Slashdot Mirror
Hackers Remotely Cut a Corvette's Brakes
An anonymous reader writes: Security researchers presented work at the USENIX conference today showing an easy way to hack into a car's electronics using a small gadget that plugs into modern dashboards. The port they're taking advantage of is commonly used to monitor the location and speeds of these vehicles. Once the researchers' dongle is attached, they can use SMS messages to transmit commands to the car's internal network. They demonstrated this by remotely cutting a Corvette's brakes. "Though the researchers say their Corvette brake tricks only worked at low speeds due to limitations in the automated computer functions of the vehicle, they say they could have easily adapted their attack for practically any other modern vehicle and hijacked other critical components like locks, steering or transmission, too."
... unethical to be releasing detailed information on an exploit.
It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.
The cost-benefit analysis going into the value judgement of a release of more details for hacks is VERY different from the analysis of some HTTP flaw or kernel bug. Actual lives are at risk, and the ability of your work to be used to cause accidents and kill people by remote control changes things.
Hire a Linux system administrator, systems engineer,
Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.