Hackers Virtually Hijack Jeep Cherokee - Crash it from miles away - Page 2 - Defender Source
Defender Source  

Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat


Reply
 
Thread Tools
  #21  
Old July 22nd, 2015, 02:35 PM
LRNAD90's Avatar
LRNAD90
Status: Offline
Scott T
1995 Defender 90 ST
Member
 
Join Date: Dec 2003
Location: Maryland
Posts: 1,264
Registry
So I wonder what the Range Rover & LR3/LR4 vulnerabilities are to this kinda stuff? And what the last (somewhat) safe years are or will be..
__________________
~Scott T.
'95 D-90 ST - AA Yellow
"If you're not living on the edge, you're taking up too much space!"


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
Sponsored Links
Advertisement
 
  #22  
Old July 22nd, 2015, 03:00 PM
leastonce's Avatar
leastonce
Status: Offline
Jason England
D-90 White 95 SW #65
Site Team
 
Join Date: Jul 2009
Location: NYC
Posts: 6,078
Registry
Quote:
Originally Posted by sonoronos View Post
The silly thing to me is that it's not a surprise. It's like connecting the internet to a black network and wondering why the classified network got hacked. Sneakernets exist for a reason.

What I really think is a terrible idea is strong-arming the auto industry into encrypting canbus traffic. If that's where this is heading, this is just going to make costs increase for vehicles.

The simple solution is to just not create a connection between external networks and the vehicle bus. Security 101. Jeep's radio supplier violated this and screwed up.

Same thing goes for the A380. Airbus uses unencrypted CANBUS traffic on one of the most expensive vehicles ever made. If you think a remotely piloted jeep is scary, think about an aircraft carrying 82,000 gallons of aviation fuel and 850 humans. The designers of the aircraft use common sense and prevent these sorts of attacks by a zero-cost principle: isolation.
Air gapping doesn't work ... or at least it will be comprised if the target has sufficient value. Of course it makes the bridge harder but it's not impossible.

US NAVY: Hackers 'Jumping The Air Gap' Would 'Disrupt The World Balance Of Power' - SFGate

We have to make the target computationally more challenging ... assume that hackers will always be able to penetrate your network ... or will at some future date is the only realistic approach. Zero trust networks and the encryption of Canbus would go some way to solving this issue.

Ultimately though hackers will get in via the weakest link... and generally that's the meat sat at the keyboard acting as a proxy.
__________________
Quote:
Soapy water / KY jelly, etc. is is basically a must. Yes, good idea to remove trim panels - only takes 5 more minutes to do so.
Car Camping Collective founding member and Chief Executive Officer
Cat Camping Collective founding member and Chief Executive Officer
Reply With Quote
  #23  
Old July 22nd, 2015, 04:41 PM
sonoronos's Avatar
sonoronos
Status: Offline
Ed
None
Member
 
Join Date: May 2010
Location: Arlington, VA
Posts: 5,523
Registry
As an engineer, I find "jumping the air gap" to be spin for funneling funds to the IT security job sector. It's fear mongering for nothing, but hey it's your tax money.

We use the air gap all the time and it works 100%. IMHO, the STUXnet example is not relevant, and the idea that someone used acoustic coupling to communicate with a PC is more of an embarrassment than a real threat. If your NETSEC allowed someone to install a trojan on a system, then it's a failure of NETSEC, not a failure of the PC.

IMHO, encryption of CANBUS doesn't solve any problems. The proof? Once a node is compromised (like a baseband receiver IC on your car radio) then the encryption is totally meaningless. The car radio defeats all CANBUS encryption automatically because it's a trusted node.

Opinion: Keep CANBUS unencrypted, solve the stupid, simple problems.

I agree about the human factor. Whether intentional or unintentional, the danger is always human
Reply With Quote
Sponsored Links
Advertisement
 
  #24  
Old July 22nd, 2015, 04:56 PM
down_shift's Avatar
down_shift
Status: Offline
Russell
94' D90 ST & 06' LR3
Member
 
Join Date: Sep 2011
Location: Leesburg, VA
Posts: 4,118
Registry
Quote:
Originally Posted by rijosho View Post
... They later steered the SUV around an empty parking lot, disabling the brakes as the driver pumped the useless pedal and crashed head-on into a ditch...”
There is no flippen way steering control was taken away from the driver nor brake control (unless the motor was stopped and vacuum was lost after a few brake applications). This BS sensationalism reminds me of the 'unintended' acceleration issue on the Audi 5000 by CBS's 60 minutes, the Isuzu Trooper 'rollover' by Consumer Reports, and many other news stories proven to be total BS yet cost those manufacturers dearly. That being said, the media was spot on with the Pinto and Chevy C/K.
Reply With Quote
  #25  
Old July 22nd, 2015, 05:01 PM
leastonce's Avatar
leastonce
Status: Offline
Jason England
D-90 White 95 SW #65
Site Team
 
Join Date: Jul 2009
Location: NYC
Posts: 6,078
Registry
Quote:
Originally Posted by sonoronos View Post
As an engineer, I find "jumping the air gap" to be spin for funneling funds to the IT security job sector. It's fear mongering for nothing, but hey it's your tax money.

We use the air gap all the time and it works 100%. IMHO, the STUXnet example is not relevant, and the idea that someone used acoustic coupling to communicate with a PC is more of an embarrassment than a real threat. If your NETSEC allowed someone to install a trojan on a system, then it's a failure of NETSEC, not a failure of the PC.

IMHO, encryption of CANBUS doesn't solve any problems. The proof? Once a node is compromised (like a baseband receiver IC on your car radio) then the encryption is totally meaningless. The car radio defeats all CANBUS encryption automatically because it's a trusted node.

Opinion: Keep CANBUS unencrypted, solve the stupid, simple problems.

I agree about the human factor. Whether intentional or unintentional, the danger is always human
Its about having layers of security and assuming they will get broken ... encryption of CANBUS would also need to be matched with a restricted list of trusted objects for each node.

Old approaches to network design rely on trust but verify ... ( as in this case - without the verify ) ... newer approaches rely on zero trust and the verify occurring on every transaction.

No node should be trusted - meat or silicon.
__________________
Quote:
Soapy water / KY jelly, etc. is is basically a must. Yes, good idea to remove trim panels - only takes 5 more minutes to do so.
Car Camping Collective founding member and Chief Executive Officer
Cat Camping Collective founding member and Chief Executive Officer
Reply With Quote
  #26  
Old July 22nd, 2015, 07:18 PM
cgalpin's Avatar
cgalpin
Status: Offline
Charles Galpin
'94 D90 ST, '63 SeriesIIA
Site Team
 
Join Date: Jan 2004
Location: South Riding, VA
Posts: 11,623
Registry
Quote:
Originally Posted by cellulararrest View Post
The scary part about this one is that it doesn't. They're just rooting the thing via the cellular internet connection in the car. Just like rooting any other machine.
Mmmh that is scary.

I don't know what the answer is, but if you have seen how much crap is flying on the CAN bus, I don't think encryption is achievable at any reasonable cost. Isolating the buses is a start (I thought most did this already) but physical access can defeat that fairly easily too. I agree that people are just as big of a problem and easy/easier to exploit.
__________________
Quote:
Originally Posted by pendy
I'm here for the D's
Reply With Quote
  #27  
Old July 22nd, 2015, 07:39 PM
LuisC's Avatar
LuisC
Status: Offline
Luis Constantin
98 Disvovery 1 LE
Member
 
Join Date: Dec 2012
Location: Austin,Texas USA
Posts: 1,898
Registry
Quote:
Originally Posted by down_shift View Post
There is no flippen way steering control was taken away from the driver nor brake control (unless the motor was stopped and vacuum was lost after a few brake applications). This BS sensationalism reminds me of the 'unintended' acceleration issue on the Audi 5000 by CBS's 60 minutes, the Isuzu Trooper 'rollover' by Consumer Reports, and many other news stories proven to be total BS yet cost those manufacturers dearly. That being said, the media was spot on with the Pinto and Chevy C/K.
I can see steering possibly being compromised on some cars. We had a Honda Civic Hybrid and the steering was electric.
__________________
Black Rhino Lives Matter
Reply With Quote
  #28  
Old July 22nd, 2015, 08:20 PM
Rocky's Avatar
Rocky
Status: Offline
Chris
72 + D1 drivetrain
Member
 
Join Date: Sep 2006
Location: Colonies Aka Boston
Posts: 8,762
It was the Suzuki Samurai that was panned for rollover.
__________________
A friend of mine runs a land rover / range rover specialty repair shop. Based on his experience, they are capable of stopping anywhere, anytime, at any cost.

I don't know about the brakes, only their unreliability.
Reply With Quote
  #29  
Old July 22nd, 2015, 08:44 PM
down_shift's Avatar
down_shift
Status: Offline
Russell
94' D90 ST & 06' LR3
Member
 
Join Date: Sep 2011
Location: Leesburg, VA
Posts: 4,118
Registry
Quote:
Originally Posted by Rocky View Post
It was the Suzuki Samurai that was panned for rollover.
Occurred to both but for the Isuzu (in late1996) it was more grievous with an absurd amount of counter steer entered by CR when compared to other SUVs tested. Hence, of course it will rollover.
Reply With Quote
Reply

Lower Navigation
Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat

Tags
ac

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Feeler WTS 1998 Jeep Cherokee Sport Shep29 For Sale - Vehicles 4 March 2nd, 2013 01:12 PM
So as not to hijack Ron's 911 thread..... GYM Misc. Chit-Chat 0 April 25th, 2008 12:02 PM
2008 Jeep Cherokee Diesel Defender13 Misc. Chit-Chat 32 February 13th, 2008 07:41 PM
1988 Jeep Cherokee XJ 4.0 4x4 Auto - $600 NJ mudrover For Sale - Vehicles 0 June 13th, 2005 08:03 PM
Virtually new BFG A/T 265/75 non-KO jvelador For Sale - Parts 1 December 19th, 2003 12:37 PM


All times are GMT -5. The time now is 04:45 AM.


Copyright