Can cars be hacked and used to assassinate people?

I still think they need prior access to the car. And Joe....why not kill him BEFORE he spills the beans?
 
I still think they need prior access to the car. And Joe....why not kill him BEFORE he spills the beans?
I agree just found it interesting .. seems the way they had it ripped apart they did access its ECM
 
Perhaps you'd make a better case if you explained how his car could have been remote controlled into a tree.

Why would the Pentagon be sponsoring research into hacking into car computers?

http://www.independent.co.uk/life-s...tely-control-steering-and-brakes-8733723.html

Researchers hack cars to remotely control steering and brakes
As more electronics are introduced into vehicles the danger from hacking attacks also rises

A pair of US hackers sponsored by the Pentagon’s research facility Darpa, have demonstrated their ability to hack the computers in cars, remotely controlling the acceleration, braking and steering inside a Ford Escape and Toyota Prius.

This new threat is thanks to the growing ubiquity of electronic control units (ECUs); small computers that are installed in the majority of modern cars in order to control a whole range of functions from heated seats to emergency crash avoidance.

Charlier Miller, a security engineer at Twitter, and Chris Valasek, the Director of Security Intelligence at IOActive received an $80,000 grant from the US government in order to research these new vulnerabilities. The pair will present their full findings at hacker conference Def Con in Las Vegas next month.

The hacks were accomplished by connecting to the cars’ computers via the on-board diagnostics port, usually used by mechanics to identify faults. From this entry point Valasek and Miller sent a series of instructions to the car that overrode commands from the driver.

The pair were able to change the read-out on the fuel tank and the speedometer, disable the brakes, tighten the seat-belts (the cars engage this function in the event of a crash) and even take control of the wheel, remotely swerving the vehicle to the side – a hack that could be deadly on a busy road.
Toyota were dismissive of the research, claiming that the cars were not actually ‘hacked’ because the work required physical access to the car. Valasek and Miller have responded by noting that wireless access to cars’ on-board software has been possible since 2010, with a range of techniques from Bluetooth bugs to app malware used to gain access.

The pair said that connecting the dots between remotely accessing a vehicle’s software and hacking those same systems isn’t difficult.

Valasek and Miller hope that their research will alert the car industry to the dangers of on-board electronics. "We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars,” Miller told the BBC.
Content from External Source
 
Even self-hacked the response to one of them. That's pretty extreme.

lee h oswald said:
Why would the Pentagon be sponsoring research into hacking into car computers?


DARPA sponsored all kinds of hacking research. The aim is to improve cyber security.

The "fast-track" program that funded Miller was shut down recently, funding.
http://www.infosecurity-magazine.co...e-to-hackerfriendly-cyber-fast-track-program/

Here's the original program page:
http://web.archive.org/web/20130318011230/http://cft.usma.edu/
 
Last edited by a moderator:
The DOD is also working on self driving trucks. A huge amount of fatalities in Afghanistan are to folks in truck convoys. If a truck does not need a driver, that will reduce that type of loss. A concern would be is them being hacked and either used against others or for theft.
 
Can't they isolate the control system computer from all other electronic interaction, eg bluetooth connectivity?
I hate not being able to wind down my own window when I need to. This amount of control being dependent on a centralised system seems like a bad idea.
 
Can cars be hacked and used to that end? Most assuredly the possibility exists with modern cars, but let's not forget the limitations of those attacks:

  • The attacks demonstrated in the video require at the very least ODB-II access, meaning someone would ostensibly have to get into the car at some point if that were indeed the vector used. Additionally I think some of the more complicated attacks required tapping into wires directly, as evidenced by the fact that they basically dismantled the entire dashboard.
  • Bluetooth is another possible attack surface, though in my understanding most critical car systems are separated from the bluetooth functionality(which is typically for making phone calls and entertainment, not to interface in any way with the car's systems). Also, the common variety of Bluetooth, class 2, is of fairly limited range - about 10 meters.
  • Car companies are aware of the inherent problems with ECUs from a reliability and safety standpoint. It is in their interest to develop systems that would not place the occupants of the car in danger in the event of a software/hardware malfunction. Now, as evidenced by the video, the argument can be made that car companies do not or have not paid enough attention to security, but we shouldn't forget that they *do* pay attention to reliability in the case of hardware/software malfunction. In all likelihood the driver in the video is able to stop the car by applying the e-brake fully. Note that many of the attacks are not literally applying the gas or brakes at random, but rather tricking the car's collision avoidance system into believing it was about to get into an accident and thus behaving erratically compared to the actual driving conditions.
  • To that end, I believe(but could be wrong) that effort is being made on the part of manufacturers to separate critical car functionality from the more general-use computers on board such as navigation and entertainment systems, similar to aircraft(see: recent hype around mobile app that could supposedly take over airplanes, but was really tricking their altitude separation systems and nothing more).
 
This is a tricky one, with no real answers....yet. Being that most self driving cars are running some version of Linux, the software is being treated the same as if it were simply in a device. That means there are supposed layers to everything and the system is supposed to be doing everything in a separate layer as the os. However, as can be seen by devices, it doesn't always work, shortcuts are taken (for a short time, to be patched later), and in general things are done incorrectly.
Time will tell if someone can be killed remotely in a self driving car. My money is on yes. I live in a city that is a testing ground for self driving cars, I have to deal with these very unsafe vehicles everywhere. The simple fact that the company where I live refuses to turn over any crash data is very troubling, but they are a civilian wing of the Federal government, and want us to blindly believe them when they state that 'no accident was our fault'.
This is extremely troubling for many including me. I have tried to reach out and talk to them about how unsafe their vehicles are, and they refuse to talk to me.
So, I will say this about self driving cars: I have been studying them and how they work, I have dumpster dived and found the software being used, I know the frequency ranges being used and earmarked for them. If the silence continues until the eventual release to customers to be driven on city streets; I will be releasing a packet of info on torrent sites and on hundreds of deep-web sites detailing how to shut the cars down at any time in almost any place. Somebody may not use your car to kill you, but will most likely prevent you from getting to where you are going by creating dead spots on roads and highways to render your vehicle useless and stuck in a traffic jam with other cars that can't go anywhere either.
 
The simple fact that the company where I live refuses to turn over any crash data is very troubling, but they are a civilian wing of the Federal government, and want us to blindly believe them when they state that 'no accident was our fault'.

The company where you live? Typo? Care to elaborate otherwise?
 
You could simply need to put pinholes in the brake lines, or cut the steering column to within a few turns of snapping, or fix it so the throttle cable sticks. Or all 3 if you really want to be sure. Which is to say a hacksaw is cheaper than a zero-day exploit...
 
You could simply need to put pinholes in the brake lines, or cut the steering column to within a few turns of snapping, or fix it so the throttle cable sticks. Or all 3 if you really want to be sure. Which is to say a hacksaw is cheaper than a zero-day exploit...

You could do all of those things, but they might leave traces of foul play.

The theory that Michael Hastings was murdered in this way has some plausibility (ie it is possible), but extremely improbable.
 
IMG_3936.JPG Good luck trying to hack my car....
ewwww Fuchs!!!

Also the Steering was only able to be hacked into because the car had a self parking system and they tricked it into thinking it should be doing a parking maneuver.
so right now I don't think they could sensibly do anything to a person's car as standard without this access but it is useful for car manufacturers (and the military who want self driving vehicles) to look at. The military want to know how to prevent others tampering with them and how to tamper with other cars. Car manufacturers want to know their cars are safe and that you can't trick a car into thinking it is being emissions tested and reduce the performance for example.
 
The military want to know how to prevent others tampering with them and how to tamper with other cars.

The irony of modern warfare against terrorist organisations is that the higher tech we employ, they counter it by lower tech solutions. We spent billions on EOD technical solutions in Afghanistan, and the Taliban replied by making IEDs with zero metal content...

Stick to pre ECU era vehicles and this capability is somewhat useless...
 
Also the Steering was only able to be hacked into because the car had a self parking system and they tricked it into thinking it should be doing a parking maneuver.
so right now I don't think they could sensibly do anything to a person's car as standard without this access
This summer they say (with this particular jeep) they could only takeover steering when the car is in reverse. Is that the same thing you are saying?
The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse
Content from External Source
I hear this isnt possible really to do as the internet providers themselves have locked down access, But this summer they learned to hijack certain cars through the wifi entertainment systems. (dont quote me as this tech stuff is confusing)

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Content from External Source
oddly enough as i searched for the above link a new article october 2, 2015 popped up about legislation issues

Regulatory agencies are trying to use copyright law to crack down on dangerous tampering with automobile computers, sparking fears that they will stymie needed cybersecurity research.

As Internet-connected cars proliferate on the roads, so too do the opportunities for hackers to uncover and possibly exploit software security flaws — for good and bad. http://thehill.com/policy/cybersecurity/255832-fear-of-lawsuits-chills-car-hack-research
Content from External Source
 
This summer they say (with this particular jeep) they could only takeover steering when the car is in reverse. Is that the same thing you are saying?
The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse
Content from External Source
Kind of. In the film they specifically said that they tricked it into thinking it was going in reverse and that it was trying to do the parking maneuver and that if they had let it, it would have done 2 full revolutions of the wheel
 
Back
Top