TXT message leaves Corvette wrecked Four University of California researchers have popped aftermarket vehicle tracking devices used by insurance companies to hijack the brakes, steering, and locks of a Corvette with little more than a text message. The hack targets Mobile Device telematic control units (TCUs) used by Uber and US insurer Metromile which, when …
> No. Next, combine this with auto-driving vehicles and car thieves don't need to leave the sofa, they can even deliver the 'goods' automatically
No it will allow terrorists/bored teenagers to cause bloody mayhem when they workout how to turn left and apply the back brakes when they realise you're on the freeway. They'll know coz they can read your location too.
What is the practical distance for one to use this hack? It is serious and needs to be fixed but if it requires one to be 150 feet/50 meters from the target it makes for a very clean mob hit but probably not much of a danger to the average person. If one can target a specific car from a distance, then it really becomes nasty.
How Far?
What is the practical distance for one to use this hack?
OK, clearly you're unfamiliar with SMS. You could do this from a sunny beach whilst having drinks..
Now for the fun bit: this is kit provided by the insurance. This could bring some seriously juicy liability issues. WTF where they thinking?
Now for the fun bit: this is kit provided by the insurance. This could bring some seriously juicy liability issues. WTF where they thinking?
How about profit? The devices can allow them rate up some drivers and avoid paying out on claims. When profit is the motive, nothing else, including security, matters.
Now for the fun bit: this is kit provided by the insurance. This could bring some seriously juicy liability issues. WTF where they thinking?
How about profit? The devices can allow them rate up some drivers and avoid paying out on claims. When profit is the motive, nothing else, including security, matters.
Ah, but providing a device that can CAUSE an accident not only creates consequential liability (as it's fairly clear there was f*ck all design review & due diligence), it also creates reasonable doubt regarding the cause of accidents. If your device is found to be a potential source of accidents you're not going to win many court cases once the lawyers wake up to the potential of this, and at that point you can very much say bye bye to your profits.
It is, quite simply, incredibly negligent that security clearly was never even *considered* during design, because that's really the only conclusion you can draw here.
Whoever thought it was a good idea to attach a device that can adjust the vehicles behaviour to the CAN-bus and SMS (or any external network) at the same time should not be allowed anywhere near a computer, let alone a car!
This stinks of lab technicians with no experience of the real world - that or Pointy-Haired-Boss syndrome.
"Whoever thought it was a good idea to attach a device that can adjust the vehicles behaviour to the CAN-bus and SMS "
From what I've read of these devices in the past, some are designed to limit certain types of drivers such as young or new drivers. So yes, some are designed from the ground up to talk to the cars network and make adjustments. eg cheaper insurance if dad fits a box which limits his testosterone fulled son to 55mph. I would assume there is some way to identify the driver, eg PIN or an RFID in the keyfob
But, having this ability and NOT using proper security is incompetence at best or negligence at worst.
It seems impossible to design any device theses days, down to freakin' light bulbs, without including insecure wireless access.
Is it stupidity?
A plot by the Five Eyes?
Or just plain lazy, "Throw the latest buzz word tech on that puppy and sell it, PRONTO!", mindless marketeering?
Unfortunately, based on History, I actually believe it's the last one.
having a tracker in your car results in an insurance premuim INCREASE rather than a reduction?
Having just gone through the pain of insuring a new car (because my current insurer could would cover a hybrid???? Wtf???) one company would not quote because it was NOT fitted with a tracker I read this article with interest.
This whole rather sorry episode should be a wakeup call to every car manufacturer.
But will they learn from it rather than putting sticking plaster over the problem in the hope that it goes away.
I wonder if you can hack the telematics unit from something else on the CAN bus, say a phone connected over Bluetooth.
Something gets disabled when the car is moving? Tell the telematics unit the speed is zero, regardless of the actual speed.
Get fined/insurance goes up when certain limits are exceeded? Set max/min values on data sent to the telematics unit so the limits are never exceeded.
Well you could simply make a "man in the middle" box that all the canbus messages have to go through, and edit them while doing so.
So receive road speed status from the vehicle canbus, apply a formula to the speed, and transmit the edited speed message to the add-on unit. You'd probably want something formula that starts off more or less accurate (multiplier of 1) and gradually reduces the multiplier as speed rises. Of course, that in itself could trigger other issues - what if you've apparently driven for an hour at "50" miles per hour, but the GPS says you've travelled 70 miles ?
"what if you've apparently driven for an hour at "50" miles per hour, but the GPS says you've travelled 70 miles ?"
Bigger problem is likley to be if you ever need to make a claim...
But the GPS says you weren't even there or somthin' or nufink.
Or you know, the other issue is that if you tamper with it your insurance is invalid... If they ever figure it out youre screwed.
Worse if the police pull you and figure it out, driving without insurance will get your car impounded/crushed.
We don't need our cars hooked up so thoroughly with the Internet / communication systems. The basic systems on cars should operate independent of external signals. The Internet should stick to the map display.
It's nutzoid otherwise, and, it appears, potentially a serious hazard. They should back away before governments are forced to writing all those rules and regulations gov'ts are so fond of.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
