'the company boasted their security was "unhackable"'
When will they ever learn.
Researchers have discovered that "smart" alarms can allow thieves to remotely kill your engine at speed, unlock car doors and even tamper with cruise control speed. British infosec biz Pen Test Partners found that the Viper Smart Start alarm and products from vendor Pandora were riddled with flaws, allowing an attacker to …
well....if any publicity is good publicity you could argue that declaring your product to be unhackable was akin to free pen-testing.
I mean I'm not sure I'd like to be famous as the "The person who makes shite software" but if I was planning on say, changing my name and emigrating it might work.
I had a big red battery isolator key under the dashon my old IIA, it went in with me at nights or if parked anywhere a bit iffy.
One of my mates had a '54. Series I that had no ignition key, just a big round starter button on the floor like the original Mini one. A neighbor told him he had seen a young would be thief go in through the unlocked door and spend quite some time looking for the ignition then giving up and walking of.
The ignition was a toggle switch on the centre dash.
Don't confuse the crappy modern Land Rovers with the real thing.
The same was said when the S.IIA came out....
They were wrong then as well. I have driven 'modern' LandRovers for the last twenty years, in climates from -52 deg. C. to +50 deg. C. in terrain ranging from the French Alps, Balkans, North, Middle and Southern Africa, and also parts of the near & middle east. The vehicles have proved themselves just as capable, hardy and rugged as the original design intention - but better looking, more comfortable, efficient and capable than earlier iterations. Yes, we always stopped to help out the less fortunate when stuck, broken down or otherwise 'delayed' whether in a LandRover, Land Cruiser, or indeed a Merc. 190!
So think and behave like a Luddite if you wish, I think if you actually experienced the vehicles, your prejudice would be somewhat diminished.
@10forcash
Not sure who you are aiming your comments at, but I've owned and driven Series 2A, Series 3, early (pre Defender) One-Ten, later Ninety, Range Rover P38, Discovery 1 and Discovery 2.
I don't have a prejudice, but I'm well aware that more modern Land Rovers have a very poor reputation for electrical reliability, and there have been various quality issues (TDV6 engine for example).
Care to expand on the 'electrical reliability issues'? i'm not really seeing any more (or less) issues than the other Marques I deal with.... TDV6 - 2.7 or 3.0? there are some 'early life' issues with 3.0 and some issues with 2.7 timing belt tensioner mountings on the oil pump failing after timing belt change, again, nothing more than other manufacturers, and those engines are built primarily at DDC by Ford under licence from PSA. My TDV6 has 157k miles on it, aside from sheduled maintenance and a couple of EGR valves replaced early life (Valeo!) no problems. The only significant problems with L319/320 were the early air suspension compressors failing - built by Hitachi in Japan....
I am well aware they're all older than me. I'm also well aware that they run fine MOST of the time. And then suddenly you find yourself at the side of the road filing points, hand cranking a 2 1/4 L 4-pot petrol engine because the starter solenoid gave up (It CAN be done, I've never managed) or rewiring the headlights because the wires just gave up.
I've also experienced trying to swap a fuel tank with an original replacement part, and finding it didn't fit because it was literally an INCH too long. The seller wasn't even surprised when we came back, just walked into the back with a tape measure and found one that fell into the other side of the tolerance range. Apparently half an inch of tolerance on the length of the tank and half an inch of tolerance on the placement of the frame extensions isn't uncommon on a Series IIA...
Ah, memories. I have rebuilt both the carb and the distributor on the roadside on my 2 1/4l IIa, with a leatherman supertool.
As for crank starting, I did that for several weeks one year while broke and between jobs and couldn't afford to repair it, It had uprated half shafts, a new tilt from Derbyshire LandRovers and never let me down when it counted, even pulling two horses in a trailer through axle deep mud and shit.
An opportunity to remind owners of Land Rover owners in the south of England in need of spare locks or other assorted bits...
http://www.4x4sparesday.co.uk/events/newbury-4x4-vintage-spares-day
I wonder how far off we are from driverless cars, namely cars whose systems have been hacked and are at the mercy of someone not inside the car? They'd be indispensable in robbing banks, hit-jobs and the like.
Or do all of these cars still need a meatbag present to press the accelerator?
Or do all of these cars still need a meatbag present to press the accelerator?
Probably not. I don't think there has been a purely mechanical connection between the gas pedal and the delivery of fuel to the cylinder(s) since carburetors went away several decades ago. Remember Codger's Law -- if it isn't mechanical it can (and probably will) be hacked.
Usually those updates are made silently when you bring your car to an authorized dealer for something else. Obviously if you don't, you're out of luck...
Speaking of bugs, for every bug they find there are probably a dozen they didn't find yet. So can I have a car without such a "theft facilitating device" please?...
"How? By doing a recall? Emailing users to update firmware? Or through an OTA update? Because none of those sound like great options..."
I'd guess none of the above.
What is described in the article is not a direct hack of the alarm on the car but of an API which allows account management and other features, allowing you to take over the users account and then control the alarm.
I very much doubt that changing the users email address is done via an API hosted on some kit in the car (Though given the scale of the f*ck ups involved I wont rule it out :) ).
So they managed to get access to the users account and from there they were able to sign into the app and control the alarm from there.
Same with the API for cruise control etc, its very unlikely that the end users app communicates directly with the car, rather it will send to a central service which (in theory) does the security checks before issuing the command to the car via some unpublished API (Probably even less secure because they assume no one knows about it!)
The app likely needs indirect access to the canbus for things like lights and immobiliser, but it surely has no access to the cruise control.
Rather, this is most likely a two stage thing - convincing the API you are the owner, then using the alarm app as a vector to attack the canbus, which in turn...
But then, the way car systems are made, who the hell knows...
This is another of those systems where the architecture is based on a central, internet-connected server, for no good reason. (See also: smart homes, smart assistants, smart burglar alarms, smart locks...).
If my phone could replicate the wireless key fob and unlock the car, that would be cool. If my phone has to contact a remote server, which sends a message across the network to tell the car to unlock, that's inherently fragile and insecure. Good for collecting information on customer behaviour though.
This suggests a plot trick suitable for a Bond film. Jimmy is driving around in his modern Smart Connect Austin. Yes, really! I'm sure the "Q" who plugged an infected USB drive into the main network in front of everyone would think this was a marvelous idea and that the admin password "MhasAtinyDick" is strong. Anyway, the Evil Overlord's minions hack the car. They eavesdrop to learn what Bond knows about them and which porn he's watching on the in-vehicle entertainment system. Not like they really WANT to know that, but you get it all when you're hacking data. They track his location and send incorrect navigation info to the car, directing him to where they have an attack team waiting. When he unwittingly drives into the ambush, the evil minions disable the engine, unlock the doors, and change the system to show a Benny Hill episode. While Bond is distracted trying to get the Japanese tentacle clip back on, the evil minions jump him. When Bond turns up missing they'll ask Q to locate the car. He will then discover the password has been changed and Bond's subscription to Pornhub has been canceled.
Hey, I'd rent that on DVD.
The more functionality in them, the more they are vulnerable. Is there really a need for any comms between the fob/car and the Internet as this seems to be a disaster waiting to happen for the lock/car owner? I guess being connected and hip overrides common sense and security every single time.
Potentially it could increase security
Most fob systems do a challenge response but just cycle through a list of predictable seeds (my Japanese car just increments integers)
Having both get a list of crypto keys from a central site which also monitors how many failed attempt the car has detected and other suspicious behaviour could be good.
Of course allowing you to reset the key fob on the web site with just an email or sms isn't quite so good.
I humbly suggest the following additions to all dictionaries. I release these definitions into the public domain in the hope that they will be recorded for those who are unaware:
Unhackable:
: /ˈst(j)upɪd/
Adj.
1. Nonexistent or imaginary: We have a normal computer and an unhackable one.
2. Extremely insecure: The company has built an unhackable lock.
3. Destroyed or rendered nonfunctional: The plane carrying the machine crashed from a great height, and therefore both have been rendered unhackable.
My [noun] is unhackable:
Phrase
1. I am an idiot.
2. My [noun] is probably a lot worse than its competitors.
3. My [noun] won't pass a standard penetration test.
4. My [noun] won't pass a non-penetration security test either.
5. My [noun] might not pass a safety, fitness for purpose, or functionality test either, while we're on the subject.
6. Unless you can physically obtain one of my [noun]s, it probably doesn't even exist outside my marketing documentation.
Note: Unlike other definitions which use or logic, I.E. usually only one definition applies to a specific occurrence of the term, the preceding phrase definition uses and logic across all definitions.
The problerm isn't the architecture in the vehicles - most 'modern, connected vehicles' use FlexRay rather than CANBus, FlexRay behaves more like a packet switched network, only sending (or more accurately, modules only listen 'in turn' based on the timing packets) data to the modules that need to know, whereas CANBus is more like having a Token Ring network. FlexRay networks usualy have a security module, variously called 'Firewall', 'Gateway', 'Vehicle Connectivity' or 'Keyless Vehicle' {an oxymoron] modules, these quite properly validate signals received against stored values and authorise the specific modules to carry out the required actions.
Where this all falls down is when Programmers design & implement API's in isolation, preferring to run them past Marketing rather than Engineering....
Where insecurity HAS to be baked into the vehicle, it's generally the 'consumer focus groups' to blame, wanting features such as Keyless Entry (!), powered tailgates where you can wave a foot around under the rear of the car so you don't have to put your shopping / dog / child down to get your keys out - much better to pirouette around on a frozen car park.... All this means the vehicle is effectively an antenna farm to rival the old LF one near Rugby just so some entitled prick doesn't have to push a button on a key and then have to suffer the ignominity of turning a key blade in an actual lock!