Hacking Cars (no Axe Req)

I read somewhere about Telsa having issues with software exploitation and many reported thefts of their motor vehicles including smartphone intercepts via the sour app install.
The whole show being remotely controlled from miles away!
https://www.usatoday.com/story/tech/2017/07/28/chinese-group-hacks-tesla-second-year-row/518430001/
https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes

Nowadays remote access is not the only door as key fobs can also be replicated, apparently!

https://www.bleepingcomputer.com/ne...lets-you-clone-key-fobs-and-open-subaru-cars/

Gotta love technology hey lads!

PS. At least a good old steering pro-lock bar should suffice!

 

This is why i pick cars with less tech.And i never use the Onstar or the sirius xm.In my opinion they both suck.

If a On star operator has access to your vehicle so could a hacker easily.

edit: FYI old news

There was a group from the us that can hack cars as well.

 

True wile, but the plot thickens......updates to the scam now include a ransomware injection where they dont physically steal your car, they just encrypt your access to it and demand a ransom for its release!

I reckon the Nazi's would have loved that one

Lucky i drive a Toyota.....

 

Put your tin foil hat back on and keep looking.
First off Tesla patched that vulnerability within a week over the air - ALL cars got it.
Second, look at the attack, a very rare and hard to set up scenario. "The attack requires the car to be connected to a malicious Wi-Fi hotspot set up by the hacking team, and this can only be triggered when the car’s web browser is used." The car uses LTE at all times unless purposefully configured to a Wi-Fi. The car owner would have to go to the malicious Wi-Fi spot and join the Wi-Fi via in car controls. And then open the browser to their page. But as said above, it no longer works.

 

In reality, the Telsa is really no more vunerable than any car, as your quite right in the attack being quite complex.
I just thought it all very amusing, and as we all know patches can cover, until a new vulnerability uncovers again.

With the advent of apps in use from smartphones/tablets for vehicle control, this opens up a whole new security issue without the need for bogus hotspots, I would think.
Only time will tell

Cheers from under my tin foil hat

 

The only thing i worry about is if my Key less entry gets hacked.Key fobs can be hacked by running back thorugh the packet system some how.RF singnals are no different.

 

Very true wile e.........radio hacks on passive entry systems are always a threat!

These guys use $20 apps nowdays to do so.
They now create range extenders for the fob using dual radio sets ....one radio stays near the car, the other near the car key, and the two radios relay the signals coming from the car to the keyfob and vice-versa.
They dont need to crack any codes, the signals are just sniffed, decoded and relayed between the two devices.


Unless you own a Mercedes AMG, your pretty safe though!

 

Over the air updates are a pretty good solution. Very fast response time to push out a patch.

 

Yes DOA, along with anti-malware based programs within the cloud, these types of applications are the way to go now.....no need for updated signature downloads anymore, and security patches can be instantly available (in real time) to subscribers of that particular software!

 

Too bad the idiots at IoT design will not even do basic security. Most of the really big bot nets are IoT devices that cannot easily be patched. IoT should have OTA updates mandatory.

 

It smells of weak infrastructual IoT networks, among the companies IP devices needing the new data.
A strong business IoT(N) should have the ability for close monitoring, control and management of all things included.

Some companies are now utilizing Edge Computing among their IoT infrastructures in order for necessary data to be constructed at the source, rather than being sent.....but it can be expensive which is no doubt why they balk at it!

 

The reality is that on today's vast network infrastructure, your car is a network device (PC), your TV is a network device (PC), your smart fridge is guess what?.....yep, a PC.
This makes them just as vulnerable as your computer at home, and believe me, the vulnerabilities are many and rising.
Its a major reason IoT is currently a ship taking on water!
A great idea, but extremely difficult to stay adequately patched for all things.

This bloke explains it well with a sense of humor against the dangers!

 

We need to get the word out - buy your car, TV and other appliances with an eye towards security.