Why the Next Denial-of-Service Attack Could Be Against Your Car

Author Topic: Why the Next Denial-of-Service Attack Could Be Against Your Car  (Read 659 times)

Offline saikat07

  • Hero Member
  • *****
  • Posts: 630
  • Test
    • View Profile
    • My Web Address
Why the Next Denial-of-Service Attack Could Be Against Your Car
« on: November 22, 2016, 10:42:38 AM »
We haven’t seen the last of the car hacks, says Charlie Miller, the security researcher who in 2014 helped show that hackers can take control of certain models of cars, messing with brakes and steering and other systems while the cars are in motion.

Speaking this week at ARM TechCon, held in Santa Clara, Calif., Miller said that carmakers “are not in good shape now,” but there’s hope for the future as the companies begin to understand the risks when vehicles are connected to the outside world.

a list of vehicles vulnerable to car hacking, including 2013, 2014, and 2015 models of Dodge, Chrysler, and Jeep vehicles
Photo: Tekla S. Perry
Charlie Miller and Chris Valasek were able to scan the Sprint network for vulnerable vehicles. “I’m a good guy, but I was tempted when I found the Viper. I didn’t do it, but I could have changed the radio station so easily,” Miller said.
Miller, currently an engineer at Uber, pointed out the difference between two categories of car hacks—hacks limited to the mobile app or to the head unit (the centerpiece of the audio system), and hacks that reach into the car’s controller area network (CAN) bus.

The latter are significantly more dangerous because brakes, steering, and other critical controls connect to the CAN bus. Yet mobile and head-unit hacks can go beyond simply changing the radio station.

Consider the recently detected vulnerability in the Nissan Leaf mobile app, Miller suggested (it has since been fixed). The password, he says, was the vehicle identification number, typically easy to see through a windshield. You could log in as the owner and, say, turn on the seat heaters. It’s not a safety issue, but, as Miller points out, that’s an easy way to kill a car’s battery. That’s “a denial-of-service attack against a car. Not dangerous particularly, but we’ll see more and more of these,” he says.

Figuring out how to reprogram the [Jeep] chip wasn’t easy. “I would screw it up, and my head unit wouldn’t work anymore. Thank you, Chrysler and their warranty system; eventually we figured out how to reprogram it without breaking it”
—Charlie Miller
The Jeep attack that made Miller and his partner-in-hacking, Chris Valasek, famous was a CAN bus attack. Miller discovered that, although the ARM chip that controlled the entertainment system wasn’t directly connected to the CAN bus, it did connect to a chip that was. And, through that connection, that second chip could be reprogrammed.
Senior Lecturer,
Department Of Electrical and Electronic Engineering
Faculty of Engineering,
Daffodil International University.