Wednesday, 27 March 2013

How cars security are exploited and counter measures

THE HACK: A car’s telematics system, which can notify police in the event of a crash, remotely disable a stolen vehicle, and offer diagnostic information to customers, can also interface with multiple vehicle systems. Therefore, after gaining access to the telematics system, it’s possible to control the systems connected to the CAN bus. A hacker could, for example, disable a car’s ignition the same way an anti-theft system would.
THE DEFENSE: To demonstrate this kind of hack, researchers had to master and reverse-engineer an entire telematics system. Still, forward-looking automakers are already beefing up the security of external communications and in-car networks. OnStar, for example, has a “white list” of approved computers that are allowed to connect with cars.

THE HACK: Naughty boy. You downloaded your Odd Future tunes from an unauthorized file-sharing service. Little did you know that version of Goblin contains code that battles its way to your car’s CAN bus and disables your brakes.
THE DEFENSE: As infotainment systems gain functionality, carmakers are shielding them from more vital components without jeopardizing vehicle integration. “We harden all our safety-critical systems,” says OnStar’s security chief Gassenfeit. GM’s newer cars, such as the 2011 Chevy Volt, verify any data sent between two systems the same way online retailers process credit cards.

THE HACK: Just as smartphone manufacturers have app stores in which thousands of programs developed by third-party companies are available for download, carmakers are expanding their infotainment offerings through downloadable software. If a rogue app contains malware or a virus, however, it can infect your car without your knowledge.
THE DEFENSE: Carmakers are very strict in selecting which apps make it onto their systems. Ford’s MyFord Touch and Toyota’s Entune allow only a handful of preapproved programs, while GM’s MyLink goes so far as to route all software through remote servers so that users won’t inadvertently install infected apps on their cars.

THE HACK: The researchers at CAESS wrote a program that searched for and exploited vulnerable communications points where vehicle systems interface. They installed that program onto the car’s CAN bus through the OBD-II port. Once on the network, the program could control every system from the windshield wipers to the brakes. This is the most direct way to hack a car, as it sends code directly to the CAN bus.
THE DEFENSE: Until recently, most of the data sent among vehicle systems had not been encrypted, leaving cars wide open for enterprising hackers. Now, carmakers are starting to adopt routine security protocols from the information-technology field, such as protecting files with digital signatures. “What’s pretty much standard IT is now being applied to the automotive sector,” says Gassenfeit.

THE HACK: In most modern cars, the power-locking mechanism is connected to other vehicle systems so that doors can lock automatically when a car is put into drive and unlock if the airbags have been deployed or the keys are locked inside. That interconnectivity, theoretically, means that the locking mechanism can be breached to access other systems. If accelerating can engage a car’s power locks, a skilled hacker could use the power locks to force that car to accelerate.
THE DEFENSE: Infotainment and onboard diagnostic systems are still linked by a physical connection to the module that controls functions such as steering and braking, but on some systems, such as Ford’s, that connection goes only one way. “The only thing we allow is for the real-time module to send messages in one direction,” says Ford’s Strader.

THE HACK: It sounds like one of those warnings that shows up in chain e-mails every few months, except it’s true. A wireless key fob is supposed to unlock and/or start the car only when the person holding the key-fob is directly next to the vehicle or already sitting inside. However, Swiss researchers have found a way to intercept and extend the signal up to 30 feet with parts that cost less than $100. The setup doesn’t replicate the signal—it just extends its range so the car thinks the key fob is closer than it actually is.
THE DEFENSE: There’s not much a car manufacturer can do here. These hackers haven’t broken the key fobs’ encryption in any way—they’ve just extended its range with a radio repeater. So keep an eye out for anyone loitering in a parking lot and holding a homemade antenna.

Remote attacks to hack and set cars to self-destruct?

Let’s say you’re driving and otherwise minding your own business, when like a scene out of Mission Impossible, a malicious hacker launches a “Self Destruct” attack on your vehicle. It could happen according to the Center for Automotive Embedded Systems Security. “It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.” McAfee executive Bruce Snell told Reuters, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary." Conversely, in regard to how vulnerable vehicles are to high tech hack attacks, John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said "You can definitely kill people."

The headlights go off; you’re touching the steering wheel but the car is instead responding to the steering of an unseen attacker, the brakes don’t respond no matter how hard you stomp on them because someone 1,000 miles away has remote control of your vehicle. It might seem like your car is haunted if it suddenly responded to nothing you did and everything an outside attacker did, but it’s not a job for Ghostbusters. So who you gonna call? How about Barnaby Jack! He’s made ATMs spit out cash like a person hit the big-time jackpot and showed the public just how easily medical devices can be remotely hacked in a public space from 300 feet away from the victim.

Although some news stories make it sound like McAfee Security Researcher Barnaby Jack just joined the hacking team to attack embedded devices and protect vehicles from viruses, Jack is a member of the McAfee TRACE (Threat Research and Central Intelligence Experts) team who specialize in embedded device security. Jack is part of the TRACE team investigating how to protect embedded systems, hardware and devices from next-generation hacking attacks. That research includes finding and fixing vulnerabilities such as those in medical devices and car systems. As we read about the endless attack vectors in the computer with four wheels in which we sit inside and drive at high speeds, it makes us feel a bit better to know Jack is on the job.

McAfee Labs is not the only security firm predicting [PDF] embedded hardware is "the promise land for sophisticated hackers." SANS Technology Institute reported on 2012 - 2013 security predictions, including malware that morphs into scareware and attacks embedded systems in your vehicle. Possible scenarios included being locked out or locked inside until you pay a ransom via your smartphone. Electronic control units (ECUs) connect to one another and to the Internet, “making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.” These ECU interconnected systems, ranging from the engine, brakes, navigation, lighting, ventilation, music and entertainment systems, and even Bluetooth headsets in cars, are vulnerable to remote attacks.

While some concerns are more privacy-centered, like your car’s black box is spying on you and may be used against you in court and the Nissan Leaf secretly leaking your location and speed to websites, other research, like war texting to steal a car or hacking to pwn a cop car, focuses more on security. SNOsoft Research exposed the level of risk associated with cars built after 2007 when it delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Another example was when Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego, created a virus to infect dealership diagnostic tools and pass the infection on to any car connected to it afterwards. Then his team, via the Internet, could “download just about any functionality we wanted -- disable the car, listen to conversations in the car, turn on the brakes, etc."

"Basically anything under computer control in a car is vulnerable to malicious attack," reported computer scientist Stephen Checkoway. “This includes the brakes, engine, lights, radio, wipers and electronic display. If a computer controls it, it can be controlled by an attacker.” Checkoway warned, that malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers."

Even doctored CDs inserted into players could be used as a vehicle attack vector [PDF]. Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington, explained that hackers could “deliver malicious input by encoding it into a CD or a song file, which may ‘live’ on an iPod or other MP3 player, or by installing software that attacks the car's media system when it connects to the Internet.” Roesner added, “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio."

Other car hacking and remote access warnings included that attackers could exploit computerized car components for sabotage, espionage, GPS tracking and overriding theft detection/prevention systems. Recently high tech car thieves stole a BMW in three minutes by using the on-board diagnostics (OBD) port to reprogram a blank key fob from outside the vehicle, used the cloned “key” to unlock and then make off with the BMW.

You probably don’t need to worry overmuch about this right now, but the fact that all these action/adventure or sci fi movie-type car hacks are possible is pretty alarming and sickeningly fascinating. At best, such an attack would freak us out; at worst, it could possibly crash and kill us.

cars and hack attacks

Hacking a car, once the stuff of spy novels and science fiction, is fast becoming a serious threat, forcing the industry to consider how to protect vehicles against cyber attacks.

“Cars are becoming connected devices,” said Ralf Lamberti, head of telematics and infotainment at Daimler. “[We’re] protecting vehicles with state of the art [equipment] to ensure attacks don’t happen.”

The modern car is, in essence, a sophisticated mobile computer, with software and electronics accounting for as much as 50 per cent of its value. Vehicles are fitted with long lengths of cable, several hundred megabytes of software and multiple computer networks.

Carmakers have also responded to demand from consumers for constant connectivity by installing wi-fi hotspots and cellular and Bluetooth connections. Each new connection and electronic device adds a potential target or means for a hacker to attack.

“The risk of car hacking today is still rather low since today’s car IT systems are still very heterogeneous, which requires costly, individual attacks,” said Marko Wolf at Escrypt, a security consultancy which helps customers in the automotive industry. “However, various successful proof-of-concept attacks have shown that risks for data security and privacy are real and they will increase with the increasing external connectivity of modern cars”.

In one scenario, tested by researchers at the University of California San Diego and the University of Washington, a car drives down a disused airport runway at 40mph. Behind it, a cyber attacker in a chase vehicle unleashes a digital payload from his laptop. Suddenly the electronic braking system of the car in front is disabled, leaving the helpless and frightened driver unable to stop.

“All major carmakers are aware of the necessity for protecting cars against security issues,” Mr Wolf said. “Most carmakers already have implemented various security protection solutions and have dedicated security divisions.”

Ford engineers try to ensure that the company’s Sync communications and entertainment system is as resistant to attack as possible. “We use a “threat-modelling” methodology to review potential attack vectors and security issues, and then have designed controls to address those items,” a company spokesman said. “Our hardware has a built-in firewall and separates the vehicle control systems network from the infotainment network and functions.”

Jack Pokrzywa at SAE International, a standard-setting organisation for the automotive industry, said the increasing use of electronics in vehicles “presents a challenge to the industry like never before”.

SAE has formed a committee to develop standards for electrical systems security which includes representatives of carmakers, suppliers, semiconductor manufacturers, and security and consulting firms. It aims to identify scenarios for possible cyber attacks on vehicles and outline strategies and techniques to prevent these security breaches.. 

Apple ID accounts reportedly vulnerable to password reset hack

 Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino's system was discovered and first reported by The Verge. Turns out you can reset any Apple ID password with nothing more than a person's email address and date of birth -- two pieces of information that are pretty easy to come across.

There's a little more to the hack, but it's simple enough that even your non-tech savvy aunt or uncle could do it. After entering the target email address in the password reset form you can then select to answer security questions to validate your identity. The first task will be to enter a date of birth. If you enter that correctly then paste a particular URL into the address bar (which we will not be publishing for obvious reasons), press enter, then -- voilĂ  -- instant password reset! Or, at least that's the story. While we were attempting to verify these claims Apple took down the password reset page for "maintenance." Though we've received no official confirmation from Apple, it seems the company is moving swiftly to shut down this particularly troublesome workaround before word of it spreads too far.

Update: We've heard back from Apple on the matter, which stated, "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix." No real surprises that a fix is in the works, but there you have it from the horse's mouth.

Update 2: The forgotten password page is back as of last Friday evening -- that was (relatively) quick. iMore reports (and we've verified ourselves) that the security hole is now closed

5 CyberCriminals arrested for stealing 2 million Euros via e-banking hacks

Slovenian Police performed 12 house searches and arrested five cyber criminals who are believed to be responsible for the malware attacks that steals money from companies bank accounts.

It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks. The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.

The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.

"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.

The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft. According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.