Internet Connected Hacked Cars
23 February 2017, 11:42 AM
#1
Internet Connected Hacked Cars
In the wonderful world of connectivity and our constant reliance on the interweb it is odd that car hacking is not very prevalent, we all know of alarm/immobiliser "snatching" and cloning
I know the Chinese have done this to TESLA but are there any other examples of this happening?
https://www.wired.com/2016/09/tesla-...urity-upgrade/
Scary thought
I know the Chinese have done this to TESLA but are there any other examples of this happening?
https://www.wired.com/2016/09/tesla-...urity-upgrade/
Scary thought
Last edited by The Trooper 1815; 23 February 2017 at 11:45 AM.
23 February 2017, 01:14 PM
#4
General Motors; Chevys are hackable..couple of you tube vids about on this
And that will include the latest Astra and Insignia too as these have remote diagnostics. (Otherwise known as DOIP).
Have a read: http://publications.lib.chalmers.se/...ext/143639.pdf
And, of course you can unlock a BMW with a mobile phone, but that's been around since 2008, so pretty old hat now.
And that will include the latest Astra and Insignia too as these have remote diagnostics. (Otherwise known as DOIP).
Have a read: http://publications.lib.chalmers.se/...ext/143639.pdf
And, of course you can unlock a BMW with a mobile phone, but that's been around since 2008, so pretty old hat now.
Last edited by ALi-B; 23 February 2017 at 01:17 PM.
23 February 2017, 01:24 PM
#5
Two main disadvantages; security, subscription costs (especially for small independent repairers).
Third would be big brother paranoia, but then we all walk round with smartphones that have this capability, so that's a bit moot nowadays.
23 February 2017, 01:42 PM
#6
I can turn on the heating/AC of my Leaf with my phone (and with my watch), which is handy when leaving the office on a cold or hot day, as the cabin is already at the right temperature when I get in. You can also check on battery status, send information such as navigation routes or points of interest, get driving history data and start/stop a charging session (assuming the car is plugged in).
Tesla use OTA updates to upgrade the operating system of their cars, so that they can all have the latest software (for autonomous driving etc), without anyone having to go into a dealership to get updates flashed to the car.
Obviously any communication over t'internet leaves the car as a target to hackers, which makes it very important that the manufacturers think about security when designing and testing their connected car systems. There was an issue with Nissan a year or so ago because the app for controlling the car was very badly written, meaning that anyone with your VIN could remotely access the car. Since all they could do was turn the heating on/off, it didn't really matter, but was still rather embarrassing for Nissan when it turned out they hadn't put any encryption whatsoever on the access parameters!
Tesla use OTA updates to upgrade the operating system of their cars, so that they can all have the latest software (for autonomous driving etc), without anyone having to go into a dealership to get updates flashed to the car.
Obviously any communication over t'internet leaves the car as a target to hackers, which makes it very important that the manufacturers think about security when designing and testing their connected car systems. There was an issue with Nissan a year or so ago because the app for controlling the car was very badly written, meaning that anyone with your VIN could remotely access the car. Since all they could do was turn the heating on/off, it didn't really matter, but was still rather embarrassing for Nissan when it turned out they hadn't put any encryption whatsoever on the access parameters!
23 February 2017, 02:22 PM
#7
I can turn on the heating/AC of my Leaf with my phone (and with my watch), which is handy when leaving the office on a cold or hot day, as the cabin is already at the right temperature when I get in. You can also check on battery status, send information such as navigation routes or points of interest, get driving history data and start/stop a charging session (assuming the car is plugged in).
Tesla use OTA updates to upgrade the operating system of their cars, so that they can all have the latest software (for autonomous driving etc), without anyone having to go into a dealership to get updates flashed to the car.
Obviously any communication over t'internet leaves the car as a target to hackers, which makes it very important that the manufacturers think about security when designing and testing their connected car systems. There was an issue with Nissan a year or so ago because the app for controlling the car was very badly written, meaning that anyone with your VIN could remotely access the car. Since all they could do was turn the heating on/off, it didn't really matter, but was still rather embarrassing for Nissan when it turned out they hadn't put any encryption whatsoever on the access parameters!
Tesla use OTA updates to upgrade the operating system of their cars, so that they can all have the latest software (for autonomous driving etc), without anyone having to go into a dealership to get updates flashed to the car.
Obviously any communication over t'internet leaves the car as a target to hackers, which makes it very important that the manufacturers think about security when designing and testing their connected car systems. There was an issue with Nissan a year or so ago because the app for controlling the car was very badly written, meaning that anyone with your VIN could remotely access the car. Since all they could do was turn the heating on/off, it didn't really matter, but was still rather embarrassing for Nissan when it turned out they hadn't put any encryption whatsoever on the access parameters!
Trending Topics
23 February 2017, 02:47 PM
#9
https://www.troyhunt.com/controlling...res-of-nissan/
The flaw was fixed last year but it's a pretty good example of what can go wrong.
25 February 2017, 07:52 PM
#10
I was offered a role at JLR last year working on the their connected cars project with a specific focus on security. Some of the stuff going on in that space is good and useful, some other stuff is just a bit odd. For example they were developing sensors that look at the road and map the location of potholes - it is planned to use this data to adjust the suspension settings of other connected cars to better ride over the pothole. There are plans for data sharing between manufacturers who buy into that initiative.
There are some other practical concepts which are possible, for example, where a car is on finance, and the payments are not being made, the finance company could have the car remotely immobiliesed until the outstanding debt is settled. Where sensors in the car detect a large impact, very sudden deacceleration airbag deployment etc, the connected car can summon help in the form of emergency services.
From a law enforcement perspective, if officers are interested in the pattern of life of Jonny the ******, this could also potentially be obtained from the connected car data. I have seen other aftermarket systems installed into cars that monitor driver inputs, for example I know of someone who was in a head on collision in a company car, and it was found from the telemetry data that he didn't go for the brakes, other data like road speed, engine speed over time and throttle posittion were used to place him at fault in the collision - that I think is something that will emerge from this technology.
I have yet to see what the privacy statement looks like for any manufacturer offering the service, personally I wouldn't be keen on it, although over time, it will become as normal in a car as integrated sat nav.
There are some other practical concepts which are possible, for example, where a car is on finance, and the payments are not being made, the finance company could have the car remotely immobiliesed until the outstanding debt is settled. Where sensors in the car detect a large impact, very sudden deacceleration airbag deployment etc, the connected car can summon help in the form of emergency services.
From a law enforcement perspective, if officers are interested in the pattern of life of Jonny the ******, this could also potentially be obtained from the connected car data. I have seen other aftermarket systems installed into cars that monitor driver inputs, for example I know of someone who was in a head on collision in a company car, and it was found from the telemetry data that he didn't go for the brakes, other data like road speed, engine speed over time and throttle posittion were used to place him at fault in the collision - that I think is something that will emerge from this technology.
I have yet to see what the privacy statement looks like for any manufacturer offering the service, personally I wouldn't be keen on it, although over time, it will become as normal in a car as integrated sat nav.