All your cars are belong to us

GRtak

Forum Addict
Joined
Sep 6, 2008
Messages
18,988
Location
Michigan USA
New FCA program will reward and pay hackers

Bounties pay up to $1,500 and focus on Uconnect system

Rather than fighting software hackers, Fiat Chrysler Automobiles wants to reward them. FCA today launched a new hacker bounty program that will dole out monetary rewards to anyone who identifies and reports a security weakness in FCA?s software.

FCA is launching the program on crowdsourcing website Bugcrowd (www.bugcrowd.com). According to Bugcrowd?s site, its main purpose is to ?bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.? The list of prominent companies also on Bugcrowd includes Tesla Motors, which was the first automaker to offer bounties to hackers.

FCA says it will pay at least $150 and up to $1,500 for each hack. According to FCA?s page on Bugcrowd, the automaker is asking hackers to focus on vulnerabilities to its Uconnect infotainment system, especially with the way it interacts with iOS and Android personal devices. FCA also includes a long list of hacks that are excluded from the bounty. So far, 83 hackers have joined FCA?s program and four bounties have been rewarded.

Last year, FCA was the target of a software breach when two hackers demonstrated how they were able to control a Jeep Cherokee remotely through its Uconnect system. The hackers were able to manipulate most of the vehicle?s systems, and even went as far as disabling the brakes, transmission, and steering. The hackers were later hired on by Uber to help develop its autonomous driving technology.
 

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,251

93Flareside

Döner Kebab enthusiast
DONOR
Joined
Jul 20, 2009
Messages
16,610
Location
42 miles outside of Chicago
Car(s)
‘18 VW Golf GTI, '87 Mercury Colony Park
All your cars are belong to us

Do programmers think people won't hack into their stuff based on good feelings and happy dreams? Get real. You need to have redundant sensors so that the system can double triple check things to ensure what it's seeing is actually there. Furthermore, this still means I can fuck with an autopilot car by constantly braking and accelerating for no obvious reason. :p
 
Last edited:

bone

"bangle for president"
DONOR
Joined
Jan 14, 2004
Messages
16,492
Location
belgium!!
Car(s)
Volvo V40 & Yamaha Banshee
programmers will more than aware of the risks...the management on the other hand...
 

Perc

Very Odd Looking Vehicular Object
Joined
Mar 31, 2008
Messages
4,776
Location
Finland
Car(s)
4x4 diesel barge
When did trucks get OBDII? Cars got it in the mid 90's.
 

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,251
Keyless systems of older VW Group cars can be hacked, researchers say

Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars.
http://europe.autonews.com/article/20160811/COPY/308119941/keyless-systems-of-older-vw-group-cars-can-be-hacked-researchers-say


Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button
Shared global security keys blamed
http://www.theregister.co.uk/2016/08/11/car_lock_hack/


100 Million Vehicles, 4 Secret Keys
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/
 
Last edited:

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,251

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,251
A Chinese hacking collective has released a video purporting to show the first remote hack of a Tesla vehicle, just a day after Elon Musk?s company announced a rollout of new safety features for its Autopilot software.

The hack was carried out by Keen Security Lab and shows the team controlling the brakes from 12 miles away
http://www.wired.co.uk/article/tesla-remotely-hacked-by-chinese-collective-keen

http://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/


 
Last edited:

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,251
Keyless Gone

TL;DR

Locks that do not require user interaction are generally insecure.
The Chaos Computer Club Aachen demonstrates a simple and cheap device for opening Keyless Go / Keyless Entry cars with a large distance to the key.

Summary

Keyless Go and Keyless Entry Systems allow a driver to open and start a vehicle without his or her interaction. In theory this should only be possible if the key is in a very close range to the the car?s sensors, for example in the driver?s pocket or handbag. Unfortunately the distance ?measurement? is often if not always based on the strength of low frequency (LF, in our test case 125kHz) probing signals from the car, that can easily be relayed over long distances.

This is a well kown but broadly ignored security flaw. To spread the knowledge and increase the manufacturer?s motivation to fix this problem, we built a practical ~90? attack tool on Keyless Go / Keyless Entry Systems. It allows the attacker to easily open and start the car, even if the key is out of range, by relaying the LF signal.
https://aachen.ccc.de/keyless-gone/

Ford and BMW mentioned in the article
http://www.autobild.de/artikel/sicherheitsrisiko-keyless-go-5413582.html <<--- video


Anyone speaking German find anything more in the articles?
 
Last edited:
Top