Canada Kicks Ass
The FBI warns that car hacking is a real risk


BartSimpson @ Fri Jun 03, 2016 11:02 am

For everyone who loves Bluetooth and WiFi and OnStar... ... real-risk/

Note: Copy & Paste is blocked on this link and I do not have the tools to defeat it at this computer. :wink:


DrCaleb @ Fri Jun 03, 2016 11:16 am

It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee as I drove it down a St. Louis highway. Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously.

In a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks. The announcement doesn’t reveal any sign that the agencies have learned about incidents of car hacking that weren’t already public. But it cites all of last year’s car hacking research to offer a list of tips about how to keep vehicles secure from hackers and recommendations about what to do if you believe your car has been hacked—including a request to notify the FBI.

“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience,” the PSA reads. “Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”

The FBI and DOT’s advice includes keeping automotive software up to date and staying aware of any possible recalls that require manual security patches to your car’s code, as well as avoiding any unauthorized changes to a vehicle’s software and being careful about plugging insecure gadgets into the car’s network. Most of those tips stem directly from last year’s research demonstrations: After hackers Charlie Miller and Chris Valasek hacked the Jeep in July, Chrysler issued a 1.4 million vehicle recall and mailed USB drives with software updates to affected drivers. And the next month, researchers from the University of California at San Diego showed that a common insurance dongle plugged into a Corvette’s dashboard could be hacked to turn on the car’s windshield wipers or disable its brakes.

The announcement also notes that drivers should be careful about offering physical access to their vehicles to strangers. “In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle,” the announcement reads. (If only the FBI felt quite so strongly about keeping intruders out of your iPhone.)

Not much in the FBI’s warning is new information, says Chris Valasek, one of the two Jeep-hacking researchers. But he says the imprimatur of the FBI could make the threat of car hacking real for anyone who hasn’t considered the growing risk of digital attacks on connected vehicles. “It seems super delayed,” says Valasek. “But it’s good advice…people take the FBI seriously.”


DrCaleb @ Fri Jun 03, 2016 11:16 am

Valasek says the most significant part of the announcement may be its request that anyone who suspects their car has been hacked to get in contact with the FBI, along with the car manufacturer and the National Highway and Traffic Safety Administration. Until now, Valasek says, he and his fellow Jeep hacker Charlie Miller have themselves been bombarded with messages—credible and not-so-credible—from people who believe they’re car hacking victims. “Charlie and I get emails all the time from people who say ‘my car’s been hacked!'” he says. “The FBI is more than welcome to take that over.”


DrCaleb @ Fri Jun 03, 2016 11:18 am

I notice too, that the FBI is pressuring the government to make encryption that doesn't have great big holes in it illegal.

Sorry FBI, it doesn't work that way. If you want cars to be unhackable, then iPhones have to be as well.


DrCaleb @ Fri Jun 03, 2016 11:22 am

I remember this one recently too; the best way to hold cars for ransom wold be to hack the tools a dealership uses to diagnose problems. The next day, none of the cars work, unless you pay the ransom.

Over the last summer, the security research community has proven like never before that cars are vulnerable to hackers—via cellular Internet connections, intercepted smartphone signals, and even insurance dongles plugged into dashboards. Now an automotive security researcher is calling attention to yet another potential inroad to a car’s sensitive digital guts: the auto dealerships that sell and maintain those systems.

At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch. Smith’s invention, built with around $20 of hardware and free software that he’s released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of vehicles.

If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership’s testing equipment, which in turn would spread the malware to every vehicle the dealership services, kicking off an epidemic of nasty code capable of attacking critical driving systems like transmission and brakes, Smith said in his Derbycon talk. He called that car-hacking nightmare scenario an “auto brothel.”

“Once you compromise a dealership, you’d have a lot of control,” says Smith, who founded the open source car hacking group Open Garages, and wrote the Car Hacker’s Handbook. “You could create a malicious car…The worst case would be a virus-like system where a car pulls in, infects the dealership, and the dealership then spreads that infection to all the other cars.” ... -brothels/


BartSimpson @ Fri Jun 03, 2016 1:11 pm

And the next month, researchers from the University of California at San Diego showed that a common insurance dongle plugged into a Corvette’s dashboard could be hacked to turn on the car’s windshield wipers or disable its brakes.

A clever hacker would short Progressive Insurance stock and then start doing a few fatal hacks on cars using their invasive 'Snapshot' spy-tool. ... es-measure