Tag Archive for: cars

Biden probes security risks of Chinese smart cars

/in


The News

The Biden administration is launching an investigation into national security risks posed by “connected” vehicles — cars linked to the internet — that use Chinese technology. Officials will weigh potential restrictions on the products to head off spying, hacking, or data collection.

Led by the Commerce Department, the investigation will solicit public comments over the next 60 days about risks posed by connected vehicles, which include electric vehicles, that use technology from China or other “countries of concern.” Ultimately, the administration could enact bans or “mitigating measures” to address any risks, a senior Biden administration official said, though officials are not currently promising to take any actions.

“Connected vehicles that have technologies sourced from China could be exploited in ways that threaten U.S. national security,” White House National Economic Council Director Lael Brainard told reporters. “The president believes it’s important for the United States to consider imposing safeguards to guard against connected vehicles operating on U.S. roads from relying on information and communication technology from China and other countries of concern.”

Commerce Secretary Gina Raimondo said the administration has a “high level of concern” about risks of Chinese-made connected vehicles and wants to act “before Chinese-manufactured vehicles become widespread in the United States and potentially threaten our privacy and our national security.”

The announcement is likely to inflame tensions with China, which has criticized U.S. curbs on semiconductors and other advanced technology the Biden administration says are motivated by national security considerations.

Know More

The investigation will be run by Commerce’s Bureau of Industry and Security, which is putting out an “advanced notice of proposed rulemaking” to solicit public input about potential risks from foreign-made technology in connected vehicles. The administration is taking the action under authorities provided by a Trump-era executive order.

The Biden administration is specifically looking at connected vehicles made with technology from China, even if those vehicles…

Source…

Devices Sold Online Allow Thieves to Hack Into Cars in Minutes

/in


  • Emergency start devices sold online starting at $1,600 can hack into a car through its wire network. 
  • The easiest access to car wires is through the headlights, car security experts say. 
  • Over 1 million vehicles were stolen in the US in 2022, marking a 7% increase over 2021.

If you find someone has been tinkering with the headlights of your car, in what seems to be a pointless, if annoying, act of vandalism, be alarmed. Someone might be trying to steal it. 

That’s what automotive cybersecurity consultant Ian Tabor found out the hard way when his Toyota RAV4 got stolen shortly after he found its left headlight unplugged and the bumper around it pulled away. 

Tabor, who is the leader of the UK branch of the car security web community Car Hacking Village, got together with car security expert Ken Tindell to find out how the theft happened, as Tindell recounts in a recent blog post

The pair thinks that thieves gained control of the car’s computer system by finding the internal wires easiest to access — in this case, the ones connecting the headlights to the system — and plugging a hacking device that can be easily bought online into it. 

Once it’s connected to the car’s wires, the hacking device sends a signal to the engine control unit via the controller…

Source…

Criminals Are Using Tiny Devices to Hack and Steal Cars

/in


Employees of the US Immigration and Customs Enforcement agency (ICE) abused law enforcement databases to snoop on their romantic partners, neighbors, and business associates, WIRED exclusively revealed this week. New data obtained through record requests show that hundreds of ICE staffers and contractors have faced investigations since 2016 for attempting to access medical, biometric, and location data without permission. The revelations raise further questions about the protections ICE places on people’s sensitive information.

Security researchers at ESET found old enterprise routers are filled with company secrets. After purchasing and analyzing old routers, the firm found many contained login details for company VPNs, hashed root administrator passwords, and details of who the previous owners were. The information would make it easy to impersonate the business that owned the router originally. Sticking with account security: The race to replace all your passwords with passkeys is entering a messy new phase. Adoption of the new technology faces challenges getting off the ground.

The supply chain breach of 3CX, a VoIP provider that was compromised by North Korean hackers, is coming into focus, and the attack appears to be more complex than initially believed. Google-owned security firm Mandiant said 3CX was initially compromised by a supply chain attack before its software was used to further spread malware.

View more

Also this week, it emerged that the notorious LockBit ransomware gang is developing malware that aims to encrypt Macs. To date, most ransomware has focused on machines running Windows or Linux, not devices made by Apple. If LockBit is successful, it could open up a new ransomware frontier—however, at the moment, the ransomware doesn’t appear to work.

With the rise of generative AI models, like ChatGPT and Midjourney, we’ve also looked at how you can guard against AI-powered scams. And a hacker who compromised the Twitter account of right-wing commentator Matt Walsh said they did so because they were “bored.

But that’s not all. Each week, we round up the stories we didn’t report in-depth ourselves. Click on the headlines to read the full…

Source…

Thieves Are Hacking Cars Through Headlights

/in


⚡️ Read the full article on Motorious

The wonders of modern technology!

We’ve covered before how thieves are using seemingly ordinary-looking devices to hack into cars’ CAN bus and start the engine without a key, but a new wave of reports is shining a light on this problem again. They’re actually referencing a story which broke back in January from the UK after a cybersecurity specialist had his Toyota RAV4 stolen after it was seemingly vandalized twice before.

Learn why young drivers are being called car theft magnets here.

The guy didn’t realize until the vehicle was gone those “vandalisms” were actually thieves unsuccessfully attempting to hack the CAN bus and get the vehicle unlocked and started. They had pulled off trim pieces around the headlight, pulling out cables which connect the headlight to the computer which control them.

That’s how you can have adaptive headlights and other advanced features on modern cars: everything is connected through the CAN bus or the Controller Area Network. Acting like the nervous system for a vehicle’s different systems, it connects ECUs so they can share information and coordinate responses to on-road conditions, etc. together.

What most people don’t realize is there are relatively inexpensive devices which are supposed to only be used by locksmiths but can be purchased by anyone and are capable of unlocking and even starting a vehicle by hacking into the CAN bus.

Thieves are going after the connections to the headlights because they’re especially easy to reach, although they can do the same thing using other connections. To reach the wires which provide access to the CAN, thieves have to pry back or remove trim pieces on the vehicle, including the front or rear bumper covers. If you find someone has done that to your car, they were probably trying to steal it.

Without going into too much detail, these “locksmith” devices can be purchased already embedded in seemingly innocent things like Bluetooth speakers, a cell phone, etc. If police stop suspects, they might not realize they’re carrying one of these devices used for stealing cars.

Using the device, a thief can unlock a car and have it started in…

Source…