Articles

How to Hack a Car: Phreaked Out (Episode 2)

September 3, 2019


Oh something’s about to happen okay all right cars dead at the top of the hill and I have a I feel like this is a roller coaster ride gone wrong I’m now going backwards the brakes are dead the cars that the engine won’t start and you can do this from outside the car I can do it from a mile away oh really [Music] when you drive an automobile today you are driving a big computer system that happens to have wheels and a motor there’s almost nothing in your car that is not mediated by a computer when you step on the gas pedal it is not directly controlling the fuel oxygen mixture rather it is telling a computer that you the driver wish to go faster and then it decides the right way to do that not only are they networked to each other so that the brakes can talk to the engine for stability control and so forth but they’re also networked to the outside world effectively your car is on the Internet the can network can bus is a network within the car that allows all the pieces to communicate everything can read and write to the can bus and pretty much is always listening for commands from the can of us it is not easy to hack a car the sophistication level is pretty high each car has a different language each piece speaks different words and not all those pieces have been mapped publicly cars have the same kind of chips and computers and cell phones have all of these parts can be bought online for relatively cheap you use these to plug in to portions of the ECU you can communicate directly with the ECU or with the mobile chipset and tell it to run commands that you want tell it to increase the amount of fuel that it’s getting you can tell it to go faster release it’s wrong it the brakes there is not a motivation aside from simple theft that would necessitate developing the skills which are not insignificant required to do this then there’s a surveillance aspect we showed how we could remotely track the car and listen to what was being said that said there is not a terrible thread right now in part because the cost is high as the pieces of hardware required to experiment become more readily available as there’s more literature explaining how it works but the cost goes down then you know people can be more innovative in how they might take advantage of it I’m Roberto Orci Dara I’m from Spain I work in software security and we made a piece of hardware that we have right here it is called PhD car hacking tool yeah it’s not very original I know we were invited to play at Singapore too so our last research the VHD device you just have to put this two wires in the combos network that’s it it cost 25 bucks to come buy the components any place right now the sides of the of the VHD is like an iphone more or less but it can be a smaller car hacking is a very interesting field people don’t think about security you can connect from your house with your computer to your car that’s really scary you can just walk by and this implant advice so imagine that I just go and approach to occur I connect the CHD and I just go to my home I can’t control the car it’s very easy once you connect it you can just remotely use it to manipulate anything you can just notice that your car is going to the right and you are not turning the wheel you can activate the handbrake when you do this thing you are just sending some kind of packet to a network same a wheels stop if you turn on the lights there is a package that I say all the time I’m on I’m on I’m on imagine that you are just driving at night if we are able to drop the the own packet and just insert our own pocket saying turn off turn off turn off the thing is that the lights of the car just turn off or turn on whenever we want it’s very very scary at the end you can generate an accident worst case scenario is someone completely controlling your car control your brakes control your steering you could definitely brake or blow up portions of the engine nothing’s ever fully secure if someone’s dedicated enough it’ll always be a cat and mouse game we have to secure that entire ecosystem it used to be you lock the doors on your car and your valuables in your car were secured today when you lock the doors on your car your personal information is actually stored added another cloud services all of a sudden that has a physical impact on our lives many of the standard things we would do on a PC to make the software secure none of that was being done zero and so the kinds of bugs that we would find really like it almost felt like software archeology it’s like this was the kind of bug I would find in a PC back in 1993 when the internet had first taken off from a jar whinny and standpoint they had never had to face adversaries and so the code never had to be hardened against that now is the right time to identify if there are problems before there are people targeting them we’re in Glendale California where we’re about to sit behind the wheel as Matt sold a security expert car buff and hacking wizard hacks the car remotely [Music] it’s gone maybe today is actually the first day I’ve had a chance to test so you’re testing it on us this is my first time actually testing live with the person on the car in this case I am controlling the canvas remotely over the cellular networks the only thing coming off my laptop is my GSM phone we had to move the telematics unit from a newer set up to this because these don’t come with it stock that enables me to be able to control it remotely what I’m going to do in the next little bit is actually remotely stop the engine of the vehicle okay all right engines dead I can’t move I’m stuck all right bad time to go uphill I’m gonna run through a few the different controls of the car so it’s locked now so I’m gonna send the unlock command sending sequence sent give it a second sent over the network no bad see what else we can do and stop cool you can start and stop the engine from the other side of the parking lot how is that possible gsm that works everything cellular nowadays when you say the other side of the parking lot that could very well mean like the other side of the country – yeah right now he’s gonna show me how to remote kill the engine so while I’m driving and he’s outside the car he’s gonna kill the entire engine okay engines dead we’re moving backwards now the steering wheel is there’s no power steering it’s a little frightening thank god this is an empty parking lot did you have fun doing that today I was a lot of fun definitely the remote access the car it’s a scariest through the Cellular channel in that case an arbitrary distance we demo’d you know 1500 miles away people who speaks about this thing being used by governments to generate accidents to important people it can’t be just people crazy people thinking about it or not I don’t know nowadays there’s no way to know if you have been hacked in a car as for the true threats to life for them it’s doable it’s certainly doable but if you don’t have a risk of being assassinated normally then you don’t have a risk of being assassinated from someone hacking your car if I just want to take you out much easier to just shoot you who knows what maybe people will come up with ransomware schemes like I have locked your car and it won’t start unless you pay me some money the traditional consumer car is not the only connected vehicle out there airplanes for example have Wi-Fi onboard warfighting vehicles tanks are connected so they can communicate with battlefield operators I think people should hack more I mean hacking the good way of course there are a lot of money that you can earn if you do evil stuff but think that the proper way to maintain a system secure is hacking it there’s a really great white hat community out there that really focuses on bringing security issues to the forefront showing people and working with manufacturers where vulnerabilities lie in different systems what I do as well as my fellow white hats is try to help the general IT community and finding these issues before some malicious deaths the new field it’s new frontier for a lot of people to look at and that’s why people like myself publicly talk about it people need to know about it this could affect someone’s life [Music] [Music] [Music] they took someone very precious to me now I’m coming for them rated M for Mature please

Leave a Reply

Your email address will not be published. Required fields are marked *