Losing Control of Your Car
A while ago we wrote about how a BMW could be hacked. http://www.international-due-diligence.org/hey-who-hacked-my-bmw/ but access to a vehicles computer systems is getting more – how do we say? – available.
For $25 one can build the “CAN Hacking Tool” and with some under the vehicle plug and paly can control a vehicle. This is attached to the (Controller Area Network) or CAN bus of a car – and awaits wireless commands from a hacker’s computer. For now the device only works via Bluetooth, limiting the range of any attack but one can hack a drivers cell phone and use the cell phone to access the “CAN Hacking Tool”. What can be screwed with, braking, steering, etc…While indeed this does require physical access to the vehicle to attach and enable the device – so what? Have you ever left your vehicle unattended in a parking lot, taken the vehicle in for services or valet parked the vehicle?
One requires physical access to a car to plant a car bomb or a surreptitious GPS tracker. The neat thing about a “CAN Hacking Tool” is that once your car has been steered off a cliff or under a 50,000 lbs. 18 wheeler no one will be looking for the “CAN Hacking Tool” – just the little bits and pieces of the bodies to bury. The more computerized the vehicle the more mischief a hacker can wield and the devices are untraceable.
This is nothing new; automotive networks have been penetrated for years – mostly by those who are looking to see vulnerabilities.
Everything is now a network or plugged into a network. The weakest link in the network will allow full control of those device hooked to the network. For now there is NO security for the networks run on vehicles.
This is again an example of how the manufacturers of these systems have yet again utterly failed to anticipate security flaws allowing access to, what should be, private networks.