How easy cars hack let

0
328

Security

How easy cars hack let

A Australians, it is now managed, the air conditioning in a Nissan in England capers. The lack of concern of the manufacturer of IT-security, it has just made. Here you can read about what hackers could do.

A car gets a Software Update. Hackers use similar technology to cars to remote control.

It sounds at the beginning, maybe even funny: You sit at the wheel, and suddenly makes the car crazy things. The windscreen wiper and washer suddenly goes on. Open and close the Windows, the Radio changes the channel. This could happen if a car is hacked and from anywhere in the world remotely.

The Australian Troy Hunt has now the example of a Nissan LEAF is shown how this goes. He has the control of the air conditioning. Also, he read with his Laptop information about the state of the battery charge and the trip data: date, time, and distance. And this at a car in England and drove on the other side of the world. Hackers could be even more, about the driver’s control of brake, throttle and steering snatch. And there the fun stops.

So something must not happen – it are experts from auto industry, and IT security to agree. Why was Car-Hacking is also a theme at the recent IT-Defense – an international conference, organized by the IT security firm, Cirosec in Mainz.

Hackers show how it goes

Examples of successful Car Hacking Attempts there are on the Internet abound. In a Video over a Autofahrerin during an Experiment the U.S. Militärforschungseinrichtung DARPA a series of pylons. Your last Bremsversuch was failed. About your car had the driver shortly before the control is lost.

In other short films to show IT professionals how to commercial vehicles via Laptop or mobile phone from exterior remote control – sometimes also with the will of car owners. So is the remote control of the Nissan air-conditioning throughout in the sense of the manufacturer have been: With the App NissanConnect EV the user should in Winter have the opportunity to have the car pre-heat the oven, to cool, or the battery level to query. But as Troy Hunt showed, under certain circumstances, with cars, someone else.

With the Smartphone remote control enables the driver and his Land Rover, also Parking.

The manufacturer Land Rover, drivers can their cars with the phone maneuvering. Is the car in a too tight Parking spot and the door no longer open, the owner of the car with his phone out – via a Bluetooth connection. People in and out of a Parking hard to do, like the happy – for IT security professionals, this application is more of a nightmare.

The editorial recommends

Often storage companies, your data is no longer on the disk, but somewhere in the big world of the Internet – the virtual Cloud. As it is there with data security and data protection looks like, is often unclear. (26.02.2014)

Security experts point to the IT-Defense conference in Cologne, such as hackers with E-Mails in third-party computer systems can penetrate. This could be the most successful attacks with some caution avoid. (15.02.2014)

Emergency braking systems for cars save lives. There are still not very long, they set you up but the market quickly by. This is mainly through the use of tiny Radar-Silicon chips, Infineon has become possible. (02.12.2015)

The allies carmaker Renault and Nissan drive up your plans for self-driving cars ahead. This year, they want to be the first model on the market. Secret, however, is what the vehicle should cost. (08.01.2016)

Trucks repeatedly cause serious accidents. This should have an end. The magic word is Autonomous Driving – the truck on Autopilot controlled. For the first time, you now in Germany tested. (02.10.2015)

Relaxed with his arms crossed over the track on the driver’s seat. A German car manufacturer shows what an Autopilot in the car can make. A Extremerfahrung for DW-Reporter Heiner Kiesel. (26.11.2015)

From electronics, networking

In 1986, Bosch introduced the CAN Bus – the Controller Area Network, a sort of Central nervous system for cars, that all control devices are networked together. It reduced the complexity of the previously necessary wiring harnesses drastically and simplified so that the installation of the components.

So held electronics collection in the cars and replaced the up to then usual electrics. From the auto mechanic was the Automechatroniker. With a analysis, he examined the functions of all major components: the lifetime, failures, mileage, Oil level, and much more.

Resourceful in mechatronics since then, with the analyzer the milage to some ten Thousand kilometers to reset before you have a car to resell. This is indeed forbidden, but not uncommon – and subsequently not detectable.

If the fog lights with the Tankdeckelentriegelung speaks

In modern cars to control electronic controllers, ECUs, today over a 100 components. In principle, all parts via the CAN Bus or similar newer Bus systems communicate with each other.

The CAN Bus is valid in the sense of the auto industry as safe. With him, work for Airbag, belt tensioners, throttle and brakes are absolutely reliable. Practically there are no accidents, the fact that this Central nervous system of the car failed. But surely it is only because Automechatroniker not previously attempted, the components to manipulate or abuse. So far, there was no reasonable reason to do that.

The Automechatroniker controls the function of over 100 components on the Laptop.

New criminal business models

The cars of the past were in self-contained systems: To participate in the programming to change anything, had the car in the workshop and connected to the diagnostic device can be connected.

The car of today is completely different, ” says Stephan Gerhager, IT security Manager at Allianz insurance. “The biggest weaknesses in the vehicles to lie in the growing network. So make viruses and Trojans are suddenly on vehicles, a significantly higher sensitivity to features in the Interior of the vehicle.”

The car of today is like loud Gerhager rather a Computer or a mobile phone on wheels. But there is one important difference: “If the customer of the Internetfernseher or the Computer fails, it is not life-threatening.” Networking opens new criminal business models of door and gate. A theft without the use of force is perhaps one of the more harmless scenarios.

Gerhager says that the automotive industry safety in the automotive field again and again to invent new needs: “The internal networking in the vehicle, has in the last few years have not changed. The functions are exactly implemented as it has been for 15 years.” The engineers should now from the experience of IT from the last decades of learning, and the errors of the computer designers do not repeat.

For each rear-view mirror a private password?

The case of Nissan shows how easily the classic car industry hackers: The principles of IT security she has clearly not internalized. So is the access password for the NissanConnect App that is identical with the identification number of the vehicle – and that is with a Barcode on the windscreen mounted. While this is practical for car rentals, the by reader, the vehicles quickly and easily register, contrary to all the principles of IT security.

No Firmware Updates are old cars in the future, perhaps only electronic waste.

If the car is more and more to the Computer, customers will probably soon need to set up their cars like computers need to handle. Today, it is, of course, operating system, Browser, Firewall and antivirus programs regularly update and Back-ups create. But has anyone ever thought about whether the Firmware of the own cars are still on the current status is? Who else knows the passwords for single components of the vehicle – so it you at all? And would not also as a precaution to be changed regularly?

For all those who in thirty years to drive a classic car, maybe at some point the following question: when does my manufacturer Support the Software for my car?