JKOwners Forum banner

1 - 18 of 18 Posts

·
Comfortably Numb
Joined
·
12,289 Posts
Discussion Starter #1
I just read an article by Norton/Symantec about the latest in hacking and that is vehicles with computers and car parts that generate data and xmit by a specific frequency. ie. to date brakes and tpms have been hacked as well as remote starts.

Long story short.

A study published (link is external) by the University of California, San Diego has tested physical breaches, which are when a person, such as a mechanic or valet, has access to the car itself, uploads malware through a port. Sometimes, people will upgrade to a new stereo, or add a new alarm system, and if you’re not careful, these aftermarket parts can come pre-infected with malware that will allow a hacker access to the car’s computer system. Malware can even be encoded in MP3 music files and introduced through CDs or USB sticks. Wireless interface breaches can occur through the features of the car itself- the built in cell network, GPS, short range wi-fi and Bluetooth.

What can these attacks do?

The study by the University of California, San Diego mentioned above, tested out just how hackable a connected vehicle really is. The researchers were able to disable the engine, reroute GPS directions, insert malware, remotely disable the brakes, alter the speedometer readings, and more. However, in order to perform these hacks, the hackers had to be within close proximity of the vehicle, driving alongside it as the hacks were performed. At this point with this newer technology, vital system hacks have been proven difficult to execute.

The Link to the full article: http://community.norton.com/blogs/norton-protection-blog/security-concerns-and-connected-car
 

·
Registered
Joined
·
1,359 Posts
A lot of BS here.

Attacks through GPS.... no

Remotely disable brakes... Maybe turn off the ABS, otherwise no.

So much alarmist BS.

Sure, if you can get connected to the vehicle, you could do almost anything that a programmer/tuner could do...... Except that while it's running the data is in use and cannot be changed (or at least most of it). Changing the data requires re-booting and programming the ECU, which takes a considerable amount of time and usually required a key-on key-off key-on sequence.

Seems like an article designed to sell products to protect you from imaginary threats, Symantec trying to breach into the car market by creating a problem that they need to solve, for a fee.
 

·
Comfortably Numb
Joined
·
12,289 Posts
Discussion Starter #3
Norton published this in their monthly cybercrime report. The info presented was a synopsis generated from the research performed by the University of California, San Diego. GPS? They rerouted GPS. I really don't see how this is alarmist bullshit when the info presented comes tests performed and documented.
 

·
Registered
Joined
·
1,359 Posts
They've mixed just enough truth in to make it seem like a much bigger deal than it is. Can GPS be spoofed to show inaccurate information.... yes. Can you car be attacked/hacked through the GPS antenna.... absolutely not.

Could you detect the wheel speed sensor pulses from driving next to another car, yes. Can you do much of anything else.... no.

Same thing with the other"hacks" they highlight. Is it possible to hack a car if you have physical access to it? Yes, "tuners" do this all the time. Can you do it to someone else's car while driving down the road. No.

And the thing with the brakes is just absolute BS all the way around. Brakes are a mechanical system. Designed to failsafe, You CANNOT re-program the car to make the brakes NOT work. You could disable the ABS, with some of the newer features, you might be able to apply the brakes. But you cannot disable the brakes without physically monkeying with the mechanical system. Drive-by-wire brakes are not a thing yet for good reason. Throttles like in our JK, however are another thing. If you could get between the pedal and the ECU you might be able to fake a WOT condition. But doing it remotely is a completely different ball game.

I have the Chrysler mobile wi-fi setup in my JK. Could it be "hacked" or accessed remotely... yes. But it does not tie into the Jeep's CAN Bus at all. You cannot do anything to my Jeep through connecting to the wi-fi. The most they can get is free wi-fi.

Again, so much misinformation and misleading, mixed with a bit of truth to make it seem more plausible. What they have done is take the fact that some systems can be accessed remotely, and the software can be changed if you have physical access to the vehicle. And combined then to mislead you into believing that all of those things can be done "while driving beside another car", which is BS.
 

·
Registered
Joined
·
689 Posts
Glad the Wife's durango has power w/l/m and that's it. My jeep doesn't even have that.

No u-connect and no blue tooth. It wasn't this article, but I read in another that hackers have been able to hack into the ford's mylink and toyota's setup (forget what it's called). Make sure you check out the last paragraph....part in bold.

http://www.ibtimes.com/car-hacking-darpa-funded-researchers-take-control-toyota-prius-ford-escape-using-laptop-video

Everything in our world is becoming high-tech. Even appliances such as dryers and dishwashers have become computerized in one way or another. While these advances have made our lives easier and more efficient, they also introduce new vulnerabilities to the many devices we interact with on a daily basis.

Take vehicles, for instance. Cars manufactured in recent years have become ever more connected to electronic control units that run everything from engine timing to safety systems. With everything in a vehicle connected to ECUs, there’s one serious question that needed to be asked: What happens if someone managed to hack into your car's system?

Forbes journalist Andy Greenberg found out first hand. Greenberg met with Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at Seattle computer security consultant firm IOActive, to see how vulnerable cars are to computer hacks. The duo was funded by a grant from the Pentagon's research arm, the Internet-inventing Defense Advanced Research Projects Agency, to find these vulnerabilities.

Using a Macbook connected to the On-Board Diagnostics Port, or OBD II, a port used to check diagnostic codes and emission readings from a vehicle, Miller and Valasek were able to demonstrate to Greenberg various hacks in a Toyota Prius and Ford Escape. They were able to demonstrate their hacking by doing simple things such as manipulating the speedometer and various sensors. More nefarious hacks included tricking the car into jerking to the left and right, controlling the horn, triggering the seat belt tensioner and even turning off the brakes entirely.

According to Valasek, more than 35 electronic control units are present in the Toyota Prius alone. In March 2011, computer scientists from the University of California, San Diego, and the University of Washington in Seattle were able to demonstrate how cars could also be remotely hacked using built-in cellular and Bluetooth connections, according to a New York Times report.
 

·
Comfortably Numb
Joined
·
12,289 Posts
Discussion Starter #7
Technology changes quickly. Kind if reminds me of when I started working with Acoustic Emission to locate flaws without UT. In the mid 70's AE was considered by most in the NDT world as black magic. If the FBI/CIA could monitor conversations on your cell phone while it's turned off a few years ago, imagine what they can do now. Right now the ECU's are the access points.
 

·
Registered
Joined
·
689 Posts
Technology changes quickly. Kind if reminds me of when I started working with Acoustic Emission to locate flaws without UT. In the mid 70's AE was considered by most in the NDT world as black magic. If the FBI/CIA could monitor conversations on your cell phone while it's turned off a few years ago, imagine what they can do now. Right now the ECU's are the access points.
I remember the first time I saw AE at work. Thought it was the coolest thing in a long time (eddy current rules though) NDI is all smoke and mirrors anyway. :koolaid: Agreed with the rest about your cell phone and ECU's in anything.

I'm safe. Picked up several rolls of tin foil on sale.
Make sure it's the heavy duty stuff. :shitstorm:

Making a hat, are you?:thefinger:
Better buy some also. Always better to have it then wish you did. :thefinger:
 

·
Registered
Joined
·
689 Posts
first. lets see... Norton is a security software designer....


so i didnt even read it.


$$$$$$$$$$
First article, sure. Norton is, well, norton.

Check out the article I linked. DARPA (Defense Advanced Research Projects Agency) doesn't mess around. They have been able to control cars using the vehicles Onstar, Sync, etc.
 

·
Registered
Joined
·
1,359 Posts
First article, sure. Norton is, well, norton.

Check out the article I linked. DARPA (Defense Advanced Research Projects Agency) doesn't mess around. They have been able to control cars using the vehicles Onstar, Sync, etc.
No. No they did not.

What they demonstrated was:

A. The ability to affect a car important systems from directly tampering with the car. Such as the speedo, ABS, and collision avoidance systems. The guys in the video had to hack the car apart to interfere with the systems.

and

B) The ability to gain unauthorized access to the car's wi-fi or cellular connection.

From the linked article: "Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

Could. Theoretically.

or in other words, total BS.
 

·
Registered
Joined
·
689 Posts
No. No they did not.

What they demonstrated was:

A. The ability to affect a car important systems from directly tampering with the car. Such as the speedo, ABS, and collision avoidance systems. The guys in the video had to hack the car apart to interfere with the systems.

and

B) The ability to gain unauthorized access to the car's wi-fi or cellular connection.

From the linked article: "Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

Could. Theoretically.

or in other words, total BS.
Good read this link. http://www.ibtimes.com/car-hacking-darpa-funded-researchers-take-control-toyota-prius-ford-escape-using-laptop-video

Real question did you read the link inside the article (NYTimes)?

"Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features — like the car locks and brakes — as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety."

There is a lot more good information in the article, expressing researchers concern over remote take overs. Theoretical or not, in your opinion, it can be done.

But hey, feel free to put your head in the sand. I don't want, nor do I need blue-tooth/u-connect or any wi-if service in my vehicles.

If you want that, get a self driving car. I actually like driving my jeep and other cars.
 

·
Registered
Joined
·
1,359 Posts
Yes. I read the article. Did you?

That's where they say:

"Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place."

And:

"The researchers declined to speculate about the worse situations, such as interfering with a vehicle’s control system to make it crash."

And:

"They also said they believed that the automotive industry was treating the threats responsibly."

The rest is typical alarmist bull designed to generate a knee-jerk reaction from neewbs who do not know any better.
 

·
Registered
Joined
·
1,242 Posts
the article states some fact, but laces it ALOT of "SPECULATION".....


we can "what-if" all day long. but a hacker can only hack systems that have connectivity. on-star is one like that, where there is certainly access to certain systems. anything that an on-star rep could do remotely, then it is possible that a hacker could as well.

until the publish PROVEN take-overs, then there is no reason to put my head in the sand. there is also no reason to concern myself over GM systems while i creep around in my non-GM vehicles... where the bluetooth requires CONFIRMATION for the connection. deny the connection, and deny the threat.

but then... someone could speculate that a good hacker could bypass all that.
i dont get that caught up in 007 and Mission "Implausible" movies... though they are entertaining.
 

·
Registered
Joined
·
29 Posts
So all BS Aside...

Most of this CAN be done, and the ability has existed for several years now. This is actually not new news...

Remote disable of brakes or mechanical systems no---however you could cause some hell by applying brakes or screwing around with the esp system on some vehicles--like the ones that apply individual brakes on either side of the vehicle to control traction issues.

GPS Spoofing... has been done before. In the automotive sector (aside from self-driving cars) I am unsure how this would be beneficial to most would be "hackers". It wouldnt do anything of value. Actually it wouldnt even affect self driving cars as they rely on video analysis and radar for control now... spoofing a GPS Signal that an airplane or ship is using for navigation--thats something else entirley, and that HAS been done.

At the end of the day, most of the article has truth and merit--but only for a small sub-group of individuals that are likely to be affected by this, and I'm not talking about you and me. It takes significant talent and revenue to conduct these types of operations--much more than some script kiddy is going to have. At this point in time it would be a nation state level of attempt in order to pull something off and not your IT guy down the street. So this "news" really means fuck all for us--or at least the vast majority of us.

No tinfoil hat needed.... We simply arent valuable enough to target or even fuck with at this point for anyone that even has the capability.
 
1 - 18 of 18 Posts
Top