DJWLDW

Ok this is for those who are way more tech savvy then me. I was watching a news show and they were talking about this vehicle hacking that is in the news. The host said " wait until they upload malware to your $80,000 Lexus and hold it hostage like they have done on computers. Is this possible with our cars? You know he was talking about US.

Dennis

dlbuckls10

Vulnerability is always exist in our high tech world but I believe vehicle hacking by uploading malware is more hype than factual.

DiggerJim

That's what the manufacturers thought. 4 yrs ago it required a wired connection to the vehicles OBDII port. So they laughed it off (although lots of miscreants might consider popping an OBD monitor into someone's car to stalk them and I'd wager most people wouldn't notice something plugged in down there.

Since then all of the car manufacturers have been racing to get the cars connected to the Internet. Guess what, they're just computers on the Internet now. Computers that happen to have cars attached.

Anyone who thinks there's some magical protection that computers that are cars have against worms, viruses and malware is naive at best. Doesn't matter what else the computer does if it's connected to the 'net, it's just another computer waiting for an exploit.

How much would you pay to have your car returned to normal operation after a hacker shuts it down and prevents it from ever starting again? Cyber ransomers have a pretty neat little incentive to figure out how to do it. Unlike randomly targeting PCs on the Internet without really knowing if the owner has money, target new ultra-expensive cars and you know they have money

If you have Enform enabled on your Lexus you should be concerned.

Me, I'm glad my '08s don't do anything more than connect to my phone with Bluetooth.

BTW, I'm doing some work with a related auto manufacturer to gather telematics data from their cars - they plan to have the ability for the car to report it straight from the ECU to the cloud built into every single car they make by 2017. Non-optional. No consumer costs (or at least none that they're going to identify as the pass it on in increased price of the car). Several hundred data items, every 10 seconds, on every vehicle.

DJWLDW

Jim

Are the 2010 LS 460L's at risk? I have no onboard WIFI connection that I am aware of but we do have GPS?

Dennis

DiggerJim

It's not the WiFi that you have to worry about - it's whether the car connects to the Internet. Lexus' Enform app (and Toyota's Entune) are Internet connected - that's how you get apps like Pandora, etc. The car has an embedded cellular phone for reporting back to the mother ship. Yes it's got a GPS (even if you don't have Nav). That's how the Safety Connect, tracking, destination, mobile link, etc communicate.

How do you think you can lock or unlock your car from your cell phone (MobileLink) when you're miles away?

It's supposed to be on the 2010-current (the new 2015 model years have a different nav system so the 2010-2014 model years can't use the latest app suite but their existing ones can still cook along fine) but my 2008 LS600 can receive messages from Lexus and display them on the Nav screen. That tells me they can track me & target my car (the messages are dealer specific) specifically. The SOS button on the older cars was supposed to need to be pushed to reach Lexus help but I know that BMW allowed the car to reach out on its own and communicate with BMW directly even though it was supposed to require a push button push so I wouldn't put it past any mfg to have programmed in a fair number of triggers that allow the car to reach out without you knowing it's doing it.

DJWLDW

Jim

I have a flip phone. The type where it rings you flip the front up and say hello. You talk for a moment and then you close it. Then you go on with your life.. Sorry no apps in my world. I am old school if you want to communicate with me you can send me an e-mail or call me on my flip phone.

Dennis

jmcraney

See, we knew this was coming.

DiggerJim

I can relate

I'm really not sure why my car needs to have Pandora, Bing, etc. I can do those on the phone and they're not nearly as easy to use when using them through the nav screen on the LS. (Same with my daughter's Rav4 by the way.) But having them available on the car is an indicator that you're Internet connected and you're at risk.

On the other hand, even without them, you've got a GPS and a cell connection built into the car (regardless of whether you've got a cell phone). That's what the SOS uses. It's 2 way and does not need to be activated by you - they can reach out to you if they get the airbag deployed signal and they send Lexus alerts (some of which are dealer specific so they know who you are - they're not just broadcasting to every Lexus) so it seems we're always connected in a way that the hacking exploit can take advantage of.

jamodeo

iTrader: (1)

**Disclaimer: I am not an expert on this, these are my opinions and how I have come to understand it.**

I will try to explain this in as much english as possible from how I understand it... First, I believe Uconnect is the fiat version of enform to put it in perspective. If you are talking about the recent, I think Jeep (It was one of the Fiat group manufacturers) hack. The hackers were able to obtain access to a module inside the "Uconnect" module, and actually rewrite the firmware (firmware: permanent software programmed into a read-only memory) to allow it interaction and instruction with other functions of the car that also utilize the CAN bus network (almost everything is interconnected in the car via CAN bus). The hackers need to first obtain the IP address of the car, then modify the firmware inside that specific chip to exploit the vulnerability. These hackers gave all this info to the manufacturer a long time ago, but will be releasing information publicly regarding the vulnerability in hopes of pushing and or helping manufacturers increase security ALTHOUGH they say they are not publishing the firmware hack for the Uconnect module.

This still poses a huge issue as other hackers can try and reverse engineer how the hack works, but there is still a lot that goes into it. Not to say someone won't figure it out tomorrow and start messing with cars but TV and media make it out to be like any person carrying a laptop with stickers on it can figure this stuff out, and while that might be true for some, its not all that simple.


-Joe

Doublebase

Absolutely priceless!! And it's 100% true! The criminals made things so much easier for the Feds.

mdpresco

^^^^ and the Feds have made it much easier for the criminals. Some of this technology will be used to tax electric vehicle owners for the miles driven.