GETS Tender Watch Notification for Monday, 6 August 2012 6 August, career cruising 2012 GETS Tender Watch Notification for Tuesday, 24 July 2012 24 July, 2012 GETS Tender Watch Notification for Friday, career cruising 20 July 2012 20 July, 2012 GETS Tender Watch Notification for Thursday, 19 July 2012 19 July, 2012 GETS Tender Watch Notification for Wednesday, 18 July 2012 18 July, 2012 _________________________________
A disgruntled former career cruising employee of Texas Auto Center chose a creative way to get back at the Austin-based dealership: He hacked into the company s computers and remotely activated the vehicle-immobilization system, which triggered the horn and disabled the ignition system career cruising in more than 100 of the vehicles. The dealership had installed the system in their cars as a way to deal with customers who fell behind on their payments.
Out-of-control honking horns may be annoying, but other types of hacking, career cruising such as cutting the engine of unsuspecting drivers, career cruising could have deadly consequences. Although most experts agree there isn t an immediate risk, vehicle hacking is something that bears watching.
With the increasing computerization of vehicles of all types, observers have longer-term concerns over the vulnerabilities of trucks, delivery vans, rental cars and consumer autos. A malicious hacker could, in theory, disable the vehicles, re-route GPS signals or otherwise put employees, customers career cruising and the company as a whole in danger.
Consumers are getting worried about the safety and privacy risks that come with today s connected cars, according to a Harris Interactive poll released last week. For their part, auto makers and industry association spokesmen responded career cruising that they are adding electronic features carefully and based on market research.
Modern vehicle engines bear little resemblance to the engines of the past. Engines originally consisted of various mechanical career cruising devices assembled around a combustion engine. Within the past 20 years, cars have evolved to contain a complex network of as many as 50 to 70 independent computers, electronic control units (ECUs) with up to 100MB of binary code. Automotive ECUs originally entered production in the U.S. largely in response to California s automotive-emissions reduction law, first passed in 1961, and then the subsequent federal Clean Air Act, passed originally in 1963, strengthened considerably in 1970 and updated since then.
ECUs measure the oxygen present in exhaust fumes and adjust the fuel/oxygen mixture before combustion, which improves efficiency and reduces pollutants. Over time these systems have become integrated into nearly every aspect of a car s functioning, including career cruising air bag deployment, steering, braking and other real-time systems.
In the mid-1990s car manufacturers began integrating more powerful ECUs with peripherals such as GM s OnStar system, which is a combination GPS, emergency response unit and vehicle recovery system. career cruising An OnStar-equipped car can analyze its on-board diagnostics as the car is being driven, detecting problems and alerting the driver to any issues that require a visit to the repair shop.
These ECUs connect to one another and to the Internet, making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.
The Austin case is a fairly particular case in that they had an add-on system that specifically gave them the ability to wirelessly immobilize the cars, says Stefan Savage, professor in the department of computer science career cruising and engineering at the University of California, San Diego. It s not a standard feature on most automobiles.
AT T exhibitors show off the new Ford Focus Electric car at the CTIA Conference in New Orleans in May 2012. The MyFord career cruising Mobile career cruising system will connect through the AT T wireless network, which allows car users to remotely access the car using standard wireless technology, according to Ford. Some security experts wonder if standard career cruising wireless hacking techniques will become a problem. REUTERS/Sean career cruising Gardner
Generally speaking, these types of systems are there to disable the vehicle in the event of theft and enable their eventual recovery, says Savage. This was not a case of hacking into a system or creating new functionality that didn t exist before, he explains. But that s not to say it can t be done. In our research we demonstrated taking over a car through a software vulnerability and creating a completely new piece of functionality that did not exist before, he says.
GM s OnStar service, which also helps recover stolen vehicles, career cruising is currently the only vendor advertising that capability as a standard feature, says Savage. However, the set of cars for which a clever adversary could create a new capability to shut down the car is likely quite a bit larger.
One of the saving graces is there are relatively few motivations to stealing vehicles via a sophisticated hack, Savage adds, because of the complexity involved and the need to spend some serious cash to be able to pull it off. There is a theft motivation. But while we ve been able to demonstrate a computer attack and steal cars, frankly career cruising it s still easier to use a Slim Jim, he says, referring to the classic lock pick.
The Austin scenario could not happen to a system that is not networked, says Dan Bedore, director of product communications at Nissan North America. Our vehicle control career cruising modules are discrete systems and are not networked. So any scenario that involves hacking a car would be limited to a single unit.
Nonetheless, a fair number of vulnerabilities in car computer systems currently exist, says Savage, although he feels it will be a while before computerized attacks are preferable to physical ones. The most likely scenario where you have to worry are disgruntled attacks, where people are trying to sow havoc, he says.
There are two main ways an attacker could theoretically gain access to a car s internal network. The first is by physical access, such as a mechanic, a valet, a person career cruising who rents a car, an ex-friend or car owner, someone with momentary access to the vehicle. The attacker could insert a malicious component into a car s internal network via the OBD-II port, typically located under the dashboard. A brief period of connectivity career cruising embeds the malware career cruising within the car s components.
One of the attacks we staged took advantage of vulnerability in the diagnostic tools used at dealerships, says Savage. We built a virus that could get into a dealership and then could affect the diagnostic tools. So whenever a car was brought into the dealership and the diagnostic tool was connected to the car it would infect the car.
Savage and his team built a package that, upon taking over the car, would then contact his team s servers via the Internet and request further instructions. At that point we could download just about any functionality we wanted disable the car, listen to conversations in the car, turn on the brakes, etc.
Access may also happen via numerous wireless interfaces. Cars are not only becoming more computerized internally, but that they are becoming increasingly connected to the outside world, says Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington. She calls this interconnectedness a concerning trend.
Today s cars are connected to the cell phone network and to the Internet via systems including OnStar, Ford Sync and others, Roesner explains. They have Bluetooth connectivity, short-range wireless access for key fobs and tire pressure sensors, they support satellite radio and they also have inputs for CDs, iPods, USB devices and others, he says.
Thefts of BMWs in the U.K. recently spiked as thieves discovered career cruising they could bypass career cruising the car s alarm system and immobilizers. Using devices that plug into the car s OBD port, thieves programmed blank key fobs and drove the stolen cars away.
Reports indicate that such thefts appear to work similarly: After gaining access to the vehicle, either by breaking a window or via a nearby RF jammer which blocks the fob lock signal from reaching the car, thus preventing the car owners from properly securing their own vehicle even if they think they have thieves gain access to the car s OBD-II connector. This allows the thief to gain access to the car s unique key fob digital ID, enabling him to program a blank key fob on the spot, insert the key and steal the car.
In a statement by BMWs U.K. media relations manager, Gavin Ward, the company noted it is aware of and investigating the security loophole. The loophole affects all BMW series models, from the 1 to the X6.
We liken this increase in connectivity career cruising to the desktop computing world before career cruising the Internet: Security vulnerabilities on disconnected career cruising machines suddenly career cruising became very important when computers were networked together, says Roesner. There s even talk among auto manufacturers about creating app stores for cars. We re at the same point in the evolution of computerized automobiles.
Studies conducted by Roesner and her colleagues show the OBD-II port as the most significant automotive interface for hacking purposes. This port provides access to the vehicle s key controller area network buses and can provide sufficient access to affect the full range of a vehicle s systems.
Alternatively, hackers may deliver malicious input by encoding it into a CD or a song file, which may live on an iPod or other MP3 player, or by installing software that attacks the car s media system when it connects to the Internet.
Currently, the Internet is only a hypothetical vulnerability, however, says Roesner. In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio.
In our research, we showed career cruising that attackers with access career cruising to the car s network can completely control most of the car s computerized career cruising components, she says. This could allow an attacker to sabotage an automobile disable the brakes career cruising or lights, for instance
No comments:
Post a Comment