Hackers Reveal Nasty New Car Attacks

Our friend realitychecker sent me this piece at Forbes.com this mornin’.  Part of the header was: ‘Assassins’  wet dreams here today’.  The video is already up on youtube, and I reckoned that since you might find it interesting,  I’d post it.  Andy Greenberg, Forbes’ tech security journalist:

This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.

The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry’s security problems before malicious hackers get under the hoods of unsuspecting drivers. The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.’

Greenberg  links to research reported in 2010 that showed that wireless hacks of car systems are indeed possible, as in: no need to be in the back seat as Miller and Valesek are in the video.

For example, services like General Motors’ OnStar system, Toyota’s Safety Connect, Lexus’s Enform, Ford’s Sync, BMW’s Assist and Mercedes Benz’s Mbrace all use a cellular connection embedded in the vehicle to provide a variety of automated and call center support services to a driver. These subscription services make it possible to track a car’s location, unlock doors remotely and control other functions.

In their remote experiment, the researchers were able to undermine the security protecting the cellular phone in the vehicle they bought and then insert malicious software. This allowed them to send commands to the car’s electronic control unit — the nerve center of a vehicle’s electronics system — which in turn made it possible to override various vehicle controls. ‘

Mercedes Mbrace technology seems to have been in the C250 Michael Hastings was driving, which model I discovered at FoxNews.com.  The article begins:

Mere hours before the fiery car crash that took his life, journalist Michael Hastings sent an email to friends and colleagues urging them to get legal counsel if they were approached by federal authorities.

“Hey [redacted] the Feds are interviewing my ‘close friends and associates,'” read the message dated June 17 at 12:56 p.m. from Hastings to editors at the website BuzzFeed, where he worked.

“Perhaps if the authorities arrive ‘BuzzFeed GQ’, er HQ, may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues.”

Hastings added that he was onto a big story and that he would, “need to go off the radat [radar] for a bit,” according to KTLA in Los Angeles.’

Fifteen hours later he ‘lost control and crashed into a palm tree; the car burst into flames.  You know the rest, including this:

Michael Hastings contacted WikiLeaks lawyer Jennifer Robinson just a few hours before he died, saying that the FBI was investigating him,” the second message read.”

There’s been  lot of speculation as to which big story he was working on, including the ‘Drone Surveillance in the US’ one the Fox article names, and iirc, even the Boston Bombing story.  Are there any new leads on that?

Dunno when I’ll be able to answer comments; it’s bread day here, and I’m tryin’ to get the place ready for a visit from our young grandsons.  I’m about to throw a shoe I’m so tickled they’re comin’ to spend time on the farm with us.

That new cars have dozens of computer systems in them is a revelation to me, I confess.  Pretty different than the ’56 Ford pickup we had that even I could work on if I could get the right parts.  ;-)

(cross-posted at My.fdl.com)

12 responses to “Hackers Reveal Nasty New Car Attacks

  1. Thank you, wendye! I’ve commented at FDL, so I’ll just say again I’m glad you are still thinking about this. Not knowing Michael Hastings very well, except for reading his stuff, I looked up a recent Travis Smiley interview. I was surprised to see how careful he was being in that interview, given his fiery reporting. He seemed to me to be very nervous, even afraid.

    Here, in a related matter (everything’s related these days) is what will be happening this evening/afternoon in Downunderland:

    http://thedailyblog.co.nz/2013/07/27/why-you-must-as-new-zealanders-march-today-at-2pm/

    Were I there, I most definitely would be marching – I do hope the word is getting out.

  2. actually it was rc who got me thinking about it more today. ;-) but i’d forgotten your ‘on his way to the airport’ theory; i dunno. but i wanted to add this over here before i head back to the salt mines.

    I did Giggle a bit, and found this at HuffPo in which Richard Clarke had said on 6/24:

    “Clarke said, “There is reason to believe that intelligence agencies for major powers” — including the United States — know how to remotely seize control of a car.

    “What has been revealed as a result of some research at universities is that it’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag,” Clarke told The Huffington Post. “You can do some really highly destructive things now, through hacking a car, and it’s not that hard.”

    “So if there were a cyber attack on the car — and I’m not saying there was,” Clarke added, “I think whoever did it would probably get away with it.”

    Very cool on the protests in Kiwiland, juliania; i know you’ll be with them in spirit, and that’s a good thing, too. Thoughts and prayers having power, and all that.

  3. and what’s with the disappearing comments? i saw you say yours had via email, as well as mafr’s. his avatar is gone again, as well.

  4. thought you might like to see this video of kim dotcom speaking to people protesting the ccsb law in aukland today. also look at this twitter pic, too. pretty impressive: https://twitter.com/KimDotcom/status/360959223582044165/photo/1

  5. realitychecker1

    Mornin’, everybody. I survived my kayak ride down the Chattahoochee yesterday. Guess theyy haven’t figured out how to hack into a kayak yet lol. (Although I did see a large striped bass that seemed to be in great distress . . .) Close encounters with two muskrats . . .agents of the State??? One never knows anymore, do one?

  6. chattahoochee? wow; it turns out that: ‘The Chattahoochee River originates in northeastern Georgia from a spring on Coon Den Ridge, near Jacks Knob, in the southern Blue Ridge Mountains. Muskogean word meaning ‘rocks-marked’ (or painted), from chato (rock) plus huchi (marked); who knew?

    i believe you may be overly paranoid about muskrats, tobias. they are all about da love, remember? can this help ya dial back yer suspicions?

    glad ya didn’t get invited for alligator supper; whoosh.

  7. I had a friend, an actual computer tech genius, thirty years ago who had devised ways of controlling everything in a house remotely with computers, including opening the door lock, adjusting the thermostat, talking to people at the door.

    Of course it’s easy to hijack a car. And they will do it if they want to. why not? what is there to stop them?

    After all, they’ve been crashing planes for at least sixty years.

    Once you decide that it’s ok to assassinate people, all you need to do is update the definition of who your enemy is.

  8. Willis Allan Ramsay, sure is good, thanks a lot, cause that’s the first time I’ve heard him.

  9. ‘talking to people at the door’, lol. that mustta been grand! the only thing that might stop them is a sense of decency, but that seems to be in short supply these days. i was reading the wiki this mornin’ on ‘rule of law’. so many variations of its usage throughout history… anyhoo, ‘sense of decency and societal best’ played in a number of the understandings, not to mention ‘no one is above the law’. heh.

    but: willis only recorded one album, but sooooo many folks recorded his good songs. here’s another haunting one:

  10. one century it’s legal, next century it isn’t.. or is that decade.

    you’re too late, I’ve listened to all the tunes from that album that are on youtube. he says he lives in colorado now. maybe you can hear him somewhere around there.

  11. how silly of me; of course you would have if you if ya liked him.

    i can’t ever go, but some great musical artists do come to mancos now and again. joe cocker kinda bought a whole town in colorado (one i’d never even heard of, really).

    sleep well, mafr; you’re one of the good uns, and i’m glad you come here sometimes.

  12. Thank you for the video, wendye. Wow, kayaks and muskrats – you do live dangerously, rc!

care to comment? (no registration required)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s