Former Employee Disables More Than 100 Cars Remotely - Wired

veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
I wondered how long till something like this would happen.

Favorite quote from the article:
“Omar was pretty good with computers,” says Garcia.
Hacker Disables More Than 100 Cars Remotely | Threat Level | Wired.com
Currently working on: Linux and Python

Comments

  • tierstentiersten Member Posts: 4,505
    Thats just stupid on multiple levels. Firstly that they even have that mechanism in place in cars and secondly that they didn't manage to secure their systems sufficiently. The company not actually noticing anything happening is another big flaw.

    Security procedures at the company must have been pretty lax if he could acquire somebody elses password and that he could actually disable these cars by himself without anybody else authorising these changes.

    Oh and the article is bleh because it said he was "bricking" the cars. If the car gets permanently disabled then its bricked. Not if the company just needs to send out the reenable command.
  • twodogs62twodogs62 Member Posts: 393 ■■■□□□□□□□
    I've noticed that there is too much of an awe factor with car companies doing this.
    The first thought is how cool. No one is thinking about how evil could be done with the power of the access to either locate the car or disable the car.

    I still wonder if this could be part of Toyota's problems. So much of their car is computerized and probably wirelessly. Could someone be tinkering with diagnostics, etc... and send this cars on a wild ride????

    I have co-workers and have seen how wirelessly they can turn on/turn off their cars. Open doors, etc...... Almost like a remote for a tv.
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    I obviously don't know about the parameters of the system, but if they claim its impossible to set off the horn during the middle of the night and the attacker was still pulling it off, what stops an attacker from possibly shutting down a car while its driving down the street? I would assume they have some check to ensure a car isn't running when they disable it, but if you can beat one security measure you can generally beat them all.

    I wonder if the customers are made aware of this function when they buy the car from the dealership? If not, I'd be looking for a lawsuit. If they ARE aware, I wonder what the penalty is for disabling that system or removing it all together? It would take all of ten seconds to rip out that black box and re-wire the car as it should be. I'm sure they put an ignition intercept on but that's easy to bypass. If you're skilled you can rip out a professionally-installed alarm system and have the car running in under 30 seconds. I'd know, my previous MR2 turbo (as opposed to the one I drive now) had an after-market alarm that would not disable. Thirty seconds later and I was driving down the road.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
Sign In or Register to comment.