Black Hat USA 2015: The full story of how that Jeep was hacked | Kaspersky Lab Official Blog
Black Hat USA 2015: The full story of how that Jeep was hacked | Kaspersky Lab Official Blog
(blog.kaspersky.com)
... it turned out, the Wi-Fi password for Chrysler’s cars is generated before the actual time and date is set and is based on default system time plus a few seconds during which the head unit boots up.
The multimedia system is not connected to CAN bus directly. This is the thing that all the manufacturers always refer back to when it comes to IT-security of cyber-physical systems: there is an isolation they say, the air gap between connected and physical parts of these systems. As it turned out, this air gap is not that thick, at least in Chrysler’s cars. Despite the fact that multimedia system’s controller itself can’t communicate directly with CAN bus, it actually can communicate with another component which is connected to CAN bus, the V850 controller. He knows a guy, who knows a guy situation, simply put. Researchers discovered an opportunity to change firmware of the V850 controller for their maliciously crafted version through the connection to multimedia system’s controller. This firmware ‘upgrade’ can be done without any checks or authorizations. Even if there was authorization, researchers have found a couple of vulnerabilities that make possible taking control over this V850 controller. And that was it: after this move Miller and Valasek were able to send commands through the CAN bus and make every — every! — component of the car to do whatever they wanted. They were able to control steering wheel, engine, transmission, braking system, not to mention dull things like windscreen wiper, air conditioner, door locks and so on. Moreover, they were able to control all this things completely remotely, over the Sprint cellular network.
Hacking Team Is Hacked - Schneier on Security
Hacking Team Is Hacked - Schneier on Security
(schneier.com)
The 400GB of internal company data include a spreadsheet listing every government client, when they first bought the surveillance software, and how much money they have paid the company to date.Several tweets with first reviews of the data under #hackingteam. Also interesting:
Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure.