August 22, 2012

Hack and set CARS to Self Destruct

Hack and set CARS to Self Destruct

Remote attacks to Hack and set CARS to Self Destruct

Let’s say you’re driving and otherwise minding your own business, when like a scene out of Mission Impossible, a malicious hacker launches a “Self Destruct” attack on your vehicle. It could happen according to the Center for Automotive Embedded Systems Security. “It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.” McAfee executive Bruce Snell told Reuters, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary." Conversely, in regard to how vulnerable vehicles are to high tech hack attacks, John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said "You can definitely kill people."

The headlights go off; you’re touching the steering wheel but the car is instead responding to the steering of an unseen attacker, the brakes don’t respond no matter how hard you stomp on them because someone 1,000 miles away has remote control of your vehicle. It might seem like your car is haunted if it suddenly responded to nothing you did and everything an outside attacker did, but it’s not a job for Ghostbusters. So who you gonna call? How about Barnaby Jack! He’s made ATMs spit out cash like a person hit the big-time jackpot and showed the public just how easily medical devices can be remotely hacked in a public space from 300 feet away from the victim.

Although some news stories make it sound like McAfee Security Researcher Barnaby Jack just joined the hacking team to attack embedded devices and protect vehicles from viruses, Jack is a member of the McAfee TRACE (Threat Research and Central Intelligence Experts) team who specialize inembedded device security. Jack is part of the TRACE team investigating how to protect embedded systems, hardware and devices from next-generation hacking attacks. That research includes finding and fixing vulnerabilities such as those in medical devices and car systems. As we read about the endless attack vectors in the computer with four wheels in which we sit inside and drive at high speeds, it makes us feel a bit better to know Jack is on the job.

McAfee Labs is not the only security firm predicting [PDF] embedded hardware is "the promise land for sophisticated hackers." SANS Technology Institute reported on 2012 - 2013 security predictions, including malware that morphs into scareware and attacks embedded systems in your vehicle. Possible scenarios included being locked out or locked inside until you pay a ransom via your smartphone. Electronic control units (ECUs) connect to one another and to the Internet, “making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.” These ECU interconnected systems, ranging from the engine, brakes, navigation, lighting, ventilation, music and entertainment systems, and even Bluetooth headsets in cars, are vulnerable to remote attacks.

While some concerns are more privacy-centered, like your car’s black box is spying on you and may be used against you in court and the Nissan Leaf secretly leaking your location and speed to websites, other research, like war texting to steal a car or hacking to pwn a cop car, focuses more on security. SNOsoft Research exposed the level of risk associated with cars built after 2007 when it delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Another example was when Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego, created a virus to infect dealership diagnostic tools and pass the infection on to any car connected to it afterwards. Then his team, via the Internet, could “download just about any functionality we wanted -- disable the car, listen to conversations in the car, turn on the brakes, etc."

"Basically anything under computer control in a car is vulnerable to malicious attack," reported computer scientist Stephen Checkoway. “This includes the brakes, engine, lights, radio, wipers and electronic display. If a computer controls it, it can be controlled by an attacker.” Checkoway warned, that malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers."

Even doctored CDs inserted into players could be used as a vehicle attack vector [PDF]. Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington, explained that hackers could “deliver malicious input by encoding it into a CD or a song file, which may ‘live’ on an iPod or other MP3 player, or by installing software that attacks the car's media system when it connects to the Internet.” Roesner added, “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio."

Other car hacking and remote access warnings included that attackers could exploit computerized car components for sabotage, espionage, GPS tracking and overriding theft detection/prevention systems. Recently high tech car thieves stole a BMW in three minutes by using the on-board diagnostics (OBD) port to reprogram a blank key fob from outside the vehicle, used the cloned “key” to unlock and then make off with the BMW.

You probably don’t need to worry overmuch about this right now, but the fact that all these action/adventure or sci fi movie-type car hacks are possible is pretty alarming and sickeningly fascinating. At best, such an attack would freak us out; at worst, it could possibly crash and kill us.