Got Hackers ?

tonyb · July 2013

http://www.foxnews.com/tech/2013/07/28/hackers-plan-to-offer-blueprint-for-taking-over-prius-escape/

Gotta love it. Hackers at their convention, like they need one, will publicly put out a way to take control of specifically Toyota Prius and Ford Escape. Able to brake the car when doing 80 mph or turn it...like into a crowd, off a cliff. This research was funded by our own tax dollars in a grant supplied by Uncle Sam too. So if I follow this story correctly, we paid for hackers to hack cars, then they make that info public, and what do you expect to happen ?

I guess the more digital everything becomes the more hack-able it also becomes. Guess it beats the old way of trying to kill someone by throwing stones at them until their dead. Now just hack a Prius and send them off a cliff. I only hope when the car makers get a hold of this info they create some security blocks for these cars. The liability issues has to be enormous.

Habanero Monk · July 2013

tonyb wrote: »

http://www.foxnews.com/tech/2013/07/28/hackers-plan-to-offer-blueprint-for-taking-over-prius-escape/

Gotta love it. Hackers at their convention, like they need one, will publicly put out a way to take control of specifically Toyota Prius and Ford Escape. Able to brake the car when doing 80 mph or turn it...like into a crowd, off a cliff. This research was funded by our own tax dollars in a grant supplied by Uncle Sam too. So if I follow this story correctly, we paid for hackers to hack cars, then they make that info public, and what do you expect to happen ?

Ford and Toyota to now fix instead of try and cover it up. Remember when they said they didn't have a problem with uncontrolled acceleration and no ability to kill the engine or otherwise stop.

WilliamM2 · July 2013

tonyb wrote: »

http://www.foxnews.com/tech/2013/07/28/hackers-plan-to-offer-blueprint-for-taking-over-prius-escape/

Gotta love it. Hackers at their convention, like they need one, will publicly put out a way to take control of specifically Toyota Prius and Ford Escape. Able to brake the car when doing 80 mph or turn it...like into a crowd, off a cliff. This research was funded by our own tax dollars in a grant supplied by Uncle Sam too. So if I follow this story correctly, we paid for hackers to hack cars, then they make that info public, and what do you expect to happen ?

I guess the more digital everything becomes the more hack-able it also becomes. Guess it beats the old way of trying to kill someone by throwing stones at them until their dead. Now just hack a Prius and send them off a cliff. I only hope when the car makers get a hold of this info they create some security blocks for these cars. The liability issues has to be enormous.

Did you miss this part?

In both cases, the would-be hacker would have to be inside the car in order to tamper with its computer, according to Reuters.

I can do everything they did without hacking anything, if I'm in the car.:rolleyes:

Face · July 2013

If you can't beat them, join them. Better to have them on our payroll than causing havoc.

WilliamM2 · July 2013

Habanero Monk wrote: »

Ford and Toyota to now fix instead of try and cover it up. Remember when they said they didn't have a problem with uncontrolled acceleration and no ability to kill the engine or otherwise stop.

No, I don't remember that at all. I do remember the media blowing it all out of proportion, Toyota spending billions, and it turns out it wasn't their fault at all. Much like the false claims of unintended acceleration that Audi went through years ago.

http://www.dot.gov/briefing-room/us-department-transportation-releases-results-nhtsa-nasa-study-unintended-acceleration

Erik Tracy · July 2013

If you know where they are and who is attending....better to have them in the open. A drone is only a call away.

sucks2beme · July 2013

And this is news?
If I'm in the car and hooked up to the OBD port, you can control everything.
Or just stomp the pedals. Really, they are just sitting on the floor, why not?
They are talking about setting up cars to wirelessly talk to one another.
Police can already check you drive history on some cars. Soon they will have
them calling in speeding tickets online while you drive.

Polkersince85 · July 2013

How much tinfoil does it take to wrap a Ford F150?

JimAckley · July 2013

sucks2beme wrote: »

They are talking about setting up cars to wirelessly talk to one another.

Where? I read it twice and can't find anything that implies that.

ViperZ · July 2013

It actually makes a lot of sense. This type of 'research' has been 'funded' for a very long time by software companies (Microsoft, Apple, Symantec, etc.). Hackers find holes in their software and publish them letting these companies fix those holes (and fix them quickly). Whether these problems are reported properly or ASAP - it's up for debate, but it's good that someone finds those holes and publishes them rather than use them for their own good and never let manufacturer know.

tonyb · July 2013

Question for me is, why go public with the actual "how to ". Why not bring that info to manufacturers and say you want to fix this ? Or even we can fix it for you...for a price. I get hackers are paid to hack.....and the reasons why, but to make that info available to the general public seems a tad irresponsible to me.

Phasewolf · July 2013

It is pointless info. You need to be in the car with a laptop and they said the needed to take the dashboard apart to do it. This will effect on one.

tonyb · July 2013

Phasewolf wrote: »

It is pointless info. You need to be in the car with a laptop and they said the needed to take the dashboard apart to do it. This will effect on one.

I don't know about no one....lots of cars get taken in for service where that kind of access is readily available. It was also widely believed that your info was safe in the hands of government agencies too with all their security. Not so as we have come to find out. Hackers have broken into even the highest of secured locations. Now, I also believe inside help may accompany their efforts but still just goes to show anything digital, can be hacked. Doesn't mean it will be or even if someone will want to, just that the possibility is there. When someone CAN do something, you can bet your last dollar they WILL, for what ever purpose serves them. Just human behavior is all.

F1nut · July 2013

I don't know about hacking, but JHC, have we got a ****load of spammers here tonight.

Phasewolf · July 2013

Yes but the Government systems were hooked up to the internet the cars OBD2 port is not in any way connected to the internet where it could be hacked without directly being inside your car or truck. Also most cars and trucks are NOT fly by wire type systems so taking over things like they were talking about would not work.

They wrote the story to make nothing into something most likely because someone they know is going to save us all (for a price) from this new threat that they are blowing up more then they should to scare people into buying whatever they say will be the fix.

headrott · July 2013

F1nut wrote: »

I don't know about hacking, but JHC, have we got a ****load of spammers here tonight.

Yeah, these idiots! Go the **** somewhere else please!

Syndil · July 2013

The purpose of these hacker conventions is to find these things out and make them public before someone else does and uses it to do harm. That way the problem can be addressed before it becomes a real problem.

The guys at these hacker conventions are the "good guys."

decal · July 2013

Again, paranoia strikes deep.

Systems · July 2013

This may be a good time to mention, that I am currently making custom tin foil hats.
Available in several colors, and options.

One option is double the tin foil, most may not need this option, but I feel like it offers added protection.

Another more expensive option is the addition of crystals to your custom foil hat.
This option is expensive, and will not be available for a few more days, as they are in customs at the moment.
I can post detailed shipping info if you like?

nooshinjohn · July 2013

Mercedes Benz has admitted their cars are susceptible to these types of hack attacks, and has been begging LAPD for access to the wreck of a reporter that died in a bizzare 110mph crash.... The reporter went after a general in charge of the CIA....

As an aside, one of the NSA hackers involved in this program was died recently for no apparent reason. Btw, they can also hack into med devices like pacemakers.

tonyb · July 2013

Syndil wrote: »

The purpose of these hacker conventions is to find these things out and make them public before someone else does and uses it to do harm. That way the problem can be addressed before it becomes a real problem.

The guys at these hacker conventions are the "good guys."

My definition of "the public" doesn't discriminate between bad and good. How exactly do you make such info public yet withhold it from the bad ?

tonyb · July 2013

nooshinjohn wrote: »

Mercedes Benz has admitted their cars are susceptible to these types of hack attacks, and has been begging LAPD for access to the wreck of a reporter that died in a bizzare 110mph crash.... The reporter went after a general in charge of the CIA....

As an aside, one of the NSA hackers involved in this program was died recently for no apparent reason. Btw, they can also hack into med devices like pacemakers.

Like that episode on Homeland where they hack the VP's pacemaker ? Don't know how true any of that is, or what safeguards are in place but again, if it's digital it's possible. None of this would matter much if we lived in a world of good intentions, but we don't. Technology certainly is advancing faster than our morality imho anyway.

sucks2beme · July 2013

JimAckley wrote: »

Where? I read it twice and can't find anything that implies that.

Not in this article. Sorry I wasn't clear. IT was in the Dallas morning news this weekend.
There are places that police have already used the OBD port to retrieve information from a crash.
But there is a very strong effort to make this happen in the next couple of years.
There was also a car rental company that actually did install devices on their cars that reported
speeding. And they reported it to the Police. They stopped this pretty quickly after their customers
complained. But the technology is already there. it is coming.

tonyb · July 2013

sucks2beme wrote: »

Not in this article. Sorry I wasn't clear. IT was in the Dallas morning news this weekend.
There are places that police have already used the OBD port to retrieve information from a crash.
But there is a very strong effort to make this happen in the next couple of years.
There was also a car rental company that actually did install devices on their cars that reported
speeding. And they reported it to the Police. They stopped this pretty quickly after their customers
complained. But the technology is already there. it is coming.

How far off is it with technology that cars will be "mandated" to have certain tracking devices and your speeding ticket/fines will get emailed to you. Don't pay....they shut off the car. Has an appeal to it if you sit on the other side of the fence.

I remember reading a story on an ambulance that had a mandated device to shut the engine down when something was determined to not be functioning properly. They had a guy in transport to a hospital at the time it shut down. Result was he died waiting for another ambulance to pick him up and get him to the hospital.

Just because you CAN do something, doesn't always mean you SHOULD. Goes back to my theory that if we CAN do something, bet the farm someone will.

nooshinjohn · July 2013

tonyb wrote: »

Like that episode on Homeland where they hack the VP's pacemaker ? Don't know how true any of that is, or what safeguards are in place but again, if it's digital it's possible. None of this would matter much if we lived in a world of good intentions, but we don't. Technology certainly is advancing faster than our morality imho anyway.

Exactly like that... The guy that died was to demonstrate the hack at the convention.

The road to Hell is paved in good intentions... Methinks we are on that road right now.

jflail2 · July 2013

Problem solved:

Habanero Monk · July 2013

WilliamM2 wrote: »

No, I don't remember that at all. I do remember the media blowing it all out of proportion, Toyota spending billions, and it turns out it wasn't their fault at all. Much like the false claims of unintended acceleration that Audi went through years ago.

http://www.dot.gov/briefing-room/us-department-transportation-releases-results-nhtsa-nasa-study-unintended-acceleration

From the very article you linked to:

The two mechanical safety defects identified by NHTSA more than a year ago – “sticking” accelerator pedals and a design flaw that enabled accelerator pedals to become trapped by floor mats – remain the only known causes for these kinds of unsafe unintended acceleration incidents. Toyota has recalled nearly 8 million vehicles in the United States for these two defects.

I dunno. Is 8 million vehicles trivial? The entire point of these exercises is to institute, hopefully, a new mind set to the programming approach that is implemented in cars now days. BTW I never mentioned anything about a computer. Problems, of whatever nature (electrical, vacuum, mechanical, ECU), that cause sudden, uncontrolled acceleration that you can't either brake out of or turn off the engine is a problem. Even if only potentially.

I would love to see the owner keyfob contain a NFC chip with 256 bit AES or 512 bit blowfish that is required to be present to interface to the ECU.

BTW I personally witnessed, while parked, a Nissan Pulsar NX gas pedal get sucked to the floor and run the engine to redline. I didn't believe my buddy until he showed me. This was in 96 or 97. With the engine running balls out you could attempt to reach down and forcibly pull the peddle back with out it so much as budging.

Syndil · July 2013

tonyb wrote: »

My definition of "the public" doesn't discriminate between bad and good. How exactly do you make such info public yet withhold it from the bad ?

You don't. When you make it available to the public, everyone knows about it, including the people responsible for fixing it, which is the entire point of making it public. The public are warned of the issue, those affected will put pressure on those responsible for fixing the issue, and stuff gets fixed.

If the hack wasn't made public, nothing would get fixed, leaving the opportunity for some terrorist or anarchist or whatever to discover the issue without anyone knowing about it, and use it to wreak havoc.

sucks2beme · July 2013

Modules to store OBD and ones to wirelessly send it to a laptop in the car have been around a while.
A storage module would be great for troublshooting.
But what the industry is proposing along with uncle sam is unnerving.

tonyb · July 2013

Syndil wrote: »

You don't. When you make it available to the public, everyone knows about it, including the people responsible for fixing it, which is the entire point of making it public. The public are warned of the issue, those affected will put pressure on those responsible for fixing the issue, and stuff gets fixed.

If the hack wasn't made public, nothing would get fixed, leaving the opportunity for some terrorist or anarchist or whatever to discover the issue without anyone knowing about it, and use it to wreak havoc.

Your making my point pal. By making it public your in essence giving that info for free to the bad people as well the good. Now, what if you just went directly to the manufacturers without putting the info on a billboard, without going public ? Would that not be a more responsible course of action ? It's one thing to discover pertinent tech info, it's another when you decide what to do with it.

Habanero Monk · July 2013

tonyb wrote: »

Your making my point pal. By making it public your in essence giving that info for free to the bad people as well the good. Now, what if you just went directly to the manufacturers without putting the info on a billboard, without going public ? Would that not be a more responsible course of action ? It's one thing to discover pertinent tech info, it's another when you decide what to do with it.

That is a point for debate I think for a lot of people. Some people think that manufacturers will try and hide it. I think in the long run, personally, that open transparency is best. I'm not a 'trust the corporate type' myself.

Got Hackers ?

Comments