Sunday, December 08
GO AHEAD POST YOUR ARTICLES/CRITIQUES HERE FOR THE WHOLE WORLD TO COMMENT
your opinion..matters
Like Haha Love Sad Angry
 BETA
Kritik
  • Home
  • About us
  • Categories
    • Arts and Literature
    • Banking and Financial
    • Business Services
    • Campaign
    • Consumer Products
    • Current Affairs
    • Economics
    • Education
    • Entertainment
    • Food and Beverage
    • Healthcare
    • International Affairs
    • Kritik’s Newsletters
    • Letters
    • Lifestyle
    • Opinion
    • Personal Development
    • Politics
    • Public Services
    • Science & Technology
    • Service Providers
    • Social Issues
    • Sports
    • Tourism and Hospitality
    • Transportation
    • Travel and Leisure
    • Utilities
    • Others
  • Hot Topics
  • Video
  • Contact us
  • Feedback
  • FAQ?
user avatar
Register Log In
critique, kritik

Hackers are getting under the hood

Krit@@dm1N kritik
2 weeks ago
14 views

Hackers finding ways to exploit automotive software to overtake cars

by Jonathan Greig in Security  on October 28, 2019, 12:44 PM PST

A new report from IntSights details the many ways cybercriminals break into a new generation of highly digitized cars.

Over the last ten years cars have become packed full of new technology that makes it easier to play music and movies, take calls, or get directions all from your dashboard. But this digitization has come at a cost, giving cybercriminals a seemingly endless amount of access points to take over vehicles.

Cybersecurity firm IntSights recently released, “Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features,” a study on how hackers are managing to get into cars and do damage.

The study notes that hackers have infiltrated automotive systems and hardware since 2010.

“The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought,” the report said. “IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.” 

The IntSights report said most car hacking tools can be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru.

SEE: Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic Premium)

Traditionally, cars were considered too difficult to hack into and not worth the amount of time and energy required. But as cars have added Wi-Fi, GPS, and other features, the amount of attack surfaces have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.

The most popular method involves attacking a car’s CAN protocol, which can give a hacker full access to all of the vehicle’s functions. 

“The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it,” the report said. “However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”

Code grabbers

Cybercriminals have also been able to attack a car’s Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them. 

These kinds of code grabbers are now widely available on the dark web, and there are dozens of forums throughout the web where cybercriminals can congregate and share best practices. 

The IntSights study says certain tools, like one named “RollJam,” can work on any car and can be bought for as little as $32. Cybercriminals are also offering other tools like Panda DXL, Grabos Panda, and Code Grabber, which can run for a range of prices reaching about $2,000. 

One of the biggest problems with modern cars are a new slate of apps designed to equip vehicles with smartphone-like capabilities. 

The study says researchers at security firm Argos did tests that proved you could take applications, reverse engineer them, and shut down a car engine, all remotely. Cybercriminals can also create faux applications that also give them control of all the car’s systems. 

Cellular connection conundrum

Hackers can even gain access through car companies themselves, which now communicate with vehicles through applications that send information to them. If there is a breach of the car company’s servers, a cybercriminal could easily mess with the information shared between the company servers and the vehicle’s brain. In addition, hackers have also been able to load malware onto a car owner’s phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware. 

The IntSights Report says Virginia Polytechnic Institute and State University scientists were able to hack into a car’s navigation system and send drivers to the wrong location. 

During a DefCon presentation in 2015, Chris Valasek and Charlie Miller showed that you could stop engines, initiate the brakes, and manipulate other vehicle functions all through a simple cellular connection.

The study said this problem will only get worse because of the need for constant updates, which may not take place considering the decades-long life of most cars. The likelihood is that most cars will eventually have gaping security holes waiting to be exploited by cybercriminals.

“In an ever-increasing digital climate, it is vital that businesses take the necessary precautions to avoid cyberattacks. Since cars are primarily attacked using remote access, security teams are often not able to detect when and where their systems have been compromised, leaving unknowing drivers susceptible,” the study said. 

“The ability to use the wireless spectrum as an entry point into the car network is the driving factor behind attacks that leverage the wireless spectrum, be it Keyfobs, infotainment systems, car diagnostics systems, or wireless tire pressure sensors. As the physical hardware of motor vehicles is a challenging target that requires malicious intent and specialized tools, we should expect to see more software attacks against infotainment systems, charging stations and mobile apps.”

Source: https://tek.io/35K9QMX

Categories: Advanced Technology Transportation

Leave a Comment

avatar
wpdiscuz_captcharefresh
avatar
wpdiscuz_captcharefresh
  Subscribe  
Notify of
Post reactions
Like (1)
Haha (0)
Love (1)
Sad (0)
Angry (1)
Related Posts
critique, kritik

Biometric payments to rock the world by 2024

3 days ago
critique, kritik

Could a windshield device replace driving instructors?

1 week ago
critique, kritik

Uber fails to meet London’s standards once again

2 weeks ago
critique, kritik

A startup made a green-energy breakthrough

2 weeks ago
critique; kritik

China enters the 6G fray with government-backed initiative

4 weeks ago
critique,kritik

Toyota, MIT researchers develop risk-based intersection model

1 month ago
Recent Posts
  • Biometric payments to rock the world by 2024
  • Page and Brin officially step away from Google management
  • 30,000 surgeons stream remote surgery consultation over TIM’s 5G
  • Lippo Karawaci and Softbank partner to develop model smart city for South East Asia
  • How To Write An Introduction For An Autobiographical Essay
Recent Comments
  • John Smith on Do you have a solid business plan in place?
  • ajitt on Outrageous salary drawn by these buggers!
  • Gebang on Cryptocurrencies “mother of all scams”
  • dev on Cryptocurrencies “mother of all scams”
  • anil on Cryptocurrencies “mother of all scams”
Archives
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • April 2017
Categories
  • Advanced Technology
  • Agriculture
  • Arts & Literature
  • Banking and Financial
  • Business Services
  • Campaign
  • Consumer Products
  • Current Affairs
  • Digital Marketing
  • Economics
  • Editorial
  • Education
  • Entertainment
  • Entrepreneurship
  • Food and Beverage
  • Healthcare
  • Human Resource
  • Humor
  • International Affairs
  • Investment
  • Leadership
  • Letters
  • Lifestyle
  • Opinion
  • Others
  • Personal Development
  • Politics
  • Productivity Tools
  • Public Services
  • Sales and Marketing
  • Scandals
  • Science and Technology
  • Service Providers
  • Smart City
  • Social Issues
  • Sports
  • Startup
  • Tourism and Hospitality
  • Transportation
  • Travel and Leisure
  • Utilities
Login with your Social Account
Kritik © 2017-2019 ZOHL Web Services | All Rights Reserved.
A Division of ZOHL Industries Sdn Bhd (351827-A)
  • Home
  • About us
  • Content Policy
  • Privacy Policy
  • Terms of Use
  • Disclaimer
  • Contact us

This site is best viewed with 1400x900 resolution (all browsers) and with IE 10.0 version only

wpDiscuz