Vehicle Hacking - JKowners.com : Jeep Wrangler JK Forum
 
LinkBack Thread Tools Display Modes
post #1 of 18 Old 01-10-2015, 01:12 PM Thread Starter
Comfortably Numb
 
RubiCajun's Avatar
 
Join Date: Dec 2008
Location: Louisiana
Posts: 12,289
Garage
Feedback: 1 reviews
Vehicle Hacking

I just read an article by Norton/Symantec about the latest in hacking and that is vehicles with computers and car parts that generate data and xmit by a specific frequency. ie. to date brakes and tpms have been hacked as well as remote starts.

Long story short.

A study published (link is external) by the University of California, San Diego has tested physical breaches, which are when a person, such as a mechanic or valet, has access to the car itself, uploads malware through a port. Sometimes, people will upgrade to a new stereo, or add a new alarm system, and if you’re not careful, these aftermarket parts can come pre-infected with malware that will allow a hacker access to the car’s computer system. Malware can even be encoded in MP3 music files and introduced through CDs or USB sticks. Wireless interface breaches can occur through the features of the car itself- the built in cell network, GPS, short range wi-fi and Bluetooth.

What can these attacks do?

The study by the University of California, San Diego mentioned above, tested out just how hackable a connected vehicle really is. The researchers were able to disable the engine, reroute GPS directions, insert malware, remotely disable the brakes, alter the speedometer readings, and more. However, in order to perform these hacks, the hackers had to be within close proximity of the vehicle, driving alongside it as the hacks were performed. At this point with this newer technology, vital system hacks have been proven difficult to execute.

The Link to the full article: http://community.norton.com/blogs/no...-connected-car

08 Rubi Unlimited named Freebird

Quote:
Originally Posted by StubEXrube View Post
Cat killing would almost certainly decline if we were allowed to hunt liberals.
Asylum media group llc all rights reserved ©2015
RubiCajun is offline  
Sponsored Links
Advertisement
 
post #2 of 18 Old 01-10-2015, 01:48 PM
Rock God
 
Guruman's Avatar
 
Join Date: Feb 2010
Location: Thompson Falls, Montana
Age: 48
Posts: 1,146
Garage
Feedback: 0 reviews

A lot of BS here.

Attacks through GPS.... no

Remotely disable brakes... Maybe turn off the ABS, otherwise no.

So much alarmist BS.

Sure, if you can get connected to the vehicle, you could do almost anything that a programmer/tuner could do...... Except that while it's running the data is in use and cannot be changed (or at least most of it). Changing the data requires re-booting and programming the ECU, which takes a considerable amount of time and usually required a key-on key-off key-on sequence.

Seems like an article designed to sell products to protect you from imaginary threats, Symantec trying to breach into the car market by creating a problem that they need to solve, for a fee.

_
'76 CJ-7, '43 CJ-2a, '78 Bronco,'78 CJ-7, '75 CJ-5, '78 CJ-7, '80 CJ-7, '78 SJ, '79 SJ, '78 and a '76 FJ-40 , '90 XJ, '91 XJ, '86 CJ-7, '95 ZJ, '68 CJ-101 Commando, '00 TJ, '68 M-715, 2 '86 Military Blazers, '96 LR Discovery, '86 CJ-7, '91 YJ, '99 TJ, 07' JKU Rubi, 1988 YJ, 1973 Commando, 3 Diesel Excursions....
Now back to a 2013 JKU Rubicon with "stuff", planning 37's with minimal lift.

I've tried them all... Jeeps are still the best. (0||||0)
Guruman is online now  
post #3 of 18 Old 01-10-2015, 02:40 PM Thread Starter
Comfortably Numb
 
RubiCajun's Avatar
 
Join Date: Dec 2008
Location: Louisiana
Posts: 12,289
Garage
Feedback: 1 reviews

Norton published this in their monthly cybercrime report. The info presented was a synopsis generated from the research performed by the University of California, San Diego. GPS? They rerouted GPS. I really don't see how this is alarmist bullshit when the info presented comes tests performed and documented.

08 Rubi Unlimited named Freebird

Quote:
Originally Posted by StubEXrube View Post
Cat killing would almost certainly decline if we were allowed to hunt liberals.
Asylum media group llc all rights reserved ©2015
RubiCajun is offline  
Sponsored Links
Advertisement
 
post #4 of 18 Old 01-10-2015, 03:57 PM
Rock God
 
funfred's Avatar
 
Join Date: Nov 2013
Location: Bloomsburg, PA
Posts: 1,115
Feedback: 0 reviews

Great! Who's capable of doing it?

I'd pay them to disable my Electronic Brake Control System.
funfred is offline  
post #5 of 18 Old 01-10-2015, 04:05 PM
Rock God
 
Guruman's Avatar
 
Join Date: Feb 2010
Location: Thompson Falls, Montana
Age: 48
Posts: 1,146
Garage
Feedback: 0 reviews

They've mixed just enough truth in to make it seem like a much bigger deal than it is. Can GPS be spoofed to show inaccurate information.... yes. Can you car be attacked/hacked through the GPS antenna.... absolutely not.

Could you detect the wheel speed sensor pulses from driving next to another car, yes. Can you do much of anything else.... no.

Same thing with the other"hacks" they highlight. Is it possible to hack a car if you have physical access to it? Yes, "tuners" do this all the time. Can you do it to someone else's car while driving down the road. No.

And the thing with the brakes is just absolute BS all the way around. Brakes are a mechanical system. Designed to failsafe, You CANNOT re-program the car to make the brakes NOT work. You could disable the ABS, with some of the newer features, you might be able to apply the brakes. But you cannot disable the brakes without physically monkeying with the mechanical system. Drive-by-wire brakes are not a thing yet for good reason. Throttles like in our JK, however are another thing. If you could get between the pedal and the ECU you might be able to fake a WOT condition. But doing it remotely is a completely different ball game.

I have the Chrysler mobile wi-fi setup in my JK. Could it be "hacked" or accessed remotely... yes. But it does not tie into the Jeep's CAN Bus at all. You cannot do anything to my Jeep through connecting to the wi-fi. The most they can get is free wi-fi.

Again, so much misinformation and misleading, mixed with a bit of truth to make it seem more plausible. What they have done is take the fact that some systems can be accessed remotely, and the software can be changed if you have physical access to the vehicle. And combined then to mislead you into believing that all of those things can be done "while driving beside another car", which is BS.

_
'76 CJ-7, '43 CJ-2a, '78 Bronco,'78 CJ-7, '75 CJ-5, '78 CJ-7, '80 CJ-7, '78 SJ, '79 SJ, '78 and a '76 FJ-40 , '90 XJ, '91 XJ, '86 CJ-7, '95 ZJ, '68 CJ-101 Commando, '00 TJ, '68 M-715, 2 '86 Military Blazers, '96 LR Discovery, '86 CJ-7, '91 YJ, '99 TJ, 07' JKU Rubi, 1988 YJ, 1973 Commando, 3 Diesel Excursions....
Now back to a 2013 JKU Rubicon with "stuff", planning 37's with minimal lift.

I've tried them all... Jeeps are still the best. (0||||0)
Guruman is online now  
post #6 of 18 Old 01-10-2015, 10:23 PM
Rock God
 
ndtguy's Avatar
 
Join Date: Aug 2014
Location: Las Vegas
Posts: 667
Garage
Feedback: 0 reviews

Glad the Wife's durango has power w/l/m and that's it. My jeep doesn't even have that.

No u-connect and no blue tooth. It wasn't this article, but I read in another that hackers have been able to hack into the ford's mylink and toyota's setup (forget what it's called). Make sure you check out the last paragraph....part in bold.

http://www.ibtimes.com/car-hacking-d...g-laptop-video

Everything in our world is becoming high-tech. Even appliances such as dryers and dishwashers have become computerized in one way or another. While these advances have made our lives easier and more efficient, they also introduce new vulnerabilities to the many devices we interact with on a daily basis.

Take vehicles, for instance. Cars manufactured in recent years have become ever more connected to electronic control units that run everything from engine timing to safety systems. With everything in a vehicle connected to ECUs, there’s one serious question that needed to be asked: What happens if someone managed to hack into your car's system?

Forbes journalist Andy Greenberg found out first hand. Greenberg met with Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at Seattle computer security consultant firm IOActive, to see how vulnerable cars are to computer hacks. The duo was funded by a grant from the Pentagon's research arm, the Internet-inventing Defense Advanced Research Projects Agency, to find these vulnerabilities.

Using a Macbook connected to the On-Board Diagnostics Port, or OBD II, a port used to check diagnostic codes and emission readings from a vehicle, Miller and Valasek were able to demonstrate to Greenberg various hacks in a Toyota Prius and Ford Escape. They were able to demonstrate their hacking by doing simple things such as manipulating the speedometer and various sensors. More nefarious hacks included tricking the car into jerking to the left and right, controlling the horn, triggering the seat belt tensioner and even turning off the brakes entirely.

According to Valasek, more than 35 electronic control units are present in the Toyota Prius alone. In March 2011, computer scientists from the University of California, San Diego, and the University of Washington in Seattle were able to demonstrate how cars could also be remotely hacked using built-in cellular and Bluetooth connections, according to a New York Times report.

NDTguy

2017 JKU Sport S
ndtguy is offline  
post #7 of 18 Old 01-10-2015, 10:50 PM Thread Starter
Comfortably Numb
 
RubiCajun's Avatar
 
Join Date: Dec 2008
Location: Louisiana
Posts: 12,289
Garage
Feedback: 1 reviews

Technology changes quickly. Kind if reminds me of when I started working with Acoustic Emission to locate flaws without UT. In the mid 70's AE was considered by most in the NDT world as black magic. If the FBI/CIA could monitor conversations on your cell phone while it's turned off a few years ago, imagine what they can do now. Right now the ECU's are the access points.

08 Rubi Unlimited named Freebird

Quote:
Originally Posted by StubEXrube View Post
Cat killing would almost certainly decline if we were allowed to hunt liberals.
Asylum media group llc all rights reserved ©2015
RubiCajun is offline  
post #8 of 18 Old 01-10-2015, 10:58 PM
JTB
Wheeler
 
Join Date: Oct 2014
Posts: 18
Feedback: 0 reviews

I'm safe. Picked up several rolls of tin foil on sale.
JTB is offline  
post #9 of 18 Old 01-10-2015, 10:59 PM Thread Starter
Comfortably Numb
 
RubiCajun's Avatar
 
Join Date: Dec 2008
Location: Louisiana
Posts: 12,289
Garage
Feedback: 1 reviews

Making a hat, are you?

08 Rubi Unlimited named Freebird

Quote:
Originally Posted by StubEXrube View Post
Cat killing would almost certainly decline if we were allowed to hunt liberals.
Asylum media group llc all rights reserved ©2015
RubiCajun is offline  
post #10 of 18 Old 01-11-2015, 08:49 AM
Rock God
 
ndtguy's Avatar
 
Join Date: Aug 2014
Location: Las Vegas
Posts: 667
Garage
Feedback: 0 reviews

Quote:
Originally Posted by RubiCajun View Post
Technology changes quickly. Kind if reminds me of when I started working with Acoustic Emission to locate flaws without UT. In the mid 70's AE was considered by most in the NDT world as black magic. If the FBI/CIA could monitor conversations on your cell phone while it's turned off a few years ago, imagine what they can do now. Right now the ECU's are the access points.
I remember the first time I saw AE at work. Thought it was the coolest thing in a long time (eddy current rules though) NDI is all smoke and mirrors anyway. Agreed with the rest about your cell phone and ECU's in anything.

Quote:
Originally Posted by JTB View Post
I'm safe. Picked up several rolls of tin foil on sale.
Make sure it's the heavy duty stuff.

Quote:
Originally Posted by RubiCajun View Post
Making a hat, are you?
Better buy some also. Always better to have it then wish you did.

NDTguy

2017 JKU Sport S
ndtguy is offline  
post #11 of 18 Old 01-11-2015, 10:09 PM
Rock God
 
b1pig's Avatar
 
Join Date: Jan 2008
Location: ray city, ga
Posts: 1,234
Garage
Feedback: 1 reviews
Send a message via MSN to b1pig

first. lets see... Norton is a security software designer....


so i didnt even read it.


$$$$$$$$$$


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

'19 Ram 1500, '01 BMW R1100RT, '99 Fat Boy
needed: ̶b̶o̶a̶t̶ ̶a̶n̶d̶ plane
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
b1pig is offline  
post #12 of 18 Old 01-12-2015, 06:33 AM
Granite Guru
 
sixstring's Avatar
 
Join Date: Dec 2013
Location: Southeast Texas
Posts: 209
Feedback: 0 reviews

Quote:
Originally Posted by b1pig View Post
first. lets see... Norton is a security software designer....


so i didnt even read it.


$$$$$$$$$$
^this.

If it ain't broke, fix it 'till it is.
sixstring is offline  
post #13 of 18 Old 01-12-2015, 02:27 PM
Rock God
 
ndtguy's Avatar
 
Join Date: Aug 2014
Location: Las Vegas
Posts: 667
Garage
Feedback: 0 reviews

Quote:
Originally Posted by b1pig View Post
first. lets see... Norton is a security software designer....


so i didnt even read it.


$$$$$$$$$$
First article, sure. Norton is, well, norton.

Check out the article I linked. DARPA (Defense Advanced Research Projects Agency) doesn't mess around. They have been able to control cars using the vehicles Onstar, Sync, etc.

NDTguy

2017 JKU Sport S
ndtguy is offline  
post #14 of 18 Old 01-12-2015, 03:02 PM
Rock God
 
Guruman's Avatar
 
Join Date: Feb 2010
Location: Thompson Falls, Montana
Age: 48
Posts: 1,146
Garage
Feedback: 0 reviews

Quote:
Originally Posted by ndtguy View Post
First article, sure. Norton is, well, norton.

Check out the article I linked. DARPA (Defense Advanced Research Projects Agency) doesn't mess around. They have been able to control cars using the vehicles Onstar, Sync, etc.
No. No they did not.

What they demonstrated was:

A. The ability to affect a car important systems from directly tampering with the car. Such as the speedo, ABS, and collision avoidance systems. The guys in the video had to hack the car apart to interfere with the systems.

and

B) The ability to gain unauthorized access to the car's wi-fi or cellular connection.

From the linked article: "Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

Could. Theoretically.

or in other words, total BS.

_
'76 CJ-7, '43 CJ-2a, '78 Bronco,'78 CJ-7, '75 CJ-5, '78 CJ-7, '80 CJ-7, '78 SJ, '79 SJ, '78 and a '76 FJ-40 , '90 XJ, '91 XJ, '86 CJ-7, '95 ZJ, '68 CJ-101 Commando, '00 TJ, '68 M-715, 2 '86 Military Blazers, '96 LR Discovery, '86 CJ-7, '91 YJ, '99 TJ, 07' JKU Rubi, 1988 YJ, 1973 Commando, 3 Diesel Excursions....
Now back to a 2013 JKU Rubicon with "stuff", planning 37's with minimal lift.

I've tried them all... Jeeps are still the best. (0||||0)
Guruman is online now  
post #15 of 18 Old 01-12-2015, 07:43 PM
Rock God
 
ndtguy's Avatar
 
Join Date: Aug 2014
Location: Las Vegas
Posts: 667
Garage
Feedback: 0 reviews

Quote:
Originally Posted by Guruman View Post
No. No they did not.

What they demonstrated was:

A. The ability to affect a car important systems from directly tampering with the car. Such as the speedo, ABS, and collision avoidance systems. The guys in the video had to hack the car apart to interfere with the systems.

and

B) The ability to gain unauthorized access to the car's wi-fi or cellular connection.

From the linked article: "Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

Could. Theoretically.

or in other words, total BS.
Good read this link. http://www.ibtimes.com/car-hacking-d...g-laptop-video

Real question did you read the link inside the article (NYTimes)?

"Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features — like the car locks and brakes — as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety."

There is a lot more good information in the article, expressing researchers concern over remote take overs. Theoretical or not, in your opinion, it can be done.

But hey, feel free to put your head in the sand. I don't want, nor do I need blue-tooth/u-connect or any wi-if service in my vehicles.

If you want that, get a self driving car. I actually like driving my jeep and other cars.

NDTguy

2017 JKU Sport S
ndtguy is offline  
post #16 of 18 Old 01-12-2015, 07:54 PM
Rock God
 
Guruman's Avatar
 
Join Date: Feb 2010
Location: Thompson Falls, Montana
Age: 48
Posts: 1,146
Garage
Feedback: 0 reviews

Yes. I read the article. Did you?

That's where they say:

"Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

And:

"The researchers declined to speculate about the worse situations, such as interfering with a vehicle’s control system to make it crash."

And:

"They also said they believed that the automotive industry was treating the threats responsibly."

The rest is typical alarmist bull designed to generate a knee-jerk reaction from neewbs who do not know any better.

_
'76 CJ-7, '43 CJ-2a, '78 Bronco,'78 CJ-7, '75 CJ-5, '78 CJ-7, '80 CJ-7, '78 SJ, '79 SJ, '78 and a '76 FJ-40 , '90 XJ, '91 XJ, '86 CJ-7, '95 ZJ, '68 CJ-101 Commando, '00 TJ, '68 M-715, 2 '86 Military Blazers, '96 LR Discovery, '86 CJ-7, '91 YJ, '99 TJ, 07' JKU Rubi, 1988 YJ, 1973 Commando, 3 Diesel Excursions....
Now back to a 2013 JKU Rubicon with "stuff", planning 37's with minimal lift.

I've tried them all... Jeeps are still the best. (0||||0)
Guruman is online now  
post #17 of 18 Old 01-12-2015, 08:29 PM
Rock God
 
b1pig's Avatar
 
Join Date: Jan 2008
Location: ray city, ga
Posts: 1,234
Garage
Feedback: 1 reviews
Send a message via MSN to b1pig

the article states some fact, but laces it ALOT of "SPECULATION".....


we can "what-if" all day long. but a hacker can only hack systems that have connectivity. on-star is one like that, where there is certainly access to certain systems. anything that an on-star rep could do remotely, then it is possible that a hacker could as well.

until the publish PROVEN take-overs, then there is no reason to put my head in the sand. there is also no reason to concern myself over GM systems while i creep around in my non-GM vehicles... where the bluetooth requires CONFIRMATION for the connection. deny the connection, and deny the threat.

but then... someone could speculate that a good hacker could bypass all that.
i dont get that caught up in 007 and Mission "Implausible" movies... though they are entertaining.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

'19 Ram 1500, '01 BMW R1100RT, '99 Fat Boy
needed: ̶b̶o̶a̶t̶ ̶a̶n̶d̶ plane
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
b1pig is offline  
post #18 of 18 Old 01-14-2015, 11:30 AM
Wheeler
 
Join Date: Aug 2014
Age: 33
Posts: 29
Feedback: 0 reviews

So all BS Aside...

Most of this CAN be done, and the ability has existed for several years now. This is actually not new news...

Remote disable of brakes or mechanical systems no---however you could cause some hell by applying brakes or screwing around with the esp system on some vehicles--like the ones that apply individual brakes on either side of the vehicle to control traction issues.

GPS Spoofing... has been done before. In the automotive sector (aside from self-driving cars) I am unsure how this would be beneficial to most would be "hackers". It wouldnt do anything of value. Actually it wouldnt even affect self driving cars as they rely on video analysis and radar for control now... spoofing a GPS Signal that an airplane or ship is using for navigation--thats something else entirley, and that HAS been done.

At the end of the day, most of the article has truth and merit--but only for a small sub-group of individuals that are likely to be affected by this, and I'm not talking about you and me. It takes significant talent and revenue to conduct these types of operations--much more than some script kiddy is going to have. At this point in time it would be a nation state level of attempt in order to pull something off and not your IT guy down the street. So this "news" really means fuck all for us--or at least the vast majority of us.

No tinfoil hat needed.... We simply arent valuable enough to target or even fuck with at this point for anyone that even has the capability.
RHenthorn is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the JKowners.com : Jeep Wrangler JK Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome