Watch remote hackers easily take control of this Jeep and more

ronjor · Jul 21, 2015

by Molly Brown on July 21, 2015 at 9:18 am

In a great digital experiment, Wired reporter Andy Greenberg played the roll of “crash-test dummy” as two hackers took him for the ride of his life in this late-model Jeep.
Chrysler has issued a security patch for the data breach and is encouraging all owners to install the update.
Click to expand...

http://www.geekwire.com/2015/watch-remote-hackers-easily-take-control-of-this-jeep/

ronjor · Jul 22, 2015

Senate Bill Seeks Standards For Cars’ Defenses From Hackers
Andy Greenberg 07.21.15.

Markey and Blumenthal’s bill will have three major points, according to a spokesperson’s description. First, it will require the NHTSA and the FTC to set security standards for cars, including isolating critical software systems from the rest of a vehicle’s internal network, penetration testing by security analysts, and the addition of onboard systems to detect and respond to malicious commands on the car’s network. Second, it will ask those same agencies to set privacy standards, requiring carmakers to inform people of how they collect data from vehicles they sell, letting drivers opt out of that data collection and restricting how the information can be used for marketing. And finally, it will require manufacturers to display window stickers on new cars that rank their security and privacy protections.
Click to expand...

http://www.wired.com/2015/07/senate-bill-seeks-standards-cars-defenses-hackers/

xxJackxx · Jul 23, 2015

As the owner of a late model Chrysler vehicle I am greatly concerned about some of the technology used. The keyless systems are nice, but I suspect some day someone will just walk up and drive away with my car.

ronjor · Jul 24, 2015

Firewalls can't protect today's connected cars

Much of the auto industry's efforts to date have been about building a more secure internal bus

By Lucas Mearian Follow
Computerworld | Jul 24, 2015 3:00 AM PT
Click to expand...

http://www.computerworld.com/articl...walls-cant-protect-todays-connected-cars.html

Minimalist · Jul 24, 2015

Fiat Chrysler recalls 1.4 million cars after software bug is revealed

A few days after issuing a patch and reassuring owners that the attack that shut down the transmission and other systems remotely on a Jeep was not a huge risk, Fiat Chrysler has decided to recall nearly 1.5 million vehicles as a result of the bug exposed in the research.
Click to expand...

https://threatpost.com/fiat-chrysler-recalls-1-4-million-cars-after-software-bug-is-revealed

ronjor · Jul 25, 2015

Feedback Friday: Industry Reactions to Remote Car Hacking
By Eduard Kovacs on July 24, 2015

Experts contacted by SecurityWeek have shared some thoughts on the latest car hacking research, including the impact of the DMCA and other legal aspects, the importance of building secure systems, and possible solutions for mitigating attacks.
Click to expand...

http://www.securityweek.com/feedback-friday-industry-reactions-remote-car-hacking

ronjor · Jul 28, 2015

Senators call for investigation of potential safety, security threats from connected cars
Lucas Mearian (Computerworld (US)) on 29 July, 2015 04:39

U.S. Sens. Edward Markey and Richard Blumenthal urged the National Highway Traffic Safety Administration to investigate potential widespread risk for consumers because of vulnerabilities in auto information and entertainment systems.
Click to expand...

http://www.cso.com.au/article/58066...-safety-security-threats-from-connected-cars/

JRViejo · Jul 30, 2015

Until GM provides a software patch, Kamkar suggested that OnStar vehicle owners not open the RemoteLink app.
Click to expand...

Hacker shows he can locate, unlock and remote start GM vehicles by Lucas Mearian.

ronjor · Aug 1, 2015

Patch Your OnStar iOS App to Avoid Getting Your Car Hacked
Andy Greenberg 07.31.15
One car hack down, an entire industry of potentially vulnerable vehicles to go.

On Friday afternoon, GM OnStar announced a software update to its RemoteLink app for iPhone to patch a security vulnerability that could have been used from across the internet to track GM vehicles, unlock their doors, start their ignitions, and even access the car owner’s email and address.
Click to expand...

http://www.wired.com/2015/07/patch-gm-onstar-ios-app-avoid-wireless-car-hack/

ronjor · Aug 4, 2015

August 04, 2015
Doug Olenick, Online Editor
Harman Kardon claims only Chrysler vehicles may have vulnerable system

Auto entertainment systems provider Harman Kardon said Monday that only Chrysler vehicles were supplied with potentially exploitable infotainment systems, despite the fact that a federal probe has been opened to investigate if the systems were installed in other car brands.
Click to expand...

http://www.scmagazine.com/no-other-vehicles-with-vulnerable-system/article/430363/

ronjor · Aug 6, 2015

Tesla patches Model S after researchers hack car's software
With physical access to the car, the researchers were able to exploit six flaws and eventually access the infotainment system
Fred O'Connor (IDG News Service) on 07 August, 2015 06:01
Click to expand...

http://www.cso.com.au/article/581433/tesla-patches-model-after-researchers-hack-car-software/

Amanda · Aug 6, 2015

I'm guessing that if it's easy to crack'em it's also easy to secure them?

ronjor · Aug 6, 2015

Not sure how easy it is but it is fixed in Tesla's case.

ronjor · Aug 10, 2015

BlackBerry denies its OS was to blame in Jeep Cherokee hack
By Joab Jackson Follow
IDG News Service | Aug 10, 2015 2:00 PM PT
Responding to an accusatory blog post, BlackBerry has again denied that its embedded operating system caused the potentially dangerous vulnerability recently demonstrated in Chrysler Jeep Cherokees.
Click to expand...

http://www.networkworld.com/article...ts-os-was-to-blame-in-jeep-cherokee-hack.html

ronjor · Aug 11, 2015

Hackers Cut a Corvette’s Brakes Via a Common Car Gadget
Andy Greenberg 08.11.15.
At the Usenix security conference today, a group of researchers from the University of California at San Diego plan to reveal a technique they could have used to wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency.
Click to expand...

http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/

ronjor · Aug 13, 2015

Your BMW or Benz Could Also Be Vulnerable to That GM OnStar Hack
Andy Greenberg 08.13.15
If you thought your pricey Benz or Bimmer had escaped the rash of recent hacks affecting Chrysler and GM cars, think again.
Click to expand...

http://www.wired.com/2015/08/bmw-benz-also-vulnerable-gm-onstar-hack/

ronjor · Aug 14, 2015

VW Has Spent Two Years Trying to Hide a Big Security Flaw
Got a VW, Fiat, Audi, Ferrari, Porsche or Maserati? Then you might want to check the model.
By Olivia Solon
Click to expand...

http://www.bloomberg.com/news/artic...-two-years-trying-to-hide-a-big-security-flaw

BoerenkoolMetWorst · Aug 14, 2015

Since it concerns a lot more brands, I think it would be a good idea to rename this thread.

From the paper mentioned in the article ronjor just posted:

The transponder uses a 96-bit secret key and a proprietary cipher in order to authenticate to the vehicle. Furthermore, a 32-bit PIN code is needed in order to be able to write on the memory of the transponder.
Click to expand...

Many of the keys that we recovered using the previous attack had very low entropy and exhibit a well deﬁned pattern, i.e., the ﬁrst 32 bits of the key are all zeros.
Click to expand...

For a few years already, there are contactless smart cards on the market [48, 50] which implement AES and have a fairly good pseudo-random number generator. It is surprising that the automotive industry is reluctant to migrate to such transponders considering the cost difference of a better chip (≤ 1 USD) in relation to the prices of high-end car models (≥ 50,000 USD). Since most car keys are actually fairly big, the transponder design does not really have to comply with the (legacy) constraints of minimal size.
Click to expand...

So much fail...
https://www.usenix.org/sites/default/files/sec15_supplement.pdf

ronjor · Aug 19, 2015

Security flaws could allow attackers to steal over 100 different cars
Posted on 19 August 2015. Zeljka Zora
Since 2012, a trio of European researchers knew that the Megamos Crypto transponder - used in a over 100 cars manufactured by Audi, Ferrari, Fiat, Cadillac, Volkswagen and two dozen more automakers around the world - sports vulnerabilities that can be exploited by attackers to start the cars without needing to have the key (i.e. the passive RFID tag embedded in it).
Click to expand...

http://www.net-security.org/secworld.php?id=18784

ronjor · Aug 23, 2015

Highway to hack: why we’re just at the beginning of the auto-hacking era
A slew of recently-revealed exploits show gaps in carmakers' security fit and finish.
by Sean Gallagher - Aug 23, 2015 10:00am CDT
Click to expand...

http://arstechnica.com/security/201...ust-at-the-beginning-of-the-auto-hacking-era/

Kobayashi maru · Aug 23, 2015

xxJackxx said: ↑

As the owner of a late model Chrysler vehicle I am greatly concerned about some of the technology used. The keyless systems are nice, but I suspect some day someone will just walk up and drive away with my car.
Click to expand...

How about: Get an autonomous vehicle and you may be in it while it takes you for the ride of your life as well. Or the roadtrains comprised of all manner of vehicles controlled by the front one, being a source of much pain and agony for many.

Won't happen? History suggests the possibility exists, and as is usual with technology these days, it seems these bridges will be crossed when they are arrived at. However, sadly, the lesson will be learnt too late, even though the future can be pretty much summed up already.

Keatah · Aug 24, 2015

Why do a car's vital systems need to made vulnerable and available to outside hacking all of a sudden? Didn't they work fine for the past 100 years?

Kobayashi maru · Aug 24, 2015

Convenience is a powerful selling tool when you're dealing with the lazy, or those who don't understand the implications these 'helpful' features provide. Do we really need cars that self park, when this what a licenced person should be able to do as part of the qualified driver deal?

ronjor · Aug 25, 2015

Car Hacker Charlie Miller Leaves Twitter
By Eduard Kovacs on August 25, 2015
The security expert, hired by Twitter in September 2012, hasn’t said why he is leaving the company, or what he plans on doing next. However, considering that his latest research focused on hacking connected vehicles, some speculate that he might have been recruited by a car maker.
Click to expand...

http://www.securityweek.com/car-hacker-charlie-miller-leaves-twitter

ronjor · Aug 26, 2015

High-tech vehicle systems get short shrift by many drivers
Apple CarPlay and Google Android Auto are among the features owners said they don't want, according to JD Power
By Lucas Mearian Computerworld | Aug 26, 2015 11:33 AM PT
Click to expand...

http://www.computerworld.com/articl...systems-get-short-shrift-by-many-drivers.html

Log in or Sign up

Watch remote hackers easily take control of this Jeep and more

ronjor Global Moderator

ronjor Global Moderator

xxJackxx Registered Member

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

JRViejo Super Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Amanda Registered Member

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

ronjor Global Moderator

Kobayashi maru Registered Member

Keatah Registered Member

Kobayashi maru Registered Member

ronjor Global Moderator

ronjor Global Moderator

Log in or Sign up

Watch remote hackers easily take control of this Jeep and more

ronjor Global Moderator

ronjor Global Moderator

xxJackxx Registered Member

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

JRViejo Super Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Amanda Registered Member

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

ronjor Global Moderator

Kobayashi maru Registered Member

Keatah Registered Member

Kobayashi maru Registered Member

ronjor Global Moderator

ronjor Global Moderator

Useful Searches