In the overall scheme of our reality, vehicle hacking is
relatively a new area of research. This timeline was in place due to advances
in computer technology. One of these was placed in the vehicle and as began to
be used more throughout the vehicle, this became more of a target for research
and criminal activities.
The first significant
manifestation was the infamous Jeep hack with Charlie Miller and Chris Valasek
(Weise, 2016). This was widely publicized and was a sensation on YouTube. With
this they were able to stop a car and disable its brakes when the vehicle was
moving under 5 mph. After further research and application of effort, these two
were able to take control of their steering and brakes while the vehicle would
be driving up to 30 mph. Both of these attacks have the ability to create a bit
of chaos for the driver whenever the attackers would want.
Since the initial
published attack, this has garnered much more attention from academics,
researchers looking for topics, law enforcement, and others. This focus has
been on all aspects of the vehicle, including but not limited to the tire
pressure monitoring system (TPMS), key fobs, communication to and from the
vehicle, among other points.
Application
As vehicle security has been published in peer-reviewed
journals, newspapers, magazines, television, and YouTube, a portion of the
audience does not have the most altruistic intentions. A case in point, two men
were arrested in Houston for stealing over 100 cars (Associated Press, 2016;
Krisher, 2016). This was not part of a movie script but the workings of a
criminal venture. The two criminals used only a laptop, a blank key fob, and
software to commit the crime (Goudie, 2016).
These two were able to reprogram the vehicle’s security
system with these simple tools. They were able to acquire a database with
access codes used to program the key fobs for certain FCA vehicles. These codes
are not generic across all lines of business, but are specific. These codes are
used to program the fob for each vehicle (Graczyk & Krisher, 2016).
For the specific attack, they gained access to the
vehicle’s engine compartment and cut the wires to the alarm system. From this
point they programmed a fob for the vehicle using the VIN and code from the
database. The entirety of the attack took six minutes (VOA News, 2016). The two
deviants would then steal the car with ease.
This attack is solely possible due to the computers being
more advanced and connected in the vehicle. The computers had the ability to
better the user experience, which is a benefit. These are also used as a
marketing tool as it has become expected from the vehicles. As these are
important, the implementation of security is likewise pertinent.
Target
There are under a dozen significant vehicle manufacturers
across the globe. From these, there are hundreds of different distinct models
to choose from over the last decade. The thieves chose the new Jeep and Dodge
vehicles (VOA News, 2016; Krisher, 2016). These were chosen for two reasons.
The database that was acquired were for these vehicles. Also these vehicles
tend to sell for higher prices in Mexico, which is where the vehicles were
going to be sold after the theft (Krisher, 2016).
Future
The increase in use of computers and their connectivity
has certainly provided a new avenue to steal vehicles. This incident is not the
first, and certainly won’t be the last set of thefts using and the technology
connecting the vehicle. The technology has increased the number of known and
yet to be known points and vulnerabilities to attack. These can be translated
into theft opportunities. With this attack, the criminals only needed very few
items. These were completed in the middle of the night. By the time the owners
awoke for another productive day in society, their vehicle was long gone in
another country and in the process of being sold.
Defenses
All is not lost. There are actions to use in order to
better secure the vehicles. The manufacturers need to provide better defensive
measures. At present there are and continue to be several vulnerabilities in
the vehicles. To combat this, there cannot be a single point of defense, but
there needs to be a defense in depth (VOA News, 2016). The manufacturers have
to make it much more difficult to breach the vehicle. The industry best
practices need to be applied to the vehicle’s defenses. This should be kept
safe much like any network.
Without this, there will continue to be issues that will
grow in frequency and intensity. No one wants to be a victim, however we need
to work towards a better solution.
Remediation
FCA has taken this latest breach in security abundantly
in a serious mode. Although the coes are in the wild, FCA is working towards an
attempt to limit person’s motivation to secure the database. FCA is threatening
criminal and civil actions against anyone providing these codes for the fob
keys, codes applicable to the radios, and other anti-theft measures against
non-authorized parties (Vellequette, 2016). This is clearly noted and published
with the FCA amended terms of use also. FCA had to address this issue directly.
With these codes, the person is able to unlock the vehicle doors, which allows
the person to steal the vehicle. At this junction, this may be the best course
of action.
References
Associated press. (2016, August 7). Cops:
Laptops used to reprogram, steal 100 cars. Retrieved from http://www.newsday.com/classifieds/cars/jeep-dodge-cars-stolen-after-laptop-reprogrammed-vehicles-security-system-cops-say-1.12143366
E-Hacking News. (2016, August 5). Hackers stole
more than 30 jeeps. Retrieved from http://www.ehackingnews.com/2016/08/hackers-stole-more-than-30-jeeps.html
Goudie, C. (2016, August 4). Computer carjacking
risk becomes reality. Retrieved from http://abc7chicago.com/news/computer-carjacking-risk-becomes-reality/1457581/
Graczyk, M., & Krisher, T. (2016, August 5).
Police: Laptop used to reprogram, steal more than 100 cars. Retrieved from http://www.heraldonline.com/news/business/article93910927.html
Krishner, A.T. (2016, August 7). Suspected car
thieves reset vehicle’s security systems. Retrieved from http://www.pressherald.com/2016/08/05/police-texas-car-theft-suspects-reset-vehicle-security-systems/
Vellequette, L.P. (2016, August 27). FCA moves
to lock down security codes. Retrieved from http://www.autonews.com/article/20160827/OEM/308299963/fca-moves-to-lock-down-security-codes
VOA News. (2016, August 7). Hackers use computer
to steal cars. Retrieved from http://www.voanews.com/content/us-car-thefts/3454284.html
Weise, E. (2016, August 4). Car hackers say
they’ve hijacked jeep brakes. Retrieved from http://www.usatoday.com/story/tech/news/2016/08/04/car-jackers-say-theyve-hijacked-jeep-brakes-88180342
No comments:
Post a Comment