FBI: Motor Vehicles Increasingly Vulnerable to Remote Exploits

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The FBI and the National Highway Traffic Safety Administration issued this bulletin yesterday warning automakers and owners that cars are "increasingly vulnerable" to hacking. Thanks to tikiman2012 for the link.


Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.
 
No kidding, I found out on my Mazda CX-5, I can hook up a USB to Ethernet adapter, pump out DHCP, PUTTY SSH using a default password for the root account, publicly accessible, I can modify a whole bunch of settings, like enabling WiFi, change display settings, and even tap into the engine CPU from it.

Scary Sh*t there...
 
With what the FBI is doing to Apple, do automakers even bother with security? Could they defer liability to the government?
 
Motor and drive control systems (steering/braking) should be physically isolated from the other systems. No access or interconnection and only access with a physical diagnostic port. I don't care if it limits the creativity of "features". Sometimes regulation IS necessary if crap this dumb is going to happen. The first time some nationwide wireless hack hapens to an entire model year of car and 5,000 cars crash at the same time THEN the stuff will hit the fan.

It's only a short leap from wgm3446's mazda, to someone doing that remotely over the the wireless connections of thousands of cars simultaneously.
 
I custom-ordered a new truck back in 2002. I specifically ordered it WITHOUT on-star. It came to the dealership with it... I was pissed. I told them to order another truck. They ended up giving me the "security package" for free. But still... on-star is on my truck. Have I been under a rock that I haven't heard someone hack the on-star satellites and unlock every vehicle simultaneously worldwide? Seems like a priority target if I were that type of evil. So many people think "smart" means smart. Quite the opposite.
 
This is still one of the things that amazes because of how accepting of these kinds of systems being placed in cars people are and how dumb people are to be buying into IoT in general. Certain things just should not be accessible or be computer controlled. There is just no real benefit and lots of downside.
 
1997 E320 Merc for the win. Yells at me to put my seat belt on for roughly 6 seconds and then does nothing else. I cherish having to actually turn my lights on in that car. No automatic 'on'. Beautiful. I will likely keep it for another 5-10 years provided nothing major dies on it. I would consider purchasing a 2002-ish subaru wrx after that, maybe. Or find another older merc with lower miles. I like tech because sure I'm a part of this forum.. but car tech lately has been more bluetooth and distraction based goodies to woo the crowd... while the ride gets substantially worse, the interiors more spartan, and overall just gross vehicles.

Also.. tell me why we aren't getting 100mpg out of smart car sized cars and the like?

Really.. you mean to tell me I get 20mpg driving 80mph in my 20 year old merc versus 38mpg at 55mph in a late model civic?

I'll take 20mpg all day long.. even with gas at $4/gallon.
 
A lot of these issues are caused by large car makers not being afraid of skimping on IT, combined with inability to update deployed SW without every car going to dealership.

Some cars have reasonably well secured systems, while others are just a bad joke - until there are serious consequences (multi-million $ fines, or worse) for failing so miserably, that 5 year old can "hack" your car, things wont change.
 
Well, how nice of the FBI to warn us that they are hacking us for a change :)
 
tikiman2012 said:
With what the FBI is doing to Apple, do automakers even bother with security? Could they defer liability to the government?
Click to expand...
This isn't a report, this is them telling you, after apple, they'll try to get access to your cars.
 
Do cars really need that level of computerization and drive-by-wire? I enjoyed my good old fashioned 2006 mostly mechanical, minimally computerized car. It even has manual transmission.
 
I refuse to get a car with all this crap until there are proven security measures set in place. Encryption, passwords, the works.

If you need security for your email, your desktop/laptop, your game consoles, and your bank accounts, all of which are created and accessible by computers, then it stands to reason that security is needed for the computers in your vehicle.

I have to wonder: how many people getting "car-hacked" and killed is it going to take before the auto makers take computer security seriously?
 
You must log in or register to reply here.
Back
Top