Search the Community
Showing results for tags 'car'.
-
THE AVERAGE AUTOMOBILE today isn’t necessarily secured against hackers, so much as obscured from them: Digitally controlling a car’s electronics remains an arcane, specialized skill among security researchers. But that’s changing fast. And soon, it could take as little as $60 and a laptop to begin messing around with a car’s digital innards. Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact. The open source board, which he hopes to sell for between $60 and $100, connects on one end to a computer’s USB port, and on the other to a car or truck’s OBD2 port, a network port under its dashboard. That makes the CANtact a cheap interface between any PC and a vehicle’s controller area network or CAN bus, the collection of connected computers inside of every modern automobile that control everything from its windows to its brakes. With just that go-between gadget and the open source software that Evenchick is releasing for free, he hopes to make car hacking a far cheaper and more automated process for amateurs. “I realized that there were no good tools for me to play around with this stuff outside of what the auto industry uses, and those are incredibly expensive,” Evenchick says, referring to products sold by companies like Vector that can cost tens of thousands of dollars. “I wanted to build a tool I can get out there, along with software to show that this stuff isn’t terribly complicated.” Over the last several years, researchers have shown that car hacking represents a real security threat. In 2013, for instance, Darpa-funded security researchers Chris Valasek and Charlie Miller showed (with me as their chosen crash-test dummy) that it was possible to send digital commands from a laptop connected to a car’s CAN bus that affected steering, slammed on brakes, or even disabled brakes at some speeds. Evenchick’s gadget aims to make exactly that sort of testing more accessible to researchers. In their tests, Valasek and Miller used a $150 ECOM cable that they rewired by hand to connect to their test vehicles’ OBD2 ports. (Valasek says a stock cable capable of that connection would have cost $1,200.) Evenchick’s CANtact is designed to make that connection out of the box at a much lower cost. The average coder isn’t familiar with the protocol most cars’ computers rely on to communicate. But Evenchick has written open source software for CANtact that automates much of the manual work of CAN bus hacking. Like the earlier work by Valasek and Miller, the CANtact is designed to send commands in Unified Diagnostics Services, the CAN protocol that auto mechanics use to communicate with electronic control units (or ECUs) throughout a vehicle. That allows anyone to write python scripts that can automatically trigger commands in a car’s digital network that range from turning off its “check engine” light to automatically pumping its brakes. “Most people have no idea there’s all this diagnostic stuff that someone who’s connected to the CAN bus can use to do all these interesting things,” says Evenchick. “What are the extent of those features? And what implementation problems exist that could be big security holes?” For now, actually figuring out what a certain UDS command sent from the CANtact might do in a specific vehicle will largely be a matter of trial and error for amateur car hackers, says Evenchick. But by publishing its software on Github, he hopes the code will become a collection of different hackers’ techniques that target individual vehicle makes and models. “It would be awesome if people messing around with their cars… could work together to build a library [of code] to do all this stuff,” says Evenchick. “You’re a Honda owner, and someone else is a Honda owner. If they find some cool things to do and you want to play around with it too, they can share it.” The CANtact, of course, can only test security exploits that require physical access, not remote attacks. But the device does help to automate the testing of security exploits that would be possible once a hacker has already gained a wireless foothold on a car’s network. And the notion of a hacker gaining that sort of initial wireless foothold in a car’s network is more than theoretical. Researchers at the University of Washington and the University of California at San Diego demonstrated in 2011 that they could gain access to an unnamed car’s network through wireless attacks that included a Bluetooth connection, the car’s OnStar-like cellular radio, and even Android malware on the driver’s phone. Evenchick says his CANtact gadget isn’t intended to make any sort of malicious car hacking easier. Instead, he argues, it’s meant to foster hobbyist car hacking and security research that can expose and help fix real vulnerabilities in the digital components of cars and trucks. Miller and Valasek’s earlier research, for example, served as a public demonstration that cars’ internal networks lack basic security protections. Their work led to Senator Edward Markey sending a series of questions to 20 automakers that eventually revealed widespread inattention to security and in some cases a potential lack of anti-hacking measures in their cars and trucks. Only seven of the companies said they used third party security auditing for their vehicles, and only two said they currently had features to respond to a hacker intrusion on their vehicles’ CAN buses. The more attention and testing those car systems receive, Evenchick says, the more secure they’ll eventually become. “You don’t really own a device until you can open it up and tear it apart,” says Evenchick. “Your car is more connected than ever before. Just having people know what’s going on with cars and understand them better would be kind of nice.” Source
-
CANCUN–When (or if) people think about the security of the devices they interact with and use on a daily basis, the machines that run their local car wash probably aren’t high up on that list. But, like everything else with a computer for a brain these days, those machines are connected to the Internet. And Billy Rios can hack them. Rios has spent years pulling apart the innards of all kinds of automation equipment, mostly in the ICS and SCADA realms. But now that TVs, parking meters, dishwashers and everything else under the sun comes with an embedded Web server and other potential targets, he has begun having a look at what surprises those devices hold, as well. Looking in one of the more obscure corners of the web, he discovered automated car wash equipment online. The device he researched has a considerable attack surface. The device was running a version of Windows CE on an ARM processor and after a bit of poking around, Rios found that it also had Telnet enabled and a default five-character password and default username. “If you know that default username and default password you can do a lot of interesting things,” Rios said in a talk at the Kaspersky Lab Security Analyst Summit here Tuesday. “You car wash can send you emails and yes, your car wash is on Facebook, too.” The car wash device controls the mechanisms that wash the top and bottom of a car and by sending special POST requests to the device, an attacker could cause some mischief, such as changing the kind of wash a car is getting. But more seriously, if an attacker was able to access the device, he also could disable the safety sensors on the back and front doors of the wash bay, which prevent them from coming down on a person or vehicle. The problem isn’t limited to one manufacturer or one industry or one kind of device. Lack of security in Internet-enabled devices is spread across the board. “Remote access changes your threat model. But to be honest, I don’t think we can trust the makers,” Rios said, referring to manufacturers of all sorts of gear with embedded computers and remote access capabilities. “The people who made that car wash won’t understand any of things we just talked about, like SQL injection or buffer overflows. We’re going to see this in other IoT places as well.” Security researchers have been turning their attention to the growing crop of non-PC devices that contain computers, WiFi, Bluetooth and other capabilities, and what they’re finding in terms of security controls is typically pretty bad. Many of companies rushing to Internet-enable everything they make aren’t spending a lot of time thinking about the security implications of what they’re doing, but the attackers are. “It’s asymmetric. The knowledge in attacking these things is very high and it’s very low in defending,” Rios said. Source
-
The problem was discovered by the Allgemeiner Deutscher Automobil-Club (ADAC), a German motoring association, and was verified on several models of BMW cars. The attack took advantage of a feature that allows drivers who have been locked out of their vehicles to request remote unlocking of their car from a BMW assistance line. “They were able to reverse engineer some of the software that we use for our telematics,” said Dave Buchko , a BMW spokesman. “With that they were able to mimic the BMW server.” The auto maker has already started sending out software patches to the 2.2 million cars equipped with Connected Drive and said it hadn’t come across any cases in which the vulnerability had been used to unlock or attempt to unlock its cars. Vehicles in the U.S. will get it beginning from next week, said Buchko. The fix adds HTTPS encryption to the connection from BMW to the car, which runs over the public cellular network. The added encryption will not only safeguard the content of the messages but also ensures that the car only accepts connections from a server with the correct security certificate. The incident highlights what is likely to be a big issue for auto makers in the coming years: identifying and patching software vulnerabilities and securing the technology going into modern cars. Today’s cars have millions of lines of computer software and are increasingly connected. Many cars offer Bluetooth, Wi-Fi and cellular connections, can be linked with smartphones and other devices and even accept third-party apps. All provide potential attack points for hackers. “If all it does is open the locks, it’s concerning, but if that vulnerability could have also sent messages to shut off the brakes, it would have been catastrophic,” said Joshua Corman of The Cavalry, a non-profit that works with auto makers on cyber-security issues. The organization, which launched in 2013 from the Defcon and BSides security conferences, recently published a framework with recommendations for auto-makers from the computer security industry about how to detect issues, contain and isolate them and respond to them. In part, it calls on car makers to publish policies that welcome interaction with the computer security industry. Because of laws like the Digital Millennium Copyright Act and the Computer, Fraud and Abuse Act, some researchers are hesitant to come forward with vulnerabilities lest they be accused of hacking and prosecuted, said Corman. In that case, a potentially serious security problem could go unpatched for years. “Our general intent is that the car industry are masters of their domain, we are the masters of ours and the safety outcome will be better if we work together,” he said. sursa: pcworld