Monday, August 4, 2014

Automotive Security Researchers tell CNN Money Vehicles are hackable - How Vehicle Entertainment Systems are hacked

Looks like we’ve got a problem here that’s gonna make me afraid of driving yet again.

CNN Money in an exclusive report, has obtained test details shared with them by Security Researchers Charlie Miller and Chris Valasek, revealed a laundry list of Motor Vehicles that are hackable using off-the-shelf gear, allowing hackers to take control of the vehicle as stated in “Hackers control car's steering and brakes”, published August 1st 2014, CNN Money.

And here was I thinking only Internet connected Home Appliances were hackable, although I did predict Cars would be hackable soon as pointed out in my blog article entitledProofpoint says Refridgerator hacked and used to send Spam email - Internet of Things Terminator 3 Rise of the Machines for hacker's DDOS and Spambots”.

As my many followers know, I’m not so crazy about driving. This despite having worked at various companies, including C&W (2001 to 2004) and CLARO Jamaica (2008 to 2009) based on my work experience plainly laid out in my Engineering Resume and Diploma and Degree qualifications, where driving was a part of the job description.

But if this is even half true, it would mean in the future, it would be possible to assassinate someone by taking over their vehicle remotely and causing either the engine to fail or the onboard ADAS System to fail, crashing the vehicle and killing the occupant. Not a good thing to contemplate, but according to the Security Researchers Charlie Miller and Chris Valasek, very possible, no matter their credentials!

Cars are now Hackable – From Jeep Cherokee to Cadillac Escalade, Brakes can be compromised remotely

That list consists of some 20 cars that the Automotive Researchers tested. The one of greatest interest are as listed below, arranged from Most to Least Hackable:

1.      2014 Jeep Cherokee
2.      2015 Cadillac Escalade
3.      2014 Toyota Prius
4.      2014 Dodge Viper
5.      2014 Audi A8

The reason why they're so hackable?

In the case of the 2014 Jeep Cherokee and the 2015 Escalade, it connects to the Internet via the OnStar Cellular Network. The 2014 Audi A8's On-Board Systems are on a different Network from its Wireless Communications Networks. As for the 2014 Dodge Viper, it’s a speed demon; very basic controls geared at speed, not Tech geekingness that a Connected Car would bring to the table.

Their Brakes, Steering, Tire Pressure Monitor and Engine Management are on the same Internal Vehicle Network as the Entertainment System in most of the models. According to the researchers, a hacker can create a virus that may be uploaded to a smartphone and then transferred to the Car's Entertainment System when it synchronizes.

Then once the viruses install itself on the Car's Entertainment System Hard-Drive, it searches for Internet access capability as it maps out the Car's Network connected components, which of course would consist of the Brakes, Steering, Tire Pressure Monitor and Engine Management systems. Then the Hacker, once within range with a Wi-Fi Router and a smartphone, Tablet or even Laptop, can remotely contact their Trojan Horse and remotely control the car.....with deadly consequences.

Vehicular homicide may be a new Crime that the American Police will have to start looking into once these connected All-Electric Vehicles reach critical mass as predicted in my blog article entitled “InsideEVS stats says All-Electric Vehicles Growing Strong - 500,000 by 2020 is a potential Robotic Self-Driving Army”.

This suggests that In-Car Entertainment systems such as Apple's CarPlay as described in my blog article entitled Apple to launch CarPlay at Geneva Auto Show in Geneva, Switzerland - Siri Voice Assistant and Primesense bring Hands-free Remote Control Revolution to The Grand Budapest Hotel” can become vectors for transmitting computer viruses via synchronization.

How to remove Virus from your Car – Portable Anti-Virus Scanners are very handy

Good to know that Intel's McAfee had already begun researching hacking vulnerabilities in All-Electric Vehicles since August 2012 as I'd reported in my Geezam blog article entitled “Intel’s McAfee researches Virus attacks on All-Electric Vehicles as AI’s Project SARTE hits the road”.

By 2015, when Google’s fleet of 100 Self-Driving All-Electric Vehicles hits the road as stated in my blog article entitled Google 100 strong Fully Autonomous All-Electric Vehicles launched – 25 mph Limit on AI Chauffeur in 2015 with Black Boxes makes Crashes like aeroplanes”, we’ll find ourselves in a world where Vehicular Homicide may become another way to murder the motorist remotely.

Ultimate revenge for disgruntled pedestrians; killing persons using their own vehicle and making it look as if the vehicle lost control and crashed, placing blame squarely at the feet of the Vehicle. Motor Vehicle Insurance Claims would skyrocket if this problem isn’t attacked from early.

But if you happen to have any of the Motor Vehicles on this list and you already use some form of In-Car Entertainment System that connects to the Internet, then a simple virus scan using a Portable Antivirus as described in my blog article entitled “How to Use Portable Anti-Virus Programs to Remove Viruses from smartphones and Tablets - Fantastic Five Portable Anti-Malware and Anti-Virus Programs on a USB Stick” can eliminate viruses in your Car.

Just connect the Laptop to your Car’s USB Port and run the Portable Antivirus program on your Laptop. It will pick up the Car’s Hard-Drive like an externally mountable Hard-drive and scan it and remove any malware it detects. Might as well do the same thing for your smartphone, otherwise when you re-synch you’ll be re-infecting yourself all over again and anyone else who decides to use you Apple iPhone.




No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.