Mercedes SLK World banner

1 - 1 of 1 Posts

·
Premium Member
Joined
·
14,691 Posts
Discussion Starter #1
It’s becoming clearer that most any car is hackable. Reports before, during, and after DefCon showed that. Here’s the most recent hack news: The ubiquitous Samy Kamkar showed how his OwnStar device was adapted to get into the car via their remote iOS apps. He targeted BMW Remote, Mercedes-Benz mbrace, and Chrysler Uconnect services, all on Apple iOS.

Today?s car hacks: BMW, Chrysler, Mercedes-Benz on iOS | ExtremeTech

and some more:|



Security flaw affecting Volkswagen, Fiat and Volvo cars revealed after two-year injun
Researchers have revealed vulnerabilities in a vital security chip used in vehicles from companies including Volkswagen, Fiat and Volvo after a two-year court injunction prevented them from releasing the information.
A research paper, Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser, was to be unveiled at the USENIX security conference in 2013. But it wassilenced for two years after an injunction filed by Volkswagen in the UK High Court.
The research uncovered flaws in a car transponder known as the Megamos Crypto, an anti-theft tool that prevents an engine starting without a key being close to the vehicle.
Researchers Roel Verdult, Flavio Garcia and Baris Ege found that car manufacturers including Porsche, Ferrari and Alfa Romeo use the affected transponder and that the radio frequencies it uses can easily be hacked.

The research was revealed to car companies in 2012, but is only now being publically released.
The security researchers said they were able to execute the attack "in practice" on several vehicles.
"We were able to recover the key and start the engine with a transponder-emulating device. Executing this attack from beginning to end takes only 30 minutes," the research paper stated.
"Our attacks require close range wireless communication with the immobiliser unit and the transponder. It is not hard to imagine real-life situations like valet parking or car rental where an adversary has access to both for a period of time.
"The implications of the attacks presented in this paper are especially serious for those vehicles with keyless ignition. At some point the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate."
Security expert Graham Cluley said that the report is a warning to car manufacturers that use radio frequency identification technology.
"Maybe the paper in its current form is not quite a blueprint for sophisticated criminals to steal luxury cars with ease, but there remains a clear problem for the car manufacturers who have sold millions of vehicles with potentially vulnerable systems," he explained.
Nicko Van Someren, chief technology officer at Good Technology, suggested that the news is indicative of the rush to connect devices to the internet.
"This is a great example of what happens when you take an interface that was designed for local access and connect it to the wider internet," he said.
"Increasingly, in the rush to connect ‘things' for the Internet of Things, we find devices that were designed with the expectation of physical access control being connected to the internet, the cloud and beyond. If the security of that connection fails, the knock-on effects can be dire and potentially even fatal."
A VW spokesperson told V3 that the firm has "an interest in protecting the security of its products and its customers."
"In this connection Volkswagen does not make available information that might enable unauthorised individuals to gain access to its vehicles. In all aspects of vehicle security, be this mechanical or electronic, Volkswagen goes to great lengths to ensure the security and integrity of its products against external malicious attack."


Security flaw affecting Volkswagen, Fiat and Volvo cars revealed after two-year injunction - IT News from V3.co.uk
 
1 - 1 of 1 Posts
Top