Re: Hackers Remotely Kill a Jeep on the Highway
On July 24, 2015 5:13:46 AM Georgi Guninski <guninski@guninski.com> wrote:
Not sure if this is true:
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ <quote> I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. ... Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. ... The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. ... I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. </quote>
It's true. This isn't the first time these guys have demonstrated this kind of exploit. I heard an interview with Greenberg on NPR earlier in the week. Fascinating and terrifying! -S
On July 24, 2015 5:13:46 AM Georgi Guninski <guninski@guninski.com> wrote:
Not sure if this is true:
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
See video of this in action here: http://www.pbs.org/newshour/bb/hacking-researchers-kill-car-engine-highway-s...
Not physically separating essential vehicle control from the onboard entertainment system, because what could possibly go wrong? I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective) Gotta love how these cars constantly report their locations :)
On Sat, Jul 25, 2015 at 01:27:09AM +0900, Lodewijk andré de la porte wrote:
Not physically separating essential vehicle control from the onboard entertainment system, because what could possibly go wrong?
Maybe because it is cheaper, developers, developers, developers?
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics). Won't sheeple think about their smart cars? How will the stock go? btw, Who are the owners/manufacterers of this jeep? AMC?
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many). Attacks had been publicly demonstrated by then. Such intrusions would be hard to trace (especially without access to do the forensics). If it hasn't happened yet, it will in the future. People will continue to use smart cars as it's convenient and will be entrenched and socialized in by the time hoi polloi would begin to appreciate the danger. The smart car tech will also be collecting that much more info on users in the vein of smartphones, Google, Facebook, Acxiom, and the lot.
On 07/24/2015 10:18 AM, M373 wrote:
People will continue to use smart cars as it's convenient
People will continue to use cars like this because there's no option sans restoring an older vehicle and keeping it maintained with a diminishing supply of increasingly costly parts. Eventually, in many states, those cars will be refused registrations due to 'environment', and possibly 'fuel economy'. If they're allowed to continue on the road, they'll be antique-plated and milage-per-year limited.
Anyone care for a law that will: 1. Ban unhackable vehicles and other life-critical devices (meaning: life-critical software must be rewritable) 2. Require all life-critical software to be released in source format, for the purpose of public auditing, improving it's safety features and employing the software on the devices it is intended for. 3. Any tools used to translate the source to writable code must also be provided in the manner of 2. These laws should still allow manufacturers to: 1. Spy on their users without that being changed 2. Lock down their code so competitors may not use it (proprietary open source) 3. Have software in the machines that is not opened; so long as it is properly (verifiably) isolated from essential systems 4. Legally own the entire machine 5. Drop guarantees when non-security-related modifications have been made etc This law should be as precise and immutable as possible. This is not a matter of "I want to hack things" or "competition would be better if it were open" or "I want to own what I have/use", etc, etc. Being precise with the law allows it to pass more readily. Personally I think if everything were required open source and self-compiled; that would objectively be better for humanity as a whole. For protecting innovation there's patents, closing the source is excess. Etc. etc. But this is not about fun. This is about extremely basic safety. It is about national security; if 500,000 cars go haywire at the same time a lot of deaths, directly and indirectly, can be expected. And it's not just the cars; it's also the industrial machines, medical equipment, the metro's and trains, the automated cars and busses and trucks and aircraft, medium sized hobbyist drones, heaters, stoves and ovens, automated doors, elevators, fire, smoke and other emergency alarms, etc. Should a foreign country cyberattack whilst doing any other kind of large scale attack; the effects could be devastating. Should a person be marked for assassination, no one would be the wiser. I'd argue for similar protection for fridges, televisions, smartphones, etc, etc, as more and more items are expected to become networked and essential for upholding basic freedoms and ways of life. And I'd argue to have it for privacy; not just essential safety. Simply put; the simple version of the law above is imperative for personal and national security. And it doesn't exist. (note: all countries should be more worried about cybersecurity. I cannot trust my government to act as it should if every public servant can be blackmailed or thoroughly spied upon. It's not hard to improve security; but it's much harder now that nobody's doing it, and now that it's given no priority)
Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner. So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity. On 24/07/15 21:26, Lodewijk andré de la porte wrote:
Anyone care for a law that will:
1. Ban unhackable vehicles and other life-critical devices (meaning: life-critical software must be rewritable) 2. Require all life-critical software to be released in source format, for the purpose of public auditing, improving it's safety features and employing the software on the devices it is intended for. 3. Any tools used to translate the source to writable code must also be provided in the manner of 2.
These laws should still allow manufacturers to: 1. Spy on their users without that being changed 2. Lock down their code so competitors may not use it (proprietary open source) 3. Have software in the machines that is not opened; so long as it is properly (verifiably) isolated from essential systems 4. Legally own the entire machine 5. Drop guarantees when non-security-related modifications have been made etc
This law should be as precise and immutable as possible. This is not a matter of "I want to hack things" or "competition would be better if it were open" or "I want to own what I have/use", etc, etc. Being precise with the law allows it to pass more readily.
Personally I think if everything were required open source and self-compiled; that would objectively be better for humanity as a whole. For protecting innovation there's patents, closing the source is excess. Etc. etc.
But this is not about fun. This is about extremely basic safety. It is about national security; if 500,000 cars go haywire at the same time a lot of deaths, directly and indirectly, can be expected. And it's not just the cars; it's also the industrial machines, medical equipment, the metro's and trains, the automated cars and busses and trucks and aircraft, medium sized hobbyist drones, heaters, stoves and ovens, automated doors, elevators, fire, smoke and other emergency alarms, etc.
Should a foreign country cyberattack whilst doing any other kind of large scale attack; the effects could be devastating. Should a person be marked for assassination, no one would be the wiser.
I'd argue for similar protection for fridges, televisions, smartphones, etc, etc, as more and more items are expected to become networked and essential for upholding basic freedoms and ways of life. And I'd argue to have it for privacy; not just essential safety.
Simply put; the simple version of the law above is imperative for personal and national security. And it doesn't exist.
(note: all countries should be more worried about cybersecurity. I cannot trust my government to act as it should if every public servant can be blackmailed or thoroughly spied upon. It's not hard to improve security; but it's much harder now that nobody's doing it, and now that it's given no priority)
-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey
2015-07-25 5:38 GMT+09:00 Cathal Garvey <cathalgarvey@cathalgarvey.me>:
Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner.
So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity.
Why should a heart implant be different than a car? Because there's experts involved? There's always experts involved! Because it's so life critical? It's always "so life critical"! Legally difficult is the differences between "owner" and "user". I think whomever actually uses the device should be the one to be able to hack it. That includes leases, rents, corporate ownership, and everything else. "I drive it, I decide the software it runs". This follows from the idea that "the software's choices are my choices" - in case of such direct life affectors that choice should never be taken away. It's funny; I think this evolved into an equivalent of the "forced inoculation" argument... There's some point to be made for experts truly knowing better, and nobody having any reason to go against the experts' opinions. I think that, in that case, any rational person should be able to reach that same conclusion. If they don't, well, that's a more general problem to be approached separately.
From: Cathal Garvey <cathalgarvey@cathalgarvey.me>
Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner.
So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity.
It should be fairly simple to protect against heart-implant hacks. First, communication with them is probably limited to inductively-coupled signalling, at a fairly high level. Secondly, it should be based on a two-way challenge/response system: The external device signals a code, call it a password, to which the implant would respond with a reply, which itself includes a randomized code. The external device reads that randomized code, processes it in some way (presumably a hash), and retransmits it to the implant. Only if the implanted device receives what it considers the correct code, would it allow further manipulation. Presumably, any attempt to illegitimately access such a device wouldn't be close enough to read the implant's reply signals, and thus couldn't proceed further. "Do you have have a match?". "No, but I have a lighter". "Even better". "Until they go wrong". Jim Bell
On Fri, Jul 24, 2015 at 10:20:20PM +0000, jim bell wrote:
It should be fairly simple to protect against heart-implant hacks. First, communication with them is probably limited to inductively-coupled signalling, at a fairly high level. Secondly, it should be based on a two-way challenge/response system: The external device signals a code, call it a password, to which the implant would respond with a reply, which itself includes a randomized code. The external device reads that randomized code, processes it in some way (presumably a hash), and retransmits it to the implant. Only if the implanted device receives what it considers the correct code, would it allow further manipulation. Presumably, any attempt to illegitimately access such a device wouldn't be close enough to read the implant's reply signals, and thus couldn't proceed further. "Do you have have a match?". "No, but I have a lighter". "Even better". "Until they go wrong".
Jim Bell
IMHO even if you get perfect info security (which is impossible), this will be just a small step. Humans are screwing the climate and the food with dangerous food supplements. In the long term this might extinguish humans in its present form. Heard that in Australia skin cancer is major concern, closely related to the Sun and there a lot of food supplements (locally we call them "E"-s) are forbidden by law. I deny being green, but judge for yourself.
On Fri, 24 Jul 2015 10:18:07 -0700, M373 <M373@riseup.net> wrote:
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many).
Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings. Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking.
"There is reason to believe that intelligence agencies for major powers -- including the United States -- know how to remotely seize control of a car. So if there were a cyber attack on the car -- and I'm not saying there was, I think whoever did it would probably get away with it." - Richard Clarke, US Counter-Terrorism Czar during Clinton and Bush. On July 24, 2015 3:11:31 PM PDT, Seth <list@sysfu.com> wrote:
On Fri, 24 Jul 2015 10:18:07 -0700, M373 <M373@riseup.net> wrote:
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many).
Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings.
Oh those credulous conspiracy theorists with their crazy theories about
assassination via car hacking.
It's not a matter of credulity in believing that authorities would carry out such an assassination, the problem is asserting such an act without direct evidence. As I said, and as insider Richard Clarke said, it would be difficult to show. "What has been revealed as a result of some research at universities is that it's relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn't want acceleration, to throw on the brakes when the driver doesn't want the brakes on, to launch an air bag," "in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can't prove it." It's a conundrum uncovering such operations. If the US has not taken such acts yet, it, and others, will do so. It's akin to the older problem of knowing if someone was poisoned in a way to appear as a natural malady. Intel agencies have long used such measures. On 24-Jul-15 17:33, Eric Hernandez wrote:
"There is reason to believe that intelligence agencies for major powers -- including the United States -- know how to remotely seize control of a car. So if there were a cyber attack on the car -- and I'm not saying there was, I think whoever did it would probably get away with it."
- Richard Clarke, US Counter-Terrorism Czar during Clinton and Bush.
On July 24, 2015 3:11:31 PM PDT, Seth <list@sysfu.com> wrote:
On Fri, 24 Jul 2015 10:18:07 -0700, M373 <M373@riseup.net> wrote:
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many).
Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings.
Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/24/2015 07:46 PM, M373 wrote:
"in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can't prove it."
And if the target of such an attack becomes suspicious, his comments about those suspicions become evidence of insanity and help to account for his untimely demise. Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions. Oh wait - voiding your warranty would be more proof of insanity. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVsvN+AAoJEDZ0Gg87KR0LqGgP/0ZIg7+dfZsNg1ojXQO2LHQx UN3BPoW/KzO4VxTZZ+3lO7yqWl9w+zw7ZQSMzgjoTpId5GDnuT/bbpdj2+GW6r4q /qnhmASE0jTjtev4mBEbPglAC6slEJREHimpfN1+TunU4xM7ZYu0dJIiu0OF7Z8o csTFAzkIq6rRclzQJP4qi7yzz5xaP77ND+VTptR7Gqdo7/ynatfhmxaQMAzAVNlF ZVIo8CFKcwihLlLvy2u92ZppjN6KnmDUWjxtt4EfmxunKR+09EZnkhwBCk37FF5A WuJPIfTg20yawIs3riKVKNo3sAEBJFQI/8/izkzaXC9SYnlrpVftR8b0kz07K/Xo CREn6m7LPDezPzXahvNAVdI0cMbKbQLruZvrMzRlai18Z2ya8GpFIa0XA5zytXQq XSEnlFBqsaHRUqMehoyeKY7PKUMwrmwtOSeVlFeyEX3zCjT9U+k4+LlWQFjcjSyp 2TZ/hqj9giWJr9q0JqRQXUl9ns5W/pmGjwRDWJPqNNEzpdo60WSxSkxoYUUS6XCU lJ+YxpkWKZTl/93oLl8xAcDTmN3DA4YN3CSvo9/n1vP2pgtYmQhoVo+h1GP/8cu/ Zs5yUd4W8IG6LAhr4kAVSaaU4qbopcYAQ7kypPUw4Q5BPZ71whyDDtosB257Ik7j CfwZjtW0D80HrNSZlV0f =huBF -----END PGP SIGNATURE-----
On 07/24/2015 07:25 PM, Steve Kinney wrote:
Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions.
RF sniffers are common electronic equipment. Keychain wireless networks detectors and all that. Just pay attention to where your hands wander attempting to pinpoint the rf source's location, HEI ignition systems, fan belts , whirling parts etc, maim and kill. I'm reading this discussion with some amusement because I wrote off car ownership and being a 'motorhead' a decade or more ago when the cars wouldn't let you tune them up correctly b/c 'computer'. RR
From: Razer <Rayzer@riseup.net> On 07/24/2015 07:25 PM, Steve Kinney wrote:
Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions.
RF sniffers are common electronic equipment. Keychain wireless networks detectors and all that. Just pay attention to where your hands wander attempting to pinpoint the rf source's location, HEI ignition systems, fan belts , whirling parts etc, maim and kill. There are some rather economical spectrum analyzers being sold today. Example: http://www.triarchytech.com/?gclid=Cj0KEQjw58ytBRDMg-HVn4LuqasBEiQAhPkhuqJwq... http://www.flyteccomputers.com/Spectrum-Analyzer http://nutsaboutnets.com/rfviewer/ http://www.ebay.com/itm/USB-RF-Spectrum-Analyzer-3-3GHZ-/281757383569 Some of the devices I've seen advertised may only be WiFi-signal capable. Somebody doing this work seriously should probably get a full-spectrum unit, from low-tens-of-megahertz to 5 GHz or so. Of course, there is this:http://www.ebay.com/itm/Tektronix-494P-Tek-Spectrum-Analyzer-with-Cover-Works-GPIB-Tested-and-Works-/291518180539?pt=LH_DefaultDomain_0&hash=item43dfd66cbb Ironically, the newer, cheaper units may be much better for your task, in part because the USB spectrum analyzers can be put on the end of a USB cable, and they therefore interface directly with modern computers. Jim Bell
jim bell <jdb10987@yahoo.com> writes:
There are some rather economical spectrum analyzers being sold today.
You have to be careful with those, the straight USB-dongle ones are going to be SDR-based, typically the RTL820T meant for DVB-T use (and re-purposed by half the hacking world for all manner of other things), then you have the USB- interface ones with more powerful SDRs, and finally you've got purpose-build spectrum analysers. Compared to the real thing, you're going to run into severely limited bandwidth (anything that spreads the signal across a wide spectrum is going to be difficult to impossible to deal with), and not-so- spectacular signal handling (there's a reason why the real thing costs thousands of dollars). That's not to say that they're no good, just that you need to be aware that you're getting what you pay for. If you've got a specific purpose in mind, check first that whatever you're getting will be able to do the job. There's quite a bit of material out there on this, google something like "sdr spectrum analyzer" to find articles on it. Peter.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/25/2015 09:06 PM, jim bell wrote:
*From:* Razer <Rayzer@riseup.net> On 07/24/2015 07:25 PM, Steve Kinney wrote:
Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions.
RF sniffers are common electronic equipment. Keychain wireless networks detectors and all that. Just pay attention to where your hands wander attempting to pinpoint the rf source's location, HEI ignition systems, fan belts , whirling parts etc, maim and kill.
[ ... ] Any bench tech with access to publicly available documentation - and the physical hardware - should be able to identify the RF components in any automotive control system without too much trouble. ECM units are fairly well RF isolated, so those that talk to the world should normally have easily identified connections to external antennas. High frequency transceiver components usually have their own RF shielded areas on the board as well. Cutting one wire or IC pin per unit (antenna or IC power) should isolate it from remote access. If necessary functions fail, undo the mod and try elsewhere until the desired results are obtained. In the U.S., getting hold of ECMs to play with presents some inconveniences: Junk yards pull ECMs and sell them back to their manufacturers - some nonsense about "intellectual property" seems to be involved - so there aren't many available on the open market to play with. But where there's a will, a few dollars and a small pile of pointy tools, there's a way. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVtWSRAAoJEDZ0Gg87KR0LoLkP/Rdod+ZI9btH2wCJK19VGkYy RoXdALV49AtAxMWJ+iTxVowTSNpX2aD5rCer3IAC48HbS6GWT46g0t6zwfp0gF1r Erg+Cr2ezSvzfhepcWAMGTxM6KkvkK2roDAzXW88lD5FPSNb9SWoC/MJ9qXb2VMX OZW8AIbPrcV1Q8UWChbQlI8YIASAfH0+w+EVq7oimynauwlPfBTQP365UW/aLk4Q rzanQoEOIKtwU7hWVfNBlCisLVWpQwXQiRrg3a+nTa1Px/ZeVJPiG2Kw8w3GLFJS CIoOdwVAGKeJKW4oGCmegqAIwlrqzH5Qo5LXvkGK+I5vdG8IttLeYqTksfgmkBpu p9rHr+TPTMr/4KaPDC7ZA6424B3Yf6C1pcrQ95hk5pBD5zVShroP4yYXF6rkryX4 LMKf+9pPG7uKJy9hI7c/8QnSzg55LK4h5/5kVe6dVbU4lvQIORhGFVk8pIP3HR7o N/+9Thbdk/eYk/x2iB+EcCmTSehc1elCHNrkZllzG4m0wSLXpLF5Jj0nzBZWgspP UN1QanHNOeydzgsxTOkzxHuU8RlsXxhZMUXCGP+Ynd38MuwQl+jt4SVcmTFvoC/p akEz8reODtNfVLAlCCLh1Eu7MxHRByFyV4kAkiUagAfw9JNpDzMtHycC6wqw24B0 0DNAlMG3kj/leuzF9gZS =aNZ0 -----END PGP SIGNATURE-----
Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions.
I'm reading this discussion with some amusement because I wrote off car ownership and being a 'motorhead' a decade or more ago when the cars wouldn't let you tune them up correctly b/c 'computer'.
ECM units are fairly well RF isolated, so those that talk to the world should normally have easily identified connections to external antennas.
Junk yards pull ECMs and sell them back to their manufacturers
Vehicles have intrinsic baseline performance / emissions / operation they are capable of. Computers with sensors are just there to tweak things and tell you when it's broken. You could just as easily watch what those systems are sensing and actuating under various conditions, duplicate the control in your own FPGA/PIC/etc, then rip out the factory system and put in your own. Getting a motor to run or pass EPA isn't that hard... spend some time learn2motorheading on youtube. cpu, rom, flash, io, control, antenna, logging are increasingly being embedded under a single chip epoxy cap. Fewer leads to cut when the only leads left are io to sensors, actuators and power. If antennas become embedded there's always Faraday. Cut the service io ports. Internal logging would still require destruction. Manufacturers don't need used ECM's, the ECM rebuild / repair / replacement aftermarket does.
codermange who love his '67 Chevy C20 long bed farm truck more each day :)
Word. If you livin in some place that has EPA checks, newfangled Hyundai's, and more pavement and sewers than pasture and streams... you aint country.
On 7/24/15, M373 <M373@riseup.net> wrote:
It's not a matter of credulity in believing that authorities would carry out such an assassination, the problem is asserting such an act without direct evidence. As I said, and as insider Richard Clarke said, it would be difficult to show.
this came up in a separate context, so thought experiment: let's assume a rogue contractor, not US establishment in any official manner is our hypothetical malicious actor in this situation. let's assume they acted to maximize effectiveness at the expense of identifying characteristics. let's construct a scenario for replay in situ to compare? dialed to MAX DEATH! [ not s t e a l t h . . . ] --- 2013 Mercedes, through MBRACE hack you attain full authority over: - Central Control Module (CCM) - Central Timing Module (CTM) - Electronic/engine Control Module (ECM) - Engine control unit (ECU) - Powertrain Control Module (PCM) - Transmission Control Module (TCM) - Speed control unit (SCU) - Brake Control Module (BCM or EBCM) - Vehicle Control Module (VCM) Electronic Powersteering (EPS) - General Electronic Module (GEM) - Body Control Module (BCM) - Suspension Control Module (SCM) - Telematic control unit (TCU) - Battery management system begin attack!>> 0. ... delay tipping until target location, speed, orientation RDY ... 1. EBCM disable, zero halt 2. PCM fix in mid gear, prep to redline 3. ECM throttle position to maximum 4. VCM EPS to remote drive override, E.g. swerve to target 5. SCU, TCU monitor for rapid deceleration then, immediately: 5a. ECM fuel pumps to max flow rate 5b. GEM set all lights, indicators, fans, servos, etc. to ON 5c. Battery management system destructively short discharge [ AKA, incendiary mode ] now compare this collision with expected outcomes of human at the wheel using normative controls. best regards, codermange who love his '67 Chevy C20 long bed farm truck more each day :)
On July 24, 2015 3:20:23 PM Seth <list@sysfu.com> wrote:
On Fri, 24 Jul 2015 10:18:07 -0700, M373 <M373@riseup.net> wrote:
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many).
Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings.
Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking.
Calling something a conspiracy theory is a common disinfo tactic. We used to have to play Spot the Fed, now they out themselves... -s
On 7/24/15, Shelley <shelley@misanthropia.org> wrote:
On July 24, 2015 3:20:23 PM Seth <list@sysfu.com> wrote:
On Fri, 24 Jul 2015 10:18:07 -0700, M373 <M373@riseup.net> wrote:
On 24-Jul-15 11:52, Georgi Guninski wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many).
Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings.
Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking.
Calling something a conspiracy theory is a common disinfo tactic. We used to have to play Spot the Fed, now they out themselves...
Bah, humbug! Conspiracy theory if ever I heard one!
On Fri, 24 Jul 2015 15:35:13 -0700 Shelley <shelley@misanthropia.org> wrote:
Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking.
Calling something a conspiracy theory is a common disinfo tactic. We used to have to play Spot the Fed, now they out themselves...
I was about to comment that calling people 'conspiracy theorists' is a modern version of calling people 'witches'...
-s
On Fri, 2015-07-24 at 19:52 +0300, Georgi Guninski wrote:
btw, Who are the owners/manufacterers of this jeep? AMC?
The Jeep marque has been part of the Chrysler family of brands (the others being Chrysler, Dodge, and Ram, and previously Plymouth and Eagle) since 1987 per Wikipedia. The current corporate owner is Fiat Chrysler Automobiles (FCA) as mentioned in the article. -- Shawn K. Quinn <skquinn@rushpost.com>
On 7/24/15, Georgi Guninski <guninski@guninski.com> wrote:
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics).
So true - headline of "human injures car" is so common we don't even blink these days...
On 7/24/15, Lodewijk andré de la porte <l@odewijk.nl> wrote:
Not physically separating essential vehicle control from the onboard entertainment system, because what could possibly go wrong?
I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective)
Gotta love how these cars constantly report their locations :)
Princess Diana - although because of the era, that was more sophisticated - retroactively modified systems in the car. Plenty of suspicious private (and not so) jet crashes over the years too. Non-overridable remote-control systems - what could possibly go wrong?
On Fri, 24 Jul 2015 17:14:19 -0700, Zenaan Harkness <zen@freedbms.net> wrote:
Plenty of suspicious private (and not so) jet crashes over the years too. Non-overridable remote-control systems - what could possibly go wrong?
I've heard activist Ken O'Keefe claim that most or all modern passenger jets are equipped with a 'Flight Termination System'. Maybe this is one such provider? http://www.kratos-msi.com/products/flight-termination-products/
From: Zenaan Harkness <zen@freedbms.net>
Plenty of suspicious private (and not so) jet crashes over the years too. Non-overridable remote-control systems - what could possibly go
wrong?
"Welcome to Westworld, where nothing can go wrong...go wrong...go wrong...." Jim Bell (You'd have to bet 50 years old to see that movie in the theaters.)
participants (17)
-
Cathal Garvey -
coderman -
Eric Hernandez -
Georgi Guninski -
grarpamp -
Henry Rivera -
jim bell -
Juan -
Lodewijk andré de la porte -
M373 -
Peter Gutmann -
Razer -
Seth -
Shawn K. Quinn -
Shelley -
Steve Kinney -
Zenaan Harkness