Monday, June 22, 2015

Mission Secure Inc and Perrone Robotics Inc say Vehicles can be hacked in Contract Remote Vehicular Homicide

Self -Driving Car are hackable.

The experts are slowly beginning to weigh in on the most troubling aspect of Self-Driving Cars, which is the fact that they can be easily hacked as noted in the article “Self­driving cars vulnerable to cyberattack, experts warn”, published June 1 2015 by Luc Olinga, Physorg.

US security firms Mission Secure Inc (MSi) and Perrone Robotics Inc have declared that IVE (In-Vehicle Entertainment Systems) meant to make vehicles safer were in fact easily compromised, due to their connected nature both within the vehicle as well as via the Internet.

These research firms, in collaboration with the University of Virginia and the Pentagon, have tested various vehicle models and found that they can be easily hacked.

What's most troubling, is that the Security analysts were able to remotely access the test vehicles via Wi-Fi or Bluetooth connections built into the vehicles IVE. Because in most of these vehicle systems the internal Network that controls the vehicle’s Braking system and the IVE are linked, sometimes even sharing the same hard-drive, they were also able to gain control over the vehicle while it is driving.

To quote the report available on MSi's website, if your vehicle is hacked and you’re in it, the hacker can control your vehicle remotely, quote: “One attack scenario forces the car to accelerate, rather than brake, even though the obstacle avoidance system (using LiDAR) detects an object in front of the car. Rather than slowing down, the car hits the object ... at high speed, causing damage to the car and potential threat to the life and safety of the passengers in the car under attack and in the car being struck”.

In fact, according to US security firms, a successful hack would be indistinguishable from a software failure, as most of these IVE's have no internal system log to track external intrusions, quote: “If an attack were carried out successfully, automobile manufacturers have no means of quickly gathering information for forensic analysis or to rapidly deploy additional protections to cars in response to new and evolving attacks”.

So how widespread is this? And is there any defense against it?

How IVE can be hacked – Contract killing via Remote Vehicular Homicide

Reports are now coming in suggesting that these cars can be hacked.

On my blog in August 4th 2014, I'd done and article highlighting the fact that Cars are hackable via their IVE (In-Vehicle Entertainment Systems) as explained in my blog article entitled “Automotive Security Researchers tell CNN Money Vehicles are hackable - How Vehicle Entertainment Systems are hacked”.

This as many of their IVE's access the Internet either by themselves using a built in 3G or 4G LTE Radio (SIM Card Required!) or using the 3G/4G LTE from a connected smartphone.

Also the Vehicles internal Network that controls the vehicle's Braking system and the IVE, if linked and sharing the same hard-drive, present an opportunity that many hackers can exploit. Thus if a hacker gain control of the vehicle via its built in Wi-Fi or Bluetooth connection they can gain control of the vehicle.

An alternative scenario is where the victim’s Smartphone is infected with a Trojan horse app.

The victim then connects that smartphone to their vehicle IVE via the USB Cable, Wi-Fi or Bluetooth, unknowingly allowing the Trojan Horse to infect their IVE. This then allows the hacker, via the Internet, to remotely access the vehicle using that smartphone from anywhere in the world, not just within range of the vehicle's Wi-Fi or Bluetooth connectivity.

This is an even more dangerous scenario to contemplate, as basically an assassin does not have to come close to your car to hack it using the Bluetooth or Wi-Fi connectivity in some of these vehicles. All they have to do to carry out a contract killing is to install a app with a link to server that has a specially designed Trojan Horse as described in my Geezam blog article entitled “Google Play Store Apps with AdWare threat to Android Security”.

Then when the person accesses their favourite app, it remotely downloads the Trojan as an update to the app, infecting the targets vehicle remotely, giving control to the assassin hundreds of miles away via the Internet to carry out their contract killing.

These vulnerabilities  could also give government spy agencies, such as the NSA (National Security Agency) in collaboration with other Intelligence agencies the ability to hack your vehicle using back door access to apps as explained in my Geezam blog article entitled “NSA and Five Eyes Alliance in Project Irritant Horn Spying on Arab Spring Jihadists”.

Not only could they spy on persons of interest, but should it become necessary, they might be able to commandeer the vehicle and crash it. Thus, the NSA would thereby be committing Remote Vehicular Homicide from hundreds of miles away!

Apple Carplay and Android Auto – Possible Vulnerabilities makes them Assassin’s Weapon of Choice

The automakers listed in my original article automakers may soon expand, as both Apple and Google have introduced their versions of a portable IVE on a smartphone.

Apple's version, called Apple Carplay, was launched in March 2014 gives the driver access to Apple's Siri to supplant their vehicles IVE as reported in my blog article entitled “Apple to launch CarPlay at Geneva Auto Show in Geneva, Switzerland - Siri Voice Assistant and Primesense bring Hands-free Remote Control Revolution to The Grand Budapest Hotel”.

Apple Carplay along with Google's Android Auto is now coming to Cadillac's CUE (Cadillac User Experience) IVE for several of their 2016 vehicle models as reported in the article “Apple CarPlay among multiple Cadillac improvements”, published 10 June 2015 by Wayne Cunningham, CNET News and “2016 Cadillac models will get CarPlay and Android Auto”, published June 9, 2015 By Chris Ziegler, The Verge.

Apple Carplay and Android Auto are also coming to GM (General Motor) 2016 models as well as reported in the article “Chevy bets big with Android Auto and Apple CarPlay in 2016 line-up”, published May 27, 2015 by Wayne Cunningham, CNET News .

At this rate, by 2017, most vehicle manufacturers would have IVE's that can interface with Apple Carplay and Android Auto via their smartphone. This might include Google’s’ self Driving Buggy cars, set to hit the roads in June 2015 as argued in my blog article entitled @Google’s Self-Driving All-Electric Vehicles in June 2015 – Autonomous Vehicles reduce Road Accidents, Parking and make Ride Sharing the Norm” making hacking yet another obstacle the must navigate.

Thus, by 2017, it would become a hacker's paradise, making these vehicles the Assassin’s Weapon of Choice.


No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.