- Aug 1, 2006
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/Wi-Fi hack disables Mitsubishi Outlander's theft alarm
http://www.infosecurity-magazine.com/news/researchers-find-bugs-in?utm_source=twitterfeed&utm_medium=twitterResearchers are warning BMW drivers of two newly discovered vulnerabilities in the car manufacturer?s ConnectedDrive web portal which could allow attackers to interfere with the automobile?s settings.
Bounties pay up to $1,500 and focus on Uconnect system
Rather than fighting software hackers, Fiat Chrysler Automobiles wants to reward them. FCA today launched a new hacker bounty program that will dole out monetary rewards to anyone who identifies and reports a security weakness in FCA?s software.
FCA is launching the program on crowdsourcing website Bugcrowd (www.bugcrowd.com). According to Bugcrowd?s site, its main purpose is to ?bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.? The list of prominent companies also on Bugcrowd includes Tesla Motors, which was the first automaker to offer bounties to hackers.
FCA says it will pay at least $150 and up to $1,500 for each hack. According to FCA?s page on Bugcrowd, the automaker is asking hackers to focus on vulnerabilities to its Uconnect infotainment system, especially with the way it interacts with iOS and Android personal devices. FCA also includes a long list of hacks that are excluded from the bounty. So far, 83 hackers have joined FCA?s program and four bounties have been rewarded.
Last year, FCA was the target of a software breach when two hackers demonstrated how they were able to control a Jeep Cherokee remotely through its Uconnect system. The hackers were able to manipulate most of the vehicle?s systems, and even went as far as disabling the brakes, transmission, and steering. The hackers were later hired on by Uber to help develop its autonomous driving technology.
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/they?re now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car?s brakes or turning the vehicle?s steering wheel at any speed
How many new trucks are actually on the road?Hackers Hijack a Big Rig Truck?s Accelerator and Brakes
So far this is somewhat limited to needing access to the OBDII port, but there might be equipment out there that is vunerable to remote hacking too.
Do programmers think people won't hack into their stuff based on good feelings and happy dreams? Get real. You need to have redundant sensors so that the system can double triple check things to ensure what it's seeing is actually there. Furthermore, this still means I can fuck with an autopilot car by constantly braking and accelerating for no obvious reason.tesla autopilot sabotage
http://europe.autonews.com/article/20160811/COPY/308119941/keyless-systems-of-older-vw-group-cars-can-be-hacked-researchers-sayKeyless systems of older VW Group cars can be hacked, researchers say
Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars.
http://www.theregister.co.uk/2016/08/11/car_lock_hack/Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button
Shared global security keys blamed
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/100 Million Vehicles, 4 Secret Keys
the whole paper:
http://europe.autonews.com/article/20160827/COPY/308279952/fiat-chrysler-tries-to-protect-vehicle-security-codesFiat Chrysler tries to protect vehicle security codes
updates were made on Thursday, Aug. 25, just weeks after police in Houston arrested two men believed to be part of a vehicle-theft ring. The ring is accused of stealing more than 100 Jeep and Ram vehicles using little more than a laptop computer, an OBD-II plug and software.
http://www.wired.co.uk/article/tesla-remotely-hacked-by-chinese-collective-keenA Chinese hacking collective has released a video purporting to show the first remote hack of a Tesla vehicle, just a day after Elon Musk?s company announced a rollout of new safety features for its Autopilot software.
The hack was carried out by Keen Security Lab and shows the team controlling the brakes from 12 miles away
Locks that do not require user interaction are generally insecure.
The Chaos Computer Club Aachen demonstrates a simple and cheap device for opening Keyless Go / Keyless Entry cars with a large distance to the key.
Keyless Go and Keyless Entry Systems allow a driver to open and start a vehicle without his or her interaction. In theory this should only be possible if the key is in a very close range to the the car?s sensors, for example in the driver?s pocket or handbag. Unfortunately the distance ?measurement? is often if not always based on the strength of low frequency (LF, in our test case 125kHz) probing signals from the car, that can easily be relayed over long distances.
This is a well kown but broadly ignored security flaw. To spread the knowledge and increase the manufacturer?s motivation to fix this problem, we built a practical ~90? attack tool on Keyless Go / Keyless Entry Systems. It allows the attacker to easily open and start the car, even if the key is out of range, by relaying the LF signal.