Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  
Followers 0

Hacking a Car with an Ex-NSA Hacker

1 post in this topic



Imagine this: You're cruising along when the car suddenly brakes. The doors lock. It starts accelerating backward. A hacker hundreds of miles away has taken control of your car over the cellular network. This is how it happens, as explained by a video from the good folks at Motherboard.


"When you are driving an automobile today, you are driving a big computer system that happens to have wheels and a motor," says a security researcher interviewed by Motherboard. And there are definite vulnerabilities in CAN bus, the network at the heart of your car that communicates with everything from the windshield wipers to the engine. In the video, you can watch information security researcher Mathew Solnik take control of a car from his laptop.


Security by obscurity isn't really security at all, but it is often the type of “security” available in vehicles since the majority of security researchers and hackers have no access to connected car systems and no understanding of how they work. That’s about to change; last week at the Black Hat Asia security conference in Singapore, former Tesla intern and embedded systems developer Eric Evenchick released an open source toolkit that was designed to work with the Controller Area Network (CAN) bus that controls many functions in connected cars.

“Every new car has multiple CAN buses that let controllers communicate. This bus controls everything from the camshaft on your engine to your power seats,” Evenchick explained before presenting "Hopping on the CAN Bus." After his talk, he opened-sourced the Python-based CANard; it supports his CANtact tool, an inexpensive device about the size of a credit card that can help researchers find security vulnerabilities in CAN systems.

CANtact is cross platform, meaning it can be plugged into a Mac, Linux or Windows laptop via USB and then plugged into any CAN-enabled car via a OBD-II cable. Previous diagnostic tools were expensive and therefore not readily available. Researchers, hackers or the curious can buy CANtact for $59.95, or build their own thanks to the source code and hardware design files on GitHub. “Making diagnostics available for cheap means that we can not only audit the security of these systems, but also use them for their intended purpose: fixing cars,” Evenchick told Forbes.

Last month on 60 Minutes, Dan Kaufman from DARPA’s Information Innovation Office remotely hacked a car, taking control of several car functions including acceleration and braking. It’s not the first time research has proven that a car’s electronics can be remotely taken over, but do vehicle manufacturers know about more security flaws that are vulnerable to remote hacking? A lawsuit filed earlier this month alleged that cars are vulnerable to hackers who could take control of the vehicle and “Toyota, Ford and GM have deliberately hidden the dangers associated with car computer systems.” Attorney Marc Stanley said, "We shouldn't need to wait for a hacker or terrorist to prove exactly how dangerous this is before requiring car makers to fix the defect."


Car manufacturers aren’t keen on telling the public what hacks are possible or letting security researchers probe for vulnerabilities, so the $60 device could serve as a security tool to help more researchers and hackers find flaws. “One of the big problems is access to vehicles,” Evenchick told Forbes. “Ford, let’s say, won’t let anyone with security skills in to hack it.” So far he’s “repeatedly” found weak authentication in vehicles’ diagnostic functions. “You have the ability to read and write data that you really shouldn’t.”


Share this post

Link to post
Share on other sites
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Restore formatting

×   Your link has been automatically embedded.   Display as a link instead

Sign in to follow this  
Followers 0

Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.