jack_christie
Forum Addict
- Joined
- Aug 1, 2006
- Messages
- 9,650
http://www.autocar.co.uk/car-news/industry/car-hacking-how-cyber-security-steppingHarman has launched new software to tackle the increasing threat of car hacking
http://www.autocar.co.uk/car-news/industry/car-hacking-how-cyber-security-steppingHarman has launched new software to tackle the increasing threat of car hacking
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/Wi-Fi hack disables Mitsubishi Outlander's theft alarm
http://www.infosecurity-magazine.co...-in?utm_source=twitterfeed&utm_medium=twitterResearchers are warning BMW drivers of two newly discovered vulnerabilities in the car manufacturer?s ConnectedDrive web portal which could allow attackers to interfere with the automobile?s settings.
Bounties pay up to $1,500 and focus on Uconnect system
Rather than fighting software hackers, Fiat Chrysler Automobiles wants to reward them. FCA today launched a new hacker bounty program that will dole out monetary rewards to anyone who identifies and reports a security weakness in FCA?s software.
FCA is launching the program on crowdsourcing website Bugcrowd (www.bugcrowd.com). According to Bugcrowd?s site, its main purpose is to ?bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.? The list of prominent companies also on Bugcrowd includes Tesla Motors, which was the first automaker to offer bounties to hackers.
FCA says it will pay at least $150 and up to $1,500 for each hack. According to FCA?s page on Bugcrowd, the automaker is asking hackers to focus on vulnerabilities to its Uconnect infotainment system, especially with the way it interacts with iOS and Android personal devices. FCA also includes a long list of hacks that are excluded from the bounty. So far, 83 hackers have joined FCA?s program and four bounties have been rewarded.
Last year, FCA was the target of a software breach when two hackers demonstrated how they were able to control a Jeep Cherokee remotely through its Uconnect system. The hackers were able to manipulate most of the vehicle?s systems, and even went as far as disabling the brakes, transmission, and steering. The hackers were later hired on by Uber to help develop its autonomous driving technology.
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/they?re now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car?s brakes or turning the vehicle?s steering wheel at any speed
Hackers Hijack a Big Rig Truck?s Accelerator and Brakes
So far this is somewhat limited to needing access to the OBDII port, but there might be equipment out there that is vunerable to remote hacking too.
tesla autopilot sabotage
https://www.wired.com/2016/08/hackers-fool-tesla-ss-autopilot-hide-spoof-obstacles
How many new trucks are actually on the road?
How many new trucks are actually on the road?
http://europe.autonews.com/article/...r-vw-group-cars-can-be-hacked-researchers-sayKeyless systems of older VW Group cars can be hacked, researchers say
Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars.
http://www.theregister.co.uk/2016/08/11/car_lock_hack/Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button
Shared global security keys blamed
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/100 Million Vehicles, 4 Secret Keys
http://europe.autonews.com/article/...ysler-tries-to-protect-vehicle-security-codesFiat Chrysler tries to protect vehicle security codes
updates were made on Thursday, Aug. 25, just weeks after police in Houston arrested two men believed to be part of a vehicle-theft ring. The ring is accused of stealing more than 100 Jeep and Ram vehicles using little more than a laptop computer, an OBD-II plug and software.
http://www.wired.co.uk/article/tesla-remotely-hacked-by-chinese-collective-keenA Chinese hacking collective has released a video purporting to show the first remote hack of a Tesla vehicle, just a day after Elon Musk?s company announced a rollout of new safety features for its Autopilot software.
The hack was carried out by Keen Security Lab and shows the team controlling the brakes from 12 miles away
Keyless Gone
TL;DR
Locks that do not require user interaction are generally insecure.
The Chaos Computer Club Aachen demonstrates a simple and cheap device for opening Keyless Go / Keyless Entry cars with a large distance to the key.
Summary
Keyless Go and Keyless Entry Systems allow a driver to open and start a vehicle without his or her interaction. In theory this should only be possible if the key is in a very close range to the the car?s sensors, for example in the driver?s pocket or handbag. Unfortunately the distance ?measurement? is often if not always based on the strength of low frequency (LF, in our test case 125kHz) probing signals from the car, that can easily be relayed over long distances.
This is a well kown but broadly ignored security flaw. To spread the knowledge and increase the manufacturer?s motivation to fix this problem, we built a practical ~90? attack tool on Keyless Go / Keyless Entry Systems. It allows the attacker to easily open and start the car, even if the key is out of range, by relaying the LF signal.