Hijacking connected cars with a $25 tool
Posted on 19 July 2013.
A presentation by two Spanish researchers scheduled to take place later this month at the Black Hat conference in Las Vegas will apparently prove that hijacking modern cars via electronic means is not only easy, but cheap to execute as well.


The question of whether it's possible to mount cyber attacks against cars with an electronic control unit and gain control of it has lately been featured prominently in the news because of the untimely and gruesome death of Rolling Stone journalist Michael Hastings.

At the time of his death, Hastings was apparently working on a "big story" possibly involving the US government, and the circumstances of the accident in which he was killed are still unclear, but have given rise to theories that he might have been killed because of it.

According to Richard Clarke, former US National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, it's possible that the accident was caused by someone who took control of his car.

"What has been revealed as a result of some research at universities is that it's relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn't want acceleration, to throw on the brakes when the driver doesn't want the brakes on, to launch an air bag," he said, but concluded that we will probably never know it that was what happened.

Now Javier Vázquez Vidal and Alberto Garcia Illera are set to demonstrate that a tool that can wrestle control of a car's ECU from the driver can be easily constructed for as little as $25.

According to New Scientist, the tool is able to break the RSA 256 and seed / key algorithm protection of Bosch EDC15 and EDC16, two widely used ECUs, and to read from and write data to the flash memory they use.

This would allow the attacker to do a variety of things, among which are potentially dangerous ones such as deploying breaks when unnecessary, immobilizing a car at any moment, and so on.









Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //