Hackers Reveal Nasty New Car Attacks
My friend realitychecker sent me this piece at Forbes.com this mornin’. Part of the header was: ‘Assassin’s wet dreams, here today’. The video is already up on youtube, and I reckoned that since you might find it interesting with all the speculation about Michael Hastings’ ‘accident’, I’d post it. Andy Greenberg, Forbes’ tech security journalist:
‘This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.
The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry’s security problems before malicious hackers get under the hoods of unsuspecting drivers. The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.’
Greenberg links to research reported in 2010 that showed that wireless hacks of car systems are indeed possible, as in: no need to be in the back seat as Miller and Valesek are in the video.
‘For example, services like General Motors’ OnStar system, Toyota’s Safety Connect, Lexus’s Enform, Ford’s Sync, BMW’s Assist and Mercedes Benz’s Mbrace all use a cellular connection embedded in the vehicle to provide a variety of automated and call center support services to a driver. These subscription services make it possible to track a car’s location, unlock doors remotely and control other functions.
In their remote experiment, the researchers were able to undermine the security protecting the cellular phone in the vehicle they bought and then insert malicious software. This allowed them to send commands to the car’s electronic control unit — the nerve center of a vehicle’s electronics system — which in turn made it possible to override various vehicle controls. ‘
Mercedes Mbrace technology seems to have been in the C250 Michael Hastings was driving, which model I discovered at FoxNews.com. The article begins:
‘Mere hours before the fiery car crash that took his life, journalist Michael Hastings sent an email to friends and colleagues urging them to get legal counsel if they were approached by federal authorities.
“Hey [redacted] the Feds are interviewing my ‘close friends and associates,'” read the message dated June 17 at 12:56 p.m. from Hastings to editors at the website BuzzFeed, where he worked.
“Perhaps if the authorities arrive ‘BuzzFeed GQ’, er HQ, may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues.”
Hastings added that he was onto a big story and that he would, “need to go off the radat [radar] for a bit,” according to KTLA in Los Angeles.’
Fifteen hours later he ‘lost control and crashed into a palm tree; the car burst into flames. You know the rest, including this:
“Michael Hastings contacted WikiLeaks lawyer Jennifer Robinson just a few hours before he died, saying that the FBI was investigating him,” the second message read.”
There’s been lot of speculation as to which big story he was working on, including the ‘Drone Surveillance in the US’ one the Fox article names, and iirc, even the Boston Bombing story. Are there any new leads on that?
I don’t think I’ll be able to answer comments, so maybe if Kurt Sperry or any others of you who know this issue might help host. RL duties are callin’ me. (It’s bread day here, and I’m tryin’ to get the place ready for a visit from our young grandsons. I’m about to throw a shoe I’m so tickled they’re comin’ to spend time on the farm with us.)
That new cars have dozens of computer systems in them is a revelation to me, I confess. Pretty different than the ’56 Ford pickup we had that even I could work on if I could get the right parts. 😉
(cross-posted at Café-Babylon.net)