Article

Alexis Ternoy
Alexis Ternoy 26 November 2015
Categories

SuperHack: What The Zero-Day Exploit Means For Your Daily Commute

Why there is just no way we'll ever keep hackers out of our cars.

 

Attendees at DefCon conference in Las Vegas last month sure had a lot to feel smug about. With the GM and Chrysler car-hacking stories fresh on the minds of the the general public, hackers were once again in the mainstream spotlight.  Only this time it wasn’t just about big corporation data breaches…it was something that could affect everyone’s daily commute.


With the encroachment of the connected lifestyle into the vehicles we drive, experts are having a hard time keep ahead of security risks.  This past July, Wired Magazine published an article describing what a mid-commute car hack would feel like.  Two weeks later, the Washington Post picked up the story and it went large.


The story?  Reporter-turned-crash-test-dummy Andy Greenberg volunteered to have his drive through busy St. Louis highways hacked en-route and the results were unsettling. Hackers were able to control every aspect of the Jeep Cherokee Greenberg was driving, including the accelerator and the brakes.


Should you be worried?


Car hacking has been on the minds of tech-savvy readers for years now.  We used to simply worry about hackers stealing our cars but now with the Greenberg story we’re worried our next road trip will turn into a fatal disaster.  Hacking can have many outcomes, but the reasons we used to think we were immune no longer reassure us.

For many the answer for a hack-proof car has been one or both of the following things:

  • keyless entry cars
  • electric cars

Keyless cars seemed impervious to hacking because they require presence of the key fob in order to run.  Electric cars were simply impossible to hotwire because the technology of the car is completely different.  The “wires” you need to connect would fatally electrocute you.


Keyless cars and hacking


Owners of keyless cars originally loved the idea that their vehicle could never be hot-wired.  Matching computer chips from the car and the keyfob must be near each other in order for the car to start…you can connect all the wires you want but unless that keyfob is there, no dice.

But now that’s been proven wrong.


Just this week, news broke that Volkswagen keyless entry cars were vulnerable to hacking…and the car manufacturer has known about it since 2012!  Seems the apps used by keyless car owners are vulnerable to hacking, allowing coders to “learn” the codes used by the chips used to start the car.  No fob, no problem.


Electric cars and hacking


Electric cars have traditionally been though of as hotwire-proof.  That’s because they require a continuous loop of current in order to keep moving…one which, without the keys to the car, must be made by hand.  This requires genius-level knowledge, disassembly of the car, and lots of luck…oh, and the ability to withstand many amps of current running through your body as you complete the loop of current required to run the car while your partner drives it away.   In case you need to brush up on the properties of electricity, it’s not something you want to happen.  Count on having to wire yourself up to the car every time you need to drive it, too.


Now, however, hacking an electric car has been done via laptop.  Of course this still requires access to the car so you can plug into the dashboard, but that problem is far less troublesome than the problems arising from electrocuting yourself during your theft operation.

The irony here is that your Tesla might still be “hotwire proof” if only it didn’t have web capability!


Browser updates have never been so important


The Tesla car hack was carried out through the browser used by the car’s infotainment system.  In this incident, it was an outdated browser which contained a vulnerability security teams have known about for more than four years.  Found in Apple WebKit, the vulnerability is called the Zero Day Exploit. 


Webkit vulnerabilities can be found in Apple Safari, Android and Ubuntu, but the Teslas ran an outdated version of Safari.  This back-door vulnerability has also exposed millions of Playstations, Android phones, and BlackBerries, as well as a host of other devices.  Hackers gleefully install Trojans or anything they like, giving them control of the device.


It’s one thing to have your Grand Theft Auto vehicle taken over, but your actual car?  Unthinkable.


It all comes down to what could be described as human error


The chips in the Volkswagens described earlier were using outdated encryption, exposing the security code to hackers.  In this case, the breach means the car can be stolen but not controlled remotely.


Still, it highlights the unsettling fact that even with teams of highly paid experts designing the most technologically advanced cars in the world, it all came down to human error.  After all, a simple matter of failing to have the latest version of encryption technology?  That’s like failing to update your virus software.


And in the case of the Zero Day Exploit used by Tesla hackers…this is truly unforgivable, given this breach is five years old.  By any definition, the Zero Day Exploit is ancient history in hacker world. The thought that an outdated browser paved the way for hackers to use this ancient relic is more than unsettling…it’s unacceptable!


It just goes to show that car manufacturers aren’t investing enough money into hack-testing the computer systems in their cars.  Universities, security firms, and startup hackers are the people discovering the security breaches, not GM, Chrysler, or Tesla.  And in the case of Volkswagen, it was actually employees of Volkswagen who discovered the flaw…but VW chose to sue them instead of thanking their lucky stars the flaw wasn’t discovered first by outsiders.


Hackers will never be stopped as long as car companies allow this amateurish level of oversight to occur.  Heck, we can’t even stop car companies from issuing cars with deadly mechanical flaws…how will we ever force them to be on top of their game with cyber security?  We have to face facts: there’s just no way we’ll ever keep hackers out of our cars.

 

Original Article

 

Read More On Digital Doughnut

0

Comments
Please login or register to add a comment.

Author Profile

Alexis Ternoy
Alexis Ternoy Service Delivery Manager EPAM
United Kingdom

T-Shape Entrepreneurial Director | Tech & Business | Passionate About Collaboration, Building Agile & Effective Teams | Leading Agile Teams @ EPAM I have an extensive technology and business exposure, international experience working from start-up to blue chip global companies, a proven track record of successfully delivered global strategic information technology projects and services. Passionate about collaboration, service delivery, operation, building Agile & effective teams; I am accomplished in all aspects of application and infrastructure services delivery as both an insourced and outsourced function. I have demonstrated an ability to build and maintain exceptional stakeholder relationships at all levels. Motivated and enjoy the challenge of working in passionate and diverse environment leveraging IT to help bring products to market that positively impact the lives of millions of people worldwide.

See more about this author

Skills

From product vision to design and execution, my expertise come to help my clients realise their vision.

Previous Experience

2013 - 2014 New Bamboo - Head of Account Management 2011 - 2013 Novartis - Business Information Manager 2013 - 2013 Cognizant Technology Solutions - Account Manager 2000 - 2000 Government of France Mayotte Island - Software Developer 2013 - New Bamboo - Head of Account Management 2006 - 2007 Novartis AG - Project Manager 2007 - 2007 Arval - BNP Paribas Group - Project Manager 2008 - 2010 Novartis - Technical Team Lead 2010 - 2011 Novartis - Application Service Manager - Project & Portfolio Management, BI and Strategic Documents 2002 - 2006 Think IT - Development, Project and Product Manager 2004 - 2006 Eurocontrol CFMU - European Organisation for the Safety of Air Navigation - Project Support Officer

Education & Qualifications

This user has not entered their Education & Qualifications

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
Infographic: The State of B2B Lead Generation 2024

Infographic: The State of B2B Lead Generation 2024

A new report from London Research and Demand Exchange looks at the latest trends in B2B lead generation, with clear insights around how lead gen leaders are generating the quality and quantity of leads they require.

Linus Gregoriadis
Linus Gregoriadis 2 April 2024
Read more
How much has marketing really changed in the last 30 years?

How much has marketing really changed in the last 30 years?

Have the principles of marketing changed in the age of the Internet? Or have many of the key fundamentals of the discipline stayed the same?

Ben Hollom
Ben Hollom 15 April 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more