Slashdot Mirror
Auto Industry Teams Up With Military To Stop Car Hacking
An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.
Just saying brah...hack the Gibson
1. Physical security.
If you let the machine get into the hands of hackers... they will break it the controls. And that is doubly certain if the device is mostly functional regardless. It will interact and that will let people either exploit flaws in the security or just decrypt it.
If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Nothing, and I mean nothing the security guys ever come up with will have anywhere near the effect of the six inch square piece of plywood with 25 six inch nails hammered through that i place under the driver seat of my car. The second a would be thief jumps into my car seat is the second they begin to understand just how bad their life choices have been. I also have a conventional car alarm that serves to let me know that i should call an ambulance for the 'tard, should but wont, baseball bat feels better in my hands than phone.
Didn't they say they solved this in 2001? /s
The best defense against car thieves is a beater.
They just had to throw that in there. It's become like Franks Red Hot. They put that shit on everything.
Technology can be hacked. Cars were 'hackable' when they were just mechanical: shims or tools to unlock doors, bypassing the ignition, random fun things I've seen on TopGear. There was one care where if you pulled out a fuse or something, put it in backwards, it started the car. Now there is more tech in cars, and tech is hackable, so cars are more hackable in 'elegant' ways as opposed to using a rock or screwdriver. Not really breaking news, but good to know and keep an eye on.
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
What does it mean to be a "hacker" these days? Apparently the ability to type "nmap" and some PR wherewithal. Actual skills are entirely optional. So what does that mean for these people? As far as I can see, only the fact they're employed by the government, defence branch, as a nice gimmick to add that bit of zest to the usual scary words. "We're the good guys, honest!" Well no you aren't, or you wouldn't call yourselves "hacker" in relation to security anything.
What will they do? Burn us like ants with their spy satellites from space?
Now that I think about it, it may be entirely possible to do that.
https://www.youtube.com/watch?...
BRING BACK THE FUCKING TAGLINE: NEWS FOR NERDS, STUFF THAT MATTERS.
Also, FUCK BETA.
Filter error: Don't use so many caps. It's like YELLING.
AND FUCK FILTER ERRORS.
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives.
In Soviet Washington the swamp drains you.
If they're going to team up with people who pretend to know about cyber security, they might as well team up with Valve and put Valve Anti Cheat on the cars. That system works peeeeerfectly.
Auto Industry Teams Up With Military To Stop Car Hacking
Yeah only good things can come from this.
"If any question why we died, Tell them because our fathers lied."
You want a machine to decide that for you...
"If any question why we died, Tell them because our fathers lied."
I know we've talked about it in Slashdot, in the context of more and more electronics taking responsibility for control of the car, mesh car networks, Windows controlling and potentially driving your car, but really -- hyperbole aside, is car hacking a real thing? And if so, is it really an effective tool for terrorists? (Or is that -- "terrorist" -- what we're calling experimenters and hackers these days?)
I mean, if someone is being proactive about what might be a terrorist vector, I guess that's ok, but there's a feeling in the back of my head that this might be a solution looking for a problem.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
A number of reasons this isn't a simple feature request:
* continuous monitoring will drain your battery, so you will come to a dead battery every time you go on vacation;
* the system will also have to monitor for precipitation, so additional sensors are needed (you wouldn't want to come back to wet seats now, would you?);
* there are better ways to spend ~100$ in parts and 5lb of weight.
You could work out an integrated climate control system that uses low power fans when off and maybe opens a top vent instead of a window.
Opening windows is a security risk.
No, I want it to decide for itself — when I am not there.
In Soviet Washington the swamp drains you.
Car manufacturers want to double-dip by tracking you using your car. When you pair your phone with infotainment system, they can sell real-time location data (your car's GPS) strongly tied to your identity. Even if you opt out of OnStar and such system, they are still active.
You also get your car pwned remotely, because not only they track you, they failed to secure the interface, ether out of ignorance or "in the interest of national security".
I have an outside temperature sensor, that radios figures to the display unit inside. Its puny little battery lasts a year... You too can get one at Home Depot.
As I said, such sensors are already built into my car. The wipers start automatically, when the rain or snow hits the windshield.
All the hardware is already in the car. Just need to teach the existing software a new trick.
In Soviet Washington the swamp drains you.
Yes, we have progressed from cars that could NOT remotely have the boot opened, windshield wipers set off, brakes locked, and engine cut, to cars that can. Well done.
But hey, I'm sure that security will be taken seriously now and these issues will be gone any minute. And only the "older models" will be vulnerable...
It's always the same claim from software developers. "Oops, we fucked up horribly last time... Buy our NEW version!!!"
I have a heat gun/torch and I know how to use them!
Just need to teach the existing software a new trick.
And I bet you the existing wetware will learn a new trick just as fast as you automate your car to crack the windows. Won't even need a wedge to slip in an opening tool.
* continuous monitoring will drain your battery, so you will come to a dead battery every time you go on vacation;
Easy, a secondary battery. For this application, it can be a crazy small lightweight rechargeable that recharges off alternator. When battery low, roll window up. When battery dies, starter will still work. Also 'continuous' can mean a wake every 30 seconds to check, meaning trivial trivial load.
the system will also have to monitor for precipitation, so additional sensors are needed (you wouldn't want to come back to wet seats now, would you?);
They mentioned using the rain sensing sensors already in some cars.
* there are better ways to spend ~100$ in parts and 5lb of weight.
It would be cheaper than that given the condition of a model with rain sensing wipers already. We go through non-trivial engineering to save someone the hassle of flipping a wiper switch on, but not to dramatically increase comfort day to day and save lives in some particular cases?
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives.
Or perhaps you'll walk back to an empty parking spot where your car used to be.
All a thief really needs to steal a car (or the contents inside) is access, which you're suggesting to now provide in a automated and unattended fashion.
If you MUST have a remote-control door lock, make it something that requires very close physical proximity that is very hard to override.
For example, have a receiver that is on the car-facing side of the door handle using a very-near-field communications setup. You swipe your "key" under the handle and the door locks or unlocks.
Yes, it might be possible for a thief to make a small "reflector" and tape it to your car door near the handle, but that's one more step he'll have to go through and one more opportunity for him to be caught or leave his fingerprints behind. Plus, unlike today, the thief can't just sit in a parking lot all day collecting "sample transmissions" for later analysis/reverse-engineering.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Did you mean to say "In the U.K., a third of car thefts in London are due to car related hacking"
rather than "In the U.K., hackers are now responsible for a third of car thefts in London"?
Because the latter is somewhat offensive, as well as undoubtedly incorrect.
cheers
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives.
Because opening the windows slightly only affects inside temperatures slightly? Yet it makes it much easier to thread in a wire to snag a door handle to open the door.
A forced air fan to vent in cooler air from below the car 30 minutes before you return to the car would be more effective. And the only thing stopping that is cost vs benefit - not enough people would find it useful enough to add $xx to the price of the car.
If they want better security then stop with the unnecessary technology. I don't want a car that unlocks or locks every time I walk up to it or walk away. The GPS should be isolated, not integrated and should do it's best to maintain privacy. There should be no possible way in the world for a radio signal to control anything, but the door locks. Cars should not be as Ford says "A computer on wheels". I'm quite happy with my luxury car from the 90's and although some modern features are nice I really think it's a step in the wrong direction to train the public that a car should have a huge list of electronic gadgetry. How about simple reliable cars that people can actually afford to buy.
What is next? Shoplifters as terrorists? Or people that ride public transportation without a ticket?
Seriously, this is far beyond mere ridiculous. Possibly, this utter idiocy results from a deep desire to classify all hackers as "terrorists". After all, they can do things! That seems to scare the government badly.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
It'd be way safer to get a fan going to circulate the air than to crack the windows open. You really want car makers to open themselves up to having cars stolen easier?
It doesn't mean much now, it's built for the future.
The sensors are there, use them.
1st, they added sensors and logic on the engine. MPG, fuel injection, etc.
I want them to do things like adaptive cruise control, blind spot detection, stopping when there is something in the way. Some cars already have this and that's is driving my car search.
The navigation system gets info. How about telling me if I adjust my speed, I can turn those red lights into green as I'm driving?
Or my tires are below pressure, adding air can improve mileage?
There's lots of this kind of thing they can do.
Instead they're focusing on the entertainment system, voice commands and syncing with your phone.
Spinning fan will drain battery quickly. A slightly-open window will not make theft much easier — and the alarm will still go on, if the door is opened.
People do leave windows rolled-down a little on hot days as a matter of course. Would be nice, if the car could do it itself. And even close them back up, if rain starts.
In Soviet Washington the swamp drains you.
its not about hacking but about locking out "non approved" mechanics, so you have to go to a main dealer, locking out small garages who dont have the budget for that $20000 special "tool" that main dealers have.
want to turn off that service light ? too bad sucka
Now, I know you don't have a cheap car if it is already has all these features. Most people won't have a car with automatic rain-sensing wipers. This is certainly an upscale feature. I also have no idea what kind of power draw the infrared light and sensor require.
On my car I can set fan to run for some time using residual core heat or cooling to maintain preset temperature. This feature good for about 30 minutes (but will run longer) and does not run if the battery charge drops past some threshold, but you have to manually activate it before exiting the car. I also never use this feature since it is too much bother to set.
LOL that's even worse.
"If any question why we died, Tell them because our fathers lied."
So... all I'd have to do to break into your car is to increase the inside temperature? Provided it doesn't rain, of course...
That's doable.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Should be: "Auto Industry Teams Up With Military To Make Sure Car Hacking Stays"
The military has already suicided people with this technology "onstar" and has been in use for at least 2008 in all vehicles:
http://cartech.about.com/od/Safety/a/Gms-Onstar-Service-How-Does-It-Work.htm
The global banking syndicate/military industrial complex also suicided Michael Hastings with this technology
http://rt.com/usa/michael-hastings-car-neighbor-853/
R.I.P Michael Hastings, and R.I.P slashdot the paid repeaters.
Apart from being void of any information, the huffpo article is somewhat odd. I can't quite figure out the relevance of the second picture. It's a motherboard, HD, PSU and what looks like reclaimed laptop screen inside a suitcase.
What does that have to do with anything?!
>> during tests hackers come out on top every time
BUT BUT BUT INTERNET OF THINGS
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside?
It's safer to just put a solar panel on the roof, my car has it integrated into the sunroof. When the interior temperature rises sufficiently and the panel is sunlit then it runs the blower motor to keep the car cool. Sadly, it ignores the ambient temperature sensor and has no concept of humidity, so in some conditions the sun can hit your car, heat it up before the surroundings, and suck damp cold air into the vehicle and humidify it. In the normal course of the day, though, it will blow warm air through after it, and the air at least comes through the cabin air filters.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This sort of logic was present and functioning on the first steam-engines! You have such a system in your toilet — it closes the water-valve, when the "sensor" detects, the tank is full...
In Soviet Washington the swamp drains you.
And FUCK AUTOREFRESH too while you are at it.
The military has proven it's security works well enough to prevent leaks... That it can prevent break-ins... That it's tools cant be intercepted.... Okay, okay, they aren't good at any of these. Maybe. we should hire bankers.... *face-palm* Maybe we should hire someone who actually has a stake in insuring that the systems they work with remain secure. Like Tesla was attempting to do. They had a couple of reps at Defcon 22 for just this purpose, they went straight to the experts in security and dared to ask them for help. The very people who bet their reputation on ensuring that they have the best knowledge in pentesting and security. The if the military fails here or leaves a backdoor into your vehicle available then they can simply explain it away, or cover it up. If a security firm fails here it could be the end of that firm. I wonder who I should trust more.
Continuous monitoring isn't an issue with EVs. When you have a 24,000Wh or larger battery remaining connected to a cellular network for weeks is no issue. Remember when your Nokia could run for a week on one charge? That's what the modem in the car is like, only it has a giant car sized battery to power it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
This is what we will be faced with in a world with 'autonomous' cars, but even worse if they have no manual controls and people don't know how to drive a car: Some script kiddie (or actual criminal/criminal organization) will take control of your vehicle with you in it, and you will have no way to take control back. So-called 'autonomous' vehicles must have full manual controls with an unimpeachable manual override and there must be a trained, certified, licensed driver at those controls at all times!
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!