do about my Nest being hackzored!?!?!?!?!!

Especially when OMB just gives away all my sensitive information anyway :roll:

Considering the only publicly known exploit of the Nest requires phyiscal access... I don't think you'll be losing much sleep over someone hax0ring your nest.