Article

Alexis Ternoy
Alexis Ternoy 26 November 2015
Categories

SuperHack: What The Zero-Day Exploit Means For Your Daily Commute

Why there is just no way we'll ever keep hackers out of our cars.

 

Attendees at DefCon conference in Las Vegas last month sure had a lot to feel smug about. With the GM and Chrysler car-hacking stories fresh on the minds of the the general public, hackers were once again in the mainstream spotlight.  Only this time it wasn’t just about big corporation data breaches…it was something that could affect everyone’s daily commute.


With the encroachment of the connected lifestyle into the vehicles we drive, experts are having a hard time keep ahead of security risks.  This past July, Wired Magazine published an article describing what a mid-commute car hack would feel like.  Two weeks later, the Washington Post picked up the story and it went large.


The story?  Reporter-turned-crash-test-dummy Andy Greenberg volunteered to have his drive through busy St. Louis highways hacked en-route and the results were unsettling. Hackers were able to control every aspect of the Jeep Cherokee Greenberg was driving, including the accelerator and the brakes.


Should you be worried?


Car hacking has been on the minds of tech-savvy readers for years now.  We used to simply worry about hackers stealing our cars but now with the Greenberg story we’re worried our next road trip will turn into a fatal disaster.  Hacking can have many outcomes, but the reasons we used to think we were immune no longer reassure us.

For many the answer for a hack-proof car has been one or both of the following things:

  • keyless entry cars
  • electric cars

Keyless cars seemed impervious to hacking because they require presence of the key fob in order to run.  Electric cars were simply impossible to hotwire because the technology of the car is completely different.  The “wires” you need to connect would fatally electrocute you.


Keyless cars and hacking


Owners of keyless cars originally loved the idea that their vehicle could never be hot-wired.  Matching computer chips from the car and the keyfob must be near each other in order for the car to start…you can connect all the wires you want but unless that keyfob is there, no dice.

But now that’s been proven wrong.


Just this week, news broke that Volkswagen keyless entry cars were vulnerable to hacking…and the car manufacturer has known about it since 2012!  Seems the apps used by keyless car owners are vulnerable to hacking, allowing coders to “learn” the codes used by the chips used to start the car.  No fob, no problem.


Electric cars and hacking


Electric cars have traditionally been though of as hotwire-proof.  That’s because they require a continuous loop of current in order to keep moving…one which, without the keys to the car, must be made by hand.  This requires genius-level knowledge, disassembly of the car, and lots of luck…oh, and the ability to withstand many amps of current running through your body as you complete the loop of current required to run the car while your partner drives it away.   In case you need to brush up on the properties of electricity, it’s not something you want to happen.  Count on having to wire yourself up to the car every time you need to drive it, too.


Now, however, hacking an electric car has been done via laptop.  Of course this still requires access to the car so you can plug into the dashboard, but that problem is far less troublesome than the problems arising from electrocuting yourself during your theft operation.

The irony here is that your Tesla might still be “hotwire proof” if only it didn’t have web capability!


Browser updates have never been so important


The Tesla car hack was carried out through the browser used by the car’s infotainment system.  In this incident, it was an outdated browser which contained a vulnerability security teams have known about for more than four years.  Found in Apple WebKit, the vulnerability is called the Zero Day Exploit. 


Webkit vulnerabilities can be found in Apple Safari, Android and Ubuntu, but the Teslas ran an outdated version of Safari.  This back-door vulnerability has also exposed millions of Playstations, Android phones, and BlackBerries, as well as a host of other devices.  Hackers gleefully install Trojans or anything they like, giving them control of the device.


It’s one thing to have your Grand Theft Auto vehicle taken over, but your actual car?  Unthinkable.


It all comes down to what could be described as human error


The chips in the Volkswagens described earlier were using outdated encryption, exposing the security code to hackers.  In this case, the breach means the car can be stolen but not controlled remotely.


Still, it highlights the unsettling fact that even with teams of highly paid experts designing the most technologically advanced cars in the world, it all came down to human error.  After all, a simple matter of failing to have the latest version of encryption technology?  That’s like failing to update your virus software.


And in the case of the Zero Day Exploit used by Tesla hackers…this is truly unforgivable, given this breach is five years old.  By any definition, the Zero Day Exploit is ancient history in hacker world. The thought that an outdated browser paved the way for hackers to use this ancient relic is more than unsettling…it’s unacceptable!


It just goes to show that car manufacturers aren’t investing enough money into hack-testing the computer systems in their cars.  Universities, security firms, and startup hackers are the people discovering the security breaches, not GM, Chrysler, or Tesla.  And in the case of Volkswagen, it was actually employees of Volkswagen who discovered the flaw…but VW chose to sue them instead of thanking their lucky stars the flaw wasn’t discovered first by outsiders.


Hackers will never be stopped as long as car companies allow this amateurish level of oversight to occur.  Heck, we can’t even stop car companies from issuing cars with deadly mechanical flaws…how will we ever force them to be on top of their game with cyber security?  We have to face facts: there’s just no way we’ll ever keep hackers out of our cars.

 

Original Article

 

Read More On Digital Doughnut

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Promote Your Blog On These 30 Places

Promote Your Blog On These 30 Places

Social Media channels are one of the best ways to promote your blog content, but you shouldn’t stop there. Besides Social Media, there are more available places on the web which can be a great marketing tool for your blog promotion. I’m bringing you 30 proven places where you can promote your blog content and get great results.

Aleksej Durdevic
Aleksej Durdevic 7 December 2016
Read more
Top 10 Digital Branding & Marketing Trends for 2017

Top 10 Digital Branding & Marketing Trends for 2017

It’s time to re-evaluate and rebalance the digital approach for your company. Here are the Top Digital Branding & Marketing Trends for 2017 to watch for. The probing minds at the Borenstein Group, a Top Washington DC Digital Marketing and Branding Agency, have done the homework for you. Use it or lose it.

Gal Borenstein
Gal Borenstein 7 December 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
What Mobile App Design Looks like in 2017

What Mobile App Design Looks like in 2017

They say ‘move with the time or the time will leave you behind’. Being a startup it is important for you that you understand the trends, and amalgamate them in your business in order to attain the targets.

Nasrullah Patel
Nasrullah Patel 6 December 2016
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more