Auto manufacturers are asleep at the wheel when it comes to security

10 maart 2018

Cars are getting smarter every year but their increasing computational power isn’t being backed up by good IT security practices – hacking them is child’s play.

That’s the conclusion of a series of speakers at the Kaspersky Security Analyst Summit. These security researchers have demonstrated how easy it is to introduce software into vehicles to steal data, take control of vital functions, get around alarm and electronic key systems and even crash the car.

“Most cars these days are essentially computers running on four wheels,” said Stefan Tanase, principal security researcher at Romanian network testing shop Ixia.

“The only difference is when you have a problem with computer it won’t affect your physical security, but a car can put your life in danger and automotive security is something that the industry needs to take seriously.”

His fellow researcher Gabriel Cirlig recently bought a car and they decided to see how difficult it would be to hack. It proved to be astonishingly easy. They even managed to turn it into a war-driving machine that could spot and log open Wi-Fi connections.

Cirlig found some code on an open car hacking website that claimed to be able to give root access to a car’s control systems. After using the autorun-enabled USB port, he added the code and found it worked like a charm and tunneled into the car’s infotainment system.

What he found was rather disturbing. When he had connected his phone to the car earlier, it had crawled his entire address book and email list, taken a copy of SMS messages and logged his most visited locations in the last month – all stored in plaintext and perfect for those interested in surveillance.

After installing UNIX Cron software to ensure persistence, the two were able to set up the car’s Wi-Fi to scan for open connections. Thankfully it

Bron: The Register Lees het complete artikel hier:

Follow us on Twitter

Tags: ,

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd met *

9 − = vier