While cars aren’t exactly a new target (actually happened in Texas in 2010), two hackers (Charlie Miller and Chris Valasek) say they will publish detailed blueprints of techniques for attacking critical systems in the Toyota Prius and Ford Escape in a 100-page white paper, following several months of research they conducted with a grant from the U.S. government. Relax. These guys are “White hats”. What can they do?
“They said they devised ways to force a Toyota Prius to brake suddenly at 80 miles an hour, jerk its steering wheel, or accelerate the engine. They also say they can disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal.” Reuters
The low speed hack could endanger pedestrians, while the high speed hack could kill the passengers of the vehicle. The hackers had to be sitting in the car connected with wires to accomplish the hacks.
We learned this past week about the death of the famous “White hat” hacker Barnaby Jack who was to keynote the medical device hacking part of the Black Hat conference. He was a true “good guy”, a New Zealander who discovered bugs in the minicomputers present in medical devices in order to head off the bad guys. He was only 35 years of age.
This time he was to demonstrate his hacks into pacemakers and implanted defibrillators. His discovered weaknesses showed that device vulnerabilities could allow attackers (within 30 ft.) to turn the device against the person with it and cause the device to kill the person with it. You might remember the episode of “Homeland” where this was dramatized.
In 2011, working with a team from McAfee, he demonstrated methods for attacking insulin pumps. These could also cause fatalities in people using the device. As a result, Medtronic redesigned the pumps making them much safer.
He also showed (in 2010) a “Jackpotting” hack of ATMs which caused them to spew $100 bills. In 2012, Jack got in a spot of trouble for hacking a gold bullion dispensing machine in a hotel casino. You should understand that the hotel agreed to the demonstration but didn’t own the machine. Chalk one up to a misunderstanding. Jack was a good guy, and he earned his title, “Beloved Pirate”.
Sources:
http://www.bbc.co.uk/news/technology-17631838
http://www.secure-medicine.org/public/publications/icd-study.pdf
http://au.finance.yahoo.com/news/hacker-made-atms-spit-cash-180504808.html
https://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issueshttp://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
http://www.usnews.com/news/articles/2012/01/25/killer-cars-auto-computer-systems-open-to-malfunction-hackers
http://now.msn.com/charlie-miller-and-chris-valasek-have-hacked-a-car-with-their-laptop