2013年8月7日水曜日

DefCon21 Car Jack

DefCon Car Jack
 米政府の助成を受けて車のセキュリティーシステムについて研究して
いる専門家2人が、トヨタの「プリウス」などのハッキング方法を発見
し、注意喚起を目的にその「指南書」を近く公開することになった。

技術文書
・Charlie MillerとChris Valasekが作成。
・トヨタ「2010年式プリウス」とフォード「2010年式エスケープ」が対象。
・対象車の重要なシステムを攻撃するための資料。
・プリウス
 約130km/hで走行中に急ブレーキ
 運転手の意思とは関係なくハンドルを操作
・エスケープ
 低速走行中にブレーキが利かないようにする。
・データ公表をきっかけに、他の良心的なハッカーも車のセキュリティ
 面の欠陥を指摘できるようになれば良い。

ハッキングした車両に同乗し、データポートにケーブルで接続したノート
PCで直接車のネットワーク(CAN)に侵入のため、遠隔操作の方法は不明と
のこと。
装置間の認証や通信データの保護等の報道がないので、ネットワークの
リバースエンジニアリングは比較的容易か。
列車、船舶、航空機等BluetoothやWifiのネットワークを利用しているシス
テムは同様の問題がある。

OO7 Tomorrow Never Diesに搭乗した遠隔操作の車両が登場か。
テロリストの車爆弾は、物理時、人的な手法で実行されていたが、携帯
電話による爆弾に変わり、新たにECU(?)による遠隔操作可能な爆弾になる
可能性もある。

米国防総省に入る近道と言われたDefCon。
リクルートされた人達の一部が、米国民の個人情報を盗聴するプログラム
に参加している可能性もあり、今回は、リクルータを含む政府機関関係者
を締め出した。

NYテロ未遂
爆弾便テロ
爆弾便はバーゲン価格
米 機内インクカートリッジ持込禁止
イスラエル 対イラン工作
NYFRB 爆破未遂


Digital Carjackers Show Off New Attacks


Tomorrow Never Dies Company Car Q James Bond 007


---プリウスなどのハッキング「指南書」、米専門家が公開へ---
2013年 07月 29日 14:09 JST
http://jp.reuters.com/article/jpUSpolitics/idJPTYE96S04820130729

 米政府の助成を受けて車のセキュリティーシステムについて研究している専門家2人が、トヨタの「プリウス」などのハッキング方法を発見し、注意喚起を目的にその「指南書」を近く公開することになった。
 ツイッターの研究者チャーリー・ミラー氏とセキュリティーコンサルタント会社IOActiveのクリス・バラセク氏は、プリウスのほかフォードの「エスケープ」の重要なシステムを攻撃するための技術文書を作成。ロサンゼルスで今週開かれる、ハッカーやセキュリティー関係者らのイベント「デフコン」で、これらの車種をハッキングするためのソフトも披露する。
 ミラー氏らによると、プリウスについては時速約130キロで走行中に急ブレーキをかけたり、運転手の意思とは関係なくハンドルを動かしたりできたほか、エスケープは低速走行中にブレーキが利かないようにすることができたという。
 ただハッキング中は、2人とも車内からノートパソコンを使って直接車のネットワークに侵入していたため、遠隔操作の方法が明らかになるわけではない。
 2人は、今回のデータ公表をきっかけに、他の良心的なハッカーも車のセキュリティ面の欠陥を指摘できるようになれば良いと語った。


---ブレーキもハンドルも利かない――自動車ハッキングを実証---
2013年07月26日 08時35分 更新
http://www.itmedia.co.jp/enterprise/articles/1307/26/news033.html

米誌Forbesの記者が乗った車の後部座席でセキュリティ研究者がコンピュータを操作すると、走行中に急ブレーキがかかり、パワステも利かなくなった。
[鈴木聖子,ITmedia]

 ブレーキをいくら踏んでも、エンジンがうなるばかりで車が止まらず、減速さえできない――。米誌Forbesが7月24日、車載システムのハッキング実験に関するルポとビデオを掲載した。
 Forbesによると、自動車乗っ取りのデモを実行したのはTwitterのセキュリティ研究者チャーリー・ミラー氏と、米セキュリティ企業IOActiveのクリス・バラセク氏。米国防高等研究計画局(DARPA)から8万ドルの助成を受けて、自動車のセキュリティ問題を研究している。
 実験には、Forbesのアンディ・グリーンバーグ記者が運転するFordの「エスケープ」とトヨタの「プリウス」を利用した。ミラー氏らは、両車に搭載されているソフトウェアをリバースエンジニアリングし、後部座席でコンピュータを操作してコマンドを送信。警笛を勝手に鳴らしたり、高速走行中に急ブレーキをかけさせたりできることを実証した。
 さらに、ハンドルを操作したり、GPSを誤作動させたり、スピード計や走行距離計の数値をいじったりすることもできたという。
 研究の狙いは、車の自動化が進み、インターネット接続機能が普及する中で、「車は鉄とガラスでできた単純なマシンではなく、ハッキング可能なネットワークコンピュータでもある」という現実を見せつけることにあるという。
 今回の実験では、サイドブレーキ付近にあるデータポートにケーブルで接続したMacBookを使って車を操作した。しかし、これまでの研究ではミラー氏らが今回侵入したのと同じ車載システムに、無線で侵入できてしまうことも実証されているという。
 ミラー氏らは今回の研究結果と攻撃に使ったソフトウェアを、8月に米ラスベガスで開かれるセキュリティカンファレンスDefconで披露する。自動車のセキュリティ問題が実際に悪用される前に、発見と対処を促したいとしている。


---ハッカー会合が米政府機関の不参加を要請、情報収集暴露受け---
2013年 07月 11日 17:52 JST
http://jp.reuters.com/article/jpUSpolitics/idJPTYE96A07920130711

 ハッカーやセキュリティー関係者らが集結するイベント「デフコン」の主催者は10日、米連邦政府に対し、今年の会合への出席を控えるよう要請した。この会合は毎年ラスベガスで開かれている。
 中央情報局(CIA)元職員エドワード・スノーデン容疑者による当局の情報収集プログラムの暴露を受けた措置だとしている。連邦政府が同会合への不参加を求められるのは初めて。
 主催者のジェフ・モス氏はデフコンのウェブサイトで、「連邦政府が今年の会合に参加しないことは、皆にとってベストとなる」と説明。同氏はロイターに対し、不参加の要請は「苦渋の決断」だったが、同会合の参加者らは米当局の情報収集活動を理解するのに時間を必要としていると指摘。感情が高まっている時などは、少し時間と距離を置くべきだと語った。
 約20年間にわたって開催されているデフコンでは、これまでCIA、米国家安全保障局(NSA)、米連邦捜査局(FBI)、シークレットサービス、軍当局などの職員らが参加してきた。昨年の会合では、NSAのアレグザンダー局長が基調講演を行った。
 今年の会合は8月2日に始まり、ハッカーや企業のセキュリティー専門家、研究者ら1万5000人以上が参加する見通し。


---Defcon researchers reveal tricks behind their car hack---
Lucian Constantin, IDG News Service
Aug 3, 2013 10:45 AM
http://www.techhive.com/article/2045895/researchers-reveal-methods-behind-car-hack-at-defcon.html

LAS VEGAS-Two security researchers at Defcon 21 here on Friday revealed the methods they used to hack into car computers and take over the steering, acceleration, brakes, and other important functions.

Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, spent ten months researching how they could hack into the network of embedded computer systems called electronic control units (ECUs) used in modern cars and see what they could do once they gained access to it.

Their test cars were a 2010 Ford Escape and a 2010 Toyota Prius.

Some of the things they were able to achieve by hooking a laptop to the ECU communications network and injecting rogue signals into it included disabling the breaks while the car was in motion, jerking the steering wheel, accelerating, killing the engine, yanking the seat belt, displaying bogus speedometer and fuel gauge readings, turning on and off the car's lights, and blasting the horn.

The researchers also found a way to achieve persistent attacks by modifying the ECU firmware to send rogue signals even when they were no longer physically connected to the control units.
Tipped off car manufacturers

A research paper explaining how the hacking was done was shared with Ford and Toyota a few weeks before the Defcon presentation, the researchers said.

Toyota responded that it didn't consider this to be car hacking and that the company's security efforts are focused on preventing remote attacks from outside the car, not those that involve physically accessing the control system, Miller and Valasek said.

The goal of the research was to see what could be done when hackers gain access to the ECU network, known as the controller area network bus, the researchers said. It doesn't matter if it's done locally or remotely; access to a single ECU provides access to the whole network and gives the ability to inject commands, they said.

 Miller is certain that other researchers will find ways to remotely attack the systems in the future. The software industry hasn't figured out how to write secure software yet, so there's no reason to believe car makers have figured it out either, he said.

The code in systems that can be accessed remotely-telematics units, tire sensors, those using Bluetooth and Wi-Fi-might have a lot of vulnerabilities, he said. "I'm sure that if people start looking, they would will start finding vulnerabilities."

That's part of the reason Miller and Valasek decided to make the details of their research public, including what kind of equipment, cables, and software they used.

The full research paper and the custom software tools that were written to interact with the ECUs, as well as the code used to inject particular commands, will be released this weekend, Miller said.

"We want other researchers to keep working on this; on other cars or on the same cars," Miller said. "It took us ten months to do this project, but if we had the tools that we have now, we would have done it in two months. We want to make it easy for everyone else to get involved in this kind of research."
More malicious hacks ahead?

Concerns that the tools could enable people to hack car systems for malicious purposes are valid, the researcher said. However, if it's that easy to do, then they could do it anyway; it would just take them a bit more time, he said.

"If the only thing that keeps our cars safe is that no one bothers to do this kind of research, then they're not really secure," Miller said. "I think it's better to lay it all out, find the problems and start talking about them."

However, fixing the issues won't be easy because most of them are there by design, according to Miller.

Car manufacturers won't be able to just issue a patch, the researcher said. "They'll have to change the way these systems are made."

Right now, there's no authentication when car computers communicate with each other, because they need to react and send signals quickly in potentially dangerous situations, the researcher said. Adding authentication will introduce latency, so the systems will need faster processors to make up for that. Those processors would cost more, so car prices would rise, he said.

Toyota Motor Sales and Ford Motor Co. in the U.S. did not immediately respond to requests for comments.


---Defcon 21: Driverless cars? More like ‘four-wheeled Terminators’---
By Mr. Worst Case Scenario  -   August 3, 2013
http://www.digitaltrends.com/opinion/defcon-21-driverless-cars-more-like-four-wheeled-terminators/

Mr. Worst Case Scenario is Digital Trends’ paranoid, squinty-gazed, perpetually on-edge security correspondent. And he’s prepared for anything to go wrong, dammit. This week, he’ll slither out of his underground bunker in Montana, don his tinfoil hat and attend DefCon 2013 in Las Vegas.

If I’ve said it once, I’ve said it a million times: Real cars died the day we stopped installing carburetors and started packing the things full of as many computer modules as possible. And now, just like clockwork, our Frankenstein monsters are coming back for their revenge.

Signs of the trembling undead showed up last month, when Twitter security researcher Charlie Miller - who, you might be interested to know, is also a former  NSA hacker - and IOActive’s director of security intelligence Chris Valasek revealed that they had successfully weaseled their way into the computer systems of Ford’s Escape and Toyota’s Prius.

As Miller and Valasek explained in a downright whimsical talk at DefCon on Friday, by burrowing down into the cars’ array of electronic gizmos, the pair has figured out a way to successfully take control of the brakes, steering, acceleration, and even the seat belts of these cars. And they aren’t talking about the kind of helpful control that allows my neighbor George to drive despite not having any arms.

“I think this is where we almost died, right there,” joked Valasek, as he showed off a video of Miller nearly losing control of his hijacked Prius to DefCon. The crowd, of course, just laughed and laughed.

Listen, I like jokes as much as anyone. I mean, have you ever seen Carlos Mencia? That guy knows how to lay down a punch-line. Look him up sometime. Know what isn’t funny? Vehicular homicide. And now, thanks to Miller and Valasek, thousands of ambitious DefCon dweebs have the know-how to turn our cars into high-speed killing machines. The problem is so serious, most of us will soon be dreaming of the good ol’ days when the scariest things on the road were old people and Asians. (Ed note: Mr. Worst Case Scenario does not represent the views of Digital Trends.)

I only wish this story ended here. But the future, it seems, holds a whole new set of terrors.

Next on stage, a renowned Australian hacker known as Zoz summed up the situation: “I’m a huge fan of unmanned vehicles. I love robots, I think they’re the future. … But, like everything else humans have ever made, these systems are going to get hacked.”

According to Zoz, who spends much of his time fiddling around with our future overlords, society is hurtling toward a future in which robots, from military drones to civilian unmanned aerial vehicles to Google’s driverless cars, do much of our transportation for us. “Look at all the advantages,” he cheers. Zoz even had the gall to create a robot pizza delivery bot - because what America needs right now is more contraptions stealing our jobs.

“The revolution is coming,” says Zoz. “You can’t stop it, even if you want to.”

After his talk, I’ve never wanted to stop the robot revolution more - especially when it comes to driverless cars.

See, autonomous vehicles use a dizzying array of sensors, maps, GPS, and other clues to avoid flying off a cliff or driving in through your front door. And you might think all that high-tech whizz-bang trumps some jackass hurtling down the road at 60 while texting pictures of his junk. Thing is, says Zoz, every single one of these systems can malfunction - or, worse, be tricked into doing something deadly.

GPS can be jammed or spoofed. Laser range finder can be rendered worthless by tossing a bit of dust or smoke in their path. Millimeter wave radar can’t even handle reflective puddles or even shiny “new asphalt,” says Zoz, without promptly slamming on the brakes, or driving the vehicle straight through whatever it thinks isn’t there. Maps can be remotely manipulated by crafty hackers. And cameras are damn near useless.

Zoz showed off a slew of examples of unmanned vehicles malfunctioning in frightening ways: Driverless cars flying off roadways and catching on fire. Driverless vans driving straight over Jersey barriers. Driverless SUVs plowing into buses full of blind orphans. Okay, that last one didn’t happen - but give it time. Such carnage is inevitable with these four-wheeled terminators.

Then, as if on cue, Zoz busts out with perhaps the most disconcerting fact of them all: “Here’s the key thing,” he says. “When designers watch the robot in action, they don’t necessarily know, even though they programmed the whole thing, why it’s doing what it’s doing.”

Everyone likes to say that driverless cars are the future. That they’ll be safer because they remove the possibility of human error. Turns out, these contraptions will have human error baked right into their soulless hearts.

Just as Zoz started going off on “robot road rage,” I had to flee the room due to a panic-induced asthma attack. I burst outside, and onto the street. As I stood in the oven-like heat, cars buzzed passed me along West Flamingo Road. And then I remembered: Nevada has already legalized the deployment of these unmanned contraptions. I have less than 48 hours left in this hellhole. Here’s praying I make it out alive.

Over and out.


---Car Hackers Can Kill Brakes, Engine, and More---
By Robert McMillan, IDG News Service
May 13, 2010 11:20 PM
http://www.techhive.com/article/196293/car_hackers_can_kill_brakes_engine_and_more.html?tk=rel_news

Comprehensive Experimental Analyses of Automotive Attack Surfaces
Experimental Security Analysis of a Modern Automobile

University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results.

In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.

In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes. In other tests, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car's brakes unevenly, a maneuver that could destabilize the car traveling high speeds. They ran their test by plugging a laptop into the car's diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle riding next to the car.

The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems.

"We think this is an industry issue," said Stefan Savage, an associate professor with the University of California, San Diego.
Little Risk . . . Now

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.

"If there's no action taken on the part of all the relevant stakeholders, then I think there might be a reason to be concerned," Kohno said. Neither he nor Savage would name the maker of the car they conducted their tests on. They don't want to single out any one auto-maker, they said.

That probably comes as a relief to whomever made the car the researchers probed, as they found it pretty easy to hack.

"In starting this project we expected to spend significant effort reverse-engineering, with non-trivial effort to identify and exploit each subtle vulnerability," they write in their paper. "However, we found existing automotive systems-at least those we tested-to be tremendously fragile."

To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it's sent about the onboard network, and then built ways to add their own network packets.

Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.

They developed a lot of attacks using a technique called "fuzzing" -- where they simply spit a large number of random packets at a component and see what happens.

"The computer control is essential to a lot of the safety features that we depend on," Savage said. "When you expose those same computers to an attack, you can have very surprising results, such as you put your foot down on a brake pedal and it doesn't stop."
Fragile Firmware

Another discovery: although industry standards say that onboard systems are supposed to be protected against unauthorized firmware updates, the researchers found that they could change the firmware on some systems without any sort of authentication.

In one attack that the researchers call "Self-destruct" they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown.

Hacking a car isn't for the faint-hearted. At several points the team worried it might have come close to permanently damaging the two identical-make cars it experimented with, but that never happened, Kohno said. "You really don't want software to accidentally change critical parts of the transmission," he said.

0 コメント: