![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0043.jpg)
Other Hacks in the News
Charlies talked a little about other car
hacking in the news, things you might
have heard about:
Some dongles exist to plug into your
car to allow fleet management, or
lower insurance rates for good drivers.
All the dongles analyzed by academics
were vulnerable. So most things that
are in your car you can't do anything
about, but here is one you can: don't
plug a dongle into your car.
Troy Hunt discovered that with a
Nissan Leaf the authentication back
to the server was just the VIN. So you
could walk up to a Leaf, read the VIN
through the windshield, and turn on
the heated seats. Since it is an electric
car it would drain the battery and it
wouldn't go. This wasn't physically
dangerous but the attack was really
easy.
There was a famous Tesla hack. It also
needed physical access and could not
access the CAN bus, but they could
control radio, windows, door locks.
Not the really scary stuff. Then they
found a web browser exploit which
meant that they could reflash the CAN
gateway and send arbitrary messages.
Tesla fixed it, and made it so that
the code needed to be signed. Since
they can update over the air, it didn't
require a recall, it could just happen
while all the owners were sleeping.
There were headlines about cars
being stolen with electronic keys. But
it turned out to be a low-technology
approach. They stole the software for
reprogramming keys, so they could
then look up the VIN, create a key,
open the car, and drive off.
All cars use proprietary message
formats so an exploit in one car won't
work directly in another. With trucks
this is not the case. The message
formats are standardized among all
manufacturers. So any attack on a
truck will work on all trucks.
Summary
Charlie said they are trying to get
ahead of the curve and communicate
with car companies but "they don't
talk to us." There are no white papers
like there are from companies like
Microsoft, about how their systems
are designed for security. Hopefully
things will get better but they are not
in good shape right now.
Figure 4. Automotive security: A hacker's eye view
New-Tech Magazine Europe l 43