Print 33 comment(s) - last by JediJeb.. on Feb 10 at 2:59 PM

The device will be presented at the Black Hat Asia security conference in Singapore next month

A team of Spanish security researchers is out to beef up auto security by showing its ability to hack a car with a device the size of your hand. 
According to Forbes, security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to show a new device they've built at the Black Hat Asia security conference in Singapore next month -- and they're hoping it will be a wake-up call for the auto industry.
The device is called the CAN Hacking Tool (CHT) and it attaches via four wires to the Controller Area Network or CAN bus of a vehicle. It draws power from the car’s electrical system and allows an attacker to send wireless commands remotely from a computer. 
The researchers say it's as easy as lifting the hood real quick or simply sliding under the car to attach the device to a vehicle and walk away. 
From there, the attacker could switch off headlights, set off alarms, roll windows up and down, and access anti-lock brakes or emergency brakes. The researchers have already tested it on four different vehicles, although they won't reveal which makes and models.

CHT [SOURCE: Forbes]

For right now, the device only works using Bluetooth, which means it can be controlled from just a few feet away. But the research team said that by the time the conference rolls around next year, it will implement a GSM cellular radio, which will allow remote control of the vehicle from a few miles away. 
“It can take five minutes or less to hook it up and then walk away,” said Vazquez-Vidal. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
What makes matters worse is that the items needed to build the device can all easily be bought from store shelves, and costs under $20 total. 
Also, it's nearly impossible to trace the attacker, according to the researchers.
The team said they built the device to show automakers what attackers are capable of, and to call for greater security in cars, which are becoming increasingly connected and more vulnerable to hacks. 
“The goal isn’t to release our hacking tool to the public and say ‘take this and start hacking cars,’” says Vazquez-Vidal. “We want to reach the manufacturers and show them what can be done.”

Source: Forbes

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Lol what?
By Argon18 on 2/6/2014 12:16:43 PM , Rating: 2
"The researchers say it's as easy as lifting the hood real quick or simply sliding under the car to attach the device to a vehicle and walk away. "


Which make and models of cars have a hood that can be opened "real quick"? Any car from the past few decades has the hood lock integrated with the factory alarm and immobilizer. So to "lift the hood real quick" you need the keys to the car.

Also how many vehicles can you "simply slide under"? Most cars and even SUV's have only a few inches of ground clearance, not nearly enough to get underneath it unassisted.

Lastly, the photo shows a device with bare wires that must be spliced into the CAN bus. How many vehicles have exposed CAN bus wiring on the underside of the car? Zero? The CAN bus wiring runs inside the cabin, with portions in the engine bay, none of which is accessible from the underside of the car.

What a bunch of nonsense.

RE: Lol what?
By Dr of crap on 2/6/2014 12:24:46 PM , Rating: 3
I agree with your last two items.
But the first one you are wrong.
None of my four cars is immobile or sets of an alarm if the hood is opened. BUT you'd need to have a door open so you could get inside to release the hood lock.

I agree this is a load of crap.

WHERE can you just hook up to the CAN under the car???

RE: Lol what?
By Etsp on 2/6/2014 1:52:05 PM , Rating: 2
I think the alarm/immobile thing comes into play if the doors weren't properly unlocked when the hood lock gets released.

By "properly" I mean by either using the key in the door or using the button on the key fob.

RE: Lol what?
By JediJeb on 2/6/2014 3:49:25 PM , Rating: 2
BUT you'd need to have a door open so you could get inside to release the hood lock.

If you try hard enough, on some you can use a pair of needle nose pliers and reach in and grab the hood latch cable and pull it just right and unlock the hood. It is not easy, but also not impossible.

RE: Lol what?
By flatrock on 2/7/2014 9:11:29 AM , Rating: 2
I just read an article on Car and Driver which contained an interesting hack among a lot of fluff and some inaccuracies.

Apparently some Swiss researchers cam up with the idea of using a directional antenna and a radio repeater to extend the range of a car's key fob. They didn't break the encryption or create their own fob for access, but while you are across the parking lot headed into a building they can make your car think you are standing right next to the door, and just press the button on the handle to unlock the door.

Stick a ELM327 wifi dongle into the CAN port and they are in business. Use a directional wifi antenna and they can communicate with the CAN bus from another vehicle without much difficulty.

It requires proximity and leave evidence behind, but it's still a bit scary.

RE: Lol what?
By AntiM on 2/6/2014 12:32:03 PM , Rating: 3
What if you worked for Jiffy Lube and someone paid you $500 for every one you installed?

RE: Lol what?
By FITCamaro on 2/6/2014 1:15:41 PM , Rating: 2
They could also just pay you to get the keys and then say that your car must have been stolen after they finished with it and it was sitting in the parking lot.

RE: Lol what?
By chµck on 2/6/2014 1:20:13 PM , Rating: 2
This can be used for more than stealing a car.
How about causing a deadly "accident"?

RE: Lol what?
By superflex on 2/6/2014 3:03:06 PM , Rating: 1
Ask Michael Hastings how his car suddenly accelerated into a tree and burst into flames.
That's right. You cant because he's dead for what he knew.
Yes, the technology is there and you should be worried.

RE: Lol what?
By MrBlastman on 2/7/2014 11:41:00 AM , Rating: 1
Darn straight. The death list from the Obummer administration keeps growing every day. I think he's on track to whack more people than the Clintons did.

RE: Lol what?
By JediJeb on 2/6/2014 3:55:36 PM , Rating: 2
What if you worked for Jiffy Lube and someone paid you $500 for every one you installed?

Jiffy Lube would be a good place, but even better how about working for the dealership. Imagine placing a hacking device in all the vehicles you service at the dealer or even before they are sold!

RE: Lol what?
By Solandri on 2/6/2014 4:41:59 PM , Rating: 2
Any place with valet parking. The cars (and owners/victims) will be more upscale too.

RE: Lol what?
By Spuke on 2/6/2014 5:30:08 PM , Rating: 2
You guys must all drive trucks. Good luck trying to get under my car. Make sure to bring your NASCAR floor jack (that wouldn't look out of place). And Bluetooth? You'd have to be in the back seat (I don't have one of those) to hack the car (that won't look obvious either).

RE: Lol what?
By JediJeb on 2/10/2014 2:52:33 PM , Rating: 2
Doesn't matter how low to the ground it is if you hand over your keys to a parking attendant or service person at the dealership, since they can then easily open the hood.

RE: Lol what?
By kingmotley on 2/7/2014 11:29:51 AM , Rating: 2
You mean like onstar?

RE: Lol what?
By amanojaku on 2/6/2014 12:33:08 PM , Rating: 1
Also how many vehicles can you "simply slide under"? Most cars and even SUV's have only a few inches of ground clearance, not nearly enough to get underneath it unassisted.
This shouldn't be too much of a problem here in the US. Most American's stomachs can't even fit under Big Foot, let alone a normal-sized car! ;)

RE: Lol what?
By Motoman on 2/6/2014 1:52:57 PM , Rating: 2
Well, first of all lots of people don't lock their cars...intentionally or because they're absent minded. So easy enough to open an unlocked car door and pop the hood open.

There's also proven ways to hack remote car door openers too...has been for many, many years. There's no reason to assume that a group of people so sophisticated as to be able/willing to pull this off wouldn't be able to firstly find their way into the car.

If you did want to get under a car, all it takes is a bottle jack or two and an extra 60 seconds. BFD. Although I agree that for the vast majority of cars that's not going to help you get to any major wiring harnesses.

Lastly, on the issue of "bare wires" - if you can quickly find the correct wiring harness and slice open the casing, you just take the bare wires and some of those Scotch wire splicer thingies and *bam* - done. Probably the easiest way to do it.

RE: Lol what?
By Spuke on 2/6/2014 5:34:57 PM , Rating: 1
BAM! Good luck with all that on my car. Bottle jack? LOL! Wiring harness from the bottom? LOL! What car has the wiring harness running on the BOTTOM? Look, if you have THAT kind of knowledge of a particular car (where you know what part of the harness does what), you don't need this hack AT ALL. Just steal the car!

RE: Lol what?
By Motoman on 2/7/2014 8:46:05 PM , Rating: 2
Did you even read my post? I just...nevermind. I sense a disturbance in the force telling me there's not any point in telling you what you did wrong.

Somewhat agree with premise
By FITCamaro on 2/6/2014 1:21:44 PM , Rating: 2
I definitely agree with the premise that as more and more "smart" technology gets built into cars, there are more opportunities for hacking.

But as many others have said, there is no chance of anyone being able to get into your car undetected and install this. Now sure, even if they set off an alarm, few will pay attention. So they could conceivably install it without you knowing. But the creators idea that you can do it from outside the vehicle without opening the door to pop the hood or install it under the dash is false. There's very little wiring you can get to from under the car, even if it is jacked up.

RE: Somewhat agree with premise
By SuckRaven on 2/6/2014 3:24:18 PM , Rating: 1
I think the more annoying and irksome thing is that the manufacturers and the people that put "smart" tech into cars are fully aware of its potential to be misused/exploited. But no one seems to care. The public have been told what is cool an what they want, and if you don't have the latest in super automated bullshit in a car...well, you may as well be living in a third world country, scratching a living off of a barren landscape, with poverty and disease all around you.

I'm sorry, but the burden of some things should not be unloaded from real human people. Like the responsibility that comes with owning and operating a motor vehicle. With all these electronic gizmos, it is all to easy to have software malfunctions.

Call me crazy, but I do not want a software malfunction in my car. Yes, I realize that there is already tons of computer controlled systems in most modern cars today. But the idea that we should just keep cramming things that can be exploited so easily worries me. Just like that article a few days ago about law enforcement being able to activate a remote kill switch in a vehicle.

Whatever though...shit is not going to get better, only worse. It's kind of like Pandora's box that way.

I can already see all the people trying to get out of traffic tickets, and liability for accidents.

"Yeah officer, it seems my car was hacked, and they ran me right into that other vehicle."

Who is at fault then?

Like I said, the burden of responsibility of operating a motor vehicle should, in my opinion, stay as much in the hands of the driver as possible.

RE: Somewhat agree with premise
By tayb on 2/6/2014 4:11:50 PM , Rating: 2
It's trivial to get inside a locked car without sounding the alarm. And that assumes the car is even locked in the first place. And then that assumes an alarm is even something to be concerned about.

I've sat and watched a locksmith "break" into a locked car in seconds without sounding the alarm. I think a talented thief trying to plant one of these devices would have no trouble at all getting inside a vehicle.

What is most shocking is how many people thinking locking their doors make them safe. Are you serious?

RE: Somewhat agree with premise
By JediJeb on 2/6/2014 5:08:38 PM , Rating: 2
I pretty much never lock mine. I figure I would rather have someone steal something out of it without having to replace the broken glass, since whatever I left inside would cost less to replace. Then again the vehicles themselves are so old no one would want to drive off with them. The most funny thing I think would be to see some young kid try to steal my old Jeep. Since it has a carburetor they probably would not think to pump the gas pedal before trying to start it, and never figure out why it wouldn't start and just walk away.

RE: Somewhat agree with premise
By Spuke on 2/6/2014 5:37:46 PM , Rating: 2
Age of a car has sh!t to do with whether or not a thief wants it. Car thefts/break ins have everything to do with "can I sell this".

RE: Somewhat agree with premise
By jRaskell on 2/7/2014 5:17:20 PM , Rating: 2
Actually, a non-trivial percentage of vehicle thefts are just for joy rides, no monetary motivation at all.

I personally know of two such cases, one car (which was found in a parking lot a day later with the rear tires shredded down to the chords), and one motorcycle, found a few days later being ridden by the thief at Motorcycle week in Laconia NH. The thief testified he just stole it for Motorcycle week, and was gonna dump it later. He had no prior record and allegedly no clue how to even go about selling a stolen vehicle.

RE: Somewhat agree with premise
By JediJeb on 2/10/2014 2:59:41 PM , Rating: 2
I gave $500 for my Jeep and I was being generous to my friend when I bought it. It would probably cost a thief more in gas to get it to somewhere to sell it than they would get for it lol. But I am sure they would want to pull out the 1980s Pioneer AM/FM/Cassette radio, I am sure they could get some money for that.

Ok but...
By djc208 on 2/7/2014 10:32:32 AM , Rating: 3
Knowing about the possability isn't a bad thing, but it also really beggs the question uf usefulness. Breaking into a car isn't hard, and access to the bus is easy, but you still need to know how to modify the OS to get it to do what you want. While they all have to give the same diagnostic info per ODB II, the actual software is custom, hence all the effort and money for aftermarket tuners and high end diagnostic machines.

If someone wants to go to that kind of trouble there are lots of other things they can do probably more easily than hacking your car. When this can be done using a smart phone app over BT or wifi then it's time to worry, but as this stands it's no different than a lock pick.

This is a non-issue
By Samus on 2/8/2014 12:54:11 AM , Rating: 3
First of all, all of these issues are address in OBDIII.

1) OBDIII tells you when a 3rd party device is plugged into the PEG port or is running on the CAN BUS.
2) OBDIII sets off the alarm/immobilizes the vehicle is the alarm system is active when a device is plugged in.
3) OBDIII divides up the emissions, restraint, braking, engine control, climate control, steering/suspension and entertainment systems of a vehicle into separate groups. All groups except or emissions are vendor-specific.
3a) Unfortunately this means that proprietary readers will be required for each brand of vehicle to identify problems other than emissions.
3b) Fortunately, this means that no universal devices will be able to compromise a vehicle, unless they want to hack that EGR reading from 2 miles away.

In the near term, its important to consider how ineffective this device will be on OBDII vehicles:

1) I doubt it can take control of a moving vehicle since most vehicles don't allow parameter modification to safety systems when the VSS reads a speed above zero. All vehicles require a restart for RSM/ABS modules to initialize newly written data.
2) If you are in a stationary vehicle and somebody takes control of it by moving it, you can
a) remove the keys/hold the start button for 5 seconds
b) apply the brake pedal. this is a mechanical system that can not be disabled/overridden.

I am absolutely dying to see this thing work. It may take advantage of one model vehicles' flaws, or at best one manufactures flaws, but to make a device that can "take control" of all vehicles using the CAN BUS is impossible.

I hope they call it Series T-X

By TheEquatorialSky on 2/6/2014 12:54:41 PM , Rating: 2
Gaining access to a CAN port would require physically breaking into a vehicle. You can't just pop the hood nowadays.

By CBRworm on 2/6/2014 12:58:17 PM , Rating: 2
I'll pay $1 to the first person that can wire one of these into any of my unlocked cars in 5 minutes or less without leaving visible damage in their wake.

Why make their own hardware?
By flatrock on 2/7/2014 8:25:40 AM , Rating: 2
It's good to research what a hacker could do with access to the can bus. Making their own little tool seems kind of pointless when there are plenty of devices using the ELM327 chip and a bluetooth interface for about $12, or a wifi interface for $25. Use a directional antenna and a decent amplifier and you can even get a little range and effect a car traveling down the road from another vehicle.

The keys to protecting this are the same as for any system. First and foremost physical security is essential. It hackers can get physical access to your system, your other defenses are likely to be inadequate.

The second defense is to limit the interface. Do you really need to be able to effect safety essential systems such as the brakes through a CAN bus that is user accessible?

Does the telematics system (ie. OnStar) need to be able to send messages that could effect brakes or acceleration? The OnStar system needs to receive diagnostic info, and it needs to be able to do things like unlock the doors. All interfaces should be limited to what the need to do. No unnecessary code, no broad, undocumented interfaces meant for testing that can send or receive any kind of message. You can always code such interfaces and stick them in when really needed and strip them back out of production code, but you have to make very sure they get stripped out.

This kind of thing has been done in the avionics industry for a long time. If the auto industry isn't doing it now it is time to start.

seems rather easy
By Schreck1961 on 2/7/2014 9:54:42 AM , Rating: 2
maybe someone can explain this to me. Just type in "thieves steal cars on youtube"

Sounds like someone is able to spoof the unlock codes for a bunch of new cars. I bet the car companies have back doors in the wi-fi or bluetooth devices so they can get into any of their products

I'd like to see that
By alpha754293 on 2/7/2014 12:39:01 PM , Rating: 2
Personally, and honestly, I'd like to see someone try and hack into my 2013 Ford Fusion Titanium Hybrid. They'll get ZERO assistance from me and I might even make it so that my key fobs are in a different city/state/country than where the vehicle physically is located and then I would watch them try and get in and hook up without sounding the alarm or damaging/breaking something in the process.

If they fail, then my car is pretty well sealed. (It doesn't even have an ignition cylinder, which I don't know if it will make it easier or harder for them). But if they succeed, then it's time that I spend more time looking at they did it, and then to make suggestions and/or recommendations as to how we can improve the safety/security systems to make it more robust, and even harder to defeat.

Furthermore, CAN bus traffic is encrypted (or you need a CAN bus translator to make the CAN bus messages meaningful).

"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki