Hundreds of Thousands' of Vehicles At risk of Attack

Uploaded on 2015-07-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Hackers

Hackers_take_control_of_Jeep_Cherokee__F_3207530001_21889270_ver1.0_640_480.jpg

A security expert who recently demonstrated he could hack into a Jeep and control its most vital functions said the same could be done with hundreds of thousands of other vehicles on the road today.

Security experts Charlie Miller and Chris Valasek collaborated with Wired magazine to demonstrate how they could remotely hack into and control the entertainment system as well as more vital functions of a 2015 Jeep Cherokee.

Both hackers are experienced IT security researchers. Miller is a former NSA hacker and security researcher for Twitter and Valasek is the director of security research at IOActive, a consultancy.
As the Wired reporter drove the vehicle on a highway, the hackers were able to manipulate its radio and windshield wipers and even shut the car down.

The vehicle hack took place as Wired reporter Andy Greenberg drove the Jeep Cherokee on Rte. 40 in St. Louis. The hackers were 10 miles away at the time.
The hackers said they were able to use the cellular connection to the Jeep's entertainment system or head unit to gain access to other systems; a vehicle's head unit is commonly connected to various electronic control units (ECUs) located throughout a modern vehicle. There can be as many as 200 ECUs in a vehicle.

It took Miller and Valasek about a year to hack into Chrysler's UConnect head unit, and according to Miller, it required three steps.
•    Gain access to the vehicle's head unit/controller chip and firmware
•    Use the head unit's firmware to compromise the vehicle's controller area network (CAN), which speaks to all of the electronic control units (ECUs) throughout the car
•    Discover which CAN messaging can control various vehicle functions.

"The first step I thought would be the hardest: to find a remote vulnerability and write an exploit for it. It turned out that was actually rather easy, so I had that done in about three weeks," Miller said. "The second step I thought would be really easy, was really hard. That took us maybe three months. The final step of sending CAN messages to vehicle systems was simply an exercise in discovering which messages controlled which functions, Miller explained.

Jon Allen, a principal analyst at consultancy Booz Allen Hamilton, said he was uncertain whether the hackers' prior access to the vehicle helped enable the attack.

At the DefCon hacker conference in 2013, Miller and Valasek demonstrated they were able to hack into a Ford Escape and a Toyota Prius and control the brakes and steering. That hack, however, required physical access to the onboard diagnostics (OBD-II) computer port on each vehicle. Since 1996, OBD II ports have been standard on all U.S. vehicles, and they allow access to ECU data.
"That's no different from pouring sugar into a vehicle's gas tank. All you need is physical access. Valasec and Miller are good about getting headlines," Allen said. "They did have physical access to the vehicle before they hacked it."
Miller said the Chrysler Jeep Cherokee belonged to him, but prior access to the vehicle was not needed for the zero day-style attack to take place.
"We could have easily done the same thing on one of the hundreds of thousands of vulnerable vehicles on the road," Miller said. "We gained access by exploiting a vulnerability that was present on the head unit (i.e. the radio/navigation thingy) that was accessible over the Internet. It did not require any physical access or changes to the vehicle."
The attack, will work on any Chrysler vehicle with the Uconnect telematics system from late 2013, all of 2014, and early 2015 -- that includes Dodge, Ram and Jeep model vehicles.

The physical equipment needed to perform the vehicle hack was relatively simple: Miller and Valasek used a Kyocera Android smartphone as a W-iFi hotspot connected to a MacBook laptop. The head unit on the Chrysler was linked to the Internet by Sprint's cellular network.

Vehicle manufacturers routinely collect information on vehicles through cellular networks in order to alert drivers that maintenance or repairs may be required. Today, more vehicle manufacturers are also embedding Wi-Fi routers to enable mobile Internet connectivity.

Miller said his Jeep Cherokee has a Wi-Fi option, but that it's the cellular function that allows access from anywhere.
Through the cellular connection, Miller and Valasek are able to gain a vehicle's GPS coordinates, vehicle identification number, and, more importantly, its IP address.

Miller said the vulnerability that allowed the attack is exclusive to Chrysler's UConnect head unit, but there are likely similar types of security holes on other vehicles'  telematics systems.
Miller and Valasek have been communicating their research with Chrysler for the past nine months or so, which allowed the company to release a software patch to help prevent future attacks.

Ron Montoya, consumer advice editor with Edmunds.com, said he was surprised physical access was not required for the vehicle hack, but he also doesn't think hacking a vehicle is as easy as it may seem.
"This is a group of researchers that have been dedicating their lives the past couple of years to doing this, and they have very high skill levels. They're security engineers," Montoya said. "I don't think this is something to freak out over. It does [give] awareness to automakers that they need to take a hard look at security on their vehicles."
To create more secure vehicles, Montoya believes manufacturers must ultimately find a way to isolate driving functions from infotainment systems.

Allen agreed that widespread vehicle attacks are not likely to happen in the future because there would be little monetary incentive to them and they'd require a great deal of work.
Securing vehicles from wireless hacks has less to do with a firewalls and more to do with recognizing an attack is happening and shutting it down before it can manipulate the car.
Miller agreed.
"You need to take a layered approach, just like you do in enterprise security," Miller said. "The CAN bus is very simple. The messages on it are very predictable, but when I start sending messages to cause attacks..., those messages stand out very plainly."
Carmakers could easily upgrade software to detect malicious CAN messages and instruct critical vehicle systems, such as brakes or transmission, to ignore them, Miller thinks the best way to secure vehicles is by detecting attacks as they're happening
"An intrusion detection system for the car network. It's something we've been advocating for a long time," Miller said. "Yeah, Chrysler fixed this particular remote flaw, but there are probably others. We can't build perfect software. Someone is going to hack into another vehicle head unit someday."

Computerworld:
 

« Dating Website Admits Hackers Have Stolen Data on Millions
Automobile Industry Gears Up For Cyber-Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.