More car hacking

:tspry:

Once this becomes possible with off the shelf hardware and commonly found scripts…GULP!

I have been thinking about a pre OBDII car anyway, this helps me make my decision. :tinfoilhat:

Better hurry up, Obama and Cuomo are going to try and save just 1 child and ban carburated motors. :wink:

Some auto manufactures are building technology similar to firewalls to protect critical components from random malicious data being injected into the canbus.

This kinda shit really illustrates the need for ethical, off sec hacking. Can I get a firewall for my enhanced state ID? Take some tinfoil from my hat and wrap the card in it?

Think about this…I slam on your brakes when you’re on the 190 doing 75…and all it looks like is a car malfunction.

Cars are coming with apps now for remote start, locking, etc. I assume that makes it 10x easier to manipulate

Everything becoming a micro computer, talk about a hackers wet dream. Maybe IPv6 will save us. LOL

So a real world attack on this would be removing someones tail light plugging in a small form factor computer(think raspberry pi) with a GSM/cell phone modem then reconnecting the tail light.

If you’re even more leet hacking the car over a TPMS sensor, Onstar, Bluetooth, CD player, etc

2008ish+ cars use canbus

Some bros I know put this out

http://opengarages.org/handbook/

This is crazy but very interesting at the same time.

http://illmatics.com/remote%20attack%20surfaces.pdf

Charlie Millers & Chris Valaseks blackhat talk

How you could have remotely unlocked any of 2.2 million BMWs with ConnectedDrive

Hackers Remotely Kill a Jeep on the Highway—With Me in It

Annnddd they released a patch to fix it - http://www.wired.com/2015/07/patch-chrysler-vehicle-now-wireless-hacking-technique/

Pretty sweet stuff :tup:

I just got involved in the RFP process for doing security testing on another car platform will be cool if we land it.

Software updates for your jeep! http://www.driveuconnect.com/software-update/

How soon before all manufactures are implementing over the air updates like Tesla… and how soon before THAT’S hacked…

If you put a little thought into implementation it’s not that bad to do securely.

Andddd on star hacked

https://threatpost.com/ownstar-device-can-remotely-locate-unlock-and-start-gm-cars/114042

Car hacking just jumped up a few levels. A security researcher has built a small device that can intercept the traffic from the OnStar RemoteLink mobile app and give him persistent access to a user’s vehicle to locate, unlock, and start it.
The device is called OwnStar and it’s the creation of Samy Kamkar, a security researcher and hardware hacker who makes a habit of finding clever ways around the security of various systems, including garage doors, wireless keyboards, and drones. His newest creation essentially allows him to take remote control of users’ vehicles simply by sending a few special packets to the OnStar service. The attack is a car thief’s dream.
Kamkar said that by standing near a user who has the RemoteLink mobile app open, he can use the OwnStar device to intercept requests from the app to the OnStar service. He can then take over control of the functions that RemoteLink handles, including unlocking and remotely starting the vehicle.
“After a user opens the RemoteLink mobile app on their phone near my OwnStar device, OwnStar intercepts the communications and sends specially crafted packets to the mobile device to acquire additional credentials then notifies me, the attacker, about the vehicle that I indefinitely have access to, including its location, make, and model,” Kamkar said in a video demonstrating the device.

https://youtu.be/urpClLmETQA

Just started a project with an auto manufacture reviewing security and defenses on upcoming model releases :tup:

https://scontent-iad3-1.xx.fbcdn.net/hphotos-xtf1/v/t1.0-9/12644780_10153378886170060_3350533421094004005_n.jpg?oh=6760151d57e091676480cb112d413212&oe=57472159

Doing some canbus stuff today testing some new software and tools :tup: