Zubie is a small box that plugs into the On-Board Diagnostics (ODBII) port found in most modern cars. It allows users to find out how well they’re driving, and offers tips for extending their mileage with sensible, economical driving. And until recently, Zubie contained a serious lapse in security that could leave users vulnerable to having their car remotely hijacked.
The hole – discovered by alumni of Unit 8200, the Israeli Defense Force’s elite cybersecurity team – could potentially see attackers remotely interfere with braking, steering and the engine.
Zubie connects to a remote server over a GPRS connection, which is used to send gathered data to a central server, as well as in order to receive security updates.
The researchers discovered that the device was committing one of the cardinal sins of network security and not communicating to the home server over an encrypted connection. As a result, they were able to spoof the Zubie central server, and send some specially crafted malware to the device.
Further details of the attack are below, and you’ll be pleased to learn that the issue has since been fixed. It does, however, raise an interesting question. How secure are our cars?
Separating Fact From Fiction
For many, driving is not a luxury. It’s a necessity
And it’s a dangerous necessity at that. Most people are all too familiar of the risks associated with getting behind the wheel. Car accidents are the one of world’s the biggest killers, with 1.24 million lives lost on the road in the year 2010 alone.
But road deaths are declining, and that’s largely due to the increased penetration of sophisticated road safety technologies. There are far too many of these to comprehensively list, but perhaps the most prevalent example is OnStar, available in the US, Canada and China.
The technology – available exclusively in GM cars, as well as other vehicles by companies who have chosen to license the technology – monitors the health of your car. It can provide turn-by-turn directions, and can automatically render assistance should you find yourself in than accident.
Almost six million people subscribe to OnStar. Countless more use a telematics system, which allows insurers to track how well cars are driven and tailor insurance packages to reward sensible drivers. Justin Dennis recently reviewed something similar called Metronome by Metromile, which is freely available for residents of Washington, Oregon, California and Illinois. Meanwhile, many cars post 1998 can be interrogated and monitored via the ODBII diagnostic port thanks to Android and iOS smartphone apps.
As these technologies have reached ubiquity, so has an awareness that these can be hacked. Nowhere else is that more evident than in our cultural psyche.
The 2008 thriller Untraceable prominently featured an OnStar equipped car being ‘bricked’ by the antagonist of the film in order to lure someone into a trap. While in 2009, Dutch IT firm InfoSupport launched a series of commercials showing a fictional hacker called Max Cornellise remotely hack into automobile systems, including a Porsche 911, using only his laptop.
So, with so much uncertainty surrounding the issue, it’s important to know what can be done, and what threats remain in the domain of science fiction.
0 comments:
Post a Comment