Digital Carjackers Show Off New Attacks
Published on Jul 24, 2013
A couple of hackers show off a series of nasty new attacks on cars–with Forbes’ Andy Greenberg behind the wheel.
“Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV’s chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat.
Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day’s experiments…”
===
Digital carjackers, also known as cybersecurity researchers or hackers, have demonstrated various methods of remotely accessing and controlling modern vehicles through vulnerabilities in their electronic systems. These attacks can range from relatively benign demonstrations by ethical hackers to more malicious activities by cybercriminals seeking to exploit vulnerabilities for nefarious purposes.
Some of the potential attacks and vulnerabilities demonstrated by digital carjackers include:
1. Remote Keyless Entry (RKE) Attacks: Hackers have shown that they can intercept and replay signals from key fobs used for remote keyless entry systems, allowing them to unlock and start vehicles without physical access to the keys. This type of attack exploits weaknesses in the encryption and authentication protocols used by RKE systems.
2. On-Board Diagnostics (OBD) Attacks: Modern vehicles are equipped with on-board diagnostics systems that can be accessed through a standardized port known as the OBD-II port. Hackers have demonstrated the ability to exploit vulnerabilities in OBD systems to gain remote access to a vehicle’s internal network and control various functions, such as locking/unlocking doors, disabling brakes, or even shutting down the engine.
3. Infotainment System Attacks: The increasing connectivity of modern vehicles through infotainment systems and telematics services has introduced new attack surfaces for hackers. Vulnerabilities in these systems can be exploited to gain access to a vehicle’s internal network and control critical functions.
4. Wireless Tire Pressure Monitoring System (TPMS) Attacks: TPMS sensors, which monitor tire pressure and transmit data wirelessly to the vehicle’s onboard computer, have been shown to be vulnerable to hacking. By intercepting and spoofing TPMS signals, hackers can potentially trick the vehicle’s systems into displaying false tire pressure readings or triggering warning lights.
5. Over-the-Air (OTA) Software Updates: Many modern vehicles support over-the-air software updates, allowing manufacturers to remotely update the vehicle’s firmware and software. However, this feature also introduces new security risks, as hackers could potentially exploit vulnerabilities in the OTA update process to install malicious software or tamper with the vehicle’s software.
To mitigate the risk of digital carjackers exploiting vulnerabilities in modern vehicles, automakers and cybersecurity researchers are working to develop more secure vehicle architectures, implement stronger encryption and authentication mechanisms, and conduct regular security audits and penetration testing. Additionally, vehicle owners can take steps to protect themselves, such as keeping their vehicles’ software up-to-date, using strong passwords for connected services, and being vigilant for signs of suspicious activity or tampering.