Hackers Remotely Kill Jeep on the Highway

Forums › Transport (cars, bikes and boats) › Hackers Remotely Kill Jeep on the Highway

DeepBlueSky

547 posts

Ultimate Geek

#177097 22-Jul-2015 12:30

Read this from Wired; Its a bit of a worry as we dive further into the connected world the security of any critical system is going to have to be factored at the beginning of development not as an after though, especially devices like cars, medical equipment. Wi-Fi enabled pace makers and insulin pumps have already been hacked now cars and maybe aircraft.

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

1 | 2 | 3

5288 posts

Uber Geek

#1349757 22-Jul-2015 12:36

My personal opinion is that punishments for hackers need to be exponentially increased.

The USA has the right idea.

Make the very idea of hacking so scary it is just not worth going there.

Problem is the russians / chinese / middle eastern countries are only too happy to hack western countries and cause damage.

macuser

2120 posts

Uber Geek

#1349761 22-Jul-2015 12:46

I wonder how many foreign rides have been bugged by the CIA in this manner.

#no-tinfoil-hat-necessary

DeepBlueSky

547 posts

Ultimate Geek

#1349763 22-Jul-2015 12:53

macuser: I wonder how many foreign rides have been bugged by the CIA in this manner.

#no-tinfoil-hat-necessary

It had crossed my mind that certain groups may not be happy that this information has been outed. Having a car crash, could just be an accident or maybe not ??

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#1349764 22-Jul-2015 12:54

surfisup1000: My personal opinion is that punishments for hackers need to be exponentially increased.

The USA has the right idea.

Make the very idea of hacking so scary it is just not worth going there.

Problem is the russians / chinese / middle eastern countries are only too happy to hack western countries and cause damage.

My emphasis added.

The problem is most people who commit crimes do not factor punishment into their thought patterns. The real deterrent is centered around what's called the capable guardian - which, if you have them, brings about the fear of getting caught.

wasabi2k

2096 posts

Uber Geek

#1349767 22-Jul-2015 12:58

surfisup1000: My personal opinion is that punishments for hackers need to be exponentially increased.

The USA has the right idea.

Make the very idea of hacking so scary it is just not worth going there.

Nope - I entirely disagree. You will ALWAYS have people willing to do stuff regardless of punishments.

This would effectively be security through scare tactics.

Companies/Governments providing external access to any technology need to take responsibility for their own security and build systems that are secure. They have responsibilities and if they aren't living up to them under self regulation then maybe it is time for a big stick.

Punishments for hacking should be in line with their non computer equivalents - and there needs to be allowances for responsible disclosure.

Edit: After reading that article - HOLY hell. In what universe does it make sense to have driving systems controllable from ANY external system? This is rampant stupidity. This is not the hacker's fault - this is a major screw up from the car vendor!

pdath

252 posts

Ultimate Geek

#1349768 22-Jul-2015 13:01

This is nothing new. Still could be worse, you could own a Ford or a Toyota. There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html

Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

wasabi2k

2096 posts

Uber Geek

#1349769 22-Jul-2015 13:02

pdath: This is nothing new. Still could be worse, you could own a Ford or a Toyota. There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html

via OBD port IN the car - so significantly less of a risk. Same guy if I read correctly?

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

JWR

821 posts

Ultimate Geek

#1349776 22-Jul-2015 13:23

surfisup1000: My personal opinion is that punishments for hackers need to be exponentially increased.

The USA has the right idea.

Make the very idea of hacking so scary it is just not worth going there.

Problem is the russians / chinese / middle eastern countries are only too happy to hack western countries and cause damage.

You have given a good reason not to have insane penalties.

If people from foreign countries can hack with immunity, then you need good security.

So, you rely, to an extent, on local hackers uncovering the security holes.

Penalties for hacking should relate to any damage done and we have other laws to cover virtually any situation.

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1349786 22-Jul-2015 13:40

How about instead of penalising hackers**, not all of whom have nefarious intent, we insist that companies actually develop SECURE products.
Every single piece of software needs to be written from the ground up with security as a primary goal. Instead most of them are written with security not even considered, or considered as an after thought.
I don't blame hackers for Flash or Java patching every 5 minutes, I blame the people who wrote poorly coded insecure software and then distributed it to billions of devices.

Disclaimer: I've spent quite a few years working in enterprise deployment/application packaging and my experiences have left me wanting to have large numbers of software authors dragged into the town square and flogged or worse.

**Without getting into the entire hacker/cracker debate, I'm using this in the popular sense.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

MikeB4

18435 posts

Uber Geek

ID Verified

Trusted

#1349789 22-Jul-2015 13:44

Like everything in life if its built it will the victim of crime be it cars, computers, houses, food, animals, trees..........

kiwigeek1

637 posts

Ultimate Geek
Inactive user

#1349799 22-Jul-2015 13:56

this might of happened to that reporter who has a major leak about the wrong doings of USA gov and drones.. some say his car computer was hacked so breaks failed and power steering etc

anything is possible. so do you throw black ops and gov people in jail if they hack your car to silence you :)

http://www.huffingtonpost.com/2013/06/24/michael-hastings-car-hacked_n_3492339.html

DeepBlueSky

547 posts

Ultimate Geek

#1349826 22-Jul-2015 14:39

I'm sure some execs will be bewildered by this information, too much emphasis on quick development turn around and sales the boring stuff like security generally takes a back seat to features. Unfortunately when the lawyers get involved and they will that boring stuff will be the only thing saving some of these execs / company bottom lines from taking a major hit I suspect.

frankv

5680 posts

Uber Geek

Lifetime subscriber

#1349830 22-Jul-2015 14:55

wasabi2k:
pdath: This is nothing new. Still could be worse, you could own a Ford or a Toyota. There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html

via OBD port IN the car - so significantly less of a risk. Same guy if I read correctly?

But if you have access to the car, you could add a device to connect the OBD port to the Internet via cellphone.

nakedmolerat

4629 posts

Uber Geek

Trusted

Lifetime subscriber

#1349861 22-Jul-2015 15:32

frankv:
wasabi2k:
pdath: This is nothing new. Still could be worse, you could own a Ford or a Toyota. There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html

via OBD port IN the car - so significantly less of a risk. Same guy if I read correctly?

But if you have access to the car, you could add a device to connect the OBD port to the Internet via cellphone.

For Ford & Hyundai, if you were to attach anything, it will be super obvious as there is a cap over it (it will need to be left open).

wasabi2k

2096 posts

Uber Geek

#1349864 22-Jul-2015 15:39

DeepBlueSky: I'm sure some execs will be bewildered by this information, too much emphasis on quick development turn around and sales the boring stuff like security generally takes a back seat to features. Unfortunately when the lawyers get involved and they will that boring stuff will be the only thing saving some of these execs / company bottom lines from taking a major hit I suspect.

So if self regulation doesn't work - you regulate or legislate. While very had to do well, it might be necessary.

Security standards for vehicle systems seems a good start - with penalties for releasing systems that don't meet them.

Security might not be of interest to an executive - but financial penalties and bad press should be.

1 | 2 | 3