Thursday, March 12, 2015

14-year-old hacks connected cars with $15 worth of electronics parts


A 14-year-old boy has stunned the automotive industry by showing how to hack into connected cars with apparent ease.
Armed with only $15 of simple electronics gear he bought from RadioShack, the boy was easily able to unlock and start a connected car. The make of vehicle that was breached has not been revealed, but it is said to be one of the larger brands.
The news has been described as a “pivot moment” in car security, and is of great concern to the automotive industry, which is investing heavily in designing and building connected and even self-driving cars. Such vehicles will inevitably become the norm in the coming years as people look for safer driving experiences – with their cars connected to local infrastructure such as traffic signals and emergency services – but security concerns only seem to get worse.
The 14-year-old boy, who has not been named, built his own circuit board overnight. The next day, the boy was able to easily hack into the car, and unlock its doors and remote-start the engine. He also set the wipers going and was able to make the car play music from his mobile phone. Just to press the point, he then flashed the headlights to the beat.
The hack was part of a cyber security competition run by nonprofit research and development organization Battelle.
Dr Anuja Sonalker, lead scientist at the organizaton, said this was a “pivot moment”, according to the Auto Blog. She added: “For the automakers participating, they realised, ‘Huh, the barrier to entry was far lower than we thought’. You don’t have to be an engineer. You can be a kid with $14.”
The automotive and technology industries are investing heavily in connected cars. Last month, Ford opened a huge dedicated factory in Silicon Valley, Google is also investing extensively on developing self driving vehicles, and Apple is rumored to be developing an electric car. Security is becoming an ever wider issue in the industry, and hacks have also been demonstrated on a Chevy Impala and BMW in recent weeks.
The most critical threats to connected cars are intrusions, fraudulent warranty claims, safety and theft, as well as malware, full data injection, misbehavior, and driver data leakage, according to Sonalker.
Earlier in the month a vulnerability with BMW's Connected Drive was exposed, which has since been fixed.
Recently a vulnerability with BMW's Connected Drive affecting 2.2M vehicles was exposed.
She describes full prevention as “mission impossible” and argues instead that effective threat management and minimizing the resulting damage is crucial. For this, better standards and detection systems, as well as cooperation between government and different manufacturers, is crucial.
“We may not get it right the first attempt,” she said at a Center for Automotive Research presentation last week, “but the first comprehensive multi-party attempt is the right approach.”
The threat does not stop at cars, Sonalker said, according to a report in the Detroit Free Press. A hacker could move from a connected vehicle to the power grid, or police and fire networks. One key to security in that situation will be to quickly isolate hacked vehicles from the network. Read More

No comments: