DEFCON 23 Starts Tomorrow, Everyone is Effected
08-05-2015, 02:54 PM
#1
Senior Member
Thread Starter
DEFCON 23 Starts Tomorrow, Everyone is Effected
Maybe this is in the wrong place, but it effects everyone and considering how unaware most people are, why not here? I'm not going to the events anymore but I still get the emails.
Two years ago this week, this happened at DefCon 21:
The pair also tested a 2010 Ford Escape.
Prerecorded video demos of the hacks showed Miller and Valasek disabling the car's brakes, jerking the steering wheel back and forth while the car was in motion, accelerating, taking full control of the steering wheel, yanking the seat belt tight, turning off the engine, turning interior and exterior lights on and off, honking the horn, and making the console show a full tank of gas when it wasn't.
This year:
Roll on down to the Car Hacking Village at DEF CON 23!
Posted 7.22.15
At DEF CON, we agree with you that it's kinda bogus that in 2015 we still don't have flying cars. But you know what makes up for that? Cars you can hack. So this year, we bring you Car Hacking Village - a little bit of paradise for people who long to invalidate a connected car's warranty without jeopardizing their commute.
The CHV will have several 'Zones' for your education and entertainment:
Pull-apart Zone: learn how to get physical access to car controllers by removing panels and bolts.
Buck Hacking Zone: open hack car controllers and systems using a Buck (system on a bench).
Learning Zone: drop-in sessions of 15-30 minutes to teach specifics of vehicle networks and hardware.
Chill Zone: meet the CHV team in a more informal setting. Meet other interested con-goers. Meet no one and just meditate on what you've learned so far.
OEM Zone: we're probably going to rename this, but it's for dialog between OEMs and their users.
Vendor Zone: if the Car Hacking Village has inspired you, you can pick up some study material and even some hardware.
We hope to see you there.
Warning: objects in the CHV are closer than they appear
--------------------------------------------------------------
Some things that are generally unknown by most people.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
Homeland security is taking over the systems. It was scheduled to happen in the spring of 14, but congress postponed it with an open date. The obvious reason is because of the cyber-security associated with what is coming.
Last year, Argus, a group of former members of Israeli cyber-security unit reported and then demonstrated they had remotely taken over vehicles that had after market electronics installed in vehicles. They first did it by exploiting the OBDII port and a device that was plugged into it called a Zubie.
All of this just scratches the surface. Don't misunderstand the point of posting this. I don't have a problem with any of it. I do have a problem with just how unaware most people are. I recently bit my tongue on this topic but not one person I asked what they knew about any of this, knew anything. Like most government projects this will probably be delayed, but. . . Nothing about this is a secret so if you have any interest in the changes coming soon, internet searches can lead you to much more.
If putting this here is wrong or offends, delete it.
Two years ago this week, this happened at DefCon 21:
The pair also tested a 2010 Ford Escape.
Prerecorded video demos of the hacks showed Miller and Valasek disabling the car's brakes, jerking the steering wheel back and forth while the car was in motion, accelerating, taking full control of the steering wheel, yanking the seat belt tight, turning off the engine, turning interior and exterior lights on and off, honking the horn, and making the console show a full tank of gas when it wasn't.
This year:
Roll on down to the Car Hacking Village at DEF CON 23!
Posted 7.22.15
At DEF CON, we agree with you that it's kinda bogus that in 2015 we still don't have flying cars. But you know what makes up for that? Cars you can hack. So this year, we bring you Car Hacking Village - a little bit of paradise for people who long to invalidate a connected car's warranty without jeopardizing their commute.
The CHV will have several 'Zones' for your education and entertainment:
Pull-apart Zone: learn how to get physical access to car controllers by removing panels and bolts.
Buck Hacking Zone: open hack car controllers and systems using a Buck (system on a bench).
Learning Zone: drop-in sessions of 15-30 minutes to teach specifics of vehicle networks and hardware.
Chill Zone: meet the CHV team in a more informal setting. Meet other interested con-goers. Meet no one and just meditate on what you've learned so far.
OEM Zone: we're probably going to rename this, but it's for dialog between OEMs and their users.
Vendor Zone: if the Car Hacking Village has inspired you, you can pick up some study material and even some hardware.
We hope to see you there.
Warning: objects in the CHV are closer than they appear
--------------------------------------------------------------
Some things that are generally unknown by most people.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
Homeland security is taking over the systems. It was scheduled to happen in the spring of 14, but congress postponed it with an open date. The obvious reason is because of the cyber-security associated with what is coming.
Last year, Argus, a group of former members of Israeli cyber-security unit reported and then demonstrated they had remotely taken over vehicles that had after market electronics installed in vehicles. They first did it by exploiting the OBDII port and a device that was plugged into it called a Zubie.
All of this just scratches the surface. Don't misunderstand the point of posting this. I don't have a problem with any of it. I do have a problem with just how unaware most people are. I recently bit my tongue on this topic but not one person I asked what they knew about any of this, knew anything. Like most government projects this will probably be delayed, but. . . Nothing about this is a secret so if you have any interest in the changes coming soon, internet searches can lead you to much more.
If putting this here is wrong or offends, delete it.
Last edited by River1; 08-05-2015 at 02:58 PM.
08-05-2015, 03:10 PM
#2
FX4RoadWarrior
Some things that are generally unknown by most people.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
Homeland security is taking over the systems. It was scheduled to happen in the spring of 14, but congress postponed it with an open date. The obvious reason is because of the cyber-security associated with what is coming.
Last year, Argus, a group of former members of Israeli cyber-security unit reported and then demonstrated they had remotely taken over vehicles that had after market electronics installed in vehicles. They first did it by exploiting the OBDII port and a device that was plugged into it called a Zubie.
All of this just scratches the surface. Don't misunderstand the point of posting this. I don't have a problem with any of it. I do have a problem with just how unaware most people are. I recently bit my tongue on this topic but not one person I asked what they knew about any of this, knew anything. Like most government projects this will probably be delayed, but. . . Nothing about this is a secret so if you have any interest in the changes coming soon, internet searches can lead you to much more.
If putting this here is wrong or offends, delete it.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
Homeland security is taking over the systems. It was scheduled to happen in the spring of 14, but congress postponed it with an open date. The obvious reason is because of the cyber-security associated with what is coming.
Last year, Argus, a group of former members of Israeli cyber-security unit reported and then demonstrated they had remotely taken over vehicles that had after market electronics installed in vehicles. They first did it by exploiting the OBDII port and a device that was plugged into it called a Zubie.
All of this just scratches the surface. Don't misunderstand the point of posting this. I don't have a problem with any of it. I do have a problem with just how unaware most people are. I recently bit my tongue on this topic but not one person I asked what they knew about any of this, knew anything. Like most government projects this will probably be delayed, but. . . Nothing about this is a secret so if you have any interest in the changes coming soon, internet searches can lead you to much more.
If putting this here is wrong or offends, delete it.
This is crazy!
08-05-2015, 06:51 PM
#3
Senior Member
Some things that are generally unknown by most people.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
In 2017 vehicles will be required to go online with V2V. V2V is vehicle to vehicle communication. The primary goal of the system is accident avoidance. When the driver isn't doing what years of study conclude they should be doing, the computers in your trucks will take over. Hard to believe? Believe it. The parameters were standardized in 99 and have been refined since.
Cadillac announced that in 2017 it may put V2V technology in some vehicles. So what? The only way to use it is if all the vehicles around you have it, and that is a long way off.
This article says 10 years, probably more.
http://www.usnews.com/news/articles/...hit-roads-soon
Think about it. How can the V2V technology tell your car to do an avoidance maneuver if it does not see that semi, or that 20 year old pickup in the other lane.
The system will come, but not for a long time.
Probably right after Microsoft makes an operating system that can't be hacked.
08-05-2015, 09:02 PM
#4
Senior Member
Thread Starter
LOL. The reason that it is generally unknown by most people is because there is nothing to know. Required? Not even close.
Cadillac announced that in 2017 it may put V2V technology in some vehicles. So what? The only way to use it is if all the vehicles around you have it, and that is a long way off.
This article says 10 years, probably more.
http://www.usnews.com/news/articles/...hit-roads-soon
Think about it. How can the V2V technology tell your car to do an avoidance maneuver if it does not see that semi, or that 20 year old pickup in the other lane.
The system will come, but not for a long time.
Probably right after Microsoft makes an operating system that can't be hacked.
Cadillac announced that in 2017 it may put V2V technology in some vehicles. So what? The only way to use it is if all the vehicles around you have it, and that is a long way off.
This article says 10 years, probably more.
http://www.usnews.com/news/articles/...hit-roads-soon
Think about it. How can the V2V technology tell your car to do an avoidance maneuver if it does not see that semi, or that 20 year old pickup in the other lane.
The system will come, but not for a long time.
Probably right after Microsoft makes an operating system that can't be hacked.
It's also ironic that when I mentioned this once before and said look up the specifics for yourself so I don't get something wrong I got crap about trying to be secret and some other nonsense.
Yup, you're partially right. Obama delayed everything until 2017 when he is out of office and total implementation is now projected for 2020. Still right around the corner. I also believe I wrote delays are probable didn't I? Yes I did.
There is a 300+ page pdf available online about how it all works but I imagine you don't need to read it. I will tell you this though, if you have Sync in your truck, you have the first generation of the system already. You need to read more then a few paragraphs in US News and World Report to catch on. Even still, V2V is maybe a tenth of the entire planned system.
Regardless of all this, what I was really getting at was the hacking and what can be done. Don't rely on the first article you come across but look up hacking and how long it takes for state of the art hacking to spread. I'm not worried about it but it's coming just as it did with phones, ATMs, banks, Wall Street, satellites and God knows what else. I guarantee you though there will be a lot of the "scared of their own shadow" people that are going to worry about it. I hope you at least got the hacking doesn't require vehicles communicating with each other. The most needed is the VIN which isn't hard to get and that's not even necessarily needed now.
History also shows when people are aware and prepared there are less problems when time does catch up with them.
But hey thanks. Good to know at least someone has all the answers.
Hopefully now I'm done.
08-05-2015, 09:54 PM
#5
Senior Member
Actually, I did read it. That's why I believe it is way down the road, and not a reason to scare people. We have enough tin-hat people around already.
http://www.nhtsa.gov/staticfiles/rul...ion-812014.pdf
Just read the index and, take a guess how long it will take to implement.
http://www.nhtsa.gov/staticfiles/rul...ion-812014.pdf
Just read the index and, take a guess how long it will take to implement.
16. Abstract
The purpose of this research report is to assess the readiness for application of vehicle-to-vehicle (V2V)
communications, a system designed to transmit basic safety information between vehicles to facilitate warnings to drivers concerning impending crashes. The United States Department of Transportation and NHTSA have been conducting research on this technology for more than a decade. This report explores technical, legal, and policy issues relevant to V2V, analyzing the research conducted thus far, the technological solutions available for addressing the safety problems identified by the agency, the policy implications of those technological solutions,
legal authority and legal issues such as liability and privacy. Using this report and other available information, decision-makers will determine how to proceed with additional activities involving vehicle-to-vehicle (V2V),
vehicle-to-infrastructure (V2I), and vehicle-to-pedestrian (V2P) technologies.
The purpose of this research report is to assess the readiness for application of vehicle-to-vehicle (V2V)
communications, a system designed to transmit basic safety information between vehicles to facilitate warnings to drivers concerning impending crashes. The United States Department of Transportation and NHTSA have been conducting research on this technology for more than a decade. This report explores technical, legal, and policy issues relevant to V2V, analyzing the research conducted thus far, the technological solutions available for addressing the safety problems identified by the agency, the policy implications of those technological solutions,
legal authority and legal issues such as liability and privacy. Using this report and other available information, decision-makers will determine how to proceed with additional activities involving vehicle-to-vehicle (V2V),
vehicle-to-infrastructure (V2I), and vehicle-to-pedestrian (V2P) technologies.
08-05-2015, 10:00 PM
#6
Senior Member
Yup, you're partially right. Obama delayed everything until 2017 when he is out of office and total implementation is now projected for 2020. Still right around the corner. I also believe I wrote delays are probable didn't I? Yes I did.
Let me think.
08-05-2015, 11:07 PM
#7
I'm not worried but it is an interesting read. http://www.wsj.com/articles/hackers-...kee-1437522078
Daimler already issued a patch for that breach with the help of those that did the actual hacking.
Daimler already issued a patch for that breach with the help of those that did the actual hacking.
Trending Topics
08-06-2015, 09:11 AM
#8
What's the pecuniary gain to be realized by hackers hacking into vehicles? Unlike hitting financial systems or data stores, where one might access funds or sensitive (and valuable) information, vehicle hacking seems more akin to practical joking. Doesn't seem like much incentive, aside from knowledgeable hackers selling their exploits or consulting services to scared automotive manufacturers. I feel much more vulnerable from already having my entire financial and personal Life relegated to non-tangible digital form.
08-06-2015, 09:20 AM
#9
Senior Member
It doesn't matter WHO was in the oval office. The actual power comes from Congressional authority. The White House can state what they want to do, but unless it's approved and funded by Congress, it doesn't happen.
08-06-2015, 09:21 AM
#10
What's the pecuniary gain to be realized by hackers hacking into vehicles? Unlike hitting financial systems or data stores, where one might access funds or sensitive (and valuable) information, vehicle hacking seems more akin to practical joking. Doesn't seem like much incentive, aside from knowledgeable hackers selling their exploits or consulting services to scared automotive manufacturers. I feel much more vulnerable from already having my entire financial and personal Life relegated to non-tangible digital form.
A date triggered "virus" could be devastating. Although, the way some people drive already, I don't know if I would be able to tell the difference.