As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack.
As we've noted before, Ars readers are extremely skeptical about the whole "connected car" thing. That's not because Ars is a technology site for luddites—the sad truth is that the car industry's approach to security lags far behind its desire to expose the inner thoughts of our cars to us via the cloud.Further ReadingFiat Chrysler recalls 1.4 million cars o
Want another reason to be skeptical about the idea of connected cars? Here's one: when Nissan put together the companion app for its Leaf electric vehicle—the app will turn the climate control on or off—it decided not to bother requiring any kind of authentication. When a Leaf owner connects to their car via a smartphone, the only information that Nissan's A
On November 22, 2015, a group of teenagers broke into the house of a Baltimore man, stealing his bicycle and finding a spare key to his Jeep Renegade. They then took off, stealing the Jeep and taking it for a multiday joyride before abandoning it with an empty gas tank and some minor damage.In Baltimore (as I can sadly say from personal experience), the stor
Every three years, the Librarian of Congress issues new rules on Digital Millennium Copyright Act exemptions. Acting Librarian David Mao, in an order (PDF) released Tuesday, authorized the public to tinker with software in vehicles for "good faith security research" and for "lawful modification."The decision comes in the wake of the Volkswagen scandal, in wh
Less than a month after their command performances at the Black Hat and Def Con security conferences in Las Vegas, security researchers Charlie Miller (late of Twitter) and Chris Valasek (formerly of the security firm IOActive) have been poached by Uber—which ironically had security flaws in its own in-car technology exposed by University of California-S
Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re
Remember OwnStar? Earlier this month, security researcher and NSA Playset contributor Samy Kamkar demonstrated a Wi-Fi based attack that allowed his device to intercept OnStar credentials from the RemoteLink mobile application—giving an attacker the ability to clone them and use them to track, unlock, and even remote start the vehicle. Kamkar discussed t
In 2012, researchers at Radboud University in the Netherlands discovered a security flaw in a common automotive security chip used in theft prevention by Volkswagen, Audi, Fiat, Honda, and Volvo vehicles. But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep the
Samy Kamkar, a Los Angeles-based security researcher and hardware hacker, has created a device called OwnStar that can find, unlock, and remote start General Motors cars equipped with OnStar. The hack, which is based on an exploit of OnStar's mobile software communications channel, exposes the credentials of a car's owner when it intercepts communications wi
In the wake of the demonstration of a vulnerability in the "connected car" software used in a large number of Chrysler and Dodge vehicles in the United States, Fiat Chrysler NV announced today that it was recalling approximately 1.4 million vehicles for emergency security patches.The company has already issued a patch on its website for drivers, and on T
A pair of computer security researchers based in St. Louis demonstrated weaknesses in an automobile system with cellular connectivity installed in as many as 471,000 vehicles in the US. Charlie Miller and Chris Valasek highlighted the vulnerability of the system by attacking a Jeep Cherokee equipped with the Uconnect system remotely while Wired's Andy Gr
Around 1400 passengers at Warsaw's Chopin (Okecie) airport in Poland were grounded on Sunday after hackers allegedly attacked the computer system used to issue flight plans to the airplanes. The source of the attack isn't yet known.The alleged hack targeted LOT, the state-owned flag-carrying Polish airline. Reuters is reporting that the attack took place
Recently manufactured cars expose drivers to hacking attacks that could cause collisions and steal sensitive personal information, according to a report released Monday by a US Senator.The majority of model-year 2014 cars offer network-connected features that provide driving directions, messaging, hands-free phone calls, safety monitoring, and entertainm
Tesla Motors officials vowed to investigate reports that its Model S sedan is susceptible to hacks that can remotely control the car’s locks, horn, headlights, and skylight while the car is in motion, according to a published report.
The hacks were carried out at the Syscan 360 security conference in Beijing, an article published by Bloomberg News reported.