backtop


Print 33 comment(s) - last by JediJeb.. on Feb 10 at 2:59 PM

The device will be presented at the Black Hat Asia security conference in Singapore next month

A team of Spanish security researchers is out to beef up auto security by showing its ability to hack a car with a device the size of your hand. 
 
According to Forbes, security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to show a new device they've built at the Black Hat Asia security conference in Singapore next month -- and they're hoping it will be a wake-up call for the auto industry.
 
The device is called the CAN Hacking Tool (CHT) and it attaches via four wires to the Controller Area Network or CAN bus of a vehicle. It draws power from the car’s electrical system and allows an attacker to send wireless commands remotely from a computer. 
 
The researchers say it's as easy as lifting the hood real quick or simply sliding under the car to attach the device to a vehicle and walk away. 
 
From there, the attacker could switch off headlights, set off alarms, roll windows up and down, and access anti-lock brakes or emergency brakes. The researchers have already tested it on four different vehicles, although they won't reveal which makes and models.


CHT [SOURCE: Forbes]

For right now, the device only works using Bluetooth, which means it can be controlled from just a few feet away. But the research team said that by the time the conference rolls around next year, it will implement a GSM cellular radio, which will allow remote control of the vehicle from a few miles away. 
 
“It can take five minutes or less to hook it up and then walk away,” said Vazquez-Vidal. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
 
What makes matters worse is that the items needed to build the device can all easily be bought from store shelves, and costs under $20 total. 
 
Also, it's nearly impossible to trace the attacker, according to the researchers.
 
The team said they built the device to show automakers what attackers are capable of, and to call for greater security in cars, which are becoming increasingly connected and more vulnerable to hacks. 
 
“The goal isn’t to release our hacking tool to the public and say ‘take this and start hacking cars,’” says Vazquez-Vidal. “We want to reach the manufacturers and show them what can be done.”

Source: Forbes



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Why make their own hardware?
By flatrock on 2/7/2014 8:25:40 AM , Rating: 2
It's good to research what a hacker could do with access to the can bus. Making their own little tool seems kind of pointless when there are plenty of devices using the ELM327 chip and a bluetooth interface for about $12, or a wifi interface for $25. Use a directional antenna and a decent amplifier and you can even get a little range and effect a car traveling down the road from another vehicle.

The keys to protecting this are the same as for any system. First and foremost physical security is essential. It hackers can get physical access to your system, your other defenses are likely to be inadequate.

The second defense is to limit the interface. Do you really need to be able to effect safety essential systems such as the brakes through a CAN bus that is user accessible?

Does the telematics system (ie. OnStar) need to be able to send messages that could effect brakes or acceleration? The OnStar system needs to receive diagnostic info, and it needs to be able to do things like unlock the doors. All interfaces should be limited to what the need to do. No unnecessary code, no broad, undocumented interfaces meant for testing that can send or receive any kind of message. You can always code such interfaces and stick them in when really needed and strip them back out of production code, but you have to make very sure they get stripped out.

This kind of thing has been done in the avionics industry for a long time. If the auto industry isn't doing it now it is time to start.




"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki