It is currently Thu Nov 28, 2024 3:38 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Wed Jul 24, 2013 9:11 pm 
Offline
User avatar

Joined: Tue Nov 20, 2007 8:52 pm
Posts: 12816
Location: My Pants
pizza_Place: Geo's Pizza
Scary stuff.

http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/

- by Andy Greenberg
Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV’s chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat.

Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day’s experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn’t so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.)

“Okay, now your brakes work again,” Miller says, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake. I reverse out of the weeds and warily bring the car to a stop. “When you lose faith that a car will do what you tell it to do,” he adds after we jump out of the SUV, “it really changes your whole view of how the thing works.”

This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.

The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry’s security problems before malicious hackers get under the hoods of unsuspecting drivers. The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.

As I drove their vehicles for more than an hour, Miller and Valasek showed that they’ve reverse-engineered enough of the software of the Escape and the Toyota Prius (both the 2010 model) to demonstrate a range of nasty surprises: everything from annoyances like uncontrollably blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds. They sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers. Finally they directed me out to a country road, where Valasek showed that he could violently jerk the Prius’ steering at any speed, threatening to send us into a cornfield or a head-on collision. “Imagine you’re driving down a highway at 80 ,” Valasek says. “You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”

A Ford spokesman says the company takes hackers “very seriously,” but Toyota, for its part, says it isn’t impressed by Miller and Valasek’s stunts: Real carhacking, the company’s safety manager John Hanson argues, wouldn’t require physically jacking into the target car. “Our focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle,” he writes in an e-mail, adding that Toyota engineers test its vehicles against wireless attacks. “We believe our systems are robust and secure.”

But Miller and Valasek’s work assumed physical access to the cars’ computers for a reason: Gaining wireless access to a car’s network is old news. A team of researchers at the University of Washington and the University of California, San Diego, experimenting on a sedan from an unnamed company in 2010, found that they could wirelessly penetrate the same critical systems Miller and Valasek targeted using the car’s OnStar-like cellular connection, Bluetooth bugs, a rogue Android app that synched with the car’s network from the driver’s smartphone or even a malicious audio file on a CD in the car’s stereo system. “Academics have shown you can get remote code execution,” says Valasek, using hacker jargon for the ability to start running commands on a system. “We showed you can do a lot of crazy things once you’re inside.”

One of the UCSD professors involved in those earlier tests, Stefan Savage, claims that wireless hacks remain possible and affect the entire industry: Given that attacks on driving systems have yet to be spotted outside of a lab, manufacturers simply haven’t fully secured their software, he says. “The vulnerabilities that we found were the kind that existed on PCs in the early to mid-1990s, when computers were first getting on the Internet,” says Savage.

As cars approach Google’s dream of passenger-carrying robots, more of their capabilities also become potentially hackable. Miller and Valasek exploited Toyota’s and Ford’s self-parking functions, for instance, to hijack their vehicles’ steering. A car like the 2014 Mercedes Benz S-Class, which can negotiate stop-and-go traffic or follow a leader without input, may offer a hacker even more points of attack, says Gartner Group analyst Thilo Koslowski. “The less the driver is involved, the more potential for failure when bad people are tampering with it,” he says.

In the meantime, Miller and Valasek argue that the best way to pressure car companies to secure their products is to show exactly what can be done with a multi-ton missile on wheels. Better to experience the panic of a digitally hijacked SUV now than when a more malicious attacker is in control. “If the only thing keeping you from crashing your car is that no one is talking about this,” says Miller, “then you’re not safe anyway.”



Highly recommend watching the video on this. I'm in the camp that cars are becoming incredibly expensive to own long-term, even though we get a perceived savings in gas expense. You almost have to go to the dealership to get the car repaired because I assume small shops won't be able to cover the costs of training for all the different technology components across vehicles. Talking with a Midas owner the other day, he was telling me how much of a struggle it is to profit when competing against the larger dealerships. All of that technology comes at a cost to us, the owners. Now seeing stuff like this, one can only assume profit margins were more important than testing and quality, exposing drivers to potentially life-threatening outcomes. And we are paying more for it.

_________________
The Original Spanky wrote:
I don't like white rappers.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:21 pm 
Offline
User avatar

Joined: Thu May 28, 2009 11:10 am
Posts: 42094
Location: Rock Ridge (splendid!)
pizza_Place: Charlie Fox's / Paisano's
Get a load of this one then ......


http://usnews.nbcnews.com/_news/2013/07/23/19643634-ntsb-calls-for-wireless-technology-to-let-all-vehicles-talk-to-each-other?lite

_________________
Power is always in the hands of the masses of men. What oppresses the masses is their own ignorance, their own short-sighted selfishness.
- Henry George


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:26 pm 
Offline
User avatar

Joined: Tue Nov 20, 2007 8:52 pm
Posts: 12816
Location: My Pants
pizza_Place: Geo's Pizza
Wow, ha!

_________________
The Original Spanky wrote:
I don't like white rappers.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:28 pm 
Offline
User avatar

Joined: Thu May 28, 2009 11:10 am
Posts: 42094
Location: Rock Ridge (splendid!)
pizza_Place: Charlie Fox's / Paisano's
Crystal Lake Hoffy wrote:
Wow, ha!



Great country we live in anymore ....

_________________
Power is always in the hands of the masses of men. What oppresses the masses is their own ignorance, their own short-sighted selfishness.
- Henry George


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:33 pm 
Offline
User avatar

Joined: Tue Nov 20, 2007 8:52 pm
Posts: 12816
Location: My Pants
pizza_Place: Geo's Pizza
I'm going to hack all of your cars so that Starship's "We Built This City" blasts through your radio and you won't be able to turn it off.

_________________
The Original Spanky wrote:
I don't like white rappers.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:34 pm 
Offline
User avatar

Joined: Mon Jan 26, 2009 2:10 pm
Posts: 3770
Location: NW Burbs
pizza_Place: Old World Pizza in Melrose Park
I will be at DefCon next week - this is one of the talks I plan on attending.

_________________
Bobby Heenan wrote:
Oh...Eastern Illinois. They contacted me. I didn't take the entrance exam because I had 64 crayons instead of 3. But I loved going through Central Illinois. Watching people on bad cooked up Tide is the best.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:43 pm 
Offline
User avatar

Joined: Tue Nov 20, 2007 8:52 pm
Posts: 12816
Location: My Pants
pizza_Place: Geo's Pizza
immessedup17 wrote:
This article is pathetic, and reminds me of the lengths journalists and bloggers will go to to get hits. Throw a couple buzzworthy terms in... and scare people about something they know nothing of.


Not sure what you mean. This is real, executed by two guys funded by the Pentagon. I'm pretty sure I know a lot about technology because its on my business card, and I am scared of it.

_________________
The Original Spanky wrote:
I don't like white rappers.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 9:45 pm 
Offline
User avatar

Joined: Mon Jan 26, 2009 2:10 pm
Posts: 3770
Location: NW Burbs
pizza_Place: Old World Pizza in Melrose Park
immessedup17 wrote:
This article is pathetic, and reminds me of the lengths journalists and bloggers will go to to get hits. Throw a couple buzzworthy terms in... and scare people about something they know nothing of.


These guys are legit and presenting their research at the biggest security/hacker conference there is. They are demonstrating how to "hack" a vehicle. Can Joe Shmoe do it? Of course not. But doesn't mean that it isn't a real threat. I'm not sure what issue you have with the article - it wasn't over the top sensational and offered up Toyota's security officer's side of it as well.

_________________
Bobby Heenan wrote:
Oh...Eastern Illinois. They contacted me. I didn't take the entrance exam because I had 64 crayons instead of 3. But I loved going through Central Illinois. Watching people on bad cooked up Tide is the best.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 10:18 pm 
Offline
User avatar

Joined: Mon Jan 26, 2009 2:10 pm
Posts: 3770
Location: NW Burbs
pizza_Place: Old World Pizza in Melrose Park
Editing implies you are doing it because you want to - an enthusiast such as yourself would do this. Hacking is when someone does it to you and you don't give your consent to do this. Sure there are proprietary tools that do this for car manufacturers, but these guys are demonstrating it without those tools. And yes they are demonstrating it while connected via a cable to the car, but the wireless and 3G networks these automakers use have already been proven to be not very secure and easily accessible to those with the intent to do this maliciously. I guess I don't understand why you think this is a sensationalist article.

_________________
Bobby Heenan wrote:
Oh...Eastern Illinois. They contacted me. I didn't take the entrance exam because I had 64 crayons instead of 3. But I loved going through Central Illinois. Watching people on bad cooked up Tide is the best.


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 10:26 pm 
Offline
User avatar

Joined: Sat Jul 28, 2007 1:23 pm
Posts: 16779
pizza_Place: Little Caesar's
Can I hack a bus to get me to the train station before the train arrives?


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 10:29 pm 
Offline
100000 CLUB
User avatar

Joined: Tue Mar 29, 2005 8:06 pm
Posts: 81466
pizza_Place: 773-684-2222
jackref wrote:
Editing implies you are doing it because you want to - an enthusiast such as yourself would do this. Hacking is when someone does it to you and you don't give your consent to do this. Sure there are proprietary tools that do this for car manufacturers, but these guys are demonstrating it without those tools. And yes they are demonstrating it while connected via a cable to the car, but the wireless and 3G networks these automakers use have already been proven to be not very secure and easily accessible to those with the intent to do this maliciously. I guess I don't understand why you think this is a sensationalist article.


+1

_________________
Be well

GO BEARS!!!


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 10:38 pm 
Offline
User avatar

Joined: Fri Mar 31, 2006 3:29 pm
Posts: 34795
pizza_Place: Al's Pizza
Crystal Lake Hoffy wrote:
I'm going to hack all of your cars so that Starship's "We Built This City" blasts through your radio and you won't be able to turn it off.


Can you make mine play Afternoon Delight?

_________________
Good people drink good beer - Hunter S. Thompson

<º)))><

Waiting for the time when I can finally say
That this has all been wonderful, but now I'm on my way


Top
 Profile  
 
PostPosted: Wed Jul 24, 2013 11:06 pm 
Offline
1000 CLUB
User avatar

Joined: Fri May 13, 2005 4:47 pm
Posts: 28634
Location: computer
pizza_Place: Salerno's
I can make edits on my guitar effect processor when I plug it in to my computer...so, next time Slash takes a solo, it's gonna sound like a duck farting rainbow penises.

_________________
@audioidkid
spaulding wrote:
Also if you fuck someone like they are a millionaire they might go try to be one.


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 12:12 am 
Offline
User avatar

Joined: Tue Nov 20, 2007 8:52 pm
Posts: 12816
Location: My Pants
pizza_Place: Geo's Pizza
doug - evergreen park wrote:
I can make edits on my guitar effect processor when I plug it in to my computer...so, next time Slash takes a solo, it's gonna sound like a duck farting rainbow penises.


Image

_________________
The Original Spanky wrote:
I don't like white rappers.


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 7:11 am 
Offline
User avatar

Joined: Wed Jun 21, 2006 6:57 pm
Posts: 92099
Location: To the left of my post
jackref wrote:
Editing implies you are doing it because you want to - an enthusiast such as yourself would do this. Hacking is when someone does it to you and you don't give your consent to do this. Sure there are proprietary tools that do this for car manufacturers, but these guys are demonstrating it without those tools. And yes they are demonstrating it while connected via a cable to the car, but the wireless and 3G networks these automakers use have already been proven to be not very secure and easily accessible to those with the intent to do this maliciously. I guess I don't understand why you think this is a sensationalist article.
It is a sensationalist article. Everyone knows that computers are immune from hacker attacks unless they have a physical connection. It is impossible to hack someone who is connected to a wireless network.

_________________
You do not talk to me like that! I work too hard to deal with this stuff! I work too hard! I'm an important member of the CSFMB! I drive a Dodge Stratus!


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 7:56 am 
Offline
User avatar

Joined: Wed Dec 31, 1969 7:00 pm
Posts: 40983
Location: Chicago
pizza_Place: Lou Malanati's
Connect the dots people!

Jerry is going to program all your cars to go to the cell!

_________________
"That's what the internet is for. Slandering others anonymously." Banky
“Been that way since one monkey looked at the sun and told the other monkey ‘He said for you to give me your fuckin’ share.’”


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 8:26 am 
Offline
User avatar

Joined: Wed Nov 01, 2006 1:10 pm
Posts: 32067
pizza_Place: Milano's
bigfan wrote:
Connect the dots people!

Jerry is going to program all your cars to go to the cell!


:lol: :lol: :lol:


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 8:29 am 
Offline
User avatar

Joined: Thu Mar 30, 2006 1:42 pm
Posts: 29260
Location: Parts Unknown
pizza_Place: Frozen
immessedup17 wrote:
This article is pathetic, and reminds me of the lengths journalists and bloggers will go to to get hits. Throw a couple buzzworthy terms in... and scare people about something they know nothing of.


+1

_________________
This is my signature...


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 8:35 am 
Offline
User avatar

Joined: Wed Jun 21, 2006 6:57 pm
Posts: 92099
Location: To the left of my post
Krazy Ivan wrote:
immessedup17 wrote:
This article is pathetic, and reminds me of the lengths journalists and bloggers will go to to get hits. Throw a couple buzzworthy terms in... and scare people about something they know nothing of.


+1
If Jbills can have his lights hacked through this message board then anything is possible.

_________________
You do not talk to me like that! I work too hard to deal with this stuff! I work too hard! I'm an important member of the CSFMB! I drive a Dodge Stratus!


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 7:51 pm 
Offline
User avatar

Joined: Wed Nov 30, 2005 11:36 pm
Posts: 19378
Q.Bovifs wrote:
Article fails to reference that reporter whose car mysteriously crashed into a pole at 4 in the morning and burnt him to death a month or so ago as being a possible vehicle tampering case?


Has the report from this case came out yet?

_________________
Frank Coztansa wrote:
conns7901 wrote:
Not over yet.
Yes it is.


CDOM wrote:
When this is all over, which is not going to be for a while, Trump will be re-elected President.


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 9:07 pm 
Offline
100000 CLUB
User avatar

Joined: Tue Mar 29, 2005 8:06 pm
Posts: 81466
pizza_Place: 773-684-2222
immessedup17 wrote:
Umm...he was an impaired driver playing with his car way too enthusiastically... The dashcam video floating around taken several minutes before the crash show as much.


Bullshit! Too convenient. He was murdered.

_________________
Be well

GO BEARS!!!


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 9:15 pm 
Offline
100000 CLUB
User avatar

Joined: Tue Mar 29, 2005 8:06 pm
Posts: 81466
pizza_Place: 773-684-2222
immessedup17 wrote:
Conspiracy theorists gon' conspiracy theorize.

#Truth™

_________________
Be well

GO BEARS!!!


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 9:56 pm 
Offline
100000 CLUB
User avatar

Joined: Tue Mar 29, 2005 8:06 pm
Posts: 81466
pizza_Place: 773-684-2222
Q.Bovifs wrote:
immessedup17 wrote:
Quote:
The lead turned out to be nothing and he then drove to the intersection of Santa Monica & Vista to do some computer work before heading in for the night. When leaving that intersection he said that he noticed he’d made a mistake on what he was working on. (K-9 Deployed YouTube Feed) He then pulled into the gas station at Highland & Santa Monica Blvd to fix the problem. All of our work vehicles are equipped with dash-cams. Out of pure luck……his dash-cam caught a Mercedes Benz at a high rate of speed run the red light travelling south on Highland. Melrose is just a few blocks away and impact took place just seconds after.


Many car enthusiasts such as myself also have GoPro's and various dash cameras.
http://uservideos.smashits.com/video/sw-x3pwBWd0/dash-cam-video-of-michael-hastings-crash-scene.html

http://www.publicsafetyreporter.com/201 ... ter-email/

Here's the link. All it shows is the car running a red light, which an overtaken car would most likely do, and then the driver comes upon the fire/scene 4 min later.

Now how does that show in any way that his car was not tampered with?
It doesn't

_________________
Be well

GO BEARS!!!


Top
 Profile  
 
PostPosted: Thu Jul 25, 2013 10:12 pm 
Offline
100000 CLUB
User avatar

Joined: Tue Mar 29, 2005 8:06 pm
Posts: 81466
pizza_Place: 773-684-2222
immessedup17 wrote:
And 3 years ago everyone thought Toyota's had a mind of their own and could accelerate whenever they wanted to.

And then logical truth comes out.


So you believe there is no chance that this great reporter working on a "big" story could have had his car tampered with by military or government officials?

_________________
Be well

GO BEARS!!!


Top
 Profile  
 
PostPosted: Sat Jul 27, 2013 10:32 pm 
Offline
User avatar

Joined: Wed Jul 29, 2009 6:05 pm
Posts: 68612
pizza_Place: Lina's Pizza
I would guarantee that our government has never sassed Ted.

That bear don't take shit.

_________________
The Hawk wrote:
There is not a damned thing wrong with people who are bull shitters.


Top
 Profile  
 
PostPosted: Sun Jul 28, 2013 12:26 pm 
Offline
User avatar

Joined: Thu Jul 13, 2006 1:25 pm
Posts: 27055
quarter million miles on my 90's truck, with mechanical brakes, steering, and throttle. despite rust making it look like a pile of junk, at least i know it will get me there every time, and i dont have to worry about wifi hacking.

_________________
the world will always the world. your entire existence is defined by your response.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 23 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group