Previous Page  43 / 84 Next Page
Information
Show Menu
Previous Page 43 / 84 Next Page
Page Background

Other Hacks in the News

Charlies talked a little about other car

hacking in the news, things you might

have heard about:

Some dongles exist to plug into your

car to allow fleet management, or

lower insurance rates for good drivers.

All the dongles analyzed by academics

were vulnerable. So most things that

are in your car you can't do anything

about, but here is one you can: don't

plug a dongle into your car.

Troy Hunt discovered that with a

Nissan Leaf the authentication back

to the server was just the VIN. So you

could walk up to a Leaf, read the VIN

through the windshield, and turn on

the heated seats. Since it is an electric

car it would drain the battery and it

wouldn't go. This wasn't physically

dangerous but the attack was really

easy.

There was a famous Tesla hack. It also

needed physical access and could not

access the CAN bus, but they could

control radio, windows, door locks.

Not the really scary stuff. Then they

found a web browser exploit which

meant that they could reflash the CAN

gateway and send arbitrary messages.

Tesla fixed it, and made it so that

the code needed to be signed. Since

they can update over the air, it didn't

require a recall, it could just happen

while all the owners were sleeping.

There were headlines about cars

being stolen with electronic keys. But

it turned out to be a low-technology

approach. They stole the software for

reprogramming keys, so they could

then look up the VIN, create a key,

open the car, and drive off.

All cars use proprietary message

formats so an exploit in one car won't

work directly in another. With trucks

this is not the case. The message

formats are standardized among all

manufacturers. So any attack on a

truck will work on all trucks.

Summary

Charlie said they are trying to get

ahead of the curve and communicate

with car companies but "they don't

talk to us." There are no white papers

like there are from companies like

Microsoft, about how their systems

are designed for security. Hopefully

things will get better but they are not

in good shape right now.

Figure 4. Automotive security: A hacker's eye view

New-Tech Magazine Europe l 43

1 38 39 40 41 42 43 44 45 46 47 48 49 84  FlippingBook