joe_padavano

Yeah, I've yet to understand why you WANT your thermostat/fridge/oven connected to the internet.

At least in that case it's only idiot homeowners and not something mandated by the feds.

Koda

The best firewall is to be unplugged. I am fine with AM/FM, CD, and a USB port for my phone to charge and play music. Currently have AM FM CD and cigarette lighter. Hell, I'm fine with AM/FM and I'll plug in a phono splicer input.

This is going to spool up to be Terminator Judgment Day.

oldcutlass

And houses don't crash into things, outside of 1 that came from Kansas.

Koda

Best movie on the true nature of women ever. Two women trying to kill each other over a pair of shoes.

BangScreech4-4-2

Yes, I'm just waiting for my Dodge truck to become self-aware and rise up in lock-step with all the other Dodge trucks, conquering the human race and using us as forced labor to man their oil rigs and cadmium mines ...

Destructor

People go for gimmicks, I wasn't in my house I bought 2 days and a Comcast guy was knocking on the door. Ten months later I still don't have a TV. He didn't get my business.

illumined

1.) and 2.) Not necessarily, a hacker doesn't need to know the serial number of your desktop to hack into it, just the IP address. Why would this be any different with a car connected to the internet with the same technology? You also do not need to directly plug into it to find the IP address, unfortunately aroundincircles does not seem to understand how computer networks work. Anytime a computer of any sort, a car or a smartphone is connected to a network it's always broadcasting it's IP address to whatever host it's connecting to, otherwise the server would not know where to send information. It's trivially easy for a hacker to find this out.

3.) I've actually never seen a mobile device that automatically turns off data or wifi when not in use because technically it's always in use, if not for any other reason than to tell the other computer "hi, i'm still connected to you".

4.) Again, someone with the technical skill to do all of what I've said before can realistically locate the cell tower without too much trouble. In fact here's an article from the Electronic Frontier Foundation about mobile phone security and how even things like setting up fake cell towers is possible. I'm not hacker so I don't really know the specifics, just that it can be done.

Well in a world with smartphones and tablets, having a wifi and internet connected infotainment system makes a lot of sense. The issue, as I mentioned in my original post, is that the computing system that handles the entertainment system is the same one as what handles mission critical car functions like the brakes and transmission. There is absolutely no good reason for this, it should have it's own, physically separate computer system.

Charlie Jones

My guess as to the reason for one computer is that it can be made CHEAPER that way.
BTW ,I noticed on the news tonight that Fiat-Chrysler is doing a recall on this system.

joe_padavano

The trend is just the opposite, actually. One aspect of the WashPost article was that new cars have exponentially increasing numbers of processors. A new Ford Fusion has about 52 ECUs, according to the article. Processors and memory are cheap. Of course, the problem is that they are all networked together in the car. My 1999 Chevy truck has FOUR serial data buses, for example. New cars have more.

Yeah, apparently they are sending out USB sticks with the software patch. How long before hackers start sending out bogus USB sticks to car owners, like phishing emails today?

MDchanic

Ha ha ha. Picture of Dr. Evil comes up on Nav monitor, along with maniacal laughter on stereo system, and power door locks locking, as car accelerates, and nav screen switches to showing credit card accounts linked to entertainment systems being drained.

I'd pay money to that KickStarter campaign.

- Eric

Koda

That'd be funny.

Fun71

I don't know if you read the info in the link or just the quote that I posted. I cut out some if it but maybe I need to post it all here. Note the occupational experience of the two posters. I'm not an expert in this stuff but these guys do it for a living.

<Insert the info I quoted above here>

illumined

Well if it's such BS then how come this has triggered a recall of 1.4 million cars? Did Chrysler just do that for the heck of it? Some of these other things that he mentioned can be resolved by setting up fake towers to trick the car into thinking it's connected to the same tower when it isn't, and there's no way to know it either. According to his explanation, it shouldn't be possible to do things like intercept cell phone conversations, but it is. There's a device law enforcement uses to do this very thing called Stingray. Is it really so inconcievable that someone couldn't use something like this to hijack a cars wireless network signal and hack into its systems using software exploits?

Fun71

From the link you posted - not so much a recall as a software patch the owners can load themselves.

anthonyP

I cannot believe the authorities did not charge the journalist with traffic and other violations for knowingly allowing hackers to interfere with his Jeep's operating systems while on a public highway. You would think the journalist would have had the common sense to conduct his "experiment" on a closed or private roadway, so as not to place other unknowing motorists in possible harms way.

Fun71

Here's some more info from the local Jeep club web site:

joe_padavano

The Jeep club is in denial and FCA will never issue a press release that could possibly be interpreted to say there was a vulnerability - their lawyers won't let them make the lawsuits easy.

The fact remains that any computer that has an IP address or other wireless connectivity can be hacked. As more and more cars get this capability, more and more will be compromised. It's only a matter of time. As I noted previously in this thread, Tesla has the ability to download software patches that affect the brakes (and presumably other systems). How long before this link gets exploited?

Do you really think that automakers have better software security in place than, say, Microsoft?

oldcutlass

Did you really just ask this...

Fun71

I wouldn't say the Jeep club is in denial; it is the opinion of a network systems engineer with 30 years experience in high security government installations that the probability that this could be done to a random Chrysler/Jeep vehicle on the roadway is extremely small.

illumined

Assuming what they say about their experience is true (and that is a really big if, anyone on the internet can say anything) that still doesn't address that the technology does exist to get into cellphones at will. Wikipedia has an entire article on cell phone surveillance, including general descriptions on techniques and technologies like Stingray. Furthermore, there have been documented cases of the NSA getting into several foreign heads of state's cellphones and spying on them. In addition, what's this network systems engineers explanation for the News of the World phone hacking scandal? According to what he said that should have been nearly impossible, but not only was it possible it was surprisingly widespread.

MDchanic

The N.O.W. phone hacking scandal is of significance, but not for technological reasons.

That scandal used the most basic of hacking skills, and relied, as all good hacking does, on the weaknesses of human beings.

Specifically, the reporters figured out that every phone account includes a way to phone in for your voicemail on any regular telephone line, by typing in your phone number and a 4-digit PIN. Of course, most cell phones these days check voicemail through a separate internal digital channel, and you never have to type in any PIN to get it (how many of you even remember dialing a 7-digit phone number, then typing in your phone number and your PIN in order to get your voicemail?). What this meant was that there were millions of of cell phones out there whose PINs were set to the system-default 0000 or 9999 or 1111 or whatever, and their owners didn't even know it, so it was a simple matter of dialing a phone-owner's network's access number, dialing their phone number, and then dialing 0000 to get their voicemail.

This is not high-tech hacking, but it is the type of hacking that is the most real and the most effective, and the thing that these companies have a very hard time protecting against.

- Eric

Fun71

While that is true, remember that these are my LOCAL Jeep club members who aren't just anonymous internet posters. Well, I guess they are for you but that's your perspective, not mine.

Yes, I would say that the NSA, CIA, FBI, DEA, or any number of federal acronym agencies are fully capable of hacking into your vehicle that has wireless access. Are you really afraid that those federal agencies are going to hack into your vehicle and disable the brakes while you're speeding down the highway? Note the post that said while these things are technically possible it is UNLIKELY for this to be perpetrated by the random individual out in society and therefore is not a concern (at this point, anyway. Maybe this will prompt auto manufacturers to actually think about security when designing infotainment systems).

joe_padavano

Is it LIKELY for a random hacker to do this today? No, probably not. Is it POSSIBLE? Absolutely. Will it become more common as cars become more connected? Bet on it. There are more hacks on Microsoft computers than Apple computers not because the latter are more secure but because the former are more common. As vehicle connectivity becomes more common, expect more hacking.

The feds are pushing for connected vehicles (V2V technology) that is supposed to make cars "safer" by allowing them to communicate with each other and with traffic signals. These "features" open up all sorts of new potential hacking entry points.

66-3X2 442

If a trained police officer is driving a car and the throttle hangs to the floor and he or somebody in car has time to make a phone call about it,well.........

joe_padavano

And yet, still completely unrelated to the topic of this thread...

66-3X2 442

I didn't bring it up,just responding to a post but I will try to do better in the future.

Fun71

I agree and as I said, hopefully the attention over the Jeep "hacking" will prompt auto manufacturers to actually think about security when designing these systems.

BlackGold

Keep in mind that the hacker doesn't have to be malicious to cause a safety problem.

Picture this: Company XYZ distributes an innocent virus into vehicle computers for the purpose of spying on the drivers so that XYZ can market to them later. (It could be your local dealership or service station doing this.) Only problem is, XYZ has no experience in control-system design. They may know their virus eats up an additional 2% of the processor throughput, and they think that's insignificant. But they have no idea that the 2% amounts to a 90-degree phase shift in the system response at some critical frequency. Later, cars start crashing mysteriously when subjected to just the right input parameters, and no one can figure out why.

It's important that the hardware -- or at least the operating system -- knows whether or not the software that's about to execute is legit. There's too much at stake.

ELY442

I have On Star on 2002 Bravada. But that's when it was an analog signal. Now they changed it to digital. Can I still be hacked?

Fun71

While it may be possible to hack, who would actually do it? The fellas in the current debate targeted the Jeep/Chrysler U-Connect system on the Sprint network. Very specific set of parameters there.

Fun71

Well, there's more news about automobile hacking, this time with OnStar and even a mention of BMW:

http://www.foxnews.com/leisure/2015/.../?intcmp=hpbt2

illumined

Right, gotcha.

This is a pretty good question. There's two scenarios that come to mind.

1.) They want to get into your system to implant malware, most likely ransomware that would lock you out of your car and demand payment. I had one of these end up on my desktop and believe me they are really nasty and a total pain to get rid of, I would hate for something like this to get into a car.

2.) This kind of car problem is a kidnappers and possibly even an assassins best friend. With the former scenario they wouldn't have to come up with elaborate grab plans, instead they could simply "guide" your car to a remote area and conduct the kidnapping with complete privacy. For an assassin, all they would need to do is cause a massive fatal accident of some kind that would be a virtually untraceable way of killing someone.

If this stuff sounds far fetched consider that hacking in general moved beyond some kinds having fun in their parents basement, organized crime has moved in in a big way.

BlackGold

This is already being done by some lien holders in lieu of physical repossession. Of course, the deadbeats who missed a payment are outraged that they can't drive their car.

oldcutlass

Actually for now, the electronics that lien holders use are independent of the cars operating system. I've removed a bunch of them on cars that were taken in on trade. There are also stand alone systems used on commercial vehicles.