Hackers Take Remote Control Of New Jeep Cherokee, Sparking..

[The Captain]

...Update.

www.yahoo.com/autos/jeep-cherokee-owners-get-upgrade-after-hackers-124667401327.html



According to researchers Chris Valasek of IOActive and Charlie Miller, a former NSA staffer, there are issues in the Uconnect system that provides the connected infotainment and other internet-powered systems in Fiat Chrysler automobiles. They were able to create attacks that could connect to that system, jump over to a chip powering the in-vehicle entertainment and rewrite the firmware on that little piece of hardware. From there, their exploit code could send commands across the car, from killing the brakes to shutting off the engine and playing with the steering, as shown in a video on Wired. It’s total car compromise.

I seem to recall a thread where we were discussing creative ways to assassinate people.  IIRC I posed the hypothesis that hackers could take over the computer system in a vehicle and cause an accident.  One that police would be unlikely to, or unable to trace.

I think Mr. Virgil Showlion opinioned that this scenario would be very unlikely because...XYZ.

This was some time ago, so my memory is not perfect (obviously) - but I saw this and went hmm...

Maybe we need to add this to our EE arsenal?

In all seriousness, this stuff scares the stuffing out of me. 

[Bluerobin]

 I Can't wait for the influx of those old school cars from Cuba!

[Virgil Showlion]

The Captain: You're thinking of the Michael Hastings thread.

My position in that thread was that it's fearfully easy to hack a car's firmware in order to sabotage anything from the brakes to the transmission to the on-board climate control.

We didn't discuss hacking by remote until the end of the thread.

I guess it finally happened in a case where we can be certain it was sabotage.

[The Captain]

Virgil Showlion - That thread was from, like - over two years ago - how did you even...oh nevermindthen.

Yea, I knew you were in on the discussion, but forgot that others were the naysayers.

I don't know if it's good or bad that my mind thinks this way, but I'm constantly running what if scenarios in my head.  The possibilities are now endless.

1.  Elevators
2.  L trains (unmanned - run on computer)
3.  Metra rail switches (again - automated).
4.  Switch gates in the express lanes.

It's appears to be all too easy to hack these computerized systems.  All some psycho would have to do is flip a switch on a metra rail and route an express outbound train onto the same track as an express inbound train, and well - you get the picture.

Or have someone electronically signal the inbound gates on the express lanes to open before the outbound lane traffic was cleared.

Ugg.  Why do I even think this way.

[Virgil Showlion]

For what little comfort it's worth, most of the guys (and "guys" is an accurate term) who hack computer systems do it for the sake of seeing if they can do it, not to cause any mortal harm.

Hacking an insecure system is like trying to solve a puzzle. Many see it as an intellectual challenge and an opportunity to earn some prestige. Seriously harming people is contrary to both ends.

Typically a hacker wants some kind of payoff in terms of recognition for hacking a system. He wants the world to know that he was the first one clever enough to discover vulnerability X. I suspect this is where most of the problems come in, because Joe Hacker probably isn't going to be satisfied with just sending his findings to Chrysler and saying "please fix this". He's going to want to put out a video, source code, etc. online, making absolutely sure he gets his due credit.

He feels justified since Chrysler becomes aware of the vulnerability at the same time as everyone else, recalls the affected units, and patches the firmware. But it's this interim period where the public is most vulnerable, because for that brief period everybody and their dog--some of whom are intent on mayhem and chaos--has a window opportunity to wreak havoc.

In short, I'd expect stories like "Hacker Crashes Two Trains into Each Other" to be exceptionally rare. We're far more likely to see stories about hacker "demonstrations" not involving loss of life, or hacker how-to videos.

[The Captain]

Jul 22, 2015 13:36:16 GMT -5 Virgil Showlion said:

For what little comfort it's worth, most of the guys (and "guys" is an accurate term) who hack computer systems do it for the sake of seeing if they can do it, not to cause any mortal harm.

Hacking an insecure system is like trying to solve a puzzle. Many see it as an intellectual challenge and an opportunity to earn some prestige. Seriously harming people is contrary to both ends.

Typically a hacker wants some kind of payoff in terms of recognition for hacking a system. He wants the world to know that he was the first one clever enough to discover vulnerability X. I suspect this is where most of the problems come in, because Joe Hacker probably isn't going to be satisfied with just sending his findings to Chrysler and saying "please fix this". He's going to want to put out a video, source code, etc. online, making absolutely sure he gets his due credit.

He feels justified since Chrysler becomes aware of the vulnerability at the same time as everyone else, recalls the affected units, and patches the firmware. But it's this interim period where the public is most vulnerable, because for that brief period everybody and their dog--some of whom are intent on mayhem and chaos--has a window opportunity to wreak havoc.

In short, I'd expect stories like "Hacker Crashes Two Trains into Each Other" to be exceptionally rare. We're far more likely to see stories about hacker "demonstrations" not involving loss of life, or hacker how-to videos.

Yea, I know you're right.  There were only two of us chicks in the little cadre in college that used to hack our way into the university systems.

It was ridiculously easy to set up dummy login screens to capture usernames and passwords that sent the data to a mule account and use that to access teacher and student accounts.  'Cause people mis-type their passwords all the time, right?

Won't even go into what we would do with the Cobol compiler and the accounting systems.  Most of the crew doing this were lab ops who promptly reported any weaknesses and we were always trying to one up each other in finding the next hole in the wall.  I only know of one person who was truly malicious, but they were able to do some decent damage before they were caught.

There's probably some spybot somewhere tagging me for saying this, but when I think about how much computers run our lives (think muni water filtration systems, mass transportation, bank systems, hell even the stock exchange) I realize we have far more vulnerabilities than most realize.

I'm not smart enough to figure a lot of stuff out, but I firmly believe there has been stock market manipulation. How do you even design something to put those pieces together or even detect it?

 

[wyouser]

I'm buying a team of Clydesdales and a beer wagon. Also a pair of Rottweilers to ride shotgun up front and a pair of Dobermans to watch the back end. Just let those hacker S O B's mess with the electronics on that. Oh, an Wyoming is an open carry no concealed weapon permit required state. Just let em try to mess with my buggy!! (Ha! We old fogies from the dark ages still know how to read a topo map too so just let em try to screw with our navigation system on the wagon. Hell, like NASA we even have backup systems too. When all else fails a horse always knows the way back home.

[Ryan]

There was a story in the book "Future Crimes" where a dealership installed control devices on all the cars that they sold.  Since they were making high-risk loans to buyers, this would allow them to locate and shut down any car that defaulted on their pymts.  

Eventually, a disgruntled former employee basically took over the system and started setting off car alarms all across the city.  

[wyouser]

Ummmm, Captain? Did you know you have avatar eyes that glow red in the daylight?   I think they are staring at me!!

[The Captain]

Jul 22, 2015 14:42:46 GMT -5 wyouser said:

Ummmm, Captain? Did you know you have avatar eyes that glow red in the daylight?   I think they are staring at me!!

Ask Green Eyed Lady about it.

[Green Eyed Lady]

Jul 22, 2015 14:42:46 GMT -5 wyouser said:

Ummmm, Captain? Did you know you have avatar eyes that glow red in the daylight?   I think they are staring at me!!

It's drunken snowman with a lampshade on his head.  Don't ask me his name.  I never get it right.

[Peace Of Mind]

Jul 22, 2015 14:42:46 GMT -5 wyouser said:

Ummmm, Captain? Did you know you have avatar eyes that glow red in the daylight?   I think they are staring at me!!

No need to be alarmed.  It's just her snowman who's very pissed off at being called Betamax. 

And I swear that was one of the reasons I waited so long to purchase a new vehicle - all the technology that is attached to them made me nervous since I don't understand most of it.  But I wondered what they could do to my car and/or me.  But then I found one I liked enough and decided I just didn't care. 

[The Captain]

Peeps just don't know how to appreciate a good avatar these days, just saying...

[wyouser]

Jul 22, 2015 15:58:17 GMT -5 The Captain said:

Peeps just don't know how to appreciate a good avatar these days, just saying...

But, but, those voices in my head!!  And, and, that song keeps repeating.....Every step you take every breath you make...we'll be watching you"

[The Captain]

Jul 22, 2015 16:44:40 GMT -5 wyouser said:

Jul 22, 2015 15:58:17 GMT -5 The Captain said:

Peeps just don't know how to appreciate a good avatar these days, just saying...

But, but, those voices in my head!!  And, and, that song keeps repeating.....Every step you take every breath you make...we'll be watching you"

Oh, OH...now I get it.

Don't worry.  He's just a harmless nursebot who had his healthcare chip removed for a short period of time, turning him into a lethal killing machine.  Really, he's (mostly) harmless.  Just don't get on his bad side.

Plus, he gives awesome hugs, kinda like me .

If you have grandkids and haven't watched Big Hero Six yet with them I highly recommend it.  I thought it was a very well done movie with some great messages.  Others disagree so YMMV.

[Virgil Showlion]

The Captain: Based on your anecdote from Reply #5, you now hold the dubious honour of being the only female (ex-)hacker among the literally hundreds of hackers and ex-hackers I've known.

You've besmirched the upstanding reputation of your gender, madam.

Next thing you'll be telling me there are female trolls out there too. And female boneheads jumping mountain bikes off the side of cliffs.

[The Captain]

Jul 23, 2015 0:51:37 GMT -5 Virgil Showlion said:

The Captain: Based on your anecdote from Reply #5, you now hold the dubious honour of being the only female (ex-)hacker among the literally hundreds of hackers and ex-hackers I've known.

You've besmirched the upstanding reputation of your gender, madam.

Next thing you'll be telling me there are female trolls out there too. And female boneheads jumping mountain bikes off the side of cliffs.

Gentle sir, I take exception to your characterization.

If anything I would say I've enhanced my gender's reputation.  The fact that you don't know how many of us (or former us) there are out there speaks very well to our ability to keep our lips zipped.

Consider the male to female ratio in that particular subset.  In an area where protecting your identity is very important, that just adds an extra layer of paranoia.

Besides, in a way we had permission to do our worst best.  I wasn't that brilliant but it was fun to see some of my peeps surprise the EDP director.

I enjoy what I do for a living, but there are times...I'd love to do cyber security but realize that I'm so far behind it will never happen as a second career.

[Virgil Showlion]

A secret army of modest women hackers, using their 'powers' for good?

Easy as pie. Like that bubbly character on 'Criminal Minds', who can hack into a school bus in Sri Lanka on demand.

"Penelope, we need a list of all 18-to-25-year-old men who purchased a red blanket at a Walmart within 3 miles of my present location."
"Not to worry, my sweet. I'm just pulling up the Walmart transaction database... entering the parameters... cross-referencing... and voila! Three names. Marcus Spink, 21. James Fezel, 25. And Obhern Weir, 19."
"Thanks, Penelope."
"Anything for you, mon capitaine!"

I'm not sure how these screenwriters can actually put pen to paper without cracking up, but I guess they manage it.

[The Captain]

Jul 23, 2015 9:35:13 GMT -5 Virgil Showlion said:

A secret army of modest women hackers, using their 'powers' for good?

Easy as pie. Like that bubbly character on 'Criminal Minds', who can hack into a school bus in Sri Lanka on demand.

"Penelope, we need a list of all 18-to-25-year-old men who purchased a red blanket at a Walmart within 3 miles of my present location."
"Not to worry, my sweet. I'm just pulling up the Walmart transaction database... entering the parameters... cross-referencing... and voila! Three names. Marcus Spink, 21. James Fezel, 25. And Obhern Weir, 19."
"Thanks, Penelope."
"Anything for you, mon capitaine!"

I'm not sure how these screenwriters can actually put pen to paper without cracking up, but I guess they manage it.

You know darn well how they'd handle it.

The actresses they'd hire wouldn't know a single line of code, but they'd have other well developed "attributes". 

Probably never even pulled an all nighter powered by mountain dew and M&M's to get a project turned in on time.

and, AND they'll have perfectly manicured long fingernails yet still be able to type faster and more accurately than whatever cyber criminal they're hacking against.

The fanboys will eat it up.  Ratings will be good for the first few months until the audience gets tired of the eye candy (unless there actually is some good writing involved), they'll have a kidnapping, jump the shark a few times, then the series will fade into oblivion because no one really took the premise seriously in the first place.

So much potential, wasted...

[Virgil Showlion]

Jul 23, 2015 9:44:16 GMT -5 The Captain said:

Jul 23, 2015 9:35:13 GMT -5 Virgil Showlion said:

A secret army of modest women hackers, using their 'powers' for good?

Easy as pie. Like that bubbly character on 'Criminal Minds', who can hack into a school bus in Sri Lanka on demand.

"Penelope, we need a list of all 18-to-25-year-old men who purchased a red blanket at a Walmart within 3 miles of my present location."
"Not to worry, my sweet. I'm just pulling up the Walmart transaction database... entering the parameters... cross-referencing... and voila! Three names. Marcus Spink, 21. James Fezel, 25. And Obhern Weir, 19."
"Thanks, Penelope."
"Anything for you, mon capitaine!"

I'm not sure how these screenwriters can actually put pen to paper without cracking up, but I guess they manage it.

You know darn well how they'd handle it.

The actresses they'd hire wouldn't know a single line of code, but they'd have other well developed "attributes". 

Probably never even pulled an all nighter powered by mountain dew and M&M's to get a project turned in on time.

and, AND they'll have perfectly manicured long fingernails yet still be able to type faster and more accurately than whatever cyber criminal they're hacking against.

The fanboys will eat it up.  Ratings will be good for the first few months until the audience gets tired of the eye candy (unless there actually is some good writing involved), they'll have a kidnapping, jump the shark a few times, then the series will fade into oblivion because no one really took the premise seriously in the first place.

So much potential, wasted...

If it's any consolation, the hackeress in the 'Criminal Minds' series is obese, unattractive, wears big ugly glasses, and I believe her character is quite often shown slugging back the Dew and M&M's as she bandies with her male coworkers over the phone.

Regrettably, the series does suffer from 'CSI Syndrome', giving her the ability to accomplish six months of work with 20 keystrokes and a witty "Dance for me, my darling.". But in fairness to the screenwriters, if an episode took place over the span of months instead of hours, it would be hard finding new reasons for the lead Science Warrior to kick down a warehouse door and gun down the psychopathic baddie in the nick of time every week.

[GRG a/k/a goldenrulegirl]

Please stop posting this stuff.

We don't need every whacko and enemy of America knowing how vulnerable we are.  

Because, you know, every whacko and every enemy of America faithfully reads EE to keep the list of American vulnerabilities current.

And, wile I'm at it, does anybody else see a pattern of Toyota making vehicles with minds of their own (or someone else's -- just not the driver's)?  I think Toyota is making a run to rule the world.

[toomuchreality]

nevermind