Tag Archives: Car hacking

Car Hacking is Real!

2016-bmw-7-series

2016 BMW 7 Series Sedan

As you know cars are more and more reliant on technology. Internet connected cars provide everything from GPS directions, to entertainment to monitoring how well you and your engine are performing. And anything connected to the Internet can be hacked.

Recently the FBI issued a public service announcement warning  that cars are increasingly vulnerable to hackers and are encouraging victims to report incidents. The warning  was issued jointly with the U.S. National Highway Traffic Safety Administration (NHTSA) and cautioned consumers and manufacturers to be aware of the risks of car hacking.

 Car hacking is real!  In July of 2015 a group of researcher demonstrated how  they could take control of a vehicle including braking and steering while it was traveling at 70 MPH.

Technological advancements in cars are simply amazing. On board computers control numerous vehicle functions including steering, braking, acceleration, lights and windshield wipers.  Cars also have wireless capability, including smartphone and  Bluetooth syncing,  keyless entry, ignition control, tire pressure monitoring, and diagnostic, navigation and entertainment systems; all vulnerable to hackers.  Many new cars offer autonomous systems for emergency braking and even steering. The new BMW 7 Series sedan allows the driver to release the steering wheel for up to 15 seconds. Audi  is offering a car that can drive in traffic jams and even find a parking space and park itself without the driver even being present. Not in the future, TODAY!

The FBI warned car owners that wireless vulnerabilities could be introduced by third-party aftermarket devices often used by insurance companies to monitor drivers. Devices likProgressive Insurance’s Snapshot come with Internet or cellular access and plug into your car’s diagnostics ports. These devices are an open gateway to automobile control systems.

The FBI and NHTSA urge consumers and manufacturers to take action to minimize the vehicular cyber security threats related to vehicle technologies.

Consumers are urged to maintain awareness of the latest recalls and updates affecting their vehicles. But criminals are also aware of these updates and it is possible criminals may exploit this delivery method. The FBI has warned that online manufacturer updates are vulnerable. Hackers using social engineering tricks could send an email messages to vehicle owners searching for legitimate software updates. These messages could trick them into clicking on links to malicious websites, opening attachments containing malware, or installing malware from USB drives. To minimize the potential risks vehicle owners should always verify any recall notices received, check on the vehicle manufacturer’s website to verify to if any software updates have actually been issued. Owners are warned to avoid downloading software from third-party websites, and use only trusted USB drives.

Is your car vulnerable? There is a list of the most hackable cars on the road available.

Breaking It Down

Cars have changed. All those wonderful luxuries you enjoy in your new car come at price that is a bit more than money. Hackers are not likely to take over your car trying to kill you. That is possible but not likely. But there is the danger of some childish asshole hacking cars for fun and creating a situation where someone  could get hurt or killed. It’s more likely a hacker will hack your keyless entry system to unlock your car to steal it or something out of it.  They could also potentially disable your car the same way they disable a computer and force you to pay to get your car back. It will probably happen and may already have.

When buying a new car with all the cool new technology you need to sit down with your salesperson and have a nice long conversation about your car’s security features. Make sure you understand how software upgrades are handled. Make sure you also understand how those driver monitoring things from the insurance company works. Another vulnerability you need to look out for is connecting your smartphone to your car via Bluetooth. Everybody has a few apps on their phones. Apps carry malware and one of those apps may interact with your car in ways you were not expecting.

The bottom line is you need to understand more about your car than just keeping it on the road and operating the stereo and air conditioning. Those days are long gone. When shopping for a car do your research and know what technology you are getting and how secure it is. 

Halloween’s Most Horrible Hacks

ID-100197712

Courtesy of hyena reality

Halloween happens in just a few days. And on that frightful night some pretty horrifying little creatures will be knocking at your door. Terror and fright on Halloween is all fun and games. But real terror has become part of our lives in the digital age. We have come to fear identity theft, data breaches and other digital age terrors. Everyday someone has a bank account emptied. There are monsters in cyber space. Online digital demons commit evil acts and do horrible things using technology and the Internet. We all need to be aware of the evil that lurks in cyber space. But evil has no limit as hackers are always trying to out do one another. There is a threat in cyber space that could kill thousands and even cripple civilization. Here are some really terrifying Halloween hacks.

1) Aircraft hacking is real. What happened to Malaysian Airlines Flight 370? It disappeared without a trace. Was it hacked? No one knows. It simply disappeared.  IOActive’s Ruben Santamarta said it was possible to hack satellite communications equipment on passenger jets. This is done by hacking into the Wi-Fi and in-flight entertainment systems such as those found on Southwest Airlines. This attack was proven possible but only in a laboratory. Santamarta said a potential attacker could hack the plane’s avionics disrupting or altering satellite communications. The result would be a modification or disruption of the aircraft’s navigation and safety systems. Aviation experts disagree, calling such an attack impossible. But is it? PlaneSploit is an Android app that has demonstrated the ability to take over an aircraft. Created by security researcher and commercial pilot Hugo Teso, the app allows users to control a plane from the ground using an Android phone, a radio transmitter and flight management software. The app is not exactly highly technical but you need some hacking knowledge. PlaneSploit was demonstrated during the Hack In The Box conference in Amsterdam. Teso demonstrated how he could change the flight path of a plane to a crowd. You can use this system to modify approximately everything related to the navigation of the plane,” said Teso, adding, “that includes a lot of nasty things.”

2) Murder by hack! If someone has an implanted medical device an evil person could tamper with it and potentially kill them. Medical devices have the capability of being hacked. In 2012, the late New Zealand hacker Barnaby Jack discovered a way to hack an implanted insulin pump causing it to inject 45 days’ worth of insulin in one shot. He also figured out how to shut down a heart pacemaker. Needless to say either of these hacks would cause almost instant death.

An investigation by the US Department of Homeland Security is focusing on “two dozen cases of suspected cyber security flaws in medical devices and hospital equipment.” These flaws could cause serious injury or death in the recipient. Unnamed sources familiar with the investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report the devices under investigation include infusion pumps from Hospira Inc. and implantable heart devices from Medtronic Inc and St Jude Medical Inc.

Modern implanted medical devices were never designed to be “hacker proof”. This makes them easy targets for the evil hackers we know are out there. 

3) Disrupt civilization. How would you survive without electricity, water or telephones? What would life be like if you could not buy groceries or gas? What if the traffic lights suddenly stopped working? What if a nuclear power plant became unstable due to a hacker taking over the controls? All these are very, very real possibilities and would most likely create panic even anarchy. Civilization would come to a halt.

University of Michigan security researchers using  a standard laptop hacked nearly 100 wireless networked traffic lights and were able to change the state of the lights on command. A hacker could paralyze a city with this technology.

Research released by Automatak in 2013 revealed 25 vulnerabilities in power plants across North America. The flaws found at electrical substations, water utilities, and power stations left them open to attack. If a hacker so desired they could exploit these vulnerabilities to crash or hijack the servers at these facilities resulting in the loss of utilities for millions of people.  Hackers have also attacked the banking and financial network causing outages at ATMs and retail point of sale systems locations.

4) Are the babies safe?  The connected home is here. Everything in your home can be connected to the Internet and controlled through your mobile device or web browser. And this means that a hacker can hack into your home turn off alarms and open doors for burglars or worse. They could tamper with the thermostat, lighting, sprinklers or other home controls systems. A hacker could penetrate, even take over devices. In April of this year an Ohio couple were awakened by the voice of an unknown man shouting “wake up baby!” through their wireless baby monitor. A hacker had penetrated their home network and was harassing a sleeping child. Cameras throughout the home allowed the hacker to see the child in her bed.  Hackers have taken control of laptops with webcams and microphones and spied on families. Hackers have taken pictures of women nude, including Miss Teen USA, and blackmailed them. Its called sextortion. Smart televisions with cameras and Internet connections have also been hacked and used to spy on people. Devices in the modern connected home present significant security risks. Keep that in mind as we enter the frightening age of the Internet of Things.

5) Empty the prisons. Did you ever see that movie where a small town was overrun and terrorized by escaped convicts? Is this possible? The answer is yes! Modern prisons are now computer controlled. At a recent DEFCON conference in 2011 researcher John Strauchs demonstrated that it is indeed possible to open every cell door in a prison at once. He hacked into an industrial programmable logic controller. The same hack used to attack an Iranian nuclear facility. What would happen if a hacker could do this to prisons or local jails all over the country on the same day?

6) Your car is a death trap! The newest cars are Internet connected with WiFi and Bluetooth technology. New cars no longer use keys. They can be unlocked and operated  using a wireless key fob. You can get GPS directions and Internet radio and movies. But a hacker could decide to disable your brakes while you’re doing 70 mph on the interstate! Maybe a criminal just wants your car and decides to hack the door locks and just drive away…with you in it! Imagine the horror of discovering your steering is locked while driving with your family in the car. These things can happen with the new technology in cars today. Read all about it here in the AACR report “Hack My Ride”

What we are talking about is not an imaginary scenario. Technological terror is real and the next hack could seriously impact the entire nation. Cyber terrorism is the new frontier for terrorists and they are seeking a target. The intend to do damage far worst than the 9/11 attacks. Imagine if every person in the United States woke up to find that our electronic financial infrastructure was crippled and the banks were shut down? It could happen. Ask  the FBI who have an entire division that is dedicated to stopping a cyber terror attack. But most experts agree, it will happen.

Happy Halloween!

 

Hack My Ride

2015 Escalade

2015 Cadillac Escalade named one of the most hackable cars.

Car hacking is real and the day is coming when “hack my ride” will not sound so strange at all.

There is nothing like a new car. Black people will tell you that a nice car represents success, pride and is as important as their wardrobe. A car is part of the image you want to project upon arrival.

But cars have changed. Gone are the days when a new car had to have a nice stereo, air conditioning a sunroof and plenty of horse power. Now cars have to have great gas mileage, luxury and plenty of technology. And that technology includes Internet connectivity making car hacking the latest cyber threat, 

Internet connectivity and access is rapidly becoming the norm and soon will be standard on most cars. According to Dailytech.com GM is joining with AT&T to provide Internet access in most of its 2015 model year vehicles using the LTE modem. The partnership will permit AT&T customers to add their car as another device on their current data plan. GM plans to make the service available this year. Chrysler has partnered with Sprint for its UConnnect Internet car connectivity.

Currently 23 million cars on the road globally are connected to the Internet in some capacity, according to research firm IHS Automotive. By 2020 that figure is expected to rise to 152 million.

Car experts and journalists believe that car Internet will be an appealing option for new car shoppers. Forbes magazine writes, “Today’s always-connected consumers already rely on high speed data connections in their vehicles, both for drivers and passengers, and the built-in connection offers distinct advantages: a more powerful antenna to improve signal quality, a constant energy source to power that connection, and an integrated design that is optimized for in-vehicle use.”

Cars are now coming ready from the showroom as WiFi hotspots. Black people are smart with our money so you don’t have to be rolling in money to buy a hi-tech car. The 2014 Dodge Dart offers WiFi connectivity with a range of 150 feet. Chevrolet Malibu will be introduced with a 4G hotspot functionality in 2015. The question is who would this vehicle option appeal to? The answer is people who work on the go. Many black business and sales people travel as part  of their jobs. A car with Internet connectivity truly makes that car an extension of their office if not the office itself. In addition there are plenty of other traveling jobs that will benefit from a full-time rolling WiFi. Parents traveling with children can enjoy a little peace while their kids enjoy  movies, games or texting in the backseat.

The new Chevrolet vehicles will also come with  pre-installed apps and the buyer can add their own as well. Standard apps include The Weather Channel, NPR and a car diagnostics tool called Vehicle Health.

Even Apple is getting in the game by preparing a new version of its iOS operating system to deliver iPhone apps and features to car dashboards.

But the same security principles apply to automobile WiFi that applies to your home or other mobile WiFi. You need to secure it using a good strong pass phrase and make sure it not easily identifiable by giving it a generic name.

European car maker Audi already offers Internet access in a number of its vehicles and BMW is also adding 4G capability to its cars. Detroit is definitely moving in that direction. Chrysler Automotive Group is teaming up with Sprint to enhance its Uconnect infotainment system on the Ram 1500 pickup and SRT Viper sports car.
Many luxury cars come with such features as Pandora Internet radio and voice activation features such as the Sync system found in Ford vehicles.

Tesla, a premium electric automaker offers a 17 inch dashboard mounted computer screen that contains a web browser.

Cars with Internet connectivity are here now and there is both benefit and dangers to this new feature. As I have said so many times before if it connects to the Internet it can be hacked. So car hacking is here to stay.  A recent list released by CNN Money reveals what are the most hackable cars on the road to day. The report showed that the 2014 Jeep Cherokee and the 2015 Escalade both have serious security weaknesses. Both cars are equipped with apps and Bluetooth and other connected features. The technology connects the car’s cellular features such as the OnStar system. Unfortunately this system is also connected to the engine controls, steering, brakes and tire pressure monitor system. The Toyota Prius which offers the AM/FM/XM and Bluetooth has a similar flaw.

The problem with Internet in cars is that security flaws in these cars could allow a hacker to take over the car. A hacker may be able to unlock the car to get inside or steal the car altogether. A malicious hacker could take over control of the car by hacking critical functions like steering, acceleration and braking. Other features in the car could also be hacked such as the instrumentation. Needless to say this could put passengers in grave danger at highway speeds.

Don’t take car hacking lightly. In a recent cyber warfare exercise an Army convoy was disrupted by a cyber attack that told the vehicle engine to shut down because the tire sensors were hacked and programmed to report all tires were flat.

In response to potential security flaws automaker Chrysler Jeep said in a statement, “Our vehicles are equipped with security systems that help minimize the risk from real-world threats…Chrysler Group will endeavor to verify these claims and, if warranted, we will re-mediate them.”

Cadillac also responded by saying; “The report does not mention many new security features and mechanisms installed in the Escalade, and its description of the vehicle’s electronic system is not fully accurate.” Cadillac also pointed out some security features “…are private and not accessible to researchers (or thieves).”

What are the most hackable cars? According to Wired.com the top five most hackable cares are:

  1. 2014 Audi 8
  2. 2014 Honda Accord LX
  3. 2014 Infinti Q50
  4. 2010 Infinity G37
  5. 2014 Jeep Cherokee

Wired’s list actually includes twenty vehicles and most of them are 2014 models and the 2015 Cadillac Escalade is included as well.

Technology in cars is not slowing down. The U.S. Department of Transportation and the National Highway Traffic Safety Administration recently approved the V2V communication systems or vehicle-to-vehicle system. Regulators believe that the system will improve safety, reduce  accidents and smooth the way for more connected cars.  Anthony Foxx,  Transportation Secretary, said V2V technology could improve safety for motorists in the coming years in much the same way that seatbelts and airbags did.

V2v is a system where cars on the road communicate with each other and could potentially notify one another when an accident is imminent. The technology could apply the brakes to help prevent or mitigate the collision. Currently Mercedes-Benz offers the most sophisticated collision avoidance system capable of warning of an imminent collision and bringing the car to a complete stop. Other safety features that are coming to cars include pedestrian detection systems and external airbags.

Audi, Volkswagen, BMW, Ford, General Motors, Honda and Toyota and nearly every other car maker is developing some form of V2V technology. German automakers have already begun a pilot program that combines V2V with vehicle-to-infrastructure technology.  This technology permits cars to communicate with each other as well as traffic signals. GM is studying the possibility that V2V systems could identify pedestrians by picking up their cellphone’s wireless signal and alerting drivers.

The average car have as many as 100 computers on board. These computers control everything from the efficiency of the engine to the environmental control to the steering and brakes. Now granted a lot of the older computers are not capable of receiving radio signals from outside the car. But with the emergence of WiFi and cellular technology more and more cars are able to receive outside data.

We have to accept that with this new technology there is the issue of auto hacking and black car buyers need to become more aware of the security vulnerabilities of our car’s technology. If you are shopping for a new car and want these options  you need to know what security is in place to keep you and your family safe. Because someone could hack your ride.

Now you know.