# This Is Beyond Scary...



## Jim Frye (Mar 16, 2011)

I've seen several articles based on this report, but it reinforces something I've thought extremely possible. 

Security, privacy gaps put U.S. drivers at risk of hacking | Computerworld


----------



## Slammed2014Eco (Feb 13, 2014)

Jim Frye said:


> I've seen several articles based on this report, but it reinforces something I've thought extremely possible.
> 
> Security, privacy gaps put U.S. drivers at risk of hacking | Computerworld


Probably doesn't help that GM is bringing out WiFi built into there new model cars @@


----------



## spacedout (Dec 7, 2010)

Slammed2014Eco said:


> Probably doesn't help that GM is bringing out WiFi built into there new model cars @@



Actually the 4G connection itself is a vulnerability as well. Couldn't find article but think someone hackers just attempted this spoofed cell tower method for getting access to peoples data with the cars 4G connection. 

Mysterious Phony Cell Towers Could Be Intercepting Your Calls | Popular Science

I would not worry so much about someone hacking a mobile hotspot wifi password, as they would need to have significant time to attempt such an intrusion. Now if someone could get your car to connect to their rouge cell tower, they have access to not only your car but potentially millions of others as well.


----------



## ChevyGuy (Dec 13, 2014)

I'd worry more about the OBDII device that you added to support a smart phone app.

I wonder how many of those "phony" cell sites are really valid sites that were improperly configured? Because I don't see where they tracked down the site and the phone company denied association.


----------



## Slammed2014Eco (Feb 13, 2014)

spacedout said:


> Actually the 4G connection itself is a vulnerability as well. Couldn't find article but think someone hackers just attempted this spoofed cell tower method for getting access to peoples data with the cars 4G connection.
> 
> Mysterious Phony Cell Towers Could Be Intercepting Your Calls | Popular Science
> 
> I would not worry so much about someone hacking a mobile hotspot wifi password, as they would need to have significant time to attempt such an intrusion. Now if someone could get your car to connect to their rouge cell tower, they have access to not only your car but potentially millions of others as well.


That's what I was getting at, Just adding another way to gain access to more information. With the new 4G wifi system and onstar I don't see how it couldn't be a vulnerability in either system.


----------



## TDCruze (Sep 26, 2014)

GM can already do whatever they want with our cars via OnStar, I am sure if OnStar was hacked that they could wreak havoc on all of our cars! lol


----------



## Robby (Mar 1, 2013)

The resident computer genius at the dealer I hang out at was showing me how easy it is to mess with a car through his laptop.

And, we were using my car.......through the laptop he raised the engine speed to 3000 rpm and then dropped it back to idle.
He raised and lowered my windows, individually and all at once......he opened the trunk, locked and unlocked the doors.....flashed the lights, honked the horn, turned each turn signal on and off.

This is not new news, it is just finally being looked at.

These are things that could be done while I was driving the car......how bout that 3000 rpm stuff while driving down a residental street?

IMO, and likely yours too, the automakers have gone way too far and we are partially responsible for demanding our cars be more than transportation devices.

Whatever I get next time......well, I'll have done a lot more homework....I still use a car for transportation....all these other capabilities are, in reality, unneccessary.....at least for me, all this capability is a waste of money that could have been used to make a better car.

I guess that was a story that included a bit of a rant.

Rob


----------



## spacedout (Dec 7, 2010)

Robby said:


> Whatever I get next time......well, I'll have done a lot more homework....I still use a car for transportation....all these other capabilities are, in reality, unneccessary.....at least for me, all this capability is a waste of money that could have been used to make a better car.
> 
> I guess that was a story that included a bit of a rant.
> 
> Rob


These extra systems also date the car faster.... what do you think the current mylink system will seem like at 8-10 years old? I would rather have a stereo that was easily replaceable without effecting the HVAC controls and vehicle warnings.


----------



## Robby (Mar 1, 2013)

spacedout said:


> These extra systems also date the car faster.... what do you think the current mylink system will seem like at 8-10 years old? I would rather have a stereo that was easily replaceable without effecting the HVAC controls and vehicle warnings.


Good point......most recent example would be compact disc players (and discs) going the way of the Goonybird.

My 07 Magnum has CD and Cassette.......may as well have a 33 1/3rd record player and it is only eight years old!

Rob


----------



## obermd (Mar 3, 2012)

Robby said:


> through the laptop he raised the engine speed to 3000 rpm and then dropped it back to idle.


Colorado Air Care (Denver emissions testing contractor) has been plugging into the ODBII ports for years now and having their computer manage the engine speed during the emissions testing. Far more consistent than someone's foot on the throttle.


----------



## Jim Frye (Mar 16, 2011)

I'm not as concerned about someone hacking my car as the dozens that are around me every time I go out on the public streets. We had a multicar accident here today that could have been caused by a hacked car. Vehicle #1 stops on a busy street ostensibly to ask a bystander for directions. Vehicle #2 (a double bottom semi dump truck) rear ends the car. Vehicle #3 (a produce delivery truck) rear ends the dump trailer so hard the entire engine room and cab is reduced to about 2 feet in length. Then there is the Bruce Jender accident in California. The reported sequence of events was initiated by a Prius that suddenly slowed and led to a four vehicle accident with a fatality. If somone can tweak the throttle, why can't they just turn off the motor on a busy road?


----------



## ChevyGuy (Dec 13, 2014)

Robby said:


> The resident computer genius at the dealer I hang out at was showing me how easy it is to mess with a car through his laptop.


Connected to the ODB port, no doubt. Given how computerized the car is, yes, one can wreck havoc - IF they have access. But how are they going to get access? At this point,they'd first have to break the communication protocol, and then somehow hijack that communication device into talking on the car's main bus. And by that, I mean issuing commands that that system was never intended to issue. On-Star does not issue commands to change engine idle, or reflash any of the computers. (However, if any of you have installed a device to use TorquePro or other programs - the bad guys just have to break the Bluetooth. It's already connected to the bus.)

Impossible? I'm not saying it is. But it's not easy. But most importantly, where is the money? Unless you're a intelligence officer that China wants to have "an accident" I think we're pretty safe from that. I'd be more concerned about the reports of people somehow gaining entry via the wireless system and stealing something. That's your meat-and-potatoes crime.


----------



## Robby (Mar 1, 2013)

ChevyGuy said:


> Connected to the ODB port, no doubt. Given how computerized the car is, yes, one can wreck havoc - IF they have access. But how are they going to get access? At this point,they'd first have to break the communication protocol, and then somehow hijack that communication device into talking on the car's main bus. And by that, I mean issuing commands that that system was never intended to issue. On-Star does not issue commands to change engine idle, or reflash any of the computers. (However, if any of you have installed a device to use TorquePro or other programs - the bad guys just have to break the Bluetooth. It's already connected to the bus.)
> 
> Impossible? I'm not saying it is. But it's not easy. But most importantly, where is the money? Unless you're a intelligence officer that China wants to have "an accident" I think we're pretty safe from that. I'd be more concerned about the reports of people somehow gaining entry via the wireless system and stealing something. That's your meat-and-potatoes crime.


Uh, bad news......not connected in any way....we were across the shop.

If he'd been plugged into the port I wouldn't have bothered posting.

Rob


----------



## shiwnath (Jun 11, 2014)

There was an Impala Equipped with OnStar hacked (on purpose). Very scary if this was done to multiple cars all at once.
Car hacked on 60 Minutes - CBS News


----------



## ChevyGuy (Dec 13, 2014)

Robby said:


> Uh, bad news......not connected in any way....we were across the shop.
> 
> If he'd been plugged into the port I wouldn't have bothered posting.


So how did he get in?


----------



## ChevyGuy (Dec 13, 2014)

shiwnath said:


> There was an Impala Equipped with OnStar hacked (on purpose). Very scary if this was done to multiple cars all at once.
> Car hacked on 60 Minutes - CBS News


Yeah, looks like it was via OnStar. I wonder how hard it is to disable that if you're not subscribed. Frankly I think that should trigger a safety recall since it allows someone outside of the car to do something never intended.


----------



## Robby (Mar 1, 2013)

ChevyGuy said:


> So how did he get in?


See above post.

This guy is, IMO a genius in a good way......he is the Volt hypertech.....one of those guys that visualizes electrons.

In conversation he was telling me how Chevrolet consistantly does product updates and data logging through Onstar on the Volt.
If Chevy can do it, I suppose anyone who understands that stuff can.......I'm WAAAAAY out of my league with that stuff.

We were speculating though.....Last year the forum was packed with 'steering bind' thing.......not that many posters are having the problem this year.
He speculates that Chevy may have transmitted a 'Patch' that resolved the majority of the vehicles that had the problem.

Going further, mine was one of them.....would 'go to sleep' for lack of a better description, anytime I was on the highway longer than 30 minutes........magically, this year, the problem has not materialized.....weird eh?

Rob


----------



## Robby (Mar 1, 2013)

shiwnath said:


> There was an Impala Equipped with OnStar hacked (on purpose). Very scary if this was done to multiple cars all at once.
> Car hacked on 60 Minutes - CBS News


Very interesting first post......thanks for sharing.

Rob


----------



## Ger8mm (Mar 13, 2014)

Hacking cars is very easy and fast, a good hacker grin can doing with in the time it takes for a car to pass. Just look up brute force calculators and man in the middle attacks. oh if your one of those people that bought the stupid Bluetooth door lock for your dead bolt I suggest you get rid of it. I opened my friends house in under 10 seconds LOL, he didn't believe me.


----------



## Jim Frye (Mar 16, 2011)

Perhaps I spent too many decades in the IT profession, but I'm really frightened of how poorly technology is getting rolled out in the last decade. It's not just cars, but homes and businesses too. Last week's invasion of Aetna Insurance is bugging me to no end. As a former policy holder, I'm incensed that the company was warned months ago that they could be vunerable to th9s hack, yet they did nothing to guard against it. Every time we shop at Target, they ask us if we want a target credit card. We do cash only at these places. The local cable company has recently rolled out several home security offerings that are internet enabled, but I'm not convinced it's really secure.


----------



## jblackburn (Apr 14, 2012)

> The reported sequence of events was initiated by a Prius that suddenly slowed and led to a four vehicle accident with a fatality. If somone can tweak the throttle, why can't they just turn off the motor on a busy road?


A Prius suddenly jammed on brakes? No way.

I give those clowns a wide berth. Some of the crappiest drivers on the road.

Actually, to be honest, I hate the whole electronic control of the basic things that control a car in everyday driving. Had the throttle body go out on a 2002 Toyota that belongs to my girlfriend's dad (first year they used the electronic throttles in those models - I believe they were exempt from the whole unintended acceleration fiasco though - they later redesigned the throttle bodies, and I think those were the ones affected). Started playing with the throttle body and position sensor with a voltmeter hooked up to it, trying to figure out where it was giving bad readings. At one point, after clearing the codes and fiddling with the sensor just a bit, I started the car and the engine raced to 4000 RPM, nearly stalled, back to 4000 RPM, and then the car shut itself down. It was enough time that, had the car been in drive, it would have easily rear-ended someone had the driver not been able to react quickly. I'm sure it's a very rare occurrence that both potentiometers for the pedal position sensor fail, though - I actually unhooked one that served as the "fail-safe" and found the one that was giving the bad reading.

Noticed the other day in the 2012 that if you hit the brake, then quickly stomp on the gas, as if to jump a lane around someone, it just shuts you out. It won't respond until you let off the gas and press on it again. Their "solution" to idiots jamming on the wrong pedal, I guess.


----------



## brian v (Dec 25, 2011)

If you don't want scary don't come down to Dallas . Too many people . Got here today , 1000 miles in a day is enough for me . The deer in Arkansas was my first fear then these goofballs want to go to fast to work on a Monday morning . And very few care that you need to find the right exit . 

Shoot then there is the guy that has to wander between 2 lanes with a trailer towed behind that just cannot stabilize his path , now that you give a wide berth !


----------



## obermd (Mar 3, 2012)

jblackburn said:


> Noticed the other day in the 2012 that if you hit the brake, then quickly stomp on the gas, as if to jump a lane around someone, it just shuts you out. It won't respond until you let off the gas and press on it again. Their "solution" to idiots jamming on the wrong pedal, I guess.


This is why I have a manual. The car doesn't try to second guess me with some idiotic control system. Yes, the ECU only allows so much torque at each engine speed but it doesn't second guess me.


----------



## TheMaterial (Sep 5, 2012)

Robby said:


> Uh, bad news......not connected in any way....we were across the shop.
> 
> If he'd been plugged into the port I wouldn't have bothered posting.
> 
> Rob


Are you sure he didn't plug in the wireless piece? Our techs always have the laptop at there tool box and never in the car. Everything you said can be done with the click of a mouse, even shows a little tach on the screen, or it can be read in wave form. 

IMO a computer genius of any age should not be working at a dealership. If they are intelligent enough to 'hack' the car they should be working for the likes of Tesla, or google. Not running the scan tool because non of the old guys want to learn it.


----------



## ChevyMgr (Oct 27, 2010)

Jim Frye said:


> Then there is the Bruce Jender accident in California.


Play on words?:th_coolio:



Robby said:


> In conversation he was telling me how Chevrolet consistantly does product updates and data logging through Onstar on the Volt.
> If Chevy can do it, I suppose anyone who understands that stuff can.......I'm WAAAAAY out of my league with that stuff.
> 
> We were speculating though.....Last year the forum was packed with 'steering bind' thing.......not that many posters are having the problem this year.
> ...


I believe this is called over-the-air-programming, and it is done to more than just Volts.



Robby said:


> The resident computer genius at the dealer I hang out at was showing me how easy it is to mess with a car through his laptop.
> 
> And, we were using my car.......through the laptop he raised the engine speed to 3000 rpm and then dropped it back to idle.
> He raised and lowered my windows, individually and all at once......he opened the trunk, locked and unlocked the doors.....flashed the lights, honked the horn, turned each turn signal on and off.
> ...


Those items are locked out when the vehicle is in gear and you would have to use an MDI. My techs mess with each other all time by picking up the MDI on their computer, before the tech working on said car picks it up. Now hacking through OnStar, that could be a problem.


----------



## ChevyGuy (Dec 13, 2014)

TheMaterial said:


> Are you sure he didn't plug in the wireless piece? Our techs always have the laptop at there tool box and never in the car. Everything you said can be done with the click of a mouse, even shows a little tach on the screen, or it can be read in wave form.


You're referring to the MDI right? That's what I was thinking. I'm not sure why such a guy would have access via OnStar. And depending on how he was going though their system, he could be up on criminal charges for "unauthorized access". Spoofing a cell site might lead to major fines. (Not to mention that equipment is much harder to find.) But he's guaranteed to have a MDI in his toolkit and so the rest is just software.

But as I mentioned, there's a number of people running around with something like a MDI to support their smartphone functions.


----------



## ChevyGuy (Dec 13, 2014)

Ger8mm said:


> Hacking cars is very easy and fast, a good hacker grin can doing with in the time it takes for a car to pass.


That's a pretty bold claim. How would they identify/address the car that quickly? And what route are they using to penetrate?


----------



## ChevyGuy (Dec 13, 2014)

Jim Frye said:


> Perhaps I spent too many decades in the IT profession, but I'm really frightened of how poorly technology is getting rolled out in the last decade. It's not just cars, but homes and businesses too.


The problem is the business culture. The focus is on making it work. Security?

Manager: "It's secure, isn't it?"
Engineer: "It requires a password."
Manager: "Good enough."

By the time any problem is found, both have moved on to other projects and it won't come up in their performance review. So no personal incentive. But there's plenty of incentive to get the project functional and shipped. That's tangible. Security is more development time and it all comes down to the same bullet point on the packaging. Maybe they'll add some encryption just so that can add that to the box.

Oh, and as far as home stuff: Home security systems insecure, says HP. So yes, you should be concerned.


----------



## Jim Frye (Mar 16, 2011)

I remember when some wags in the IT industry decided that computer systems were just "commodities" and should be priced as such. When that concept got traction, the quality level of hardware and software started the slide. Total Cost of Ownership (TCO) went by the wayside and was replaced by the Lowest Purchase Cost model. I am very glad I left the busiiness in 2008. Trying to secure a business today is a total nightmare, with insufficient funding to do the job right. Sort of "We don't have to be good, we just have to be first". OK, I'll quit whining now.


----------



## Jukebox Juliet (Apr 4, 2014)

Doesn't really surprise me. 

I didn't watch the story, but there was a news report today about Samsung sending out a report that your private conversations are at risk in your home if you own a smart tv. Go figure. 




Sent with iLove 6.0


----------



## Jim Frye (Mar 16, 2011)

Jukebox Juliet said:


> Doesn't really surprise me.
> 
> I didn't watch the story, but there was a news report today about Samsung sending out a report that your private conversations are at risk in your home if you own a smart tv. Go figure.
> Sent with iLove 6.0


Now owners are reporting that Samsung is driving commercials to the sets. People are complaining that they are getting pop up Pepsi ads on their Samsung Smart TVs.


----------



## ChevyGuy (Dec 13, 2014)

Jukebox Juliet said:


> I didn't watch the story, but there was a news report today about Samsung sending out a report that your private conversations are at risk in your home if you own a smart tv. Go figure.


It's for the voice recognition function and to see how well it' working.

Your Samsung TV is eavesdropping on your private conversations.


----------



## brian v (Dec 25, 2011)

Sweet heart JJthey do not even know what they are afraid of ! 

IT that is the name I Gave My car and they are afraid of IT .. 

To elaborate . Goodie some goofball can steal me cruzen for a joy ride ,,
Oh IT can do some new fangled tricks that I really do not wish or desire IT to do Because some Idiot with the Knowledge and the Technology with the capacity can sabatage your day .. Dang that sounds like My old Squad !!!!!!! we were good at IT.....

Now Watch them Deer !


----------



## brian v (Dec 25, 2011)

Guess what I am Really Not Here .. did you see me ? that is what I thought . Look behind you .. IT . Instantaneous ..........


----------

