Wednesday, 26 August 2015

Who’s Hacking Into Your Vehicle?


Who’s Hacking Into Your Vehicle?
Massive Vehicle Recall Follows Exposure of Hacker Threat

carhacking

 


From top to bottom, it appears that our modern Internet-driven world filled with interconnected smart gadgets and modern computing applications is making us vulnerable to potentially life-changing hacks.

It previously has been proven that boats, planes, GPS-driven munitions, unmanned vehicles and even smart homes all can be taken over via remote control.

But nothing has received the level of attention as the common modern vehicle.

Most of us remember the “conspiracy theories” that took place after the death of journalist Michael Hastings when his vehicle showed serious anomalies as it finally slammed into a tree at 140 miles per hour. Now, in an unprecedented move, Fiat-Chrysler is voluntarily recalling 1.4 million vehicles after news broke from Wired Magazine that a Jeep Cherokee had been successfully demonstrated to be remotely hacked via the Internet.

The research covered what is called a “zero-day exploit” hack, which enabled a test vehicle to be fully hijacked simply from obtaining knowledge of the vehicle’s IP address.  Wired writer, Andy Greenberg, described what happened next:

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun. (Source)

Not fun at all.

The article went on to speculate that perhaps as many as 471,000 vehicles might be similarly exposed. However, 1.4 million is an astonishing number – and of course comes from just one automaker.

In a press release, Fiat-Chrysler admits that “vehicles equipped with 8.4-inch touchscreens among the following populations” should be brought in for a security upgrade:


  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

…customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.

Read full press release HERE

While it is commendable for such quick action to be taken, it remains to be seen how other automakers will respond, and whether or not long-term confidence will be shaken in the marriage between high-tech computing and vehicles.

Also see what DARPA says about hacking possibilities:



Hackers Expose New Method for Disabling Vehicles

 



Last month, a massive vehicle recall from automaker Fiat-Chrysler shocked many who were still unaware at the ease of hacking modern-day vehicles. The research covered what is called a “zero-day exploit” hack, which enabled a test vehicle to be fully hijacked simply from obtaining knowledge of the vehicle’s IP address.

The main culprit that was addressed by Fiat-Chrysler, which led to the voluntary recall of 1.4 million vehicles, was any car that came equipped with 8.4-inch touchscreens as part of the vehicle’s audio/video system.

Wired writer Andy Greenberg is back today with more information from security researchers who were able to show an even easier method to cause a potentially fatal crash in their Corvette test vehicle.

It appears that today’s interconnected smart gadgets and modern computing applications are making cars one of the more vulnerable everyday items open to life-changing hacks. Like cutting the brakes….

As you’ll see in this video, it only takes a smartphone for an outside operator to take full remote control.



As Greenberg reports:

At the Usenix security conference today, a group of researchers from the University of California at San Diego plan to reveal a technique they could have used to wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving components—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.[…]

The device that the UCSD researchers exploited for those attacks was a so-called OBD2 dongle built by the France-based firm Mobile Devices, but distributed by corporate customers like the San Francisco-based insurance startup Metromile. Metromile, the only one of those corporate distributors whose devices the researchers fully analyzed, is an insurance company that gives its customers the cellular-enabled devices, branded as the Metromile Pulse, to plug into a port on their dashboards as a means of tracking cars and charging drivers on a per-mile basis. The company has even partnered with Uber to offer the devices to its contract drivers as part of a discount insurance program. (emphasis added)

Similar to the response by Chrysler-Fiat, the researchers said that once alerted to the problem, the company quickly offered a security patch. However, according to the statements above, Metromile clearly isn’t the only distributor. They also used the same deflection as Chrysler-Fiat by saying that no one had reported the issue out in the field. But why wouldn’t these companies be properly testing in advance for these vulnerabilities? This is where the problem still remains according to researchers:

…the larger problem of wirelessly hackable dongles plugged into cars’ networks is far from solved. They say they also notified Mobile Devices of its hardware’s insecurity, and were told that the latest versions of the company’s dongles weren’t vulnerable to their attack. But the researchers nonetheless found in scans of the Internet using the search tool Shodan that in addition to the Metromile device, thousands of still-hackable Mobile Devices dongles were visible, mostly in Spain—possibly those used by the Spanish fleet management firm and Mobile Devices customer Coordina. Mobile Devices hasn’t responded to WIRED’s request for comment or for a list of its main customers.[…]

The problem is hardly limited to Metromile, Coordina, or even their device supplier Mobile Devices. The insurance company Progressive also offers so-called “telematics-based insurance” using a similar OBD2 plug-in it calls the Snapshot. Earlier this year security researcher Corey Thuen found that the Progressive Snapshot device had its own serious vulnerabilities, though Thuen didn’t demonstrate a proof-of-concept attack. And researchers at the cybersecurity firm Argus found that the Zubie, an OBD2 device for personal tracking of driving efficiency, had hackable flaws, too. (emphasis added)

And for those who might feel comfortable that this appears not to be a potentially widespread problem contained with other autos, Wired was quick to point out that it wasn’t a Corvette vulnerability, nor something only used in commercial transit:

…UCSD researchers say they could have hijacked the steering or brakes of just about any modern vehicle with the Mobile Devices dongle plugged into its dash. “It’s not just this car that’s vulnerable,” says UCSD researcher Karl Koscher. He points to the work of researchers Charlie Miller and Chris Valasek, who revealed and published the code for a wide array of attacks on a Toyota Prius and Ford Escape in 2013 that required only access to a vehicle’s OBD2 port. “If you put this into a Prius, there are libraries of attacks ready to use online.” (emphasis added)

Hackers are often maligned by media and governments as anarcho-terrorists who aim to bring nothing but disorder and destruction to the world, but fortunately some of them are doing the work that our supposedly trusted corporations should be doing.

This is a story worth paying attention to; it is most assuredly just the tip of the iceberg. It is also a useful topic to offer to those who would knee-jerk shout “conspiracy theory!” when presented with the strange events surrounding the fatal car crash of journalist Michael Hastings, for example.

Perhaps we can now start taking a much closer look at boats, planes, GPS-driven munitions, unmanned vehicles and even smart homes that also can be taken over via remote control.

Image Credits: Image source,  C3 Group, appearing on Forbes



For more information about hacking see http://nexusilluminati.blogspot.com/search/label/hacking
- Scroll down through ‘Older Posts’ at the end of each section


Hope you like this not for profit site -
It takes hours of work every day by a genuinely incapacitated invalid to maintain, write, edit, research, illustrate and publish this website from a tiny cabin in a remote forest
Like what we do? Please give anything you can -  
Contribute any amount and receive at least one New Illuminati eBook!
(You can use a card securely if you don’t use Paypal)
Please click below -



Spare Bitcoin change?




For further enlightening information enter a word or phrase into the random synchronistic search box @ the top left of http://nexusilluminati.blogspot.com


And see


 New Illuminati on Facebook - https://www.facebook.com/the.new.illuminati

New Illuminati Youtube Channel -  https://www.youtube.com/user/newilluminati/playlists

New Illuminati’s OWN Youtube Videos -  
New Illuminati on Google+ @ For New Illuminati posts - https://plus.google.com/u/0/+RamAyana0/posts

New Illuminati on Twitter @ www.twitter.com/new_illuminati


New Illuminations –Art(icles) by R. Ayana @ http://newilluminations.blogspot.com

The Her(m)etic Hermit - http://hermetic.blog.com



DISGRUNTLED SITE ADMINS PLEASE NOTE –
We provide a live link to your original material on your site (and links via social networking services) - which raises your ranking on search engines and helps spread your info further!

This site is published under Creative Commons (Attribution) CopyRIGHT (unless an individual article or other item is declared otherwise by the copyright holder). Reproduction for non-profit use is permitted & encouraged - if you give attribution to the work & author and include all links in the original (along with this or a similar notice).

Feel free to make non-commercial hard (printed) or software copies or mirror sites - you never know how long something will stay glued to the web – but remember attribution!

If you like what you see, please send a donation (no amount is too small or too large) or leave a comment – and thanks for reading this far…

Live long and prosper! Together we can create the best of all possible worlds…


From the New Illuminati – http://nexusilluminati.blogspot.com

2 comments:

  1. Great work done by author of this blog. I never seen such a beautiful and informative blog. Also the looks of the blog is awesome. Keep posting please.

    Black Magic Specialist in Delhi
    Vashikaran to Get Love Back
    Vashikaran Mantra to Attract Girl
    Vashikaran Mantra to Control Males
    Vashikaran Mantra to Get Love

    ReplyDelete
  2. Doctor Ruth was attempting to hack into my limo back in the 80's, I actually caught her doing it, and I asked her why. She said in a German accent, "I want to experiment with a vibrating passenger seat." I said ok, be my guest. Dr. Ruth achieved great success for every woman I drove never wanted to leave, they were oh so excited and always stated how great it was to cum inside my car

    ReplyDelete

Add your perspective to the conscious collective