All your cars are belong to us

New FCA program will reward and pay hackers

Bounties pay up to $1,500 and focus on Uconnect system

Rather than fighting software hackers, Fiat Chrysler Automobiles wants to reward them. FCA today launched a new hacker bounty program that will dole out monetary rewards to anyone who identifies and reports a security weakness in FCA?s software.

FCA is launching the program on crowdsourcing website Bugcrowd (www.bugcrowd.com). According to Bugcrowd?s site, its main purpose is to ?bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.? The list of prominent companies also on Bugcrowd includes Tesla Motors, which was the first automaker to offer bounties to hackers.

FCA says it will pay at least $150 and up to $1,500 for each hack. According to FCA?s page on Bugcrowd, the automaker is asking hackers to focus on vulnerabilities to its Uconnect infotainment system, especially with the way it interacts with iOS and Android personal devices. FCA also includes a long list of hacks that are excluded from the bounty. So far, 83 hackers have joined FCA?s program and four bounties have been rewarded.

Last year, FCA was the target of a software breach when two hackers demonstrated how they were able to control a Jeep Cherokee remotely through its Uconnect system. The hackers were able to manipulate most of the vehicle?s systems, and even went as far as disabling the brakes, transmission, and steering. The hackers were later hired on by Uber to help develop its autonomous driving technology.
 
All your cars are belong to us


Do programmers think people won't hack into their stuff based on good feelings and happy dreams? Get real. You need to have redundant sensors so that the system can double triple check things to ensure what it's seeing is actually there. Furthermore, this still means I can fuck with an autopilot car by constantly braking and accelerating for no obvious reason. :p
 
Last edited:
programmers will more than aware of the risks...the management on the other hand...
 
When did trucks get OBDII? Cars got it in the mid 90's.
 
I think it was mandatory for trucks since 2005, but probably present in most trucks earlier.
 
Keyless systems of older VW Group cars can be hacked, researchers say

Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars.
http://europe.autonews.com/article/...r-vw-group-cars-can-be-hacked-researchers-say


Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button
Shared global security keys blamed
http://www.theregister.co.uk/2016/08/11/car_lock_hack/


100 Million Vehicles, 4 Secret Keys
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/
 
Last edited:
A Chinese hacking collective has released a video purporting to show the first remote hack of a Tesla vehicle, just a day after Elon Musk?s company announced a rollout of new safety features for its Autopilot software.

The hack was carried out by Keen Security Lab and shows the team controlling the brakes from 12 miles away
http://www.wired.co.uk/article/tesla-remotely-hacked-by-chinese-collective-keen

http://keenlab.tencent.com/en/2016/...Hacking-Research-Remote-Attack-to-Tesla-Cars/


 
Last edited:
Keyless Gone

TL;DR

Locks that do not require user interaction are generally insecure.
The Chaos Computer Club Aachen demonstrates a simple and cheap device for opening Keyless Go / Keyless Entry cars with a large distance to the key.

Summary

Keyless Go and Keyless Entry Systems allow a driver to open and start a vehicle without his or her interaction. In theory this should only be possible if the key is in a very close range to the the car?s sensors, for example in the driver?s pocket or handbag. Unfortunately the distance ?measurement? is often if not always based on the strength of low frequency (LF, in our test case 125kHz) probing signals from the car, that can easily be relayed over long distances.

This is a well kown but broadly ignored security flaw. To spread the knowledge and increase the manufacturer?s motivation to fix this problem, we built a practical ~90? attack tool on Keyless Go / Keyless Entry Systems. It allows the attacker to easily open and start the car, even if the key is out of range, by relaying the LF signal.

https://aachen.ccc.de/keyless-gone/

Ford and BMW mentioned in the article
http://www.autobild.de/artikel/sicherheitsrisiko-keyless-go-5413582.html <<--- video


Anyone speaking German find anything more in the articles?
 
Last edited:
Top