Virginia State Police Cars Hacked

← Back to Stories (view on slashdot.org)

Virginia State Police Cars Hacked

Posted by samzenpus on Wednesday September 30, 2015 @10:21AM from the breaking-in dept.

ancientribe writes: Two models of Virginia State Police cruisers were hacked in an experiment to expose vulnerabilities in the vehicles and to come up with ways to protect the cars from hackers. Mitre Corp., the Virginia Dept. of Motor Vehicles, the University of Virginia, and other organizations in cooperation with DHS and the DOT demonstrated the attacks on an unmarked 2012 Chevrolet Impala and a marked patrol car, a 2013 Ford Taurus. GM and Ford even provided their comments to the press in the wake of the experiment.

40 comments

Min score:

Reason:

Sort:

Literally nothing new by ArylAkamov · 2015-09-30 10:26 · Score: 4, Insightful

"The hacks of the VSP cruisers require initial physical tampering of the vehicle as well. The researchers inserted rogue devices in the two police vehicles to basically reprogram some of the car's electronic operations, or to wage the attacks via mobile devices, which they demonstrated."
Give physical access to a computer system and it can be compromised?
What a shock.
1. Re:Literally nothing new by Anonymous Coward · 2015-09-30 10:45 · Score: 1
  
  only because the car had no network connectivity to be hacked:
  
  The first set of attacks by Mitre occurs via a smartphone app connected via Bluetooth to a hacking device planted in the vehicle, he says. "This car [the Impala] doesn't have Bluetooth or cellular" connectivity built in, he says, so connectivity was provided via the Mitre device.
2. Re:Literally nothing new by Harlequin80 · 2015-09-30 10:53 · Score: 2
  
  It's even worse than that. This is along the lines of give someone physical access to a machine and they can mess with it. They could have quite easily just poured a bag or rice into the fuel tank.
3. Re:Literally nothing new by ArylAkamov · 2015-09-30 11:22 · Score: 4, Informative
  
  Pretty much. I'm betting they just plugged into the CAN bus.
  About as newsworthy as "ARDUINO HACKED BY USING ISCP PINS AND AVR PROGRAMMER"
4. Re: Literally nothing new by Anonymous Coward · 2015-10-01 07:04 · Score: 0
  
  If they have physical access they can also do way worse and plant a car bomb.
Clickbait by Anonymous Coward · 2015-09-30 10:26 · Score: 5, Informative

The title should also contain "In An Experiment".
There you go. I've saved you the trouble of even reading the summary.
1. Re: Clickbait by Anonymous Coward · 2015-09-30 11:30 · Score: 0
  
  You are actually wrong. It was an experiment. They were given full access to the cars, that was not achieved by hacking. Then the cars were bugged and remotely controlled. Literally no hacking took place. They did testing and call it hacking. This is clickbait, and paywalled. Shocking.
A feature, not a bug? by Anonymous Coward · 2015-09-30 10:30 · Score: 3, Insightful

The hack required 'unrestricted access'
They plugged into the CAN bus
The news here is that things look pretty secure.
1. Re:A feature, not a bug? by Anonymous Coward · 2015-09-30 10:41 · Score: 1
  
  Still, the experiment proves: stop connecting every damn thing to the internet. Connectivity is the opposite of security.
2. Re:A feature, not a bug? by theronb · 2015-09-30 10:47 · Score: 2
  
  Probably not possible from the back seat with handcuffs?
3. Re:A feature, not a bug? by ArylAkamov · 2015-09-30 11:27 · Score: 3, Insightful
  
  Agreed, probably just plugged a laptop into the CAN bus and reprogrammed the ecu.
  Should be titled "Car ECU reprogrammed using programming port"
4. Re:A feature, not a bug? by R3d+M3rcury · 2015-09-30 13:09 · Score: 1
  
  The next question is, how difficult is it to get unrestricted access to a police car? How about an entire police force's patrol cars?
5. Re:A feature, not a bug? by PTBarnum · 2015-09-30 16:04 · Score: 2
  
  It should only take a few seconds of access to plug something into the CAN bus. I'm going to guess that whatever security protocols the police follow, there are times when someone forgets or doesn't have time to lock thier car.
6. Re:A feature, not a bug? by Anonymous Coward · 2015-09-30 20:00 · Score: 0
  
  Yeah, and connecting the totally insecure CAN bus to the Internet is fucking stupid. Engineers, is there anything they can't fuck up?
  Honestly, the solution is to hire Computer Scientists. People trained in mathematics and to write software that takes in to account security issues. Put that software in cars instead of the hardware "engineer" designed bullshit. Engineers can't write software for shit, never have, never will. Bunch of morons focused on pragmatic problems they will never fully understand. Sure, they can design a great ASIC, but as far as general purpose CPU, they're morons, morons in the worst sense. I have worked with engineer software-writing wannabes for decades and without fail they're all morons that don't understand software architecture. And yes, these are the people (morons) you trust with your life every day life. Pray to your magical god to save us because there is no hope otherwise.
7. Re:A feature, not a bug? by LaurenCates · 2015-10-01 03:46 · Score: 1
  
  Maybe not, but on a crime scene by someone who claims to be an officer and is wearing a uniform? Far more likely.
  People around here are discounting social engineering.
  
  --
  Some people don't believe in fairies. I don't believe in The Patriarchy.
Tools by Anonymous Coward · 2015-09-30 10:33 · Score: 0

Did they use hack saws?
Hack the Police by Anonymous Coward · 2015-09-30 10:37 · Score: 0

Hack! Hack! Hack da po-lees! Hack! Hack! Hack da po-lees!
the Po-Po endure unrestricted access by turkeydance · 2015-09-30 10:39 · Score: 0

without a warrant.
Is this even Realistic? by Anonymous Coward · 2015-09-30 10:46 · Score: 1

If it takes so many high caliber research orgs to hack the car, and if they have to have unfettered physical access to it, along with weeks of time to reverse engineer the systems, find exploits, and develop attack software, is it really a vulnerability?
1. Re:Is this even Realistic? by Anonymous Coward · 2015-10-01 02:41 · Score: 0
  
  If it takes so many high caliber research orgs to hack the car, and if they have to have unfettered physical access to it, along with weeks of time to reverse engineer the systems, find exploits, and develop attack software, is it really a vulnerability?
  Yes, in the same sense that bank vault doors are vulnerable if you allow someone to go into the vault and install an internet-connected remote door opener.
2. Re:Is this even Realistic? by LaurenCates · 2015-10-01 03:49 · Score: 1
  
  Well, maybe it's a movie myth, but suppose those research orgs aren't the best and brightest and some rogue actor can accomplish the same task in a fraction of the time?
  
  --
  Some people don't believe in fairies. I don't believe in The Patriarchy.
does hacking a police car beat by ozduo · 2015-09-30 10:47 · Score: 5, Funny

chaining its rear axle to a post? Perhaps!

--
I got to the chocolate box before you, that's why the hard ones have teeth marks.
About time someone listened to us "tinfoil" types by Anonymous Coward · 2015-09-30 13:16 · Score: 0, Funny

Remember what happened to Michael Hastings is all I have to say. You always mod me into the dirt on this one. Go ahead and do it again. Next time it may be your "extreme" relative that gets driven into a tree at 120+mph.
The Police Shouldn't Be That Worried... by damn_registrars · 2015-09-30 13:24 · Score: 5, Insightful

If the Impala is being hacked, it should be rental car companies worrying about this. The Impala is one of the most common rental cars out there, and do car rental companies check the engine bay and OBD II ports when cars come back in? I doubt it. If someone did something nefarious to a rental car (or several over time) it could be a big problem for the agency.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:The Police Shouldn't Be That Worried... by adolf · 2015-09-30 18:51 · Score: 2
  
  No.
  First, this is a complete non-story: Anyone with unfettered physical access to a motor vehicle (or any other machine) can do all kinds of nefarious things to it, whether digital or not. This fact is not news.
  Second, the rental car companies have an excellent log of who has rented which vehicle. This should come as a surprise to nobody.
  Third, the next renter is random (as far as an attacker knows), so it's impossible to target to an individual. Therefore, the only result could be pseudo-random chaos.
  And an attacker seeking random-ish chaos would do better to attack cars in detached garages in noisy neighborhoods, because at least that doesn't leave a paper trail.
  Just sayin'.
  
  --
  Kid-proof tablet..
2. Re:The Police Shouldn't Be That Worried... by Anonymous Coward · 2015-09-30 23:22 · Score: 1
  
  No.
  First, this is a complete non-story: Anyone with unfettered physical access to a motor vehicle (or any other machine) can do all kinds of nefarious things to it, whether digital or not. This fact is not news.
  Second, the rental car companies have an excellent log of who has rented which vehicle. This should come as a surprise to nobody.
  Third, the next renter is random (as far as an attacker knows), so it's impossible to target to an individual. Therefore, the only result could be pseudo-random chaos.
  And an attacker seeking random-ish chaos would do better to attack cars in detached garages in noisy neighborhoods, because at least that doesn't leave a paper trail.
  Just sayin'.
  Dude, don't overestimate malicious idiots. One of the bombers in the first World Trade Center bombing in 1993 went back to the Ryder truck rental company office and tried to get his deposit back on the fucking truck that he blew up.
3. Re:The Police Shouldn't Be That Worried... by megabeck42 · 2015-09-30 23:34 · Score: 1
  
  While your scenario is entirely plausible; why would anyone spend money to 'hack' a rental car? They wouldn't be able to predict who will drive it next or even when. I mean, sure, teenagers will shoplift spraypaint to tag up the local underpass; but with regards to this, the talented have better things to do and sophomoric aren't renting cars.
  Personally, I'd worry about this less than I worry about skin cancer.
  P.S. That being said, I will admit I bought a more expensive bluetooth OBD-II adapter to use in my explorer that requires a physical button press to pair. Cheaper adapters are generally discoverable when not connected to a host and used a generic 0000 or 1234 pin. I leave the adapter plugged in all the time because there's an old android tablet between the seats that logs OBD-II PIDs while I'm driving and auto-uploads them when I'm in my driveway.
  
  --
  fnord.
4. Re:The Police Shouldn't Be That Worried... by Fnord666 · 2015-10-01 02:02 · Score: 1
  
  P.S. That being said, I will admit I bought a more expensive bluetooth OBD-II adapter to use in my explorer that requires a physical button press to pair. Cheaper adapters are generally discoverable when not connected to a host and used a generic 0000 or 1234 pin. I leave the adapter plugged in all the time because there's an old android tablet between the seats that logs OBD-II PIDs while I'm driving and auto-uploads them when I'm in my driveway.
  Very interesting. What do you do with the data?
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
5. Re:The Police Shouldn't Be That Worried... by Anonymous Coward · 2015-10-01 03:23 · Score: 0
  
  Dude, don't overestimate malicious idiots. One of the bombers in the first World Trade Center bombing in 1993 went back to the Ryder truck rental company office and tried to get his deposit back on the fucking truck that he blew up.
  Because he claimed it was stolen. If you're going to pretend a truck you clearly rented was stolen before it was used for a crime, then yes, you should act like you're innocent and try and get your deposit back. Not going back would make it very clear he was involved.
6. Re:The Police Shouldn't Be That Worried... by hink · 2015-10-01 03:49 · Score: 1
  
  So they have a record of who has rented the car. So it could be one of 50 people in the last 3 months at a busy tourist location. If 50 cars were tampered with and remote controlled, will the police be able to track back through all of those people? Obviously, the bad guys would need to use a different person/identity each time they rent a car. OR, even easier, they could compromise some of the minimum wage car cleaners, and have them connect the devices on every other car they work on. Or their manager tells them they need to. Or their manager gets a phishing email from corporate HQ and a crate full of CAN dongles.
  
  Next, you create a bunch of Arduino-based devices with Bluetooth adapters (cheap if you go through Chinese suppliers) that send out "Throttle to 100%" commands continuously. Sprinkle them throughout the planters and harmless decorations around parking lots. Stick them to the bottom of the numerous parking lot trams. On the side of the parking lot attendants hut. Have them all start broadcasting a week later.
  
  You are not thinking at a big enough scale. What if 5% of the rental cars in Orlando Florida went haywire during a two day period? Would that cause chaos? Almost sounds like a terrorist attack. Yes, it could be fixed and prevented. Yes, you might not kill many people. But in the mean time, Team Badguys publically announces they did it, and have the means to do it in another city. THEN the FEAR makes people act stupid and give in, or pass laws that remove liberties. I seem to remember that happening around 14 years ago.
  
  --
  - speaking only for myself, as always
7. Re:The Police Shouldn't Be That Worried... by adolf · 2015-10-02 19:29 · Score: 1
  
  Sure, those things are possible.
  But large-scale tampering of rental vehicles, even with a lengthy delay, could have been done for as long as we've had rental vehicles available.
  Nobody is going to look for a mechanical timer with small explosive device that is on the firewall behind the engine on a rental car, ready to sever brake lines. It'd be a nasty one, too: The more the driver pumped the brake pedal trying to stop, the bigger the fire would get.
  But nobody's doing that.
  That cars are digitally hackable instead of being purely mechanically hackable does not make them more of a target. The whole thing reeks of the current patent debacle, wherein patents are issues for routine and mundane things which are now somehow novel because it is done "with a computer."
  Meanwhile, the hacks in TFA aren't even nefarious. They describe things like locking and unlocking doors, or remotely-starting an engine. Gosh, this is the same "hack" I have on my own car courtesy of the remote starter that I put in 7 years ago: All I have to do is add cell phone connectivity, and I can be in the news, too!
  (Remotely stop engine, roll up windows, disable power, and double-lock the doors so there's no easy escape? Easy-peasy, even on my 20-year old car. It just takes a bit of wiring that nobody is ever going to check beforehand.)
  
  --
  Kid-proof tablet..
Re:Were these cars running systemd? by davester666 · 2015-09-30 13:42 · Score: 2

Yes.

--
Sleep your way to a whiter smile...date a dentist!
executive summary by Anonymous Coward · 2015-09-30 23:02 · Score: 0

Requirement: Physical access to car electronics needed.
Requirement: Added electronics to allow remote programming of computers. NOT already present in existing cars.
Sales: Company XYZ says they have a device that can filter out bad commands on the CAN bus.
FUD: You can never be sure if an accident was just and accident or cyber-terrorism.
Jesus Fucking Christ! by Anonymous Coward · 2015-10-01 00:20 · Score: 1

A Bluetooth ODBII adapter is NOT a fucking hack! You are issuing commands on the CAN bus and the car is responding to those commands as designed. The car is intentionally designed to lock the doors, when the LOCK DOORS command is issued on the CAN bus.
This story of utter bullshit. Mitre Co. should be ashamed of themselves! Dark Reading and Slashdot should be ashamed of themselves for even mentioning this story. It is utter crap!
Up next, "Using nothing but the car's key, hackers unlock the door!"
1. Re:Jesus Fucking Christ! by Coren22 · 2015-10-01 04:10 · Score: 1
  
  ODBII and CANBUS are two different buses. Perhaps you should read more about the subject?
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Coren22 CRUSHED & dominated (by facts) by Anonymous Coward · 2015-10-01 06:26 · Score: 0

YOU say "hosts=bad" (but they add security, speed, & reliability) & bitch on admin privelege to UPDATE them vs. threats online:

"So, have you figured out why privilege escalation is a bad thing yet?" - by Coren22 on Tuesday September 22, 2015 @05:15PM (#50577809)
Hypocrite - You admit you use admin priv
&
How else could I programmatically update hosts minus it inside Windows?
---

"Of course it requires elevation to write to the hosts file" - by Coren22 (1625475) on Wednesday September 23, 2015 @05:35PM (#50585879)
FACT:
Even MalwareBytes AntiMalware (best one) DEMANDS you use admin privelege (you saying it's "bad" too?) it can't do its job fully otherwise, like many security tools do!
---
Aryeh Goretsky NOD32/ESET says hosts = good security -> http://it.slashdot.org/comment...
Oliver Day (Symantec) does too -> http://www.securityfocus.com/c...
MalwareBytes' hpHosts hosts & recommends my APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://hosts-file.net/?s=Downl...
---
* HOW MANY SECURITY PROS MORE DO I NEED TO KNOCK THE CHOCOLATE OUTTA YOU?
---
Those security pros INCLUDE me: I work w/ those guys from malwarebytes' hpHosts on a regular basis!
I've professionally worked for decades as a combined domain-wide network admin & software engineer since 1994 (Even showing you HOW to migrate a hosts across an enterprise -> http://slashdot.org/comments.p... )
I've also been securing computers + WRITING GUIDES using CIS Tool (who took fixes from me too - bonus) http://www.bing.com/search?q=%...
You told me you learn from guides? I write 'em (good ones) that MILLIONS USE & was PAID FOR IT http://pcpitstop.com/news/winn...
+ WARES TO PROTECT USERS that're endorsed & hosted by security pros -> http://start64.com/index.php?o...
You did all that? No & that's a small part of what I could put out.
APK
P.S.=> You're all TALK -> http://slashdot.org/comments.p... & a "ne'er-do-well" as far as security
...apk
MOD PARENT UP by damn_registrars · 2015-10-01 07:22 · Score: 1

This is what I was trying to get to in my post. Apparently I was not sufficiently verbose (or imaginative).

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.