This isn't a follow up (sorry) but this is way worse.
TL;DW
These guys managed to capture a cars GPS/bluetooth mic data, transmit it and listen to you speak 1500 miles away all by playing a song on your cars radio. They could have done way worse as well. In light of the NSA leak, this scares me, this scares me a lot.
More info here:
http://motherboard.vice.com/blog/how-ea ... -be-hacked
[youtube]http://www.youtube.com/watch?v=bHfOziIwXic[/youtube]
This blows my freaking mind.
Link to the post I am referring to in the title.
police-admit-they-re-stumped-by-mystery ... 76417.html
Do you guys remember the post about "mystery car thefts"?
-
Dattebayo
- Posts: 33288
- Joined: Sun Aug 25, 2002 10:04 am
- Car: 2004 Nissan Frontier Desert Runner
- Location: NE DC
Re: Do you guys remember the post about "mystery car thefts"
Trying to stay awake is hard listening to that guys tone through the whole thing. Ugh. I gave up a few minutes in...
-
TurboSauce
- Posts: 6702
- Joined: Thu May 21, 2009 2:12 pm
- Car: 2006 G35 coupe, 2018 Mazda CX-9
- Location: Orlando
Re: Do you guys remember the post about "mystery car thefts"
8:01
I'm actually very interested in the topic, but I couldn't subject myself to the way that guy speaks without tuning out at that point
I'm actually very interested in the topic, but I couldn't subject myself to the way that guy speaks without tuning out at that point
-
szh
- Posts: 15932
- Joined: Tue Jul 23, 2002 12:54 pm
- Car: 2018 Tesla Model 3.
Unfortunately, no longer a Nissan or Infiniti, but continuing here at NICO! - Location: San Jose, CA
Re: Do you guys remember the post about "mystery car thefts"
Interesting! As I am actually in the business (my company provides the cellular transport network for Hyundai, Acura, Chrysler and Fiat telematics units), I can make some observations that might allay your concerns ... a tiny bit anyway!
The presentation is two years old (an eternity in this data industry), and it probably used an old-generation of telematics unit for the remote control example - in modern implementations (even in the last few years literally), using tones over cellular to gain access to the car is not as possible as it might have been once!
It wasn't a "song on the radio" - it was actually the protocol communications chirps sent over the cellular radio to the modem. First, using older modem protocols is no longer used today in digital cellular data. Second, at least in the network we deploy, we do NOT allow the telematics cellular radio to be dialed from the network as was shown in the demo - this was mentioned as a prevention method at about 21:45 minutes into the presentation too. Third, cellular data session is initiated by the telematics in the car to the home servers rather than a network initiated data session.
Etc., etc., etc.
Also listen to the question and answers about 24 and 26 minutes in - lots of comments about what is possible and how things can be secured. In the past years, the state of the art in telematics security has improved dramatically.
Thus, today, In almost all cases, close proximity to the car is going to be needed (for example, via BlueTooth or WiFi or the TPMS systems) and. WIth the increased emphasis on security, this still requires a ton of research and development ... beyond the usual car-thief capability.
For example, car brands and models are not designed the same way ... as the presenter admitted, he did not know if the different manufacturers implemented things the same way, etc. I can tell you that (In our customer cases, e.g.) a method that succeeds on one car brand/model will fail on others most likely.
Now, does this mean that we have achieved complete perfection in telematics security? Heck, no! But it is a lot tougher to do things than you might expect!
And, most importantly, people are working on securing the vehicles even better ... as we speak!
Z
The presentation is two years old (an eternity in this data industry), and it probably used an old-generation of telematics unit for the remote control example - in modern implementations (even in the last few years literally), using tones over cellular to gain access to the car is not as possible as it might have been once!
It wasn't a "song on the radio" - it was actually the protocol communications chirps sent over the cellular radio to the modem. First, using older modem protocols is no longer used today in digital cellular data. Second, at least in the network we deploy, we do NOT allow the telematics cellular radio to be dialed from the network as was shown in the demo - this was mentioned as a prevention method at about 21:45 minutes into the presentation too. Third, cellular data session is initiated by the telematics in the car to the home servers rather than a network initiated data session.
Etc., etc., etc.
Also listen to the question and answers about 24 and 26 minutes in - lots of comments about what is possible and how things can be secured. In the past years, the state of the art in telematics security has improved dramatically.
Thus, today, In almost all cases, close proximity to the car is going to be needed (for example, via BlueTooth or WiFi or the TPMS systems) and. WIth the increased emphasis on security, this still requires a ton of research and development ... beyond the usual car-thief capability.
For example, car brands and models are not designed the same way ... as the presenter admitted, he did not know if the different manufacturers implemented things the same way, etc. I can tell you that (In our customer cases, e.g.) a method that succeeds on one car brand/model will fail on others most likely.
Now, does this mean that we have achieved complete perfection in telematics security? Heck, no! But it is a lot tougher to do things than you might expect!
And, most importantly, people are working on securing the vehicles even better ... as we speak!
Z
Re: Do you guys remember the post about "mystery car thefts"
Yeah I didn't sit down and watch the video for 30min straight. I was doing stuff while it played and got the jist.Dattebayo wrote:Trying to stay awake is hard listening to that guys tone through the whole thing. Ugh. I gave up a few minutes in...
Yup it's a dry topic but Q&A at the end is pretty cool. People start asking about things that the engineers didn't even think about like controlling the steering wheel. Scary stuff.TurboSauce wrote:8:01
I'm actually very interested in the topic, but I couldn't subject myself to the way that guy speaks without tuning out at that point
Yeah they said the "song" sounded like a dial-up modem so the driver would probably know somethings up. Also the presenter mentioned that he needed physical access to the ECU in order to make this work. I do agree with you in that something like this isn't likely to happen but never in a million years would I think it was possible.szh wrote:It wasn't a "song on the radio"
But all the security implementations introduced to stop people from doing things like this doesn't matter when cars become a target for PRISM. The government strong armed a lot of major tech giants and got what they wanted; if they wanted car data it would happen. This still scares me.