Patrol 4x4 - Nissan Patrol Forum banner

1 - 20 of 28 Posts

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #1 ·

·
Registered
nissan
Joined
·
233 Posts
The biggest problem here is that manufacturers are so busy adding 'goodies' to make their vehicles more acceptable to the technological obsessed public that they don't even seriously consider the security implications.

Everywhere else we have hackers, particularly with regard to the financial institutions - the new automotive technology just gives those hell bent on being axxxholes a whole new challenge.

Nothing is sacred any longer.
 

·
Registered
nissan
Joined
·
1,730 Posts
I think what was more interesting about this incident was that it was done by 'white hat' hackers (supposed to be the good ones like the NSA employ by the thousands). What is scary is what would have happened if the black hat (or dark side) hackers had discovered this backdoor first.

Guess there will now be a heap of people now trying to discover other vulnerabilities or zero day exploits in all manufacturers vehicle software with a view to selling them back for $$.
 

·
Registered
nissan patrol gu6
Joined
·
1,601 Posts
The last time i was pulled over by the police (2 years ago) for being a "naughty boy" i got to chatting with the copper about all the features that new cars are coming with these days, and how good or bad we thought they were.
He informed me that in 10 years he believed they would be investigating "murder by car" saying people will figure out to access and control cars remotely.

At the time i was thinking what ever mate.
Guess i could be wrong.
 

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #7 ·
I think what was more interesting about this incident was that it was done by 'white hat' hackers (supposed to be the good ones like the NSA employ by the thousands). What is scary is what would have happened if the black hat (or dark side) hackers had discovered this backdoor first.

Guess there will now be a heap of people now trying to discover other vulnerabilities or zero day exploits in all manufacturers vehicle software with a view to selling them back for $$.
Ed Zackery. This was my underlying point, there are people who do this for kicks, without any thought for the people they affect, these are the people I worry about.

The biggest problem here is that manufacturers are so busy adding 'goodies' to make their vehicles more acceptable to the technological obsessed public that they don't even seriously consider the security implications.

Everywhere else we have hackers, particularly with regard to the financial institutions - the new automotive technology just gives those hell bent on being axxxholes a whole new challenge.

Nothing is sacred any longer.
Yes, for sure the makers have a responsibility to make these things perfect, but isn't it sad we have to do this to protect ourselves from insidious morons, there will be people out there now saying wow I wonder if I can do that, for fun or profit.
 

·
Premium Member
Triton n Lovin it.
Joined
·
26,138 Posts
It was always going to happen, once you had GPS tracking and mother boards in cars! ;)

Foo
 

·
bit cold out it seems
nissan
Joined
·
9,258 Posts
what been ignored is that everyone who has a DAB radio etc is potentially in the same position of vulnerability
That is what I was thinking exactly.

The stereo is more often than not a totally unsecured gateway into the vehicle's CAN.

The consult/OBD2 is usually the only (relatively) secured access point. lol
 

·
Premium Member
Triton n Lovin it.
Joined
·
26,138 Posts
Ok I'm ignorant, what is a DAB radio? :confused: (Digital Analog Broadcast) :oops:

Foo
 

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #12 ·
Ok I'm ignorant, what is a DAB radio? :confused: (Digital Analog Broadcast) :oops: Foo
A very smart boss I had many years ago pointed out that often technology outstripped regulation, this is a classic case, but nonetheless sad.
 

·
Registered
nissan
Joined
·
2,994 Posts
And this is why vendors / manufacturers need to build security into their products from the start, not make a half-arsed attempt as an afterthought.

But, in the same way we have idiots who will pay through the nose to be able to turn their car on from their iDevice we will continue to have idiotic manufacturers who think it's perfectly acceptable allow critical control systems to accept commands from the entertainment system (or for the entertainment system to be able to get those commands to the right place anyway). :rolleyes:
 

·
I Have Imaginary Friends
Patrol Hybrid.
Joined
·
16,095 Posts
Here's an idea, can we hack into vending machines. Yum, free snacks for life. Better than Aldi.
 

·
Rust is just natural weight reduction.
1986 SD33T SWB
Joined
·
10,999 Posts
Here's an idea, can we hack into vending machines. Yum, free snacks for life. Better than Aldi.
All you need is a hammer, plastic bag, running shoes and something to cover your face :)
 

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #16 ·
Heard of websites where people can log in type up what they want hacked and hackers then bid on the job, I will assume this type of website is not "main stream available" and reasonably well hidden similar to the Silk Road site.

So manufacturers could theoretically build in security then someone with a bit of dough and a bad case or boredom can undo it all.
 

·
Registered
nissan
Joined
·
2,994 Posts
Heard of websites where people can log in type up what they want hacked and hackers then bid on the job, I will assume this type of website is not "main stream available" and reasonably well hidden similar to the Silk Road site.

So manufacturers could theoretically build in security then someone with a bit of dough and a bad case or boredom can undo it all.
Oh yes, very much so. There are large 'underground' communities where exploits, hacking tools, vulnerabilities etc are traded and sold and people can offer / bid on jobs as you say.

Hell you can even rent botnets and people are starting to offer 'Malware-as-a-Service'.

At least if security is built-in from the start it will make it harder for amateurs / script kiddies and you can reduce the impact when someone does get in. E.G. at most the entertainment system with a wireless link should only have read-only (at the physical layer) access to engine control systems... Some security is better than none.

Unfortunately it's a problem that isn't going away anytime soon and will only get worse.
 

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #18 ·
Oh yes, very much so. There are large 'underground' communities where exploits, hacking tools, vulnerabilities etc are traded and sold and people can offer / bid on jobs as you say.

Hell you can even rent botnets and people are starting to offer 'Malware-as-a-Service'.

At least if security is built-in from the start it will make it harder for amateurs / script kiddies and you can reduce the impact when someone does get in. E.G. at most the entertainment system with a wireless link should only have read-only (at the physical layer) access to engine control systems... Some security is better than none.

Unfortunately it's a problem that isn't going away anytime soon and will only get worse.
Yes, to the cost and general detriment of the honest majority.
 

·
Administrator
Y2KGUII ZD Wgn
Joined
·
48,221 Posts
Discussion Starter · #20 ·
1 - 20 of 28 Posts
Top