It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee (news also noted in this blog). Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously.
The FBI Warns That Car Hacking Is a Real Risk article at http://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/ tells that in a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks.
We are really entering the era of Internet of Exploits.
The FBI and DOT’s advice includes keeping automotive software up to date and staying aware of any possible recalls that require manual security patches to your car’s code. You should also avoid any unauthorized changes to a vehicle’s software and being careful about plugging insecure gadgets into the car’s network.
155 Comments
Tomi Engdahl says:
Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button
https://www.forbes.com/sites/thomasbrewster/2019/08/25/hacker-claims-he-can-immobilize-25000-cars-at-the-push-of-a-button/
Hackers found a way to take over 25,000 car immobilizers and lock down all of them at once.
Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.
Tomi Engdahl says:
How software made me loathe my luxury car
https://mikkel.hoegh.org/2019/08/29/how-software-made-me-loathe-my-luxury-car
Tomi Engdahl says:
Ian Tabor has created a couple of small, open-source adapter boards so you can get microcontrollers talking with your car! At DEFCON, he generously gave us both versions – for Arduino Nano and ESP32. See below for directions on making and using these, as well as Ian’s excellent blog about his own projects.
// https://mintynet.com
// https://github.com/mintynet/nano-can
// https://github.com/mintynet/esp32-slcan
// https://twitter.com/mintynet
Tomi Engdahl says:
Keeping Hackers Out of Connected Cars
https://www.designnews.com/electronics-test/keeping-hackers-out-connected-cars/7386634661309?ADTRK=InformaMarkets&elq_mid=9699&elq_cid=876648
The auto industry is scrambling to catch up with the fast pace of innovation and find a security approach that will prevent attacks, save lives, protect personal data
Tomi Engdahl says:
Ask Hackaday: Does Your Car Need An Internet Killswitch?
https://hackaday.com/2019/10/01/ask-hackaday-does-your-car-need-an-internet-killswitch/
Tomi Engdahl says:
A woman’s stalker used an app that allowed him to stop, start and track her car
https://www.washingtonpost.com/technology/2019/11/06/womans-stalker-used-an-app-that-allowed-him-stop-start-track-her-car/
In the Australia case, which resulted in the 38-year-old man pleading guilty to stalking charges in the Hobart Magistrates Court, he tracked the woman’s phone location using spyware, for which he paid a monthly fee, ABC reported. Though disturbing, that method of surveillance is relatively widespread, according to a Motherboard report on the “stalkerware surveillance market” that put the number of victims in the tens of thousands.
But the man also used an app that integrated with the woman’s Land Rover. He helped her purchase it when the two were together, which gave him access to the car’s registration information, allowing him to set up the app. ABC did not identify the app, but its functions are similar to Land Rover’s “InControl” app, which allows car owners to start their vehicles remotely, adjust temperatures and track their locations.
Tomi Engdahl says:
NVIDIA Patches Severe Flaws in Mercedes Infotainment System Chips
https://www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/
NVIDIA released security updates for six high severity vulnerabilities
found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier,
TK1, TX1, TX2, and Nano chips used in Mercedes-Benz’s MBUX
infotainment system and Bosch self-driving computer systems. The chips
affected by these flaws are also used in HP and Acer Chromebooks
Tomi Engdahl says:
BMW and Hyundai hacked by Vietnamese hackers, report claims
https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/
Hacks linked to Ocean Lotus (APT32), a group believed to operate with
orders from the Vietnamese government. German media is reporting that
hackers suspected to have ties to the Vietnamese government have
breached the networks of two car manufacturers, namely BMW and
Hyundai. The report, coming from Bayerischer Rundfunk (BR) and
Taggesschau (TS), claims that hackers breached the network of a BMW
branch sometime this spring. Read also (in German):
https://www.tagesschau.de/investigativ/br-recherche/bmw-hacker-101.html
and
https://www.br.de/nachrichten/wirtschaft/fr-autoindustrie-im-visier-von-hackern-bmw-ausgespaeht,
RjnLkD4
Tomi Engdahl says:
Connected Car Security Is a New Kind of Mobile Security Risk
https://securityintelligence.com/articles/connected-car-security-is-a-new-kind-of-mobile-security-risk/
Earlier this year, we published a piece about the need for a
cybersecurity wake-up call in the automotive industry. The focal point
of the story was a report on the industry by Synopsys that brought up
critical red flags for all organizations operating within the
automotive supply chain.. Fast forward to just over half a year later
(an eternity in the tech world), and there appears to be more cause
for optimism.
Tomi Engdahl says:
Automotive cybersecurity incidents doubled in 2019, up 605% since 2016
https://www.helpnetsecurity.com/2020/01/06/automotive-cybersecurity-incidents/
Upstream Securitys 2020 Automotive Cybersecurity Report shares
in-depth insights and statistics gleaned from analyzing 367 publicly
reported automotive cyber incidents spanning the past decade,
highlighting vulnerabilities and insights identified during 2019
Tomi Engdahl says:
https://hackaday.com/2019/12/16/dashboard-dongle-teardown-reveals-hardware-needed-to-bust-miles/
Tomi Engdahl says:
Attacking Driverless Cars with Projected Images
https://www.schneier.com/blog/archives/2020/02/attacking_drive.html
Interesting research — “Phantom Attacks Against Advanced Driving
Assistance Systems”:. Read also: https://www.nassiben.com/phantoms
Tomi Engdahl says:
Modern vehicles are rightfully termed as “software on wheels”. They are increasingly connected, with growing numbers of entry points and highly sophisticated internal networks controlling critical functions. With increased E/E and software complexity, a multi-fold increase in cyber-security incidents has also been observed. These internet-based threats include packets with malicious connection states, contents or sources, and denial of service (DoS) attacks. That calls for a multilayered approach to ensure vehicle security as well as overall vehicle safety and reliability.
Tomi Engdahl says:
The Jailbreaker Enzo is a CAN-bus ECU module that re-calculates and changes CAN-bus traffic by request/response logic, giving your Uconnect features not enabled from factory. http://www.customtronix.com/webshop/jailbreaker-enzo/
Tomi Engdahl says:
Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds
https://www.vice.com/en_us/article/7kz48x/guy-selling-relay-attack-keyless-repeaters-to-steal-cars
Motherboard obtained a video of a so-called relay attack from EvanConnect, who sells keyless repeaters that can be used to break into and steal luxury cars
Tomi Engdahl says:
Hackers can trick a Tesla into accelerating by 50 miles per hour
https://www.technologyreview.com/s/615244/hackers-can-trick-a-tesla-into-accelerating-by-50-miles-per-hour/
The researchers stuck a tiny and nearly imperceptible sticker on a
speed limit sign. The camera read the sign as 85 instead of 35, and in
testing, both the 2016 Tesla Model X and that years Model S sped up 50
miles per hour.. Also
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/model-hacking-adas-to-pave-safer-roads-for-autonomous-vehicles/
Tomi Engdahl says:
People Are Jailbreaking Used Teslas to Get the Features They Expect
https://www.vice.com/en_us/article/y3mb3w/people-are-jailbreaking-used-teslas-to-get-the-features-they-expect
People have certain expectations when they buy a car. For example,
they expect it to work for years afterwards needing only basic
maintenance. They also expect that the purchase price includes
ownership of not only the physical car itself but all the software
that runs it.. Tesla doesnt agree. But that doesnt mean Tesla owners
are helpless. Sadow and others have ways to push back against Tesla by
jailbreaking the cars and getting the features owners feel are
rightfully theirs.
Tomi Engdahl says:
Andy Greenberg / Wired:
Researchers discover flaws in immobilizer encryption systems used in some Toyota, Hyundai, and Kia keys, letting attackers gain access with inexpensive hardware
Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys
Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers.
https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/
Tomi Engdahl says:
https://techxplore.com/news/2020-03-insecure-encryption-configurations-compromise-hyundai.html
Tomi Engdahl says:
Matthew Dowsett Seeks Crowdfunding for the Sparkdog PF-DI Engine Management Expansion Board
https://www.hackster.io/news/matthew-dowsett-seeks-crowdfunding-for-the-sparkdog-pf-di-engine-management-expansion-board-7d89b315fff9
Designed for both standalone use and as an expansion to DIY ECU projects, the Sparkdog includes Arduino and Teensy headers.
Tomi Engdahl says:
Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
https://www.securityweek.com/vulnerabilities-expose-lexus-toyota-cars-hacker-attacks
Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.
Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.
According to Keen Security Lab, these flaws could be abused to compromise the AVN and internal CAN network and related electronic control units (ECUs).
Furthermore, the researchers said they were able to wirelessly take control of the AVN unit without user interaction, then inject malicious CAN messages to cause the car to perform “physical actions.”
Tomi Engdahl says:
CVE-2020-10558 | Tesla Model 3 Vulnerability – Disable Autopilot Notifications, Speedometer, Web Browser, Climate Controls, Turn Signals, Nav, etc.
https://safekeepsecurity.com/about/cve-2020-10558/
Tomi Engdahl says:
https://hackaday.com/2020/03/13/inside-a-can-bus-mileage-manipulator/
Tomi Engdahl says:
How To Get Into Cars: Handling Mods
https://hackaday.com/2020/03/10/how-to-get-into-cars-handling-mods/
Tomi Engdahl says:
Solar Panel Keeps Car Battery Topped Off Through OBD-II Port
https://hackaday.com/2020/03/10/solar-panel-keeps-car-battery-topped-off-through-obd-ii-port/
Tomi Engdahl says:
Automotive Cybersecurity Hacks Made Easy
Low-tech thieves can still hack car key fobs with easy to get hardware-software and poorly developed policies for on-board diagnostic protocols.
https://www.designnews.com/automotive-0/automotive-cybersecurity-hacks-made-easy/149141824262480?ADTRK=InformaMarkets&elq_mid=12864&elq_cid=876648
Key Takeaways:
Sniffing and jamming of automotive RF signals a growing security problem
Automotive wireless key entry systems remain vulnerable to easy-to-get hacking technology
Security standards should not be open for general use regardless of labor policies
Not that long ago, while attending a technical conference in San Francisco, my colleague’s high-end BMW was broken into by a cyberattacker. There was no damage to the car but both of our laptops (secured in the trunk) were stolen. From that point on, automotive wireless security issues became a real concern for me.
How did the break-in occur? With great ease, according to several recent news stories. Using a $30 tool developed by hackers to “pwn’ the onboard security systems, unskilled criminals can easily open and steal high-end cars. “Pwn” is an Internet slang for “own” as in conquering or stealing to gain ownership. With the $30 tool from China, criminals are able to reprogram a blank car key fob that allows these non-techie thieves to steal a vehicle within two or three minutes. And it’s not just China questionable tech. A careful Internet search reveals a certain cipher development kit offered by a leading US company. One hopes its primary use is to develop ways to defend against ongoing hacks.
Part of the problem is automotive on-board diagnostics (OBD) bypass tools available via shipment from China and Eastern Europe. Potential car thieves need only intercept the wireless transmission between a valid key fob and a car before reprogramming a blank key. With the new key/fob in hand, the criminals can then either open the car or start it, via the OBD system and protocols.
RF and wireless sniffers and jamming products are readily available on the Internet.
RF jammers exist for every type of wireless protocol from GPS, Wi-Fi and Bluetooth to mobile phones. Why jam signals from within your car? One reason would be to hide any GPS tracking data that is being sent out about the location of your car’s journey. Cell phone transmissions can also be jammed. Further, such jammers could be used against near-by vehicles depending upon their proximity, the jammer’s transmitter power strength and the target receiver’s architecture (i.e., the vehicle being jammed).
Detecting the presence of a jammer is key in mitigating the issue since it is very difficult to jam the jammer. Technically savvy car owners can use spectrum analyzers to measure average energy changes in the car fob’s locking spectrum. Detecting a jamming scenario lets the car owner know that danger is present. The technology is now so prolific that a quick search on the Internet will reveal instructions on how exactly to hack a car’s key fob in surprising detail.
Concerning policy challenges, it must be understood that OBD readers are readily available for legitimate purposes to car repair and after-market shops. One problem is that the OBD data needs to be open to such third-party garages to satisfy the European free trade federation’s rules on open competition in the automotive trade business.
This means that both technology and well-intended but ill-conceived foreign market labor policies enable cybercrime in a global economy. It is a systemic problem that will need close cooperation between high-tech security and software companies, OEMs, and policy makers in a variety of governments.
Still, more could be done to improve the often-called weak cryptography of many wireless automotive key systems. Several standards have emerged that should help.
The problem now extends beyond the vulnerabilities of wireless, keyless car locking systems. In late 2019, Motherboard reported that a hacker known only as L&M cracked more than 27,000 commercial car fleet accounts through GPS signals. The hacker could then track vehicles in a small number of foreign countries, including India and the Philippines, and shut down vehicle engines that were stopped or traveling 12 mph or slower, Motherboard reported.
Tomi Engdahl says:
Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts
yelling ‘Security! We have a problem…’
https://www.theregister.co.uk/2020/04/09/which_car_hacking_report/
Modern connected cars contain security threats, consumer org Which?
has said after commissioning analyses of two models, a Ford and a
Volkswagen.
Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling ‘Security! We have a problem…’
Spoiler: It found a tyre pressure sensor and a Wi-Fi password
Context found that “simply lifting the VW badge on the front of the car gave access to the front radar module, which could potentially allow a hacker to tamper with the collision-warning system.” That is, someone malicious could pull the radar sensor out.
Meanwhile, Context’s bods were also probing the Ford’s CAN bus and items connected to it. Its IVI was “connected to three separate buses, including the powertrain,” which the researchers said “could potentially give access to engine controls.”
Both cars’ wireless key locking systems were vulnerable to relay and replay attacks, a well-known problem gleefully exploited by car thieves and largely ignored by industry despite having been a known issue for years.
Remarking on what the study did not appear to have looked at, Tabor commented: “There is no mention of the EU mandated E-Call system that could potentially be tracking the vehicle at all times?”
Nonetheless, Context did say it had found what looked very much like a Ford factory Wi-Fi password saved in that car’s IVI, presumably from factory testing.
Inevitably, Which”, which describes itself as a “consumer champion” demanded more “regulations” on CAN bus security to reduce what it claimed was “the risk, both to financial and to human life.” It is unclear exactly how Which? reached that conclusion, with its study not detailing any direct interference with safety-critical systems it was able to achieve. At most it was able to suggest that tyre pressure sensors could indicate a flat tyre was fully pumped up.
Most drivers are probably capable of noticing if one or more tyres is flat or running on the wheel rim
Tomi Engdahl says:
How to Stop Automotive Key-Fob Encryption Hacks
https://www.electronicdesign.com/markets/automotive/article/21130290/how-to-stop-automotive-keyfob-encryption-hacks
Even key fobs are the targets of cyberattacks, enabling hackers to steal your car—or worse. Prevention involves new crypto schemes, but only use those that are thoroughly vetted.
Tomi Engdahl says:
How to Stop Automotive Key-Fob Encryption Hacks
Even key fobs are the targets of cyberattacks, enabling hackers to steal your car—or worse. Prevention involves new crypto schemes, but only use those that are thoroughly vetted.
https://www.electronicdesign.com/markets/automotive/article/21130290/how-to-stop-automotive-keyfob-encryption-hacks?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS200504049&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
Modern cars are essentially software on wheels—“smart” collections of automotive systems, including entertainment, braking, power, locks, window controls, and so on. As the number of electronic control units (ECUs) in vehicles explodes, so do the number of lines of code, presenting a rich field of opportunities for hackers.
In turn, key fobs, the small hardware devices with built-in authentication used to control and secure access to the vehicle, have proven to be low-hanging fruit for cyber criminals looking to attack vehicle systems.
As with other vehicle systems, key fobs are becoming increasingly complex, supporting an array of features. Key fobs not only unlock the vehicle and enable the ignition controls, but can be used to lower windows, open a sunroof, fold in mirrors, and set seat locations and radio channels. Tesla Model S and Model X key fobs can even be used to initiate automated parking and unparking sequences. Hit “Summon” on the key fob and your Tesla comes to you!
Tomi Engdahl says:
Hacker buys old Tesla parts on eBay, finds them full of user data
https://arstechnica.com/cars/2020/05/hacker-mines-passwords-locations-and-more-from-retired-tesla-infotainment-gear/
Data can be retrieved even after owners perform a factory reset,
researcher says. Examples included phonebooks from connected cell
phones, call logs containing hundreds of entries, recent calendar
entries, Spotify and W-Fi passwords stored in plaintext, locations for
home, work, and all places navigated to, and session cookies that
allowed access to Netflix and YouTube (and attached Gmail accounts).
Tomi Engdahl says:
Macchina’s $28 ODB2 Breakout Board Aims to Simplify Automotive Hacking, Development
https://www.hackster.io/news/macchina-s-28-odb2-breakout-board-aims-to-simplify-automotive-hacking-development-b57a2b544378
Designed for easy sniffing, man-in-the-middle attacking, and emulation of ODB2 devices, the breakout is configured using jumper wires.
Tomi Engdahl says:
https://hackaday.com/2020/06/23/macros-for-a-mazda/
Tomi Engdahl says:
CCTV video shows suspects using electronic method to steal cars in northeast Toronto
https://toronto.citynews.ca/2020/07/14/toronto-northeast-vehicle-electronic-thefts/
Toronto police are warning vehicle owners in the city’s northeast there’s been a rise in car thefts in the area — and that the suspects appear to be taking advantage of keyless remote technology.
Police said the suspects are targetting newer vehicles that use keyless FOBs and are usually stolen from driveways in the middle of the night.
“It is believed that thieves stand near the front door of a house, holding a device that captures the signal emitted from the keyless FOB,” police said on Tuesday. “This device is a radio frequency amplifier that will increase the signal range of the keyless FOB.”
Tomi Engdahl says:
Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
https://threatpost.com/black-hat-19-flaws-connected-mercedes-benz-vehicles/158144/
Researchers went into detail about the discovery and disclosure of 19
security flaws they found in Mercedes-Benz vehicles, which have all
been fixed.
Tomi Engdahl says:
Here’s what happens when a hacker takes over your car.
https://www.facebook.com/19440638720/posts/10157802447778721/
Tomi Engdahl says:
https://electrek.co/2020/08/22/tesla-fights-back-against-owners-hacking-unlock-performance-boost/
Tomi Engdahl says:
He says he could access any Tesla in the entire network — and even force it to move.
A Hacker Reportedly Gained Access to Tesla’s Entire Fleet
https://futurism.com/the-byte/hacker-reportedly-gained-access-teslas-entire-fleet
A new Electrek story details the saga of Jason Hughes, a whitehat hacker who says he managed to gain a flabbergasting level of access to Tesla’s internal servers — managing to seize control of the company’s entire fleet of electric vehicles.
The alleged hack took place back in March 2017, and Hughes immediately alerted Tesla’s security team, which quickly patched the security hole. Still, it’s a fascinating glimpse at the perils of connected vehicles.
https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/
After Tesla started to give customers access to more data about Supercharger stations, mainly the ability to see how many chargers were currently available at a specific charging station through its navigation app, Hughes decided to poke around and see if he could expose the data.
He told Electrek:
“I found a hole in the server-side of that mechanism that allowed me to basically get data for every Supercharger worldwide about once every few minutes.”
The hacker shared the data on the Tesla Motors Club forum, and the automaker seemingly wasn’t happy about it.
Someone who appeared to be working at Tesla posted anonymously about how they didn’t want the data out there.
Hughes couldn’t really send Tesla cars driving around everywhere like Tesla’s CEO described in a strange scenario few months later, but he could “Summon” them.
In 2016, Tesla released its Summon feature, which enables Tesla owners to remotely move their cars forward or backward a few dozen feet without anyone in them.
While on the phone, Hughes then asked Sigel to give him the VIN number of the Tesla vehicle closest to him. The hacker proceeded to “summon” the car, which was in California, from his home in North Carolina.
At which point Hughes jokingly said that this bug report should be worth a brand new Tesla.
He didn’t end up getting a new Tesla, but the automaker awarded him a special $50,000 bug report reward — several times higher than the max official bug reward limit
Tesla used the information provided by Hughes to secure its network.
That Friday, they ended up working overnight and managed to fix the main bug in Mothership within a few hours.
After a few days, they fixed the entire bug chain the hacker exploited to remotely gain control of Tesla’s entire fleet.
Tomi Engdahl says:
Elon Musk: “In principle, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”
https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/
Tomi Engdahl says:
https://hackaday.com/2020/09/04/see-this-casio-watch-it-unlock-my-tesla/
Tomi Engdahl says:
Tesla Can Detect Aftermarket Hacks Designed To Defeat EV Performance Paywalls
https://tech.slashdot.org/story/20/09/08/2042201/tesla-can-detect-aftermarket-hacks-designed-to-defeat-ev-performance-paywalls?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Tomi Engdahl says:
Tesla Can Detect Aftermarket Hacks Designed to Defeat EV Performance Paywalls
You wouldn’t download a car—but would you download a quicker 0-60 mph time?
https://www.thedrive.com/news/35946/tesla-can-detect-aftermarket-hacks-designed-to-defeat-ev-performance-paywalls
Tomi Engdahl says:
https://hackaday.com/2020/10/02/how-to-get-into-cars-hypermiling-mods/
Tomi Engdahl says:
https://www.wired.com/story/tesla-model-x-hack-bluetooth/
Tomi Engdahl says:
Exploring this Nissan infotainment system lead to a simple hack to get root access.
https://hackaday.com/2021/01/30/nissan-gives-up-root-shell-thanks-to-hacked-usb-drive/
Tomi Engdahl says:
https://hackaday.com/2021/01/30/nissan-gives-up-root-shell-thanks-to-hacked-usb-drive/
Tomi Engdahl says:
April 29 presentation at the virtual CanSecWest security conference, the daring duo described the manner they went about hacking a Tesla Model X from a hovering DJI Mavic 2.
German pilots film their drone hack of a Tesla
https://dronedj.com/2021/04/30/german-pilots-film-their-drone-hack-of-a-tesla/
It’s well known short traders are atop the many, many things Tesla honcho Elon Musk hates in this world. But it’s a safe bet mischievous drone geeks now populate that list – especially after a pair of pilots hacked one of his luxury rides open from the air.
They said multiple test runs using a Wi-Fi dongle allowed them to compromise the car’s command system in three minutes or less. They demonstrated their exploit with elevated footage of an empty blue Tesla obediently flapping its doors open and shut on command.
Tomi Engdahl says:
Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit
Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.
This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The analysis was initially carried out for the Pwn2Own 2020 hacking competition — the contest offered a car and other significant prizes for hacking a Tesla — but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.
The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.
Tomi Engdahl says:
Watch A Tesla Have Its Doors Hacked Open By A Drone
https://www.forbes.com/sites/thomasbrewster/2021/04/29/watch-a-tesla-have-its-doors-hacked-open-by-a-drone/
Tomi Engdahl says:
Researchers Find Exploitable Bugs in Mercedes-Benz Cars
https://www.securityweek.com/researchers-find-exploitable-bugs-mercedes-benz-cars
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution.
The vulnerabilities were found in the Mercedes-Benz User Experience (MBUX), the infotainment system initially introduced on A-class vehicles in 2018, but has since been adopted on the car maker’s entire vehicle line-up.
The vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, provides hackers with remote control of some of the car’s functions, but not with access to physical features, such as steering or braking systems.
In addition to targeting the main infotainment head unit, the security researchers also analyzed Mercedes-Benz’s T-Box, successfully exploited some of the identified attack scenarios, and even combined some of them to compromise the head unit even in real-world vehicles.
Tomi Engdahl says:
Mercedes Benz MBUX security research report https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
This report showed how we performed our security research on MercedesBenzs newest infotainment system, MBUX. . we demonstrated what the attacked could do [...] for two attack scenarios, the removed head units and the real-world vehicles [... to ...] send arbitrary CAN messages on T-Box and how to bypass the code signing mechanism to flash a custom SH2A MCU firmware