Jump to content


Photo
- - - - -

Coming Soon: Malware For Your Car


  • Please log in to reply
65 replies to this topic

#51 desmo

desmo
  • Tech Forum Host

  • 12,974 posts
  • Joined: January 00

Posted 15 August 2013 - 13:12

Read this pollyanna: http://www.autosec.o...enixsec2011.pdf Unless you really are bound and determined to keep your head buried in the sand or despise being proven wrong in which case, then don't. I probably should have linked to this paper first.

Advertisement

#52 Bloggsworth

Bloggsworth
  • Member

  • 7,469 posts
  • Joined: April 07

Posted 15 August 2013 - 13:36

The world is a dangerous place. If I wanted to do harm to you via your car, two minutes with a pair of side-cutters on your brake lines would do the trick a lot more certainly than some airy fairy attempt to take remote control using your i-phone.


Contrary to the wild imaginings of Hollywood, television producers and crime writers, no driver would fail to discover cut brakes long before their lack became life threatening (Unless of course you start your journey steeply downhill and you don't press the brake pedal at any time before you start off on your journey to infinity and beyond).

#53 Bloggsworth

Bloggsworth
  • Member

  • 7,469 posts
  • Joined: April 07

Posted 15 August 2013 - 13:42

You FINALLY got there... :wave:

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.


And banks say that Chip & Pin is 100% secure... Today a laptop, tomorrow ? What needed a desktop 10 years ago can now be done on a mobile phone.

#54 Canuck

Canuck
  • Member

  • 1,650 posts
  • Joined: March 05

Posted 15 August 2013 - 18:48

You FINALLY got there... :wave:

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.

Ah...yes - it is I that didn't read the first paper, thinking that the video Desmo linked to was from that paper. In that video they discuss forced bluetooth pairing to the entertainment system that left no history in the paired devices control and provided no means to remove. From that forced connection, they were able to access the CAN network and execute control commands. Perhaps you read the paper and didn't watch the video. The first video posted is the group A - remote CAN access via existing vehicle infrastructures such as bluetooth and sat radio.

Everything required for a surreptitious jacking of a vehicle's control system is there.

#55 BRG

BRG
  • Member

  • 11,571 posts
  • Joined: September 99

Posted 15 August 2013 - 19:46

I probably should have linked to this paper first.

Ah, the familiar sound of people moving goalposts.

#56 desmo

desmo
  • Tech Forum Host

  • 12,974 posts
  • Joined: January 00

Posted 15 August 2013 - 22:55

I'm less concerned--unconcerned really--with playing games and keeping score about who is the cleverer at polemics and more so with getting the facts correct by whatever means are necessary. The facts here are both unambiguous and irrefutable. You can worry about goalposts etc. as pleases you.

#57 Peter3hg

Peter3hg
  • Member

  • 198 posts
  • Joined: February 10

Posted 16 August 2013 - 09:52

The research seems a bit flawed to me in regards to their methods for gaining access using Bluetooth and the telematics system. For the telematics system they say the telephone number is easy to ascertain with caller ID, which is fair enough, but why would the system be calling the hackers in the first place?
For the bluetooth method they had to forcefully break the PIN, but they admit that the PIN is renewed when the car is turned off and the average time to force the PIN is 10 hours so in reality forcefully breaking a PIN isn't as feasible as they make it seem, although still possible.

#58 Canuck

Canuck
  • Member

  • 1,650 posts
  • Joined: March 05

Posted 17 August 2013 - 03:00

One method of gaining entry to corporate IT systems is to "accidentally drop" an attractive, infected USB stick in the parking lot with the idea that someone curious will pick it up and pop it into their company machine where it quietly goes to work. Using that same concept, one could drop a prepared cd or DVD with appropriate "attractive" labelling. They claimed that a normal-sounding audio file could hide a hack via the entertainment unit. Maybe the hack is just to make pairing the Bluetooth an at-will matter or it triggers the telematics to call the hackers, thus revealing the ID.

Some folks will do it simply because it's a challenge, like many other current hacks. I would imagine far more likely that the authorities will, with a non-disclosable, undiscussable order, use the telematics as they exist to listen to conversations of persons of interest while mapping the vehicle's every move.

#59 saudoso

saudoso
  • Member

  • 4,632 posts
  • Joined: March 04

Posted 17 August 2013 - 12:41

Why is everyone ignoring the fact that wireless OBDII interfaces cost $20.00? No need to invent anything, just break in and plu the little bug there. No one will notice it under the dashboard.

Advertisement

#60 Bloggsworth

Bloggsworth
  • Member

  • 7,469 posts
  • Joined: April 07

Posted 18 August 2013 - 11:52

Anyone who believes this is foil cap country should be asking themselves why Ford are introducing firewalls and why McAfee are writing anti-virus software for car systems? Try reading the article in today's Sunday Times, plenty of info there. If Richard Clarke, a former US government national security co-ordinator, expressed the view that the death of Michael Hastings had the hallmarks of a "car cyber-attack; and Professor Yoshi Khono of the University of Washington found that they could hack a cars computer system using a doctored music CD, and by using Bluetooth to access a car's entertainment system, and playing an audio file song down the phone line who are we to gainsay them. Before you think that unlikely, in a car in which the volume of the radio is controlled by the car's ECU, so that it plays louder as the car speeds up, there is a software connection between the audio system and the ECU which can be hacked...

Edited by Bloggsworth, 18 August 2013 - 11:54.


#61 GreenMachine

GreenMachine
  • Member

  • 775 posts
  • Joined: March 04

Posted 19 August 2013 - 08:42

Why is everyone ignoring the fact that wireless OBDII interfaces cost $20.00? No need to invent anything, just break in and plu the little bug there. No one will notice it under the dashboard.


The OBD ports I am familiar with are fairly prominently mounted in the engine bay. I am not sure how big these wireless interfaces are, or how they could be hidden or disguised, but the first time the mechanic went looking for the port to plug in his gizmo ... :eek:

#62 Catalina Park

Catalina Park
  • Member

  • 5,707 posts
  • Joined: July 01

Posted 19 August 2013 - 10:21

The OBD ports I am familiar with are fairly prominently mounted in the engine bay. I am not sure how big these wireless interfaces are, or how they could be hidden or disguised, but the first time the mechanic went looking for the port to plug in his gizmo ... :eek:

It could be hidden quite easily they are not much bigger than the plug. If you made a piggy back setup you could even leave a stock looking plug in the right spot for the technician to plug into.
I would guess that you could fit it in about 20 seconds.


#63 saudoso

saudoso
  • Member

  • 4,632 posts
  • Joined: March 04

Posted 19 August 2013 - 10:55

This is what you buy for 20 bucks.

Posted Image

I'll not pretend to know OBDii at all but I can tell from first hand experience that this is read/write: I managed to switch off warning lights with ut.

Edited by saudoso, 19 August 2013 - 10:57.


#64 275 GTB-4

275 GTB-4
  • Member

  • 6,923 posts
  • Joined: February 03

Posted 20 August 2013 - 23:16

oh my god, car chase would be so boring from now if police have special hacking devices

:cool:

 

Especially when the bad guys arced up their countermeasure's and disabled all the following cop cars :rolleyes:



#65 ray b

ray b
  • Member

  • 2,564 posts
  • Joined: January 01

Posted 02 September 2013 - 00:07

so how old a car  is safe from both control and recording [speed+brake data] in a USA model

 

I like the air bags and ABS but not the recording some car do

and the wife will not like too old cars like my volvo 122

 

or does it vary by model refresh and not by year ?



#66 Lee Nicolle

Lee Nicolle
  • Member

  • 5,825 posts
  • Joined: July 08

Posted 04 September 2013 - 07:50

How true it is I do not know. A computer nerd I know reckons that on many models he can hack the the cars main computer and either stop the engine or basically make the engine full rich or no ignition advance. Either of which halves the power. This is by remote control from a moderate distance.
Anyone remotely smart can do that with a lap top.