Real World Attack-General Motors Corvette
Brakes
There
are not specific models or manufacturers that are immune from vulnerabilities
or attack. The attackers look solely for vulnerabilities regardless of the
target. There is not a strata in the automobile industry that is perfectly
designed or manufactured. This is the case with General Motors. There
consistently have been issues with one piece of equipment when attacked to the
vehicle– the dongle. These two factors were applied with an attack from 2015 on
the GM Corvette and its brake system.
The
GM brake system was attacked via a dongle manufactured by Mobile Devices
plugged into the OBD-II port (Young, 2015; Foster, Prudhomme, Koscher, &
Savage, 2015; Zorz, 2015; Goodwin, 2015; Amir, 2015). This was the Metromile
dongle (Mathews, 2015; Schupak, 2015). The dongle is commonly used by insurance
agencies and fleets (Snyder, 2015) for tracking and reporting purposes.
In
this attack, the deviant only needed to know or acquire the IP address and
phone number attached to the vehicle (Kovacs, 2015). Gathering this information
is not difficult or labor intensive. With this in hand, the attackers then sent
an SMS message to the dongle. This is connected to the CAN bus, which controls
the vehicle’s components used to drive the vehicle and other functions. This attack was directed explicitly to a 2013
Corvette (Young, 2015; O’Keefe, 2015). In exploring this attack vector, the
attackers at first targeted the windshield wipers and brakes. Once this vector
was known to be a viable avenue, other attempts would be made. The additional
targets were the door locks, steering, and transmission.
Once
connected to the OBD-II port, the attack was completed without authentication
(Kovacs, 2015). This in itself is a significant security issue in the
architecture. This was later patched (Young, 2015) and the vulnerability
mitigated.
References
Amir,
W. (2015, August 12). Researchers show how to hack a corvette with a text
message. Retrieved from https://www.hackread.com/hack-corvette-with-text-message/
Foster,
I., Prudhomme, A., Koscher, K., & Savage, S. (2015, August 10-11). Fast and
vulnerable: A story of telematics failures. WOOT,
2015. Retrieved from http://www.autosec.org
Goodwin,
A. (2015, August 11). Researchers hack a corvette’s brakes via insurance black box.
Retrieved from http://www.cnet.com/roadshow/news/resarchers-hack-a-corvettes-brakes-via-insurance-black-box/#!
Kovacs,
E. (2015, August 12). Researchers hack car via insurance dongle. Retrieved from
http://www.securityweek.com/researchers-hack-car-insurance-dongle
Mathews,
L. (2015, August 11). Corvette hijacked by hacking its insurance dongle.
Retrieved from http://www.geek.com/news/researchers-hijack-a-corvette-by-hacking-its-insurance-dongle-1630857/
O’Keefe,
S. (2015, August 12). Researchers wirelessly hack a corvette’s brakes using an
insurance dongle. Retrieved from http://www.itsecurityguru.org/2015/08/12/researchers-wirelessly-hack-a-corvettes-brakes-using-an-insurance-dongle/
Schupak,
A. (2015, August 12). Hackers hijack a corvette via text message. Retrieved
from http://www.cbsnews.com/news/hackers-hijack-corvette-via-text-message/
Snyder,
B. (2015, August 12). Corvette hack is one more reason to be wary of connected
cars. Retrieved from http://www.cio.com/article/2969358/consumer-electronics/corvette-hack-is-one-more-reason-to-be-wary-of-connected-cars.html
Young,
A. (2015, July 28). Car hacking: Security experts caution automakers on greater
need for cybersecurity and anti-hacking measures. Retrieved from http://www.ibtimes.com/car-hacking-security-experts-caution-autmakers-greater-need-cybersecurity-anti-2026472
Young,
R. (2015, August 11). Hackers cut a corvette’s brakes via a common car gadget.
Retrieved from http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/
Zorz,
Z. (2015, August 12). Researcher’s hack corvette via SMS to plugged-in tracking
dongle. Retrieved from https://www.helpnetsecurity.com/2015/08/12/researchers-hack-corvette-via-SMS-to-plugged-in-tracking-dongle/
No comments:
Post a Comment