By: Divya John, 7Safe Penetration Tester
You may puff up with pride about that smooth ride parked in the garage for all the smart features built into it. You can make a phone call, beat the tough weather with its climate control system, pin your destination on a map and drive through the traffic free routes, etc. - just some of the many hi-tech features present in your smart car. Unfortunately hackers are just as attracted to these features as you are, and what they have now found could not only be a theft threatening but a life-threatening hack.
uConnect gave open access to car systems via port 6667
Last month, two researchers, Charlie Miller and Chris Valasek, were able to hack the Jeep of WIRED reporter Andy Greenberg to a halt on the highway. The unnerving hack was possible because of the insecure connectivity software, uConnect, built into the car's dashboard. uConnect allows the driver to do things like control music played, set the navigation, browse Facebook and call a contact, all on the go.
uConnect connected to the internet via the cellular network which left the port 6667 open. Unfortunately, the car was designed in such a way that most of the functionalities were exposed to the service running on this port. The hackers were able to connect to the car via this open port from a mobile device. What followed was access to steering, braking, high beams, turn signals, windshield wipers and fluid, and door locks, as well as reset the speedometer and tachometer and kill the engine. Although, there have been successful researches on car hack, this is probably the first car hack to be done remotely, about 70 miles away.
Roll-Jam threat could render door locks useless
And the uConnect story is not the only recent hack involving vehicles. Looks like the cars and garages that use wireless signals to lock/unlock the doors are under threat too. Samy Kamkar, the hacker from Pittsburgh, has created a device smaller than mobile phones called “Roll-Jam” which can unlock most of the remotely locking cars.
This device is able to defeat the “Rolling Code” encryption implemented in the key fobs. The way this works is that every time the owner presses the button on the fob, a random unique code is generated and sent to the car or garage's receiver, which is then unlocked. For the hack, when the owner presses the button, roll-jam sends out two signals: one jams the signal from the fob and the other reads the wireless code sent out by the fob. In this process, the car neither locks nor unlocks. So the owner thoughtlessly presses the button again. The roll-jam sends out three signals: one reads the new wireless code, the second jams it so that it can’t reach the car and the third broadcasts the previous wireless code that was captured. Voila! The car locks and the hacker has the code to unlock the car or garage.
Although these recent developments in the hacker community may send shivers down our spines, the solution definitely cannot be giving up on these technologies and the progress that they bring. Returning to the Stone Age is not an option and never will be. But, we should keep ourselves up to date with developments in the security bailiwick to help us in making safer choices about the assets that we buy in the world of ever-increasing connectivity. Whilst there are many things outside of our control in technology world, the one thing that we do have power over is ensuring that our systems are up to date with the latest critical security updates or patches that are released by the car companies. This will not only keep us more secure, but will also improve the performance of our new smart new car.
If you are developing smart technology in the automotive sector and need practical advice about testing and hardening your systems, talk to our Cyber Security team.