Go Back   Club Lexus Forums > General Forums > Car Chat
Sign in using an external account
Register Forgot Password?

14-Year-Old Hacker Shows Auto Engineers How it's Done

Reply
 
 
 
 
Thread Tools Search this Thread Display Modes
Old 02-20-15, 04:50 PM   #1
mmarshall
Lexus Fanatic
Trader Score: (0)
 
mmarshall's Avatar
 
Join Date: Oct 2003
Location: Virginia
Posts: 51,843
Default 14-Year-Old Hacker Shows Auto Engineers How it's Done

http://www.autoblog.com/2015/02/18/1...rise-featured/

A 14-year-old boy may have forever changed the way the auto industry views cyber security.

He was part of a group of high-school and college students that joined professional engineers, policy-makers and white-hat security experts for a five-day camp last July that addressed car-hacking threats.

"This kid was 14, and he looked like he was 10," said Dr. Andrew Brown Jr., vice president and chief technologist at Delphi Automotive.

With some help from the assembled experts, he was supposed to attempt a remote infiltration of a car, a process that some of the nation's top security experts say can take weeks or months of intricate planning. The student, though, eschewed any guidance. One night, he went to Radio Shack, spent $15 on parts and stayed up late into the night building his own circuit board.

The next morning, he used his homemade device to hack into the car of a major automaker.Camp leaders and automaker representatives were dumbfounded. "They said, 'There's no way he should be able to do that,'" Brown said Tuesday, recounting the previously undisclosed incident at a seminar on the industry's readiness to handle cyber threats. "It was mind-blowing."

Windshield wipers turned on and off. Doors locked and unlocked. The remote start feature engaged. The student even got the car's lights to flash on and off, set to the beat from songs on his iPhone. Though they wouldn't divulge the student's name or the brand of the affected car, representatives from both Delphi and Battelle, the nonprofit that ran the CyberAuto Challenge event, confirmed the details.

If car makers weren't taking cyber threats seriously before the demonstration, they were afterward.

"It was a pivot moment," said Dr. Anuja Sonalker, lead scientist and program manager at Battelle. "For the automakers participating, they realized, 'Huh, the barrier to entry was far lower than we thought.' You don't have to be an engineer. You can be a kid with $14."

She described the breach as more of a nuisance attack, and emphasized that, in this case, no critical safety functions, like steering, braking or acceleration, were compromised. But the incident underscored just how vulnerable cars have become.

Security analysts have long expressed concerns over the industry's preparedness in fending off a cyber attack. Those concerns have mushroomed in recent weeks, as German researchers infiltrated BMW's remote-services system and 60 Minutes demonstrated how another research team remotely commandeered control of a Chevy Impala.

Then last week, Sen. Ed Markey (D-Mass.) released a report that criticized automakers' preparations, noting only 2 of 16 car companies surveyed could describe how they would respond to a real-time hack of one of their vehicles.

Experts at Tuesday's conference, sponsored by the Center for Automotive Research, conceded the auto industry got off to slow start in responding to cyber weaknesses. But now, even as they approach the problem with more earnestness, problems remain.

For one, technology companies still have a grip on the experts who best understand cyber-security vulnerabilities in the automotive realm, and those problems are so new that colleges and universities aren't yet producing engineering students who understand the solutions. (Though we know of one student who deserves a scholarship in about three years).

"Those experts don't live in Detroit," said Shawn Slusser, vice president of the automotive business at Infineon.

Even if they were on hand, those engineers would need time to examine and re-draw the network architectures of their cars and bolster the security for every electronic control unit on a vehicle. In the product-planning life-cycle, it could take three to five years for those alterations to reach new vehicles. And that's to say nothing of the 230 million vehicles already on the road.

In short, the car-hacking problem will probably get worse before it gets better.
This ad is not displayed to registered members.
Register your free account today and become a member on Club Lexus!
__________________
mmarshall is offline   Reply With Quote
Old 02-20-15, 05:11 PM   #2
teamisf
Driver School Candidate
Trader Score: (0)
 
teamisf's Avatar
 
Join Date: Jan 2015
Location: CA
Posts: 41
@teamisf
Default

WOW... $14 to hack a car... lol
teamisf is offline   Reply With Quote
Old 02-20-15, 06:11 PM   #3
Sulu
Lead Lap
Trader Score: (0)
 
Join Date: Feb 2011
Location: Canada
Posts: 744
Default

Here are some of my thoughts on this topic, as a mission- and safety-critical systems engineer.

1. This shows that anything is possible, given the will and the way. The will was the gathering of students and engineers for this white-hat ("good guys") hack-a-thon (to learn what is possible). The way was the shopping bag of electronics assembled into a homemade, specific-purpose circuit board.

2. It may be cheaper than you think to do the 'impossible'.

3. BUT, we should not all be incited into mass panic (as other threads in Car Chat have attempted to do) by this news.

While this exercise proved that it is possible to hack into a car's electronic systems, it also showed that a piece of special-purpose equipment (the homemade circuit board, plugged into some interface port, perhaps the OBD II port) is necessary to do so. What it proved is that if someone wants to hack into YOUR car's electronic systems, the bad guy must possess a special piece of electronics, must physically break into your car, and must physically plug this circuit board into some interface port of your car's electronics systems before starting to do his/her dirty deeds.

Why would someone want to go to all this time and trouble just to damage ONE car? If someone does not like you and wants to do you harm, there are other, easier ways to do so than to physically and electronically break into your car.

4. The auto manufacturers should learn from this exercise (and I have no doubt that they have) but it is no cause for alarm at this point. It is another "the sky is falling" story from writers that have little understanding of technology and automotive electronics.
Sulu is offline   Reply With Quote
Old 02-20-15, 06:24 PM   #4
mmarshall
Lexus Fanatic
Trader Score: (0)
 
mmarshall's Avatar
 
Join Date: Oct 2003
Location: Virginia
Posts: 51,843
Default

Quote:
Originally Posted by Sulu View Post
Here are some of my thoughts on this topic, as a mission- and safety-critical systems engineer.

1. This shows that anything is possible, given the will and the way. The will was the gathering of students and engineers for this white-hat ("good guys") hack-a-thon (to learn what is possible). The way was the shopping bag of electronics assembled into a homemade, specific-purpose circuit board.

2. It may be cheaper than you think to do the 'impossible'.

3. BUT, we should not all be incited into mass panic (as other threads in Car Chat have attempted to do) by this news.

While this exercise proved that it is possible to hack into a car's electronic systems, it also showed that a piece of special-purpose equipment (the homemade circuit board, plugged into some interface port, perhaps the OBD II port) is necessary to do so. What it proved is that if someone wants to hack into YOUR car's electronic systems, the bad guy must possess a special piece of electronics, must physically break into your car, and must physically plug this circuit board into some interface port of your car's electronics systems before starting to do his/her dirty deeds.

Why would someone want to go to all this time and trouble just to damage ONE car? If someone does not like you and wants to do you harm, there are other, easier ways to do so than to physically and electronically break into your car.

4. The auto manufacturers should learn from this exercise (and I have no doubt that they have) but it is no cause for alarm at this point. It is another "the sky is falling" story from writers that have little understanding of technology and automotive electronics.
I agree with most of your comments (and you've made some pretty good ones in the past, too.) . This was simply an autoblog article that I found interesting, so I thought I'd share it. However, even if it doesn't justify a full-scale panic (and I agree with you that it doesn't).......it shows how sharp today's kids can be playing with computers and computer-parts. Teen-age hackers have done some pretty impressive things....even getting into top-secret NSA files, which are some of the most closely guarded in the country.
__________________
mmarshall is offline   Reply With Quote
Old 02-20-15, 06:38 PM   #5
corradoMR2
The pursuit of F Sport
Trader Score: (0)
 
corradoMR2's Avatar
 
Join Date: Jul 2006
Location: Toronto, Canada
Posts: 4,560
Default

Yeah, it shows that again and again, when technology exists to protect something, there is (or will be) a way to penetrate it.

If anything, this is great visibility for car manufacturers to take this seriously and invest in beefing up and keeping ahead of the hackers in the area of remote access security.
__________________

___________________________________________________________________________
2015 NX200t F Sport, 2014 IS250 AWD F Sport
IS Build Thread: http://www.clublexus.com/forums/buil...ng-thread.html
NX Build Thread: http://www.clublexus.com/forums/nx-m...ld-thread.html
Previous: '13 RX F Sport, '11 CT, '08 IS AWD, '07 RXh, '04 RX
corradoMR2 is offline   Reply With Quote
Old 02-20-15, 06:54 PM   #6
4TehNguyen
Lexus Fanatic
Trader Score: (0)
 
Join Date: Jan 2006
Location: Houston, Texas
Posts: 18,713
Default

its a good thing Radio Shack is going out of business
__________________
14 IS350 Nebula Gray/Rioja Red + FSport + ML/Nav + JoeZ Intake/Exhaust
06 IS350 Crystal White/Black + Sport/ML + 2014 IS F Sport Wheels
4TehNguyen is offline   Reply With Quote
Old 02-21-15, 12:51 PM   #7
Wandl
Driver
Trader Score: (0)
 
Join Date: Jan 2015
Location: Tx
Posts: 120
Default

Quote:
Originally Posted by 4TehNguyen View Post
its a good thing Radio Shack is going out of business
Hahaha

There was concerns with the Tesla as well in getting non critical systems breached (opening the sunroof or altering radio stations) so it is just a matter of time I suppose. But doubt anyone would go through a lot of trouble for just one car...
Wandl is offline   Reply With Quote
Old 02-21-15, 03:09 PM   #8
Wandl
Driver
Trader Score: (0)
 
Join Date: Jan 2015
Location: Tx
Posts: 120
Default

Quote:
Originally Posted by 4TehNguyen View Post
its a good thing Radio Shack is going out of business
Hahaha

There was concerns with the Tesla as well in getting non critical systems breached (opening the sunroof or altering radio stations) so it is just a matter of time I suppose. But doubt anyone would go through a lot of trouble for just one car...
Wandl is offline   Reply With Quote
Old 02-21-15, 03:55 PM   #9
Aron9000
Lexus Test Driver
Trader Score: (0)
 
Join Date: Aug 2012
Location: TN
Posts: 1,175
Default

Quote:
Originally Posted by Sulu View Post
Here are some of my thoughts on this topic, as a mission- and safety-critical systems engineer.

1. This shows that anything is possible, given the will and the way. The will was the gathering of students and engineers for this white-hat ("good guys") hack-a-thon (to learn what is possible). The way was the shopping bag of electronics assembled into a homemade, specific-purpose circuit board.

2. It may be cheaper than you think to do the 'impossible'.

3. BUT, we should not all be incited into mass panic (as other threads in Car Chat have attempted to do) by this news.

While this exercise proved that it is possible to hack into a car's electronic systems, it also showed that a piece of special-purpose equipment (the homemade circuit board, plugged into some interface port, perhaps the OBD II port) is necessary to do so. What it proved is that if someone wants to hack into YOUR car's electronic systems, the bad guy must possess a special piece of electronics, must physically break into your car, and must physically plug this circuit board into some interface port of your car's electronics systems before starting to do his/her dirty deeds.

Why would someone want to go to all this time and trouble just to damage ONE car? If someone does not like you and wants to do you harm, there are other, easier ways to do so than to physically and electronically break into your car.

4. The auto manufacturers should learn from this exercise (and I have no doubt that they have) but it is no cause for alarm at this point. It is another "the sky is falling" story from writers that have little understanding of technology and automotive electronics.


^ I agree with you for the most part, but remember it was our lack of imagination that led to planes being used as missiles.

Somebody could hack one of those double decker Mega Buses that hold 80 people and cause it to crash. I doubt the bus has such electronic drivers aids like a new S-Class Benz to where the computer can take over steering completely, but I'd imagine it has some sort of anti-skid stability control to where you could hack the brakes or pin the electric throttle wide open.

Click the image to open in full size.
Aron9000 is offline   Reply With Quote
Old 02-22-15, 06:18 PM   #10
pman6
Lead Lap
Trader Score: (0)
 
Join Date: Aug 2012
Location: CALIFORNIA
Posts: 613
Default

man makes it.
man breaks it.
pman6 is offline   Reply With Quote
Old 02-22-15, 06:18 PM
 
 
 
 
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Auto industry continues to grapple with challenges of cyber threats Hoovey2411 Car Chat 1 07-22-14 02:12 PM
How to Hack a Car: Phreaked Out (Episode 2) Joey-E Car Chat 2 06-05-14 10:26 AM
BB&T DDOS'ed leading to accounts being zero'd out O. L. T. The Clubhouse 10 03-04-13 02:17 PM
Keyless Ignition: Theft Threat? spiralynth GS - Third Generation 13 01-04-07 01:41 AM
Big 3 talent jumps ship to more profitable Asians, Europeans rivals Gojirra99 Car Chat 2 04-25-05 01:43 PM


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Forum Jump

All times are GMT -7. The time now is 11:57 PM.

Join ClubLexus

Copyright © 2000-2008 Internet Brands, Inc. All Rights Reserved
Privacy Policy | Disclaimer | Terms of Use | JOBS


Get all contact info