Tag Archive for: car

Hackers can take control of your car – how to protect yourself

/in


The right software can turn your smartphone into a spy device that watches everything you do. Scary, I know. Here’s how to check if your phone is infected. 

While you’re at it, check your computer. These are the signs that stalkerware is hard at work tracking your web activity, searches, and even the passwords you type in. 

Shockingly, your car isn’t immune. With the proper electronics and software techniques, a determined hacker can intercept or block your key fob signal, infiltrate your car’s software, and even remotely control your vehicle. 

So, is your connected car hackable? Most likely, yes. Here’s how. 

THAT’S NOT A HUMAN TALKING TO YOU IN THE FAST FOOD DRIVE-THRU

Join 400,000+ who get my free daily tech news email.  

Software hacks 

Compromised car apps 

Does your car have a smartphone app that allows you to unlock and start it remotely? Almost every car manufacturer offers this convenience in some makes and models.  

Account usernames and passwords protect these apps. If hackers can break into your account or exploit a bug in the car’s software, they can compromise your entire vehicle. 

My advice: To protect your remote start app, change the default password, use strong and unique credentials and never reuse your passwords from other services. Enable two-factor authentication if you can, and keep that software current. 

Telematics exploits 

Telematics is the broad term describing a connected system that remotely monitors your vehicle’s behavior. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, and driver behavior. 

By now, you know anything connected to the internet is vulnerable to exploitation. Hackers that intercept your connection can track and even control your vehicle remotely. Now that’s scary. 

My advice: Before you get a car with built-in telematics, consult with your car dealer about the cybersecurity measures they’re employing on connected vehicles. If you have a connected car, ensure its onboard software is always up-to-date. 

Aerial view of cars in a parking lot

Aerial view of cars in a parking lot

Networking attacks 

Here’s a throwback. Cybercriminals can also employ old-school denial-of-service attacks to…

Source…

Renewing car tags online might take an extra step after security breach to county provider

/in


Arkansans are experiencing a few hiccups when renewing their car tags online as a result of a service provider for many counties being hacked last year, Scott Hardin, spokesman for the Department of Finance and Administration, said Tuesday.  

The state’s 2.7 million passenger vehicles are required to be assessed at the county level before they can be renewed at the state level each year. As a consequence of the hacking of Apprentice Information Services of Rogers in November, many counties’ computer systems were unable to provide online services, according to reports from KAIT-TV in Jonesboro to the Texarkana Gazette. The county computer systems are still unable to communicate with the state’s computer systems, Hardin said. 

Pulaski County, the state’s most populous, is among the counties impacted by the security breach, Hardin said. 

The county systems have not been linked back up to the state’s computer system to ensure there’s no chance the state’s computer system could be made vulnerable to hackers. 

As a workaround for the online car tag renewals, the state is allowing residents unable to renew online to call the Department of Finance and Administration’s motor vehicle help desk to explain the situation. The help desk can override the requirement to assess the vehicle before renewing with the state. The help desk will notify the county that the vehicle has been renewed but has not been assessed, Hardin said. 

We want to be sure Arkansans understand vehicle renewal remains available both in person and online,” Hardin said via email. “However, for customers using the online option, one extra step (calling or emailing to request an override) may be required for those in counties affected by the security breach.”

An assessment is an owner’s declaration of personal property to the county so that property taxes can ultimately be paid on the vehicle, Hardin said. 

The issue only impacts online renewals. Arkansans who prefer to avoid these hiccups can still physically go to a county assessor’s office for assessment and one of the 134 state revenue offices for renewal. 

Hardin said the department recommends car owners try to renew online first. If…

Source…

Cybersecurity experts alert car owners to new hacking methods

/in


The evolving technological world is dynamic. While some people create solutions, there are others trying to exploit the vulnerability in the solution created to create a different problem.

Automobile thieves seem to be making desperate efforts to stay ahead of technological advancements created to beat them. From the days of smashing car windows to gain access or hotwiring a vehicle to steal it, automobile robbers graduated to hacking a vehicle using computer codes.

Car hacking is done by accessing a car’s computer systems through software such as CAN bus, Bluetooth pairing, or via physical access to connectors and ports.

However, when hacking became widespread, experts recommended car trackers, to trace and retrieve stolen vehicles.

But the bad men are constantly trying to beat advancing technology. With modern technology, the hackers have devised methods such as carjacking, jamming, cloning key fobs, defeating immobilisers and scanners to steal automobiles.

Researcher project that in the near future, motorists may have to worry about their the possibility of their vehicles being remotely hijacked and driven to specific locations by hackers and robbed of their vehicles.

When trackers were recommended, car owners heaved a sigh of relief. However, this won’t last for a long time as hackers have also identified a vulnerability in trackers, which they now use negatively to their advantage.

In a recent report by Forbes, a weakness has been detected in the tracking system of modern cars, which enables hackers to gain access to a car owner’s cellphones to steal their data.

What is bewildering is that fact that the technology that makes it possible for the hackers to do this is exactly what security agencies are using to check car theft through hacking.

According to the report, these are same technologies that security agencies are regularly exploiting in the United States, with immigration and police investing more in tools to extract mass data — from passwords to location — from as many as 10,000 different car models.

The report stated that the latest hacking was due to cars’ shared telematics…

Source…

SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking

/in


At least three mobile apps tailored to allow drivers to remotely start or unlock their vehicles were found to have security vulnerabilities that could allow unauthenticated malicious types to do the same from afar. Researchers say securing APIs for these types of powerful apps is the next phase in preventing connected car hacking.

According to Yuga Labs, car-specific apps from Hyundai and Genesis, as well as the SiriusXM smart vehicle platform (used by various automakers, including Acura, Honda, Nissan, Toyota and others), could have allowed attackers to intercept traffic between the apps and vehicles made after 2012.

Hyundai Apps Allow Remote Car Control

When it comes to the MyHyundai and MyGenesis apps, an investigation of the API calls that the apps make showed that owner validation is done through matching up the driver’s email address with various registration parameters. After playing around with potential ways to subvert this “pre-flight check,” as the researchers called it, they discovered an avenue of attack:

“By adding a CRLF character at the end of an already existing victim email address during registration, we could create an account which bypassed the … email parameter comparison check,” they explained in a series of tweets detailing the weaknesses. From there, they were able to gain complete control over the apps’ commands — and over the car. In addition to starting the car, attackers could set the horn off, control the AC, and pop the trunk, among other things.

They were also able to automate the attack. “We took all of the requests necessary to exploit this and put it into a python script which only needed the victim’s email address,” they tweeted. “After inputting this, you could then execute all commands on the vehicle and takeover the actual account.”

“Many car hacking scenarios are the result of an API security issue, not an issue with the mobile app itself,” Scott Gerlach, co-founder and CSO at StackHawk, says. “All of the sensitive data and functions of a mobile app reside in the API an app talks to, so that’s what needs to be secure. The upside is this is a very targeted type of attack and would be difficult to mass execute. The downside is it’s still highly…

Source…