Saturday, November 16, 2013

Newer cars vulnerable to hackers' 'mystery gadget'



by Mark Ollig

Today’s cars are equipped with sophisticated computer technologies, providing us with increased safety, improved mechanical efficiency, and some impressive high-tech devices.

It is said tens of millions of lines of computer programming instruction code are used for the digital components inside newer cars.

However, a major concern has arisen.

All of us know computers can be “hacked” into and taken over by computing enthusiasts with the right technical knowledge and access.

Today’s major concern is: cyber-car hacking.

Car thieves have figured out how to construct a wireless-operating gadget with the electronics and computer programming code required for gaining access into our cars and their internal computer controlling units.

Yes indeed, folks, yours truly watched a video of a person approaching a newer car and unlocking its doors with a “mystery gadget” resembling a garage door opener.

The first thought which came into my mind was “uh oh, they figured it out.”

The bad guys are now using wireless computing hacking methods to break into our cars.

Another video shows how a newer car in California was recently hacked. The car owner’s dash camera recorded the culprit while standing in front of the car.

The video shows this person using the handheld mystery gadget to wirelessly unlock the car doors – emulating the action of the car owner’s keyless entry or remote smart-key fob (frequency operated button).

The intruder hurriedly got inside the car.

After apparently searching for valuables, he got out of the car and quickly walked down the street – most likely to attempt another cyber-car hacking.

So, someone has figured out the code needed to manipulate our cars’ short-range keyless remote fob and command the doors to unlock . . . wonderful.

Oh, by the way, many smart-key fobs also open the trunk; and allow the starting of the engine using the car’s pushbutton ignition – making it easy pickings for a car thief using the mystery gadget.

In 2011, two University of Washington and University of California-San Diego researchers were able to wirelessly hack into and take control of cars.

They thoughtfully withheld details of the specific car models they were able to hack into in order to prevent potential cyber-car hackers from using the knowledge.

These same researchers published two studies explaining the weaknesses of today’s computer-controlled automobiles.

One study is called “Comprehensive Experimental Analyses of Automotive Attack Surface.” You can read it at: http://tinyurl.com/bytes-univ2.

In this study, I noted on page 3 a diagram showing the digital input/output (I/O) channels of a modern car’s Electronic Control Units (ECUs).

Access to these I/O channels can be obtained via the following methods:

• Indirect physical access.

• Short-range wireless access (Bluetooth).

• Long-range wireless access.

These I/O channels include the On-Board Diagnostic system information (OBD), which normally uses a 16-pin connector to physically interface with a display box to read the car’s stored codes for various operations, and to diagnose engine and electrical problems. The OBD information is usually retrieved via direct physical access; however, a Bluetooth interface is obtainable for wirelessly gathering OBD information from the car.

The study suggests a car’s telematics (telecommunications and informatics) control unit is possibly the most vulnerable to a long-range wireless attack.

Telematics integrates with the Earth-orbiting satellite Global Positioning System (GPS), and accesses the Internet via cellular voice and data networks.

Wireless roadside assistance services (such as Safety Connect) can link with the car’s telematics device and activate the code needed to remotely unlock a car door.

Telematics connections with cellular channels (which are accessible from a long range); provide another point of entry for potential cyber-car attackers.

“Our own group documented experiments on a complete automobile, demonstrating that if an adversary were able to communicate on one or more of a car’s internal network buses, then this capability could be sufficient to maliciously control critical components across the entire car,” the study stated.

We may soon be hearing stories about “wireless drive-by cyber-auto attacks.”

This phrase can be defined as when a cyber-car hacker inside the automobile driving next to you, wirelessly takes control and manipulates your car’s computerized electronic systems by accessing an I/O channel into one of your vehicle’s control systems.

Easy folks, let’s not panic just yet.

Combating cyber-car hacking includes using application-level authentication, code encryption, and security hardening of the car’s underlying computer-coding platform.

A cyber-car hacker, using an illegally rigged, wireless car door unlocking access device, sometimes just wants to remove the sellable items found inside the automobile.

One bit (no pun intended) of common sense from your car-caring columnist: do not keep valuables inside your car or trunk when it’s unattended.

I expect to see a “vehicle cyber-defense” organization established soon to combat these cyber-car hackers – if one hasn’t been established already.

Automobile makers need to be focused on delivering new cars with built-in cyber-security safeguards.

They also need better encryption defenses for the wireless smart-key fobs, and telematics in order to protect them from being hacked into.

The following are two video news reports uploaded to YouTube showing these cyber-car thieves in action.

Both http://tinyurl.com/bytes-abc7-1 and http://tinyurl.com/bytes-abc7-3 show surveillance video of cyber-car thieves using the mystery gadget to enter locked cars.

I think back to simpler car driving days, when I cruised around in a 1977 Plymouth Volaré.

Its car door unlocked using a physical key.

Also, the Volarés’ “advanced” electronics and wireless features were contained inside the AM-FM radio, and its 40-channel CB radio, which I regularly used.