Car Hacking Shifts Into High Gear

  /     /     /  
Publicated : 22/11/2024   Category : security


Car Hacking Shifts Into High Gear


Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.



If a cars brakes suddenly fail and send it careening uncontrollably into a ditch, how do you know whether it was a mechanical failure or the work of a malicious hacker?
Theres no foolproof way today to prove a car was hacked. Lucky for 
Wired journalist Andy Greenberg
--who recently served as a live crash-test dummy for famed car security hackers Charlie Miller and Chris Valaseks latest car hacking research--a nerve-wracking sudden full stop of the 2014 Jeep Cherokee he was driving at 70mph on a St. Louis highway was the handiwork of the white hat hackers from their laptops some 10 miles away in Millers living room.
The dramatic and controversial live car hack demonstration got plenty of attention this week, including from lawmakers and automakers. Fiat Chrysler issued a security update to the vulnerability found by Miller and Valasek prior to the demo going public; Senators Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) announced
proposed legislation for federal standards to secure cars from cyberattacks and to protect owners privacy
; and the ICS-CERT issued an alert about Fiat Chryslers patch.
Miller and Valasek believe they are still way ahead of the bad guys when it comes to car hacking.
At Black Hat USA next month, they will reveal details of the vulnerability
they found and exploited in the Uconnect infotainment system, which affects up to 400,000 Fiat Chrysler vehicles. They plan to show the code and some other tools they wrote, but they wont release the firmware for the chip they reprogrammed for the hack. Its the difference between turning up the radio loud and being able to turn the steering wheel. We feel we shouldn’t give that out, says Valasek, who heads up the vehicle security research practice at security firm IOActive.
The zero-day vulnerability in Uconnect, meanwhile, was pretty simplistic, Valasek says, and they found it within a couple of weeks of their tinkering. The hard part was getting firmware from the chip that interacts with the car and reverse-engineering it so we could do the next step and reprogram it so they could send it messages via the cars internal CAN bus network, he says.
Miller and Valasek were able to control a 2014 Jeep Cherokees steering, braking, high beams, turn signals, windshield wipers and fluid, and door locks, as well as reset the speedometer and tachometer, kill the engine, and disengage the transmission so the accelerator pedal failed.
The important piece was getting on wirelessly, and making that lateral-wise movement to the actual controls of the car, Valasek says. He and Miller initially began hacking away via the cars WiFi, and then realized they could do the same exploits via its cellular connection. They also discovered that if an attacker knows a cars IP address, he can hack it from any location within the US.
The researchers in their Black Hat presentation also plan to release a paper on the process they underwent to hack the Jeep. But it wont be a how-to for car hacking: This is not a step-by-step instructions on how to hack a car, Valasek says. Its instead aimed at people who want to perform security assessments of a vehicle, he says.
Fiat Chryslers software update for the infotainment system was in response to the researchers findings (the researchers shared their research with the carmaker in advance). But the patch is not as straightforward as it sounds: it entails a manual update via a USB stick or a visit to a dealers service center. And the advisory also doesnt actually spell out that its a security fix. It says its an improvement for your radio but not that its a vulnerability patch, he notes. So a [consumer] might say, my radio works fine and not patch, he says. The flaw affects Uconnect-equipped Chrysler vehicle models in late 2013, 2014, and early 2015.
Whether car owners will actually apply the update en masse is unclear: We are in uncharted territory, says Valasek.
Gualberto Ranieri, senior vice president of communications at Fiat Chrysler, wrote
in a blog post
that the company is unaware of any real-world attacks: To FCA’s knowledge, 
there has not been a single real world incident of an unlawful or unauthorized remote hack
 into any FCA vehicle, he said.
Shifting Gears
Miller and Valasek have been on a wild ride over the past two years exploring just how a vehicle with network connectivity can be owned by an attacker for nefarious purposes. In their first car hack in 2013, they cracked open the dashboards of a 2010 Toyota Prius and the 2010 Ford Escape. and reverse-engineered the electronics in the vehicles, using their own hardware hacking tools to wrest control of the brakes, steering, and acceleration,
findings that they revealed at DEF CON
that summer. Last year, they published
a report on the most hackable vehicles
-- ones that they analyzed had unprotected networking features that would allow an attacker to break in and control them from afar.
At the top of their most hackable cars list: the 2014 Jeep Cherokee, as well as the 2014 Infiniti Q50 and 2015 Escalade. Miller and Valasek took that research to the next level with the latest car hack in dramatic fashion such that its even given the most hardcore security experts pause.
I have to say I do think it was quite daring and it may have been pushing the boundaries. But I also believe their motivation was more to … get peoples attention. It was a calculated risk they took to get some sunshine for the consumer public, says Mathew Desmond, manufacturing & heavy equipment domain subject matter expert at Cap Gemini. But I dont think anyone would recommend [doing what they did].
The auto industry was not amused. Demonstrations such as whats been described are concerning, and its uncomfortable to see the way in which this particular demonstration was done:  having a skilled test driver involved in the demonstration conducted on a closed course is one thing, but posing a risk to other drivers on open roads is clearly irresponsible.  Especially considering that there are now several forums for demonstrating ethical research in controlled settings, said Wade Newton, director of communications at the Alliance of Automobile Manufacturers, of which Fiat Chrysler, Ford, GM, BMW, Mazda, Porsche, Toyota, and Volvo are among its members.
[Sensor-based technology--with military drone roots--created to detect and automatically stop cyberattacks on cars. Read
Car-Hacking Prototype Passes Crash Test
.]
Miller and Valasek indeed have been the most high-profile researchers in car hacking. But other projects are under way elsewhere in the industry, including a public-private working group in the Commonwealth of Virginia that is testing
how state trooper cruisers could be sabotaged via cyberattacks
.
Theres no doubt cars can be attacked. Then the question is, how would we know? Today, theres nothing to collect to show a cyberattack on a vehicle, says Barry Horowitz, chair of the Systems and Information Engineering Department at the University of Virginia, which has conducted car hacking research. UVA also is involved in the Virginia State Trooper vehicle research.
Horowitz says carmakers must build their vehicles such that the infotainment center isnt vulnerable to physical control by an attacker. Why is the radio connected to the physical automation of the car? he says. There needs to be a physical gap between systems on the cars network, he says.
Automakers also should provide a way for investigators, such as state police, to gather forensic information at the scene of an car accident or incident in order to determine whether it was caused by a cyberattack.
Car Patch Tuesday?
Meanwhile, car software patching will become more and more common, security experts say. And consumers will have to start embracing it. BMW Group in February
issued an over the air security update
to its ConnectedDrive software running on some 2.2 million of its vehicles worldwide. The fix was for a hole that could allow an attacker to hijack or manipulate remote communications in some BMW, Rolls Royse, and Mini models SIM cards.
The challenge for the public is to start thinking about a vehicle like they would their Windows PCs operating system. They are accustomed to getting software updates there, Cap Geminis Desmond says. Theres going to have to be a mind shift, or a cultural shift.
Desmond, who previously worked on the vehicle software side of the industry, says hes confident that most automakers are already testing their networked systems and software for security holes that hackers could exploit. The cybersecurity piece of car safety will get ratcheted up, he says.
In the meantime, theres still some breathing room for carmakers now. It isnt a malicious attack in the wild, Valasek says of his and Millers research.  
Valasek says the gaping security holes he and Miller have found in cars havent scared him away from networked vehicles. I drove a 2014 Jeep Cherokee today, as a matter of fact, he says.
 

[Register now for
Black Hat USA
.]

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Car Hacking Shifts Into High Gear