Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
2091 posts

Uber Geek


  # 1349867 22-Jul-2015 15:42
Send private message

frankv:
wasabi2k:
pdath: This is nothing new.  Still could be worse, you could own a Ford or a Toyota.  There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html


via OBD port IN the car - so significantly less of a risk. Same guy if I read correctly?


But if you have access to the car, you could add a device to connect the OBD port to the Internet via cellphone.



But that is a barrier orders of magnitude greater than a hack over the air.

I can put my car in a locked garage, install an alarm etc and provide physical security, I could notice a dongle sitting in an OBD port.

If you have this online system (uConnect) you're open to attack always, everywhere with NO evidence until your car explodes.

gzt

10862 posts

Uber Geek


  # 1349946 22-Jul-2015 17:17
Send private message

surfisup1000: My personal opinion is that punishments for hackers need to be exponentially increased. 

The USA has the right idea. 

Make the very idea of hacking so scary it is just not worth going there.;

USA has exactly wrong idea. They have virtually no law that requires manufacturers to actually address the issues.

+plenty of law to attack users that demonstrate reported issues have not been resolved.

It is way way way out of balance.

 
 
 
 


2952 posts

Uber Geek


  # 1349962 22-Jul-2015 17:30
Send private message

While punishing hackers should always be done when they can be caught, it is simply unacceptable to have a car that can be hacked to the point where brakes,steering and handling can be got at.

It's just p!ss poor design.




Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

1069 posts

Uber Geek


  # 1350008 22-Jul-2015 19:08
Send private message

nakedmolerat:
frankv:
wasabi2k:
pdath: This is nothing new.  Still could be worse, you could own a Ford or a Toyota.  There vulnerabilities are bad enough that a hacker could kill you.

http://www.independent.co.uk/life-style/gadgets-and-tech/researchers-hack-cars-to-remotely-control-steering-and-brakes-8733723.html


via OBD port IN the car - so significantly less of a risk. Same guy if I read correctly?


But if you have access to the car, you could add a device to connect the OBD port to the Internet via cellphone.



For Ford & Hyundai, if you were to attach anything, it will be super obvious as there is a cap over it (it will need to be left open).




I think alot of people are getting fussed over the port location, The loction is often just a plug + extension from the ECU wiring harness. There would be nothing stopping anyone popping a module into the can bus at many,many points in the car. The use of such a module could allow for a deliberate murder to be masked as a mechanical failure at worst or simply spying at best.

I would certainly expect more security in fly by wire and associate critical systems




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

3885 posts

Uber Geek

Subscriber

  # 1350133 23-Jul-2015 00:15

Haven't bothered reading that article. But presume you were driving that car. You crash into someone and kill them. You get charged with murder.

You would then be able to argue that the reason for the crash is due to your car being hacked. As if you are driving a known insecure car. How would the prosecution prove in court that the car was not hacked?





1523 posts

Uber Geek


  # 1350167 23-Jul-2015 08:24
Send private message

The use of the word 'hacker' is the anomaly in the story. Hacking implies access without consent. These 'researchers' simply obtained remote access to the automobile controls, with full consent of the driver. Allegedly. Any photographic evidence? The term 'Hacker' is just clickbait these days.


2912 posts

Uber Geek

Lifetime subscriber

  # 1350183 23-Jul-2015 08:51
Send private message

Whilst the major part of the story is about a vehicle that was 'attacked' with the driver's consent & knowledge, it was also done without his intervention, and *could* have been done without his consent or knowledge. The paragraph below suggests to me that they (or any actual hacker possessed of their tools, skills, and knowledge) could have done exactly the same things to at least the Jeep Cherokee in California.


A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan.



 
 
 
 


1144 posts

Uber Geek


  # 1350354 23-Jul-2015 12:41
Send private message

Somebody is just making a media noise.

Remote hacking of cars via internet makes no sense as anything and everything over the Internet is tracked and traced and stored for future reference.

If somebody were in need to damage the car remotely they could've done it "old-fashioned" way "007" style without fiddling with the car electronics.

Re: CAN Port - is of no difference from LAN in a sense, that you do not need to plug anything into the physical port. CAN is running all over the car and there were reported incidents of getting access to that network in Mercedes or BMW (do not remember which one of those) via "natural holes" e.g. rear lights in the car body.

The really scary part in modern cars is electronically operated brakes and steering - these two critical car functions are delegated to electronics leaving you without control in case of the electronic malfunction. Introduction of ROHS made electronic devices even less reliable.

So, you are afraid of hackers but trust electronic brakes and explosive airbags?

Good car is the car without any electronics at all :-)
https://imgur.com/cug082O



432 posts

Ultimate Geek


  # 1350390 23-Jul-2015 13:19
Send private message

RUKI: Somebody is just making a media noise.

Remote hacking of cars via internet makes no sense as anything and everything over the Internet is tracked and traced and stored for future reference.

If somebody were in need to damage the car remotely they could've done it "old-fashioned" way "007" style without fiddling with the car electronics.


I doubt its noise more an FYI and I doubt it needs to make sense, these guys may in the end create a GUI interface where you choose the vehicle (Jeep, Merc etc.) what disability you want to afflict the car have the vehicle show up on Google maps (maybe live video coming soon with the new micro satellites that are planned to provide live real time video), and have it blamed on a car accident. Its not an if more a when so its imperative the security is properly sorted from the ground up in a car design.
 


So, you are afraid of hackers but trust electronic brakes and explosive airbags?

Good car is the car without any electronics at all :-)
https://imgur.com/cug082O


I have to agree when it comes to electronic parking brakes pushing a button makes me nervous, what happens if the car looses the electrics through a surge or failure etc. are the parking brakes on an isolated circuit?. It seems from this article the standard brakes have been isolated also from the hydraulics hence the lose in brakes and going into a ditch. At least with the good old fashioned pull hand brake you have a physical cable you can STOP the car with, one the security has been sorted I'll be much happier to try this.

gzt

10862 posts

Uber Geek


  # 1350408 23-Jul-2015 13:42
Send private message

Would you put your factory production PLCs on the same network as your office WiFi? Not in your right mind. Now you is can design car controlz.

1144 posts

Uber Geek


  # 1350440 23-Jul-2015 14:44
Send private message

Vintage cars will be more and more expensive then for those who are paranoid.
It is happening with the old flip mobile phones already. Those are rare and sellig for a prime price. Who needs a smartphone on wheels (e.g. Tesla)?

1463 posts

Uber Geek


  # 1350784 23-Jul-2015 20:54
Send private message

I don't mind that they did the hack, it's a good example of how automakers suck at software and security which should be shown up.

But I do detest the way they showed off their exploit to the press by messing with the car on a public road, and also that they think it's smart to release parts of how they did it out into the wild without giving Chrylser a chance to patch ALL the affected vehicles and come up with a better solution in future ... to me their words of :

 

"The two researchers say that even if their code makes it easier for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it allows their work to be proven through peer review"

 


is utter stupidity .. they just want nerd glory at the risk of someone using their code to harm, and if someone does get hurt I bet they'll try to avoid all blame!

gzt

10862 posts

Uber Geek


  # 1350857 23-Jul-2015 22:34
Send private message

Jeep responds. Software update available:

http://www.forbes.com/sites/thomasbrewster/2015/07/21/jeep-vulnerability-fixed/

The researchers believe the issue affects any Chrysler Fiat with Uconnect manufactured late 2013 thru 2014 to early 2015.

gzt

10862 posts

Uber Geek


  # 1350859 23-Jul-2015 22:35
Send private message

Mark: I don't mind that they did the hack, it's a good example of how automakers suck at software and security which should be shown up.

But I do detest the way they showed off their exploit to the press by messing with the car on a public road, and also that they think it's smart to release parts of how they did it out into the wild without giving Chrylser a chance to patch ALL the affected vehicles and come up with a better solution in future ... to me their words of :


"The two researchers say that even if their code makes it easier for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it allows their work to be proven through peer review"

is utter stupidity .. they just want nerd glory at the risk of someone using their code to harm, and if someone does get hurt I bet they'll try to avoid all blame!

I agree this does not look exactly like responsible disclosure.

On the other hand it took a long time for PC O/S makers to come to a kind of consensus of responsible disclosure, and even now some researchers release after a period frustrated at no action. So I think the auto industry will have to study that history and understand the environment.

Jeep have responded very well to this challenge and have not dug a deeper hole or tried to bury the reseachers, so I think Jeep has done very well and are looking pretty good. Based on the response time to a resolution it is very good support for their customers.

Mad Scientist
20658 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1351757 25-Jul-2015 22:45
Send private message

surfisup1000: My personal opinion is that punishments for hackers need to be exponentially increased. 

The USA has the right idea. 

Make the very idea of hacking so scary it is just not worth going there.

Problem is the russians / chinese / middle eastern countries are only too happy to hack western countries and cause damage. 


these are hacked from the interweb. you cannot control the interweb.

plus, you make something to be bad, the more curiosity it causes, making every 14 year old want to try it.

you live in an online world, there are side effects, consequences.

i'd like my car to talk to nobody thank you very much. same with my airbus 380.




Involuntary autocorrect in operation on mobile device. Apologies in advance.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16


Intel announces next-generation Intel Xeon Scalable processors with up to 56 cores
Posted 7-Aug-2019 15:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.