It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee (news also noted in this blog). Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously.
The FBI Warns That Car Hacking Is a Real Risk article at http://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/ tells that in a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks.
We are really entering the era of Internet of Exploits.
The FBI and DOT’s advice includes keeping automotive software up to date and staying aware of any possible recalls that require manual security patches to your car’s code. You should also avoid any unauthorized changes to a vehicle’s software and being careful about plugging insecure gadgets into the car’s network.
156 Comments
Tomi Engdahl says:
Forces Clash over Auto Cyber Security
In pursuit of evidence-based testing
http://www.eetimes.com/document.asp?doc_id=1329750
he computer industry has long known that there is no such thing as a computer that won’t get hacked. If Tesla is a computer on wheels, as many would say, then it’s hackable.
The attack surfaces of current and future connected cars are myriad (ranging from unprotected buses and communication channels to downloaded apps and firmware updates), offering hackers a million different scenarios to exploit.
Automotive engineers today “are wide awake” to the potential of cybersecurity, said Mike Ahmadi, global director, critical systems security, Synopsys Software Integrity Group.
With a growing number connected cars and coming autonomous cars planned for rollout, automakers know they have a bullseye on their back. They know hackers are eager to hack cars. Security researchers like Billy Rios says, “I’d love to do it even if I had to do it free.”
The question now is how best to deal with this imminent threat.
A group of 60 engineers — including those at carmakers and tier ones — have banded together and formed a “cybersecurity testing requirements task force,” according to Ahmadi. Two months ago, Ahmadi was invited to chair the group, which is now officially approved and placed under the SAE Vehicle Cybersecurity Systems Engineering Committee.
They believe the answer lies in testing — testing not just functional safety but also non-functional safety. And they believe in documentations and standards.
It’s easy to roll your eyes when you hear about yet another industry group drafting industry standards. But when it comes to cybersecurity, Ahmadi believes that the new task force is an essential step in the development of automotive robotics.
The goal of the new group is “evidence-based testing and evaluation procedures for connected cars,” he explained.
Tomi Engdahl says:
Symantec Wants to Protect Your Car From Zero-Day Attacks
http://www.securityweek.com/symantec-wants-protect-your-car-zero-day-attacks
Symantec this week introduced a new IoT security solution specifically designed to protect connected vehicles from zero-day attacks and never-before-seen threats.
News of Symantec’s undertaking comes just a few months after the FBI released a warning on remotely exploitable cyber vulnerabilities that affect modern motor vehicles.
Researchers have demonstrated over the past years that vehicles such as the Toyota Prius, Tesla Model S, Jeep Cherokee, and Nissan Leaf are exposed to hacker attacks due to vulnerabilities in connected systems.
Symantec Expands IoT Security Portfolio to Connected Cars
Just last week, researchers from the UK discovered that the mobile applications for the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) are plagued by vulnerabilities that can be exploited by hackers to remotely control some of the car’s features.
The new Symantec Anomaly Detection for Automotive leverages machine learning technology to provide “passive in-vehicle security analytics” that monitor all Controller Area Network (CAN) bus traffic without disrupting vehicle operations, learn what normal behavior is and flag anomalous activity that may indicate an attack.
“Connected cars offer drivers conveniences such as navigation, remote roadside assistance and mobile internet hot spots,” Symantec said. “There will be 220 million connected cars on the road in 2020, according to Gartner. While new technologies promise to enhance the driving experience, these advancements also create avenues of attack for hackers that can endanger drivers and passengers.”
“Automotive security threats have gone from theory to reality,” said Shankar Somasundaram, senior director of product management and engineering at Symantec. “The infrastructure and technology that already helps protect billions of devices and trillions of dollars now protects the car.”
Symantec currently protects more than 1 billion connected IoT devices through its portfolio of IoT security offerings.
In August 2014, a group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars.
Tomi Engdahl says:
Why you should wrap your keys in aluminum foil
http://www.foxnews.com/tech/2015/10/24/why-should-wrap-your-keys-in-aluminum-foil.html
Your car is always listening. Not for your voice, like the Amazon Echo or Siri, but for an electronic signal, such as the coded “unlock” signal from your electronic key fob. If it’s a newer car model, you might not have to press any buttons; just approach your car and the doors will unlock automatically. In some cars, the engine will even turn on.
Wirelessly unlocking your car is convenient, but it comes at a price. Criminals can easily intercept the key fob’s signal and open your car without setting off any alarms. If you have a true keyless car model, they might be able to just drive away. Let’s look at how criminals pull this off and what you can do to keep your car safe.
A key fob uses a computer chip to create a unique code that it sends to your car’s security system. The car also has a chip that uses the same algorithm to generate codes. If the codes match up, the car opens. There’s a bit more to it, but those are the basics.
Since each key fob/car security pair is unique, and each one can create billions of codes, hackers shouldn’t stand a chance. But it turns out that a popular system from Megamos Crypto isn’t as secure everyone thought.
Researchers at Radboud University in the Netherlands and the University of Birmingham found that by intercepting the wireless signal just twice, they could narrow down the possible combinations from billions to just 200,000. After that, a computer can figure out the code in just half an hour and unlock the car.
In a real-world application, a thief could sit on a street and gather wireless signals as car owners enter and exit their vehicles. Then overnight they could steal a number of cars.
Still, it takes a skilled car thief or hacker to carry out this kind of attack, so the odds of it happening to you are slim.
Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you. That’s why newer car models won’t unlock until the key fob is within a foot of them.
But for less than $100, criminals can get an amplifier that detects key fob signals from up to 300 feet away and then transmits them to your car. In other words, your keys could be in your house, and criminals could walk up to your car and open it. This isn’t just a theory; it’s actually happening.
Fortunately, there are some simple steps you can take to keep hackers from stealing your signal. You can buy a signal-blocking pouch that can hold your keys
If you don’t want to spend any money, you can stick your key fob into the refrigerator or freezer. The multiple layers of metal will block your key fob’s signal.
If you’re not hot on freezing your key fob, you can do the same thing with your microwave oven. (Hint: Don’t turn it on.)
You should also be aware that this kind of signal stealing isn’t a problem just for car key fobs. Newer passports and other I.D. cards contain radio frequency identification chips
Tomi Engdahl says:
‘Unhackable’ car security system takes just half an hour to crack
http://www.komando.com/happening-now/329328/unhackable-car-security-system-takes-just-half-an-hour-to-crack
Remote keyless entry was once a luxury, but today it’s rare to find a car that doesn’t have it. Given that it’s everywhere, you would expect that any possible kinks have been worked out, but you’d be wrong.
In fact, a popular model of keyless entry that uses a Megamos Crypto transponder turns out to be not as secure as car makers thought. It leaves Volkswagen, Chevy, Audi, Fiat, Honda, Volvo, Porsche, Cadillac and other car brands vulnerable to thieves.
The problem lies in the way the transponder and fob exchange the code that tells the system to unlock. The system is supposed to have billions of possible code combinations, which make it impossible to crack.
However, researchers at Radboud University in the Netherlands and the University of Birmingham found that by intercepting the wireless signal just twice, they could narrow it down to 200,000 combinations. From there, it only takes half an hour for a computer to find the right one and unlock the car.
Tomi Engdahl says:
Car thieves’ scary new tool
http://www.komando.com/happening-now/304689/car-thieves-scary-new-tool
The days of using a key to open your car door and start the engine are just about done. Even “old” cars have wireless entry with a button press on a key fob, and on newer cars you don’t even need to press a button.
When you get an always-on key fob in range of a newer car, the fob and car connect wirelessly, which unlocks the car and even lets you start the engine with the push of a button.
The risk being that a thief could amplify the signal between the key fob and the car, and the drive off with it while you’re at home or in the grocery store.
Tomi Engdahl says:
Yes, You Should be Hacking Your Car’s Data System
http://hackaday.com/2016/07/27/yes-you-should-be-hacking-your-cars-data-system/
If you own a car, I would wager it’s the most complex device you own. Within you find locomotion, safety systems, and an entertainment system that may be using technology from several decades ago (but that’s a rant for a different article). Jalopy or Sweet Hotness, your ride has an underlying data network that is a ton of fun to hack, and something of a security dinosaur. Both were discussed by Craig Smith and Erik Evenchick during their talk on Car Hacking tools at Hope XI.
You should recognize both of these names. Eric Evenchick is a Hackaday contributor who has been traveling the world presenting talks and workshops on his open source car hacking hardware called CANtact.
CANtact
The Open Source Car Tool
http://linklayer.github.io/cantact/
Tomi Engdahl says:
Do Automakers Still See Hackers as a Hoax?
http://www.eetimes.com/document.asp?doc_id=1330684&
Earlier this week, when the federal government’s automotive safety regulator laid out cybersecurity guidelines for carmakers, U.S. Transportation Secretary Anthony Foxx said that cybersecurity is “a safety issue and a top priority at the department.”
Clearly, the government’s agency hopes to get ahead of potential attacks on vehicles, well before cybersecurity blows up in the face of connected cars. There is fear among regulators that a cybersecurity failure could irreparably damage the future of highly automated vehicles.
But never mind the fed’s concerns.
As it turns out, some of the best minds in the automotive industry don’t believe hackers are interested in cars.
This perception is clear in survey results released Thursday by Ponemon Institute, the leading independent security research organization.
U.S. DOT issues Federal guidance to the automotive industry for improving motor vehicle cybersecurity
http://www.nhtsa.gov/About-NHTSA/Press-Releases/nhtsa_cybersecurity_best_practices_10242016
Guidance covers cybersecurity best practices for all motor vehicles, individuals and organizations manufacturing and designing vehicle systems and software
Tomi Engdahl says:
Save Big by Hacking Your Car Keys
http://hackaday.com/2017/03/29/save-big-by-hacking-your-car-keys/
Three hundred bucks for a new car key? Nonsense! When you lose your keys or want to have an extra made for that new teen driver, don’t let the stealership lighten your wallet. Just pull the ECU and hack some hex to add the new keys.
The video below is a whirlwind tour of the process [speedkar9] uses to reprogram Toyota ECUs to allow new keys to pass the security test on your new(er) car. Since the early 2000s or so, most manufacturers have included RFID chips in their keys so that only known keys will start a car. In Toyotas, this is done by an RFID reader in the steering column that passes the inserted key’s code to the engine control unit. If the 8-byte key code matches one of three values stored in the ECU, the car will start.
DIY: Immobilizer Hacking for Lost Keys or Swapped ECU
http://www.instructables.com/id/DIY-Immobilizer-Hacking-for-Lost-Keys-or-Swapped-E/
DIY: Immobilizer
Hacking for Lost Keys or Swapped ECU
Here’s how to reprogram your car’s engine immobilizer to program new keys in the invent of lost keys or a swapped ECU.
Tomi Engdahl says:
Car Security Experts Dump All Their Research and Vulnerabilities Online
http://hackaday.com/2017/05/14/car-security-experts-dump-all-their-research-and-vulnerabilities-online/
[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.
FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus.
We anticipate seeing an increasing number of security related releases and buzz as summer approaches. It is, after all, Network Security Theatre season.
http://illmatics.com/carhacking.html
Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE!
Tomi Engdahl says:
Tesla Model X Hacked by Chinese Experts
http://www.securityweek.com/tesla-model-x-hacked-chinese-experts
Security researchers from China-based tech company Tencent have once again demonstrated that they can remotely hack a Tesla. The vulnerabilities they leveraged were quickly patched by the carmaker.
Tencent’s Keen Security Lab published a video last year showing how they could hack a Tesla Model S, both while it was parked and on the move. They took control of the sunroof, turn signals, displays, door locks, windshield wipers, mirrors, the trunk and even the brakes.
At the time, Tesla patched the vulnerabilities within 10 days, but claimed that the vulnerabilities were not as easy to exploit as it appeared from the video published by Keen Security Lab researchers.
In a new video and blog post published this week, the researchers claim they’ve once again managed to hack a Tesla, this time a Model X, via a Controller Area Network (CAN bus) and Electronic Control Unit (ECU) attack.
New Car Hacking Research: 2017, Remote Attack Tesla Motors Again
http://keenlab.tencent.com/en/2017/07/27/New-Car-Hacking-Research-2017-Remote-Attack-Tesla-Motors-Again/
Tomi Engdahl says:
ICS-CERT Warns of CAN Bus Vulnerability
http://www.securityweek.com/ics-cert-warns-can-bus-vulnerability
The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on Friday to warn relevant industries about a vulnerability affecting the Controller Area Network (CAN) bus standard.
CAN is a high-reliability serial bus communications standard. It’s present in most modern cars – it allows various components of a vehicle to communicate with each other – and it’s also used in the healthcare and other sectors.
A team of Italian researchers published a paper last year describing various CAN weaknesses and an attack method that can be leveraged for denial-of-service (DoS) attacks. They also published a proof-of-concept (PoC) exploit and a video showing how they managed to exploit the flaw to disable the parking sensors on a 2012 Alfa Romeo Giulietta.
A Stealth, Selective, Link-layer Denial-of-Service Attack Against Automotive Networks
https://www.politesi.polimi.it/bitstream/10589/126393/1/tesi_palanca.pdf
Tomi Engdahl says:
Auto Security: Do Feds Have Our Back?
http://www.eetimes.com/author.asp?section_id=36&doc_id=1332154
Government agencies in the U.S. and the U.K. are working to get ahead of the curve and let the public know that they are concerned about vehicle cybersecurity.
Consumers should be aware of the possibility of a hacker attack on their cars. We now know that what used to be considered a movie scenario — remote hacking — could be done.
The current reality is that, while a variety of connectivity technologies have been transfused into cars, the equal and opposite security measures are yet to be deployed.
Surely, car hacking is the last thing automakers want to mention as they push the connected cars into the vast consumer disconnect. But government watchdogs in both the U.S. and the U.K. are working to get ahead of the curve and let the public know that they are concerned.
“Whether we’re turning vehicles into WiFi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks,” said Martin Callanan, a minister in the Department for Transport at the British government.
He said this last week when the U.K. agency issued new guidelines, requiring manufacturers of Internet-connected vehicles to put in place tougher cyber protections to ensure a stronger shield against hackers.
It isn’t just the U.K. The National Highway Traffic Safety Administration (NHTSA) in the United States also issued last fall the federal guidance to the automotive industry for improving motor vehicle cybersecurity.
Questions that come to my mind include:
1. Do the guidelines issued by NHTSA and British Department of Transportation have any teeth for security enforcement?
2. More important, have they gone far enough to suggest effective cybersecurity measures for cars?
3. What are the differences in the proposals of the two separate governments?
A few experts, including Carter, pointed out that the U.K.’s guidance does not go far enough in the area of software updates after a vulnerability is discovered.
Carter said, “The guidance merely states ‘organizations plan for how to maintain security over the lifetime of their systems.’”
In his view, “Over The Air (OTA) updates should be a requirement for automobiles. It is impossible for a manufacturer to create a car that is free of vulnerabilities throughout the 10-20 year life of a car. Without OTA, automakers are relying on car owners to bring their cars into a repair show every time a new vulnerability is discovered. This will leave many cars exposed to known attacks, while OTA would allow the fix to be pushed to the at-risk vehicles immediately.”
Of course, car makers “will save a lot of money in recalls by offering OTA, so it is likely they will move to that technology on their own,” said Carter. Still, “I would have preferred the UK specify its use and not leave it so ambiguous.”
Meanwhile, David Barzilai, chairman and co-founder of automotive cybersecurity firm Karamba Security, weighed in on the U.K. government’s guidance. While applauding pre-emptive action they might take, he pointed out that there is one area “we don’t feel these guidelines go far enough toward effectively preventing car hacking,” he said.
Tomi Engdahl says:
Auto Security: Do Feds Have Our Back?
http://eetimes.com/author.asp?section_id=36&doc_id=1332154
Government agencies in the U.S. and the U.K. are working to get ahead of the curve and let the public know that they are concerned about vehicle cybersecurity.
Consumers should be aware of the possibility of a hacker attack on their cars. We now know that what used to be considered a movie scenario — remote hacking — could be done.
The current reality is that, while a variety of connectivity technologies have been transfused into cars, the equal and opposite security measures are yet to be deployed.
Surely, car hacking is the last thing automakers want to mention as they push the connected cars into the vast consumer disconnect. But government watchdogs in both the U.S. and the U.K. are working to get ahead of the curve and let the public know that they are concerned.
“Whether we’re turning vehicles into WiFi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks,” said Martin Callanan, a minister in the Department for Transport at the British government.
Tomi Engdahl says:
Unpatchable ‘Flaw’ Affects Most of Today’s Modern Cars
https://tech.slashdot.org/story/17/08/17/1825227/unpatchable-flaw-affects-most-of-todays-modern-cars
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others. The vulnerability affects the CAN (Controller Area Network) protocol that’s deployed in modern cars and used to manage communications between a vehicle’s internal components.
Unpatchable Flaw Affects Most of Today’s Modern Cars
https://www.bleepingcomputer.com/news/security/unpatchable-flaw-affects-most-of-todays-modern-cars/
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that’s deployed in modern cars and used to manage communications between a vehicle’s internal components.
It will take a new generation of cars to patch the flaw
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro’s Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
“To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented,” researchers say. “Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade.”
Flaw leads to shutdown of various car components
Special device needed to carry out local attacks
The research team says that all it takes is a specially-crafted device that attackers have to connect to the car’s CAN bus through local open ports. The device reuses frames already circulating in the CAN rather than injecting new ones, generating errors and causing a denial-of-service in various car components.
The Department of Homeland Security’s ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
“The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles,” said ICS-CERT experts in an alert released last month.
Tomi Engdahl says:
Alert (ICS-ALERT-17-209-01)
CAN Bus Standard Vulnerability
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01
SUMMARY
NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. According to the public report, which was coordinated with ICS-CERT prior to its public release, researchers Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero identified a vulnerability exploiting a weakness in the CAN protocol that allows an attacker to perform a denial-of-service (DoS) attack.
ICS-CERT has notified some affected vendors, primarily auto manufacturers and entities within the healthcare industry, about the report to confirm the vulnerability and to identify mitigations. ICS-CERT is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
The report included vulnerability details and PoC exploit code for the following vulnerability:
Vulnerability Type Remotely Exploitable Impact
Resource Exhaustion Automobile exploit; requires physical access Denial of Service
CAN is widely used throughout the Critical Manufacturing, Healthcare and Public Health, and Transportation Systems sectors.
Successful exploitation of the vulnerability on an automobile may allow an attacker with physical access and extensive knowledge of CAN to reverse engineer network traffic to perform a DoS attack disrupting the availability of arbitrary functions of the targeted device.
The severity of the attack varies depending on how the CAN is implemented on a system and how easily an input port (typically OBD-II) can be accessed by a potential attacker. This attack differs from previously reported frame-based attacks, which are typically detected by IDS/IPS systems. The exploit focuses on recessive and dominant bits to cause malfunctions in CAN nodes rather than complete frames.
The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles. ICS-CERT is currently coordinating with vendors and security researchers to identify mitigations.
Tomi Engdahl says:
Federico Maggi / TrendLabs Security Intelligence Blog:
Researchers find indefensible vulnerability in CAN protocol that controls airbags and sensors including antilock brakes in all modern vehicles — In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times.
The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
http://blog.trendmicro.com/trendlabs-security-intelligence/connected-car-hack/
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security industry’s response be when a hack is found that is not only successful in being able to drastically affect the performance and function of the c
We’ve anticipated initial questions you might have and provide answers below.
Another “car hacking” proof of concept? What’s new about it?
What’s new is that it’s an attack that disables a device (e.g., airbag, parking sensors, active safety systems) connected to the car’s device network in a way that is invisible to state-of-the-art security mechanisms.
What is the main takeaway from this research?
Gaining access to someone else’s vehicle has become a common situation, with many legitimate use cases. It is time that standardization bodies, decision makers, and car manufacturers take this change into account, and revise the design of the cyber-physical systems that govern future automobiles in order to secure them.
Is my car affected?
Likely, yes. Our attack is vendor neutral. However, specific vendors may take non-standard countermeasures to make the attack more difficult to carry out.
Wasn’t the “Jeep hack” the most advanced attack so far?
The “Jeep hack” was indeed very advanced and effective. However, currently available in-car cybersecurity technology (e.g., an aftermarket IDS/IPS) could detect such an attack because it requires frame-injection capability. In addition, car manufacturers could simply upgrade the software running on a car device to patch the vulnerabilities exploited by that attack.
How long will it take for the car manufacturers to solve this problem?
It’s not the car manufacturers’ fault, and it’s not a problem introduced by them. The security issue that we leveraged in our research lies in the standard that specifies how the car device network (i.e., CAN) works. Car manufacturers can only mitigate the attack we demonstrated by adopting specific network countermeasures, but cannot eliminate it entirely. To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles.
Tomi Engdahl says:
Watch An ‘Indefensible’ Car Hack Disable An Alfa Romeo’s Safety Systems
https://www.forbes.com/sites/thomasbrewster/2017/08/17/alfa-romeo-car-hack-is-indefensible/#4c1106a95f96
Car hacks are old hat nowadays, from a research perspective at least, but an attack that may affect pretty much every car manufacturer on the planet could be real cause for concern. It allows a hacker to disable vehicle safety systems, according to a report, and the researchers say it’s almost “indefensible” in many cases.
Showcased by Politecnico di Milano, Linklayer Labs and Trend Micro staff, the attack is effectively a denial of service (DoS) on the car’s network, rendering features unusable. The hack worked by abusing the car’s network, known as the Controller Area Network (CAN) bus, which is responsible for communications between the vehicle’s various electronic control units (ECUs). By forcing enough errors on a particular system, it would simply shut down.
What makes the attack particularly stealthy is that there’s no need for them to inject malicious data, an action that would likely trigger security systems looking out for anomalies. Instead, all the hackers had to do, after researching the various components of a vehicle, was determine how to trigger an error mechanism on the CAN bus by flipping a single bit (from 1 to 0). “It’s a carefully chosen bit, you have to know the right bit to flip,” explained researcher Federico Maggi. “Once you can fool the network to think a component is sending out too many errors, even though it isn’t really sending out errors, after a while it will get isolated so it can’t send or receive messages.”
the hackers exploited an Alfa Romeo Giulietta to make the parking sensors unusable, having obvious ramifications for the safety of the driver.
They’ve also released proof-of-concept code and a paper to prove the attacks work.
A Vulnerability in Modern Automotive Standards and How We Exploited It
https://documents.trendmicro.com/assets/A-Vulnerability-in-Modern-Automotive-Standards-and-How-We-Exploited-It.pdf
Tomi Engdahl says:
Federico Maggi / TrendLabs Security Intelligence Blog:
Researchers find indefensible vulnerability in CAN protocol that controls airbags and sensors including antilock brakes in all modern vehicles — In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times.
The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
http://blog.trendmicro.com/trendlabs-security-intelligence/connected-car-hack/
Tomi Engdahl says:
Vehicle Cybersecurity: Where Rubber Meets Code
http://www.eetimes.com/author.asp?section_id=36&doc_id=1332183&
Take a recent example of Fiat Chrysler’s recall of 1.3 million pickups due to a software bug. Imagine if hackers found that code first and began exploiting it.
When it comes to vehicle cybersecurity, forget the old adage about safety in numbers. Just the opposite, for two reasons.
First, as the number of connected vehicles soars, so does their attractiveness to hackers, simply because it’s a bigger pool of potential victims. Second, the amount of telematics hardware and software in each vehicle also is growing, which means more potential vulnerabilities for hackers to exploit.
Today’s vehicles have an average of 100 million lines of code and 60 control units. That’s largely because automotive manufacturers are continually adding safety, entertainment, navigation and autonomous driving features. Another reason is the growing selection and usage of fleet telematics tools, which enable trucking companies, taxi services and other businesses to monitor their vehicles’ performance, driver behavior and cargo condition.
The amount of code in each vehicle will continue to grow exponentially as automakers and aftermarket providers develop even more applications.
Imagine if hackers found that code first and began exploiting it, such as by triggering airbags to deploy when the trucks hit highway speeds. Imagine if they did that to an entire fleet of vehicles, such as every van of a certain make and model owned by a major package delivery company. Or imagine if they used other code to enable a ransomware attack on the drivetrain, where the consumers and fleet owners with that model have to pay up to get their vehicles running again.
Many of these and similar scenarios aren’t hypothetical, either. For example, in a proof-of-concept attack involving a Ford Escape and Toyota Prius, hackers remotely disabled the brakes and commandeered the steering wheel. That was four years ago. Since then, vehicles have added even more telematics software and hardware, creating even more potential vulnerabilities.
Many vehicle cybersecurity challenges and attack vectors aren’t new. Instead, they’re retreads of ones that have plagued PCs, servers and other traditional IT systems.
Scaling up risk
To tap the widest possible market, telematics hardware needs to be inexpensive. Automakers and their enterprise customers scrutinize every penny when they’re assessing the business case for adding a telematics product to their vehicles.
This situation creates cybersecurity risks. For example, “low-cost” often means just enough processing power and memory to perform core tasks, with little or nothing left over for handling security.
A related issue is the hacker’s ultimate goal. It could be something totally unrelated to telematics, such as corporate servers that house product development information or employee Social Security numbers. In those cases, telematics is just a means to an end. But in others, telematics data is the target. For example, a hacker might want to learn about routes to facilitate hijacking of high-value cargo.
Yet another scenario involves the emerging field of vehicle-to-vehicle (V2V) communications, where cars and trucks communicate with others nearby to, for example, avoid collisions. By 2022, half of new vehicles sold will be equipped with V2V, Juniper Research predicts. That’s 35 million vehicles, or about 2.7 percent of the market—still enough to be an attractive target for some hackers.
One potential attack vector is to infect a few V2V-equipped vehicles with malware and then use them to spread it to every one they interact with. Remember the aforementioned scenario of consumers being unaware of their vehicles’ telematics systems? Those are an obvious place for hackers to target first.
According to Juniper, “in order for V2V to be successful, OEMs must include cellular connectivity to provide OTA (Over-The-Air) firmware updates.” This strategy has potential advantages and disadvantages. It could increase security if, for example, automakers or third-party vendors automatically push out those updates, such as part of a managed service contract, rather than leaving fleet owners and consumers to download them. But it could undermine security if hackers capture those patches and updates OTA, and then use them to identify the vulnerability. Nearly a decade ago (2008), David Brumley’s team at Carnegie Mellon University demonstrated the automated generation of exploits from software patches.
These are just a few examples of how, why and where the potential threat vectors for vehicle cyber attacks are rapidly expanding.
Regular servicing allows the software to be kept up to date as patches or recalls are released. The National Highway Traffic Safety Administration (NHTSA) maintains a web site where people can sign up to receive recall notices on their vehicles.
Tomi Engdahl says:
Automotive Security in a CAN
http://www.electronicdesign.com/automotive/automotive-security-can?NL=ED-004&Issue=ED-004_20170919_ED-004_64&sfvc4enews=42&cl=article_1_b&utm_rid=CPG05000002750211&utm_campaign=13035&utm_medium=email&elq2=8912711b09b4433abec4fedeab8a624a
With car safety issues extrapolating due to the rapid increase in electronics, the automotive security market has been forced to immediately transition from effectively no security to robust security implementations.
The automotive security market is at a clear inflection point—safety issues are forcing the industry to move from effectively no security to robust security implementations almost instantaneously. Many powerful market drivers and fast changing dynamics are putting security into the driver seat, especially when the driver isn’t a human.
When any embedded system, especially a vehicle, becomes connected, the first thought should be “how secure is it?” For connected vehicles, until recently, security has been an afterthought at best. That fortunately is changing, which is important because vehicles are becoming largely defined by software as they evolve toward connected autonomous drive.
As entrepreneur and software engineer Marc Andreessen famously said, “Software is eating the world.” If that is true, the next course will be served on wheels. It should be clear to any observer by now that software is already becoming the basis of automotive competition for automakers. Statistics show that software will become the main driver of an automaker’s profitability.
Tomi Engdahl says:
Securing the Internet of Vehicles Is Possible
https://www.securerf.com/securing-internet-vehicles-possible/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=57468636&_hsenc=p2ANqtz-8JUmlzWeiBHaW-z_v8NzDDh5BavLsq0YkCnEm7Aw6ZVrf3n9xv6r7xHl9ZAeK01G88NOaw7rI4wrWR-EtXK1_RnE6MUZD8RAjAuxbwrgFnHZM_Q-A&_hsmi=57468636
Another month and yet another story about the vulnerability of modern vehicles to hackers looking to take control of our automobiles. According to a recent Trend Micro report, a security research team found that it is possible to turn off a vehicle’s key automated components—including safety mechanisms such as the antilock braking system (ABS) and door locks—by accessing its internal controller area network (CAN) bus, which is the network that connects all of a vehicle’s devices. The team, which included researchers from Politecnico di Milano, Linklayer Labs, and Trend Micro, concluded that the new denial of service (DoS) attack was vendor neutral and “indefensible by modern car security technology.”
Unfortunately, the DoS attack described in Trend Micro’s report is just the latest in a long list of examples (e.g., the 2015 Jeep hack and the recent Telsa Model X hack) showing how determined hackers can gain access to a connected car. With each newly uncovered vulnerability, the lack of sufficient vehicle security becomes an even more critical issue for the automotive industry to address. Manufacturers must quickly find a solution, especially if they want to convince consumers that semi- and fully-autonomous vehicles are safe.
Connected vehicles are another manifestation of the Internet of Things (IoT), and securing the “Internet of Vehicles” (IoV) is rapidly growing in importance for a host of security-, safety-, and privacy-related reasons.
Tomi Engdahl says:
Could a hacker hijack your connected car?
http://www.bbc.com/news/business-41367214
As more carmakers adopt “over the air (OTA)” software updates for their increasingly connected and autonomous cars, is the risk of hacker hijack also increasing?
Imagine jumping in your car but being taken somewhere you didn’t want to go – into oncoming traffic, say, or even over a cliff.
That may seem like an extreme scenario, but the danger is real.
Tomi Engdahl says:
https://www.talouselama.fi/uutiset/bemareista-loytyi-14-haavoittuvuutta-autovalmistaja-palkitsi-loytajan/3fe7b058-78ec-3703-a59a-5131faae0dcc
BMW cars found to contain more than a dozen flaws
http://www.bbc.com/news/technology-44224794
BMW’s car computer systems have been found to contain 14 separate flaws, according to a study by a Chinese cyber-security lab.
They could, in theory, let hackers take at least partial control of affected vehicles while in use.
The researchers identified ways to compromise the cars by plugging in infected USB sticks, as well via contactless means including Bluetooth and the vehicles’ own 3G/4G data links.
BMW is working on fixes.
Its customers have been advised to keep an eye out for software updates and other counter-measures from the German company over the coming months.
Tomi Engdahl says:
Security Vulnerabilities: A Threat to Automotive Innovation
https://www.securityweek.com/security-vulnerabilities-threat-automotive-innovation
The pace of innovation within the automotive industry has been breath-taking. Only ten years ago, the very concept of self-driving cars and heavy goods vehicles was still regarded as far-fetched science fiction. Today, they are already a common sight on many roads around the world.
Many of these innovations have the potential to be revolutionary: smarter cars promise to be more efficient in terms of both fuel economy and at reducing congestion and accidents. But in the competitive rush to bring more connected cars to market, it is important that manufacturers don’t skip the basics of cybersecurity and compromise the safety of their vehicles.
Until now legislators and manufacturers have, of course, prioritised the physical safety of connected car technology. Now is the time that cyber security is given the same focus.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8276-hakkerit-etsivat-nyt-reikia-autoista
Tomi Engdahl says:
Car Hacking at DEF CON 26
https://hackaday.com/2018/08/11/car-hacking-at-def-con-26/
A great place to get your feet wet with the data-network-wonderland that is modern-day automobiles is the Car Hacking Village at DEF CON.
The Obvious: CAN Bus Hacking
The easiest way to play with CAN is to hit the junk yard and buy an instrument cluster, Engine Control Unit, and ignition switch.
This is a demo for the Carloop dongle that lets you interface with a car’s ODB-II port.
Car Hacking CTF is a Bit of Everything
The Non-Obvious
Mobility scooter hacking? Technically these things are cars, maybe?
Tomi Engdahl says:
How automakers are tackling connected vehicle vulnerability management
https://www.zdnet.com/article/how-automakers-are-tackling-the-connected-vehicle-cyberthreat-landscape/
A new report suggests that front-end security in smart vehicles is improving but the back-end is a different story.
A car was once simply a way to go from A to B and whether or not you purchased a cheap runaround or a luxury model, they all simply had one purpose: travel.
However, our vehicles are now becoming smarter. Rear-view cameras, GPS-based map assistants, mobile apps, self-driving features and always-on connectivity are becoming common, such as through Apple CarPlay and Google’s Android Auto.
Vehicle connectivity provides a new channel for the collection of data, a valuable commodity for automakers and technology vendors. However, this conduit requires Internet access — and this, in turn, has created a channel in which attacks can be performed.
Tomi Engdahl says:
The most interesting Internet-connected vehicle hacks on record
https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=67998689&_hsenc=p2ANqtz-_Cwq0fLoD-jlLVyuXFEZFJdyHPH8n8UIBoGJwEru4t76cDw4t118CIf2rQFfkwcuH-2ve6–jH_nVdu5bzh88E9iE_eaGHrQjfgxQL2a1lSwJhmhs&_hsmi=67998689
As researchers turn their attention to vehicles, we’ve seen everything from sending drivers into a ditch to brakes which suddenly won’t work.
Tomi Engdahl says:
Toyota Builds Open-Source Car-Hacking Tool
‘PASTA’ testing platform specs will be shared via open-source.
https://www.darkreading.com/vulnerabilities—threats/toyota-builds-open-source-car-hacking-tool/d/d-id/1333415
A Toyota security researcher on his flight from Japan here to London carried on-board a portable steel attaché case that houses the carmaker’s new vehicle cybersecurity testing tool.
Takuya Yoshida, a member of Toyota’s InfoTechnology Center, along with his Toyota colleague Tsuyoshi Toyama, are part of the team that developed the new tool, called PASTA (Portable Automotive Security Testbed), an open-source testing platform for researchers and budding car hacking experts. The researchers here today demonstrated the tool, and said Toyota plans to share the specifications on Github, as well as sell the fully built system in Japan initially.
Tomi Engdahl says:
Auto theft on the rise in Toronto area, and a security expert thinks he knows why
https://www.cbc.ca/news/canada/toronto/car-thefts-rising-1.4930890
Thieves boosting signal from key fobs inside your home to steal vehicles, automotive security specialist says
Tomi Engdahl says:
Hacker Installs Linux On His Tesla Model 3
https://cleantechnica.com/2018/12/13/hacker-installs-linux-on-his-tesla-model-3/
we got an entire subculture of hackers who wanted to unlock their smartphones to use on other carriers or with different software. This same trend continues today, but now also with our … cars?
Redditor trsohmers took on the challenge of hacking the infotainment system in his Tesla Model 3 and was able to gain root access — also known as admin access
He opted to install the popular Linux distribution Ubuntu on his Model 3, which runs in parallel to the existing Tesla operating system.
Cleantech News — Solar, Wind, EV News (#1 Source) | CleanTechnica logo
12:14AM
114 4′
Hacker Installs Linux On His Tesla Model 3
December 13th, 2018 by Kyle Field
Smartphones have changed the way we live life. Along with the new tech, early on, we got an entire subculture of hackers who wanted to unlock their smartphones to use on other carriers or with different software. This same trend continues today, but now also with our … cars?
Redditor trsohmers took on the challenge of hacking the infotainment system in his Tesla Model 3 and was able to gain root access — also known as admin access, for the Windows users in the room. Ironically, he wasn’t trying to do anything malicious with the car, but something much less exciting. “First real milestone I want to hit first is adding some more ROMs to Tesla’s MAME system,” trsohmers wrote in a forum post.
He opted to install the popular Linux distribution Ubuntu on his Model 3, which runs in parallel to the existing Tesla operating system. The dual operating system setup allows the Tesla system to continue running and doing everything that the car should do while the Ubuntu system allows for some new functionality in the car.
The new system allows him t0 bring SSH into the car, which connects directly into the Linux operating system via a command line interface (CLI), from which he is able to issue commands. From the CLI, he is able to switch the car over to display his new Ubuntu 16.04 installation
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8854-hakkeri-asensi-ubuntun-teslaan
https://www.reddit.com/r/teslamotors/comments/a1fln4/rooted_tesla_model_3_running_ubuntu_and_youtube/
Tomi Engdahl says:
https://securityintelligence.com/how-i-hacked-my-connected-vehicle-and-other-thoughts-on-vehicle-cybersecurity/
Tomi Engdahl says:
Hack a Tesla Model 3, get cash and the car
https://www.helpnetsecurity.com/2019/01/15/hack-tesla-model-3/
For this year’s edition of the Pwn2Own hacking contest at CanSecWest, Trend Micro’s Zero Day Initiative has announced a new target category: Automotive.
Tomi Engdahl says:
Here’s an Idea: Car Hacking
https://www.techbriefs.com/component/content/article/tb/webcasts/podcasts/33670?utm_source=TB_Main_News&utm_medium=email&utm_campaign=%2020190122&eid=376641819&bid=2350339
Today’s cars are more connected than ever before. Vehicles can communicate with other vehicles, be sent software updates via the cloud, or even help you pay ahead-of-time for your morning coffee as you pass a Starbucks.
Tomi Engdahl says:
Gone in six seconds? Exploiting car alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
Key relay attacks against keyless entry vehicles are well known. Many 3rd party car alarm vendors market themselves as solutions to this.
We have shown that fitting these alarms can make your vehicle EVEN LESS SECURE! These alarms can expose you to hijack, may allow your engine to be stopped whilst driving and it may even be possible to steal vehicles as a result.
Tomi Engdahl says:
Pharmacy’s buzzer suspected of jamming car keys in Perth
https://www.itnews.com.au/news/pharmacys-buzzer-suspected-of-jamming-car-keys-in-perth-520367?eid=3&edate=20190311&utm_source=20190311_PM&utm_medium=newsletter&utm_campaign=daily_newsletter
Tomi Engdahl says:
Pwn2Own 2019: Researchers Win Tesla After Hacking Its Browser
https://www.securityweek.com/pwn2own-2019-researchers-win-tesla-after-hacking-its-browser
A team of researchers has earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser at the Pwn2Own 2019 competition that took place this week in Vancouver, Canada.
The third day of the event was dedicated to automotive hacking. Two teams signed up initially, but one of them withdrew just hours before the start of the third day.
Amat Cama and Richard Zhu of team Fluoroacetate, who were the only ones to take a crack at hacking a Tesla, managed to display a message on the car’s web browser by exploiting a just-in-time (JIT) bug in the renderer component. The duo earned $35,000 for their exploit, along with the Tesla they hacked.
Tomi Engdahl says:
General Motors Hires Security Team That Remotely Hacked Jeep
https://www.electronicdesign.com/automotive/general-motors-hires-security-team-remotely-hacked-jeep?PK=UM_Classics03219&utm_rid=CPG05000002750211&utm_campaign=24231&utm_medium=email&elq2=ea6ac3ba06a44686a21ef5af7c73516a
General Motors hired two security researchers that hacked into a Jeep Cherokee over the internet in 2014, cutting its transmission and disabling the brakes in an experiment that still reverberates in the automotive industry.
Chris Valasek and Charlie Miller were both hired by Cruise Automation, the autonomous driving unit that GM formed in 2016. Previously, Valasek worked on Uber’s self-driving cars and Miller was a security researcher at Chinese ride-sharing firm Didi Chuxing. The hires were confirmed by Cruise’s chief executive Kyle Vogt on Twitter last week
Tomi Engdahl says:
Two white hats hack a Tesla, get to keep it
The electric automaker is working to release a fix for the underlying vulnerability in a matter of days
https://www.welivesecurity.com/2019/03/25/white-hats-hack-tesla-keep/
Tomi Engdahl says:
How to hack a car
https://hackaday.io/project/164566-how-to-hack-a-car
A recreation of Samy Kamkar’s rolljam attack
Tomi Engdahl says:
Executing A Vehicle Keyless Entry Attack
https://hackaday.com/2019/03/30/executing-a-vehicle-keyless-entry-attack/
You read about well-publicised security exploits, but they always seem to involve somebody with a deity’s grasp of whatever technology is being employed, as well as a pile of impossibly exotic equipment. Surely a mere mortal could never do that!
Happily, that’s not always the case, and to prove it [Gonçalo Nespral] replicated an attack against RF devices such as some garage doors and motor vehicle locks that use a rolling code.
[Gonçalo]’s set-up uses a YARD stick One transceiver dongle as its transmitter, and an RTL-SDR for receive.
How to hack a car
A recreation of Samy Kamkar’s rolljam attack
https://hackaday.io/project/164566-how-to-hack-a-car
Tomi Engdahl says:
Hacking a Car’s Key Fob with a Rolljam Attack
https://blog.hackster.io/hacking-a-cars-key-fob-with-a-rolljam-attack-7f863c10c8da
key fobs are incredibly convenient and are something most people consider to be a necessity when purchasing a new car. But that convenience comes with a, admittedly small, risk of hacking. Gonçalo Nespral has a guide on how to do exactly that — for educational purposes of course, don’t do this with someone else’s car!
This is actually a recreation of an earlier exploit demonstrated by Samy Kamkar, called a rolljam attack.
https://hackaday.io/project/164566-how-to-hack-a-car
Tomi Engdahl says:
Subaru StarLink persistent root code execution.
https://github.com/sgayou/subaru-starlink-research
Rooting the latest generation of Harman head units running on newer Subaru vehicles.
Tomi Engdahl says:
How to hack a car
A recreation of Samy Kamkar’s rolljam attack
https://hackaday.io/project/164566-how-to-hack-a-car
Tomi Engdahl says:
Executing A Vehicle Keyless Entry Attack
https://hackaday.com/2019/03/30/executing-a-vehicle-keyless-entry-attack/
Tomi Engdahl says:
Toyota’s Car-Hacking Tool Now Available
https://www.darkreading.com/analytics/toyotas-car-hacking-tool-now-available/d/d-id/1335121
Toyota officially has begun offering a commercial version of its new Portable Automotive Security Testbed (PASTA) open source testing platform for researchers and nascent car-hacking experts.
PASTA’ hardware and software kit now retails for $28,300.
Tomi Engdahl says:
Carmaker’s open source car-hacking tool platform soon will be available to the research community.
https://www.darkreading.com/vulnerabilities—threats/toyota-prepping-pasta-for-its-github-debut/d/d-id/1333886
Tomi Engdahl says:
https://hackaday.com/2019/07/22/developing-an-automatic-tool-for-can-bus-hacking/
Tomi Engdahl says:
You’ve seen it: An accident snarls traffic—in both directions—for hours. Research now predicts that if hackers disabled 20 percent of cars, they could bring an entire city to a standstill.
https://spectrum.ieee.org/cars-that-think/transportation/safety/hacking-gridlock