Friday, November 15, 2024

Adam Rayner

Talks Audio: Reviews, News & Video

Car Audio

Black Hats and DAB

Adam Rayner

At the end of last week, a huge story broke about car security. I have already been on national radio talking about the ‘˜keyless entry/ignition’ thefts of Range Rovers and certain models of Audi on the BBC but this was something else. This involved me learning another ‘˜new’ word.
The word is ‘˜vuln’. Because of course, reading or saying ‘˜vulnerability’, is six effortful syllables. (One more and a word is said to be seven-footed, or sesquipedalian.)
Stealing keyless cars merely takes one crook to stand near you, and another near your car in the supermarket car park you are shopping inside of. Both have one end of a two-box system that picks up the transponder signal, boosts it via radio to the other thievery-box, which then fools the car and records the data-burst to steal it/make a new key. But the story was about hacking a Jeep with radio.
Simply put, it seems possible to send nasties to your car, if you have a digital radio from the car maker, that is deeply embedded within your modern car’s CAN-Bus digital networkery.
It’s OK, do not panic. For one, this precludes the entirety of the aftermarket. Any DAB radio not built-into the car at the factory, will only ever be a cul-de-sac for data. It can go in, play music, show graphics but never sends anything OUT into your car. A top-end OEM integration system by say Kenwood or Alpine, (and I spoke to both tech whizzes Mike Edwards at Kenwood and time-served super-tech BarryJohn at Alpine) may well look like it was born in your dash. But even if the integrated radio can display stuff about the climate control being on, or the central locking for example, it will be looking for those data packets that say what it is and what to show, yet nothing will go back into the car’s systems.
It was Ian Welch, the star angling journalist that put me on top of some monster Perch – and had me end up on the cover of Anglers Mail, looking teary-eyed – who’s car rubbed my nose in this. At the time, Ian had a Landy, a Defender. And although Kenwood came through for him, with a top end Double-DIN with Garmin off-road navigation he could REALLY test out, it turned out that if you did remove the bloody radio from this Land Rover, you would cripple it. Turn it into a brick. It was that deeply embedded.
I have not the space nor urge (I know most will lose the will to live) to relate my entire 70 minute interview with the chap at a company called NCC who are deep security specialists, nor the 20 minutes with SBD, a company who work with the former. Basically, in the USA, (and Ian Edgar may just die laughing at this point, for he has had an epic grief with a Lemon he calls ‘The Mighty Jeep Commander’ and which is an internet object of continuing hilarity for us all. God knows why he keeps it, he adores it.) they are in trouble.
The Wall Street Journal said that Jeep – or Fiat Chrysler, could be fined as much as $105m, by the US National Highway Traffic Safety Administration. This is because of continual recalls – 11 million – Fiat Chrysler cars in recent times. In 2013, 1.6 million Jeeps were recalled by Fiat Chrysler because of a serious potential fire hazard with the vehicles’ fuel systems. Deaths attributed. And they just issued another 1.4 million car recall. For in the USA, each Jeep has its own public IP address and had flap-all security.
This is from ‘The Register’ At next month’s Black Hat hacking conference in Las Vegas, Charlie Miller and Chris Valasek a duo who have hacked more cars than Mad Max will show off an attack on a Jeep Cherokee that enables the remote control of the car’s engine, brakes, and minor systems from miles away simply by knowing the car’s public IP address.
it relies on the uConnect cellular network; since 2009, Chrysler cars have included hardware to connect to this network to reach the internet. a canny hacker can use the uConnect system to get wireless access to major components of a car’s controls, and potentially physically crash it remotely The flaw has existed in the system since 2013.
That’s 1.4 million USB sticks..or downloads ‘˜cos they wrote some codereal quick.
Here in Blighty, we have an issue over DAB/DAB+. Because data for pictures and even video are part of the DAB standard. That’s Fat Pipe stuff. And NCC have shown, in strictly closed loop transmitter-to-attenuator-to-input that they can send control data into cars. Yes, it would have to be a bit of Venn diagram set theory. One, it has to be, say Audis with a certain protocol system in them, who are also listening to a popular radio station like BBC Radio 2. Then, hacker sits on a motorway bridge and as the cars pass beneath, they can over-power the receiver’s antenna and drown it in their stronger DAB signal. When I asked about the possibility of like the Daleks’ cry ‘Oh they have all gone upstairs’ by way of simply changing radio station, I was gently educated. The hack could be anything that can be reached by the digital bus system in the car’s guts and it could even be set to do a thing later, in a month. Like a laser detector in your car, we are all bullet detectors, we know if we have been shot. This is like that bit in Alien ‘By the time we reach them, they will know if it was a warning, or not., no?’ (Ash, science officer, mining refinery Nostromo.)
The point being that if you have any automation, be it brakes that brake if they think you should and are not, (called CitySafe in my Volvo) or steering that can wibble about to self-park, then a malicious program could tell it to do that, say when you reached a set speed. The evil is down to the hacker’s imagination.
While the Black Hat convention in Las Vegas is $2,000 to get in and is all about corporates, the $200 a head hackers’ convention just after it, has all the mohican-hair, sandals and Guy Fawkes masks. These nutters are very unlikely to amass the equipment and be able to replicate what NCC did and as yet, there does not seem to be any way that organised crime could easily profit from this.
But it is of concern and Im glad it is being addressed.
In the meanwhile, like at the end of Crime Watch I wish to assure you that if you do have a DAB deeply embedded in your car, the likelihood of your getting hacked is awfully small right now.
If you have a desirable car with keyless, you are advised to get a 1970’s mechanical deterrent, a ruddy Krok-Lok! And maybe avoid Radio 2. (Just kidding, I get on Jeremy Vine from time to time and LOVE it.)
Here’s the video:

Pin
Tweet
Share