Latest target for hackers — your car
That high-tech keyless car security system is pretty sweet — for hackers. According to a fresh report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle’s security fob and break into a car in no more than a few minutes.
This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.
Australian security researcher Silvio Cesare plans to review his findings about this fresh treatment to keyless break-ins at this week’s Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.
Heading off hackers: Protecting your information while shopping
People have previously found weaknesses in keyless entries. In 2012, for example, a rash of Chicago car break-ins were linked to someone using some kind of electronic implement.
Meantime, Swiss researchers have found a way to get someone’s key fob to broadcast an open instruction so it can be duplicated, potentially permitting thieves to break into and operate a car.
However, Cesare thinks that he may be the very first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that diminished the number of possible codes to unlock a vehicle from forty three million to less than 13,000.
That’s still a big number for humans, but computers can attempt that many sequences without getting bored, wasting time or needing a bathroom break.
Driverless cars are just around the corner
Other auto threats are also a topic of discussion at the Black Hat conference. According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By cracking into a car’s Bluetooth network or a phone app, for example, someone could in theory control a car’s steering, braking or automated parking.
Last year, researchers displayed how they could take control of many basic functions in a two thousand ten Toyota Prius and two thousand ten Ford Escape. Among fresh vehicles, the two thousand fourteen Jeep Cherokee, two thousand fourteen Infiniti Q50 and two thousand fifteen Escalade are the most vulnerable to attack, according to security researchers. A two thousand fourteen Audi A8 was deemed the least vulnerable model to electronic attack because the car’s networked systems are separate from its physical operational systems.
The automobile industry has begun to take such threats more gravely. Last month it announced a mechanism to share security vulnerabilities.
© two thousand fourteen CBS Interactive Inc.. All Rights Reserved. Go after @ErikSherman
Latest target for hackers – your car – CBS News
Latest target for hackers — your car
That high-tech keyless car security system is pretty sweet — for hackers. According to a fresh report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle’s security fob and break into a car in no more than a few minutes.
This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.
Australian security researcher Silvio Cesare plans to review his findings about this fresh treatment to keyless break-ins at this week’s Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.
Heading off hackers: Protecting your information while shopping
Ems of millions of Target customers may have big concerns after a major cyber attack exposed their credit and debit card information. David Pogu.
People have previously found weaknesses in keyless entries. In 2012, for example, a rash of Chicago car break-ins were linked to someone using some kind of electronic contraption.
Meantime, Swiss researchers have found a way to get someone’s key fob to broadcast an open instruction so it can be duplicated, potentially permitting thieves to break into and operate a car.
However, Cesare thinks that he may be the very first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that diminished the number of possible codes to unlock a vehicle from forty three million to less than 13,000.
That’s still a big number for humans, but computers can attempt that many sequences without getting bored, wasting time or needing a bathroom break.
Driverless cars are just around the corner
Many automakers are working to have self-driving cars ready for sale by the end of this decade. Tim Stevens of CNET talks to the “CBS This Mornin.
Other auto threats are also a topic of discussion at the Black Hat conference. According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By cracking into a car’s Bluetooth network or a phone app, for example, someone could in theory control a car’s steering, braking or automated parking.
Last year, researchers displayed how they could take control of many basic functions in a two thousand ten Toyota Prius and two thousand ten Ford Escape. Among fresh vehicles, the two thousand fourteen Jeep Cherokee, two thousand fourteen Infiniti Q50 and two thousand fifteen Escalade are the most vulnerable to attack, according to security researchers. A two thousand fourteen Audi A8 was deemed the least vulnerable model to electronic attack because the car’s networked systems are separate from its physical operational systems.
The automobile industry has begun to take such threats more gravely. Last month it announced a mechanism to share security vulnerabilities.
Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views voiced in this column belong to Sherman and do not represent the views of CBS Interactive. Go after him on Twitter at @ErikSherman or on Facebook.