Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Researchers to Show How Hackers Might Access Cars Remotely

    By
    Sean Michael Kerner
    -
    July 23, 2015
    Share
    Facebook
    Twitter
    Linkedin
      automobile hack

      Security researchers Charlie Miller and Chris Valasek have made a career out of hacking cars. Valasek is the director of vehicle security research at IOactive, and Miller is a security researcher at Twitter.

      At 3 p.m. PT on Aug. 5 at the Black Hat USA security conference, the pair are set to provide new details on car hacking in a session titled, “Remote Exploitation of an Unaltered Passenger Vehicle.” As has been their custom in the last three years, Miller and Valasek have provided an early demonstration of their research to a media outlet to stoke the fires of media hysteria about the risks of car hacking.

      In 2013, Miller and Valasek first gave a talk at the DEFCON security conference about the risks of car hacking. That talk wasn’t originally considered to be at a level that the Black Hat show organizers wanted, so the research wasn’t presented at Black Hat 2013.

      In 2014, Miller and Valsek re-doubled their efforts in a bid to crack the session list for Black Hat. “[In 2013], our talk got rejected at Black Hat, so we wanted to come up with something that would be accepted this year,” Miller said during his Black Hat USA 2014 talk.

      The 2014 talk provided guidelines on how to determine how vulnerable a modern vehicle is to hackers. For the most part, all of the attack surfaces Miller and Valasek described in 2014 required an attacker to have some form of physical access to the car.

      For the 2015 attack, the new trick is allegedly that the security researchers can attack the car remotely. “In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle,” the Black Hat abstract on the talk states. “Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units.”

      In the pre-show video demonstration, Valasek notes that he and Miller had to break into the car via the cell network and then were able to move laterally to control different aspects of the vehicles operations. The vehicle in question is a 2014 Jeep and the exploitation occurred due to a software vulnerability in Chrysler’s uconnect infotainment system. The two researchers have stated that they have alerted Chrysler to the flaw and an update is available. To see if your Chrysler vehicle needs the update, check out the uconnect update site.

      Hype and hysteria related to car hacking has been a key part of Miller and Valasek’s research for the last three years. After all, who wouldn’t be afraid of having their car hacked?

      For the first two iterations of the research, there was always the caveat that physical access was needed and the car was, in some way, tampered with or modified. There was also the catch that in order to manipulate the vehicle, Bluetooth, a close range proximity protocol, was needed. With the new research, the promise of an unaltered vehicle and remote access via a cellular connection changes the game.

      It also, in my opinion, should make it easier to fix and defend against, since there is a key lynchpin in the research, the cellular network itself. We don’t know the exact vulnerability yet. The two researchers aren’t going to disclose that until Black Hat, but they have indicated they needed to break into the cellular network.

      That would also imply that other risks that are not related to car hacking could be worrisome. Then again, Miller is no stranger to cellular hacking, either; at the Black Hat USA 2009 conference, he demonstrated how he could take over an iPhone with a malicious Short Message Service (SMS) text.

      The real risk, as Miller and Valasek have pointed out in their 2014 Black Hat talk, is the interconnected nature of some car systems that can enable lateral movement across a car’s capabilities. It’s the same basic type of risk that other security professionals have been talking about in virtualized and cloud networks. That is, a lack of proper segmentation and isolation that could enable an attacker unrestricted movement across what should be disparate network segments.

      While we wait for full details on the latest risks to cars, due to be revealed on Aug. 5, the good news is that security researchers are revealing the details, with patches already available and not in a post-mortem after some catastrophic attack that costs human lives.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×