Security and Hacking
Criminal Elements and Rogue Nations want your personal information. We'll keep you in-the-know on how to stop them.
Hackers expose vulnerabilities in online...cars?
October 28, 2015 by Jason Small
Wired published a disturbing exploit with a first-hand account of how hackers took control of and manipulated a Jeep Grand Cherokee as it drove down the highway. After gaining control, they were able to turn the A/C on full blast, change the radio station and crank up the volume without any recourse by the passenger. Even after trying to turn the radio off and turn the volume down, the car wouldn't respond to its own driver. Then, to seal his fate, the driver was presented a picture of the hackers on his car's display. Tell me that is not scary.
The hackers were demonstrating a so-called zero day exploit, one which the manufacturer and no one else was aware of during the time of the exploit. Zero day exploits are so dangerous because there is no warning and nothing can be done to prevent the initial attack. It is similar to the German strategy of blitzkrieg, moving so fast that mounting a response to stop the attack is nearly impossible.
The hack itself took advantage of the car's smart entertainment system to control the computers in the car and subsequently advertise the security exploit with R&B music and their pictures. Imagine if they had malicious intent!
From the sound of it, they had a little too much fun with the journalist. After disabling the Jeep's transmission on the interstate, they left him without the ability to accelerate with no shoulder to move off onto as cars zoomed by honking and a semi-truck in his rear-view mirror.
The hackers, Charlie Miller and Chris Valasek, boast of the ability to remotely take control of a car and kill the engine, apply the brakes or completely disable them, as well as the entertainment system exploits we already covered. For now, they can only control the steering wheel while the car is in reverse. I guess we should consider ourselves lucky. Meanwhile, any car with the UConnect system is vulnerable to the exploit if a hacker only knows the car's IP address as it roams around the cellular network.
Thankfully, these hackers of the internet of things are the good guys, sharing their exploits with Chrysler nearly 9 months ahead of time to allow the car manufacturer enough time to patch the vehicle's software before they publically talked about the exploit. Unfortunately, the update to fix the problem has to be applied manually by the dealer, meaning that many cars won't be updated in a timely manner.
Here's a link to the full article at Wired.
Researcher hacks and controls security camera remotely
November 3, 2015 by Jason Small
A researcher at Tactical network Solutions is calling attention to the lack of security of the internet of things. As a demonstration, Terry Dunlap intercepted the video stream and proceeded to point the camera around the room at will. The problem is, as device makers scramble to innovate and launch new products, sometimes the security of the product is an afterthough. And, many of the startup companies just don't have the budget or expertise to fund dedicated security engineers to insure that their products are immune to hacking.
The demonstration is just one of many calling attention to the vulnerabilities of having billions of connected devices connected to the internet. From cameras and baby monitors to cars, hackers are increasingly showing that identity theft may seem like a cake-walk compared to the exploits that could come as we connect devices inside our homes and cars to the internet. Hackers have demonstrated attacks against home automation systems, smart locks, and drones to date.