Cars 2.0 : Hacking by hi-fi & Playing catch-up

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
Cars 2.0

Are connected vehicles vulnerable to cyberattack? Let’s explain.

Researchers at the University of California and the University of Washington have created the world’s first zombie car, using wireless cyberattacks to seize complete control of a modern saloon. The attacks compromised every embedded electronic system in the vehicle, from the lights and CD player to in-car communications, GPS, locks, alarms and brakes.

The researchers were able to unlock the car, disable alarms anti start the engine, track journeys by GPS, and even record conversations inside the car. Now the automotive industry is scrambling to reassure drivers that their cars are unlikely to be hijacked while in the fast lane of the motorway.

Yoshi Kohno is part of a University of Washington team that first attacked automotive security systems last year, with malware called CarShark that required a physical connection to a car’s diagnostic port. “A mechanic or valet might be able to do that, but it’s a bit farfetched,” he says. “So we wondered if we could gain access to a car’s internal computer network without ever having to physically touch it.”

It turns out that they could and in several ways. One method required hacking a wireless diagnostic tool used by garages but others could be carried out by anyone with a laptop or even a mobile phone.

Hacking outside the box

Now that digital technology pervades our everyday lives, laptops and websites are far from the only potential targets for cybercriminals. Embedded systems are a security scandal waiting to happen, and they can be found almost everywhere.

Power crazed
Researchers at this summer’s Defcon security conference in Las Vegas unveiled a device that could compromise security systems and baby monitors using powerline technology (sending information over domestic electricity circuits). By plugging their device into an outside socket, the researchers were able to monitor cameras and disrupt alarm systems.

Lethal injection
Many modern medical devices use short range wireless communications for control and feedback. One researcher has demonstrated that he can force a personal insulin pump to inject dangerous quantities of the drug or shut itself off altogether. Another has shown that he could turn off pacemakers remotely.

Keep your trousers buttoned at this year’s Christmas party. Cloud security firm Zscaler recently posted dozens of images that it had downloaded from web-enabled scanners in businesses and private homes. Unsecured web servers built into high-end models were the culprits.

Hacking by hi-fi

Loading malware on a CD and playing it in the car’s media centre was one trick. Others involved attacks via Bluetooth and dialling up the car’s built-in telematics system. Using this technique, Kohno’s team was able to control a car remotely by playing an audio file ‘song’ down a standard phone line. Once they had accessed even one corner of the car’s network, the researchers were able t enslave the entire vehicle, says Kohno: “It turns out that it’s very hard to segregate components within a car. For example, think about a modern luxury car that turns up the radio as you accelerate. That means there’s communication going on to tell the radio the car is going faster or slower.” Electronic systems in cars have always had weaknesses but, as with PCs, it took the arrival of digital connectivity to amplify the dangers. Cars are getting enhanced calling systems, web connectivity and app stores hut manufacturers haven’t paid much attention to security issues,” says Kohno.

Stephen Checkoway of the University of California agrees: “Modern cars have tens to hundreds of computers running millions of lines of code rife with old vulnerabilities. One problem is the business model of the auto makers. Manufacturers outsource components, then take a bunch of widgets and stick them together. They don’t have the source code so they can’t do security audits or check for vulnerabilities. Almost without exception, every bug we found lay at the intersection of two components.”

Playing catch-up

Raj Samani, Chief Technology Officer for security firm McAfee in Europe, sees it from another angle. “The pace of change with cars and embedded systems is dramatically fast,” he says. “99 times out of 100, we’re trying to play catch up with new risks that are coming. We’re going at a million miles an hour.”

That is not the best speed at which to make major changes. Updating embedded systems software should be feasible but you don’t want your car to do a software update while you’re driving at 60mph,” says Kohno.

It’s better to include security features from the ground up, says Samani: “The cost of recalling a car is significant. It’s much more cost effective to build in security by design.” Some manufacturers are leading the way. Vehicles using Ford’s Microsoft-developed Sync system have a hardware firewall to regulate information flow between the entertainment and control computers, and prevent the car’s media player from downloading or running any new code.

Building cyber-secure cars for tomorrow is clearly sensible, but it doesn’t help us today. “Many of today’s automotive systems were not designed with security in mind, admits Kohno, before explaining that even his team of experienced computer security academics took several ears to uncover all the vulnerabilities of their test car. I don’t think people need to immediately cringe and worry about these threats in the near future,” he says. “What scares me most is industry, government and third parties not proactively trying to secure future automobiles that will be even more communicative.”

Description: Malware can be loaded onto a car’s computers via the hi-fi system

Malware can be loaded onto a car’s computers via the hi-fi system

Cat Hackforth: Speed of security

“As Stephen Checkoway points out, the weakest points in an IT system are typically the intersections between pieces of technology, and the more connected hardware becomes, the more links there are and the more potential vulnerabilities.

That said, I think we should be heartened by his team’s ability to enslave a car-by seeking out a worst-case scenario, they hay enabled security developers to stay ahead of would-be hackers.

Early computer networks were particularly vulnerable to exploitation because it was unexpected- Robert Tappan Morris, the creator of the first computer worm, claimed even he didn’t realise what he had released on the world. Teams like Checkoway’s are testing modern cars to the limit before disaster strikes and, importantly, security companies are taking notice.

It’s also worth remembering that features like keyless entry are designed to solve a much more likely form of car crime- thieves hooking a piece of wire through a letterbox and fishing for keys near the front door. Your average car thief looks for an easy opportunity, and placing a data CD in the stereo isn’t it. If they have access to the stereo, they’re already behind the wheel.

Improvements in security technology have seen UK car thefts drop from 600,000 a year in 1990 to 107,000 in 2010, and I’m willing to bet that trend will continue for many years.

Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us