What cars are safe from CIA hacking assinations?

>>16957455
pre 2006?

Nothing with satellite or nav at the very least.

All of them, unless you actually believe in clickbait fake news. It's not possible for steering/brakes to be "hacked" remotely, it's on a private CAN bus on every car made. You need physical access to the car, in which case it doesn't matter how old it is, any car can be sabotaged easily.

File: Michael-Hastings.jpg (115KB, 970x721px) Image search: [Google]

115KB, 970x721px

>>16957521
>https://en.wikipedia.org/wiki/Computer_security#Automobiles

> In 2015 hackers remotely carjacked a Jeep from 10 miles away and drove it into a ditch.

Something tells me you are wrong. Of course people can sabotage your car in other ways.

Still there is nothing wrong about eliminating a potential attack vector, especially one that can be concealed. The wikileak points out the CIA was looking into ways of assinating people and making it look like an accident. It is also possible someone gets physical access to your car and sabotages it in ways that are harder to detect until the kill switch is hit.

At the very least you could be concerned that these electronics will malfunction without anything malicious happening.

>>16957455
remove infotainment/internet/wireless access
???
profit???

>>16957555
> In 2015 hackers remotely carjacked a Jeep from 10 miles away and drove it into a ditch.
Clickbait nonsense, they had physical access to the car beforehand. There is 0 possible way they could hone in on a certain car and hack it remotely.

>Still there is nothing wrong about eliminating a potential attack vector,
There is no potential, it's on a private CAN bus. It's the equivalent of someone using your internet connection to hack your analog watch.

>I don't understand it so I'm afraid of it!

>>16957455
If you want to be really safe, get a pre OBD2 car. but really anything that doesn't have ABS, Traction and/or Stability control and Cruise control should be safe. A manual transmission doesn't hurt either, you have 100% control of your vehicle.
Make sure the Accelerator pedal directly connects to the throttle body (have a friend look at the accelerator on the throttle body while you pump the gas while the car is off)
The Brakes pedal should be directly connected to the hydraulic system.
So pretty much anything Pre 2006 and non-luxury.

As cars become more 'connective' car security is going to become a huge issue.

New cars send out a lot of data, more than your manufactures let on. Whole new infrastructure in car cyber security will need to be built

>>16957582
As some one working in the industry, you're unfortunately incorrect.

File: 1324775561763.png (77KB, 590x586px) Image search: [Google]

77KB, 590x586px

This is some /x/ level retarded shit, like fucking hell m8s you don't actually believe the boogey man is going to """""hack""""" your car do you?

If the CIA wants you dead, your car being hacked is the least of your worries

>>16957614
No, it won't

>>16957624
OK, show me a wiring diagram on a modern vehicle that allows CAN input from a data connection into a private CAN circuit. Shouldn't be hard seeing as you work in the industry.

>>16957640
This would imply that I care if you believe me

>>16957582
I don't completely disagree with you, but you are shilling way too hard for the CIA.

I write software for a living and even if I'm not an expert in automotive electronics, I think it's fair to say that software is often exploitable. What is wrong with me being skeptical?

>>16957652
There is no believing, I already know that you don't have any idea how modern cars work from your post. Could you work as someone who installs floor mats at a factory? Sure, in that case you may work in the industry.

>>16957455
Stay away from anything made by GM. Your vehicle can be completely disabled remotely via OnStar. OnStar uses this when a vehicle has been reported stolen and they have been contacted by the police. They claim you can completely opt out of this "auto theft protection" service by giving them a call, but I'm sure the functionality of disabling the vehicle remotely still remains afterwards.

>>16957665
We have a good idea about the public's perception regarding modern cars, so your beliefs dont really surprise me

It's cute to see you try to work it out tho, I'm curious what you'll post next

>>16957640
Teslas can be force updated remotely, which can effect plenty of vulnerable systems, such as suspension and power delivery. I imagine steering and braking too.
You really are a boomer if you honestly believe that no production cars in 2017 have wireless vulnerabilities.

>>16957658
If you are apt in technology at all it wouldn't take much to take the time to learn about how CAN, LIN, and any other communication systems work in modern cars and see they aren't exploitable in the way you think they are.

>>16957722
>we
Does "we" represent the floor mat installers union? The public's perception (just like yours) regarding modern cars is they have absolutely 0 idea how they work so it must be magic. If you had even a rudimentary understanding you wouldn't be concerned about remote exploits. Better come up with another vague post suggesting you do actually have a clue though, don't deviate from your strategy (make sure to have absolutely nothing but the suggestion you are somehow involved in anything in the auto industry though).

>>16957640
i was going to write a post about how you dont know anything about computers but its a lot easier just to call you a stupid idiot

>>16957741
Everything in your post is wrong. Steering, brakes, and power delivery on Teslas are on private CAN just like on any other modern car.

>>16957521
Onstar can literally remotely activate brakes and shut off an engine. It's not hard for a 3rd party to take control of that system.

>>16957769
>Telsas were remotely updated to allow for a faster discharge rate
>Power delivery is separate

So say they take cobtrol of throttle and breaks. If you are in a manual car just put it in neutral and if you have a mechanical ebrake use that.

>>16957875
Sure, that's why GMs are constantly getting hacked, it's that easy.

>>16957899
>faster discharge rate
BMS firmware

>Power delivery
Private drivetrain CAN

Two completely different things. If you think reading about something for 30 seconds on the interent concerning something you have 0 understanding of is going to somehow prove me wrong on systems I work on 50 hours a week you are delusional, probably should stick with being awkward in the shower (JK)

File: consider.jpg (35KB, 500x377px) Image search: [Google]

35KB, 500x377px

>>16957455
Hey, uh, guys - consider the following:

If they are hacking your car to kill you, you have already fucked up. You will die. Maybe in a car accident, maybe in your sleep, or maybe in a random act of violence you will meet your end. Don't fuck up that bad. It won't matter what you drive or anything else if they want you dead.

They'll just run you down with a hacked semi or Prius.

If you're subject to hack-car-assassination you can't get near roads anymore.

>>16957937
That's like saying having control over the fuel system in a car means nothing without control of the injectors.
I bet you also think airplane mode makes your phone safe too huh?

>>16957996
>be normal, non fuck-up person
>CIA develops exploits to kill select people, but not you
>oh no the CIA had exploit information leaked again just like a few months ago
>a few months later your neighbor is mad you shoveled snow onto his lawn
>your brakes suddenly don't work when you're on the highway

>>16957996
Sure, but if the software of the car is exploitable, then theoretically some random person also hack and kill you without having to risk physical presence of committing the act of murder - except maybe attaining physical access to your car, but that may not always be a requirement.

What if there was an algorithm that scanned the NSA databases for your 4chan posts and based on some keywords it could trigger the assasination car exploit. May seem farfetched but completely possible especially as the scope of technology expands.

>>16957521
have you heard of on star? I can't believe you're a mechanic. A number of cars have been proven to be capable of being jacked remotely. If a car has wireless connectivity and is input by wire than it's definitely possible for the world's most powerful spy agency to have some grasp on it

>>16958346
That doesn't sound far fetched at all.
Speech is the one thing to worry about.
If you're on record expression unfavorable opinions the powers that be can remove you.
There are many men sitting in jail right now on falsified digital evidence.
But the courts will never catch up.

>>16957521
100% wrong
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/

File: Jeep CAN.png (1005KB, 1200x868px) Image search: [Google]

1005KB, 1200x868px

>>16958721
To add to this guy's post here's an image of that Jeep's CAN network. The original image was around half the resolution so I blew it up in photoshop and pressed the CSI enhance button so you could read the text a little better.

It's pretty clear the head unit is on the same CAN network as all the drivetrain, steering, and braking control units.

If the government wants you dead, you will be dead. they fucking killed Bin Laden and his whole family 5,000 miles away in a fortress , I think they would have no problem killing some fat 4chan autistic living in his parents basement if they wanted. Regardless if they hack a car or just shoot you with a sniper from a football field away.

>>16957455
Crashing your car...with no survivors!

>it's a heartbreaker's talking about shit he doesn't understand thread

Basically you want a mechanical car, but then they'll just kill you Princess Diana style.

File: 1491110366425.jpg (82KB, 800x600px) Image search: [Google]

82KB, 800x600px

When I was in college, one of my classmates told another one to hit the locks on his keyfob.

He had his cellphone out while the guy locked his truck. Then the classmate with the phone turned on the guy's truck and unlocked his doors via his phone.

Kinda made me not want any sort of newer vehicle.

>>16957455
Stop making these threads. We have gone over this multiple times now. The conclusion was that a NA Miata is the perfect fit. Either that, or some older carbureted vehicle

>>16958914
I think you mean it's a
>people who read a 30 second clickbait article on something they don't understand now know more than someone who spends all day every day doing electrical diag on modern cars

Let's keep it going, I clearly need more education from wikipedia snippets to get up to snuff.

>>16958830
This stupid fucking moron right here >>16957521
COMPLETELY BTFO

(or he could be a literal government shill, who knows nowadays)

1987 mercedes benz turbo diesel.
It's all mechanical, very reliable, gets decent gas mileage, and if you're crazy like the Finns, you can mod them out to over 600 horsepower.

>>16960512
What is that chart supposed to indicate? It shows separate CAN circuits. Even if they were connected by CAN that doesn't make a module able to receive whatever input you want, or even able to receive new firmware. What people are suggesting in this thread is possible is the equivalent of saying the government can hack your internet connection and use it to install malware on your microwave. Just because they are connected to the same 110v circuit in your house doesn't mean you can transmit info across it, and just because a microwave has a circuit board doesn't mean you can flash new firmware onto it. If anyone in this thread bothered to read for an hour or so about CAN bus systems they would realize how ridiculously stupid some of the stuff being said in this thread and in clickbait articles is, but we both know that won't happened, so continue posting nonsense.

File: 1985_camaro.jpg (224KB, 1280x640px) Image search: [Google]

224KB, 1280x640px

> yfw when the resistance will all be driving cars from the 80s

File: Toyota Tundra 1st gen.jpg (774KB, 1600x1200px) Image search: [Google]

774KB, 1600x1200px

my back window rolls down lol xd

>>16957455

Getting a car without electric power steering, electric power brakes, abs, and drive by wire would do it. An automatic transmission is fine as long as it's not controlled by some computer. Any pre 2000s car should be good, but after the 2000s drive by wire and other electronic vehicle controls started coming in.

jesus christ just get a bicycle

Simple: dont buy tesla

>>16960618
>drive a shitbox turd gen already
I'm ahead of the curve, feels good

>>16957521
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

No, it's possible now. They did it previously on a Prius or something but they were in the backseat and were plugged into the car. Now with connected head units, they are doing it remotely.

>>16961455
The story is nonsense and I've already addressed it in this thread.

>>16957455
>being this retarded
>wanting to drive a car with wireless connections

>>16961940
Refute it with something other than your uninformed opinion

>>16961957
There's 0 evidence of any hacking, only controlling the car remotely. You could do this to any OBD2 car with access to the can breakout. You would have to spend a lot of time reverse engineering all the CAN signals since they aren't universal for things like driver assist. "Hacking" a car like that is pointless, you need physical access to the car and it's incredibly time consuming, you could do way worse and leave no evidence by using a wrench. There is no possible way they could pick a random car, push firmware into it without being detected through the infotainment system, and take control of it without leaving any evidence. None of this is an opinion, this is fact. If you know better then give a step by step on how someone would actually pull off a remote hack. I can think of at least 10 things that make it next to impossible before reaching the actual impossible step of pushing firmware remotely onto a module that isn't connected to the one you have access to.

>>16960449
Yeah I'm sure your OBD2 scanner would throw codes for vulnerabilities.

>>16962025
>Implying you need to push firmware to take control of vehicles.
>Implying that a backdoor doesn't already exist.

>>16962025
>There is no possible way they could pick a random car

Who ever said the car needed to be picked randomly?

>push firmware into it

Who said pushing firmware was necessary to take control of the system?

>without being detected

Who said it needed to be undetected? It sounds like you're just carefully narrowing the fact pattern to meet some arbitrary requirements that you created in your own mind in order to convince yourself you're still right. None of the "obstacles" you mentioned have anything to do with preventing someone from taking over a car and killing the driver.

File: Mount-stupid-–-Borgerlyst.jpg (23KB, 600x338px) Image search: [Google]

23KB, 600x338px

>>16962027
Cars with adaptive cruise control and whatnot do throw codes when CAN is being injected from an outside source, which is only possible in the first place after handshaking with the manufacturers scan tool/computer to ensure it's coming from the right source at the right time. So in a way, your attempted sarcastic remark is 100% correct.

>>16962037
It would be impossible to hide, there is no grand conspiracy because thousands of engineers would have to keep it a secret


Ask yourselves this, as there are multiple people in the thread that seem to think this is the case, do you REALLY think you somehow figured something out that huge companies that spend tens of thousands of man hours figuring this stuff out don't already know, by reading a Wired article and half of a wikipedia page?

Stop fucking replying to Fuckbreaker. That LARPing faggot got kicked out of /k/ for a reason.

>>16957455

Mr Davis pls go

>>16962064
>It would be impossible to hide, there is no grand conspiracy because thousands of engineers would have to keep it a secret

t. Someone who has literally never worked on software

>>16962025
Did you even read the articles? It was an exploit in Uconnect that allowed access to the CAN network through the head unit that would let them send standard commands that the car already used as part of it's control systems. They did not need to install new firmware on any of the various subsystem control units because the only part of the car that was actually compromised was the head unit.

I don't know why you're even arguing this when FCA sent out a recall for the vulnerability.
https://www.us-cert.gov/ncas/current-activity/2015/07/27/Fiat-Chrysler-Automobiles-FCA-Uconnect-Vulnerability

>>16962054
>Who ever said the car needed to be picked randomly?
I should clarify, let's say they decide to "hack" your Civic. How do they get the VIN? Once they get the VIN, how do they find the IP? Do they first hack the dealership records, then the auto manufacturer? It's like saying because someone sees you on the street and sees you have a Samsung phone, they can now access it. Even with the information the car is behind just as much or more security than any other connected device.

>Who said pushing firmware was necessary to take control of the system?
I did, because that's how their alleged "hack" would have to work, as something like a steering module would never be programmed to receive input from the infotainment, it would have to be reprogrammed (this is assuming it's for some reason on the same CAN bus, which it certainly isn't on any manufacturer that I know of)

>without being detected
That's the whole point of these clickbait fearmongering articles. If you need physical access and/or you leave a trace then why not just "hack" the car with a wrench and some dykes?

anything without bluetooth grs sat nav or data

>>16957455
The CIA doesn't give a shit about you. If you're posting here, it's a good inkling that nobody is out to get you.

Ducking paranoid idiots. Might as well just stay inside all day and board up your windows.

>>16962097
heartbreaker you are a know nothing retard

you have no idea what you are talking about

Lmao I love it when losers carry on about big brother coming to get them
No one gives a fuck about your insignificant lives
There will never be some dystopian future where you are the leader of the rebellion or whatever just because you are a self proclaimed red pilled genius... seriously just wake the fuck up and realize that your life is worthless and even if it werent it's easier for the big bad evil guys to let you die from shoving your face full of hot pockets than spend a million dollars on a drone strikes...

Most importantly you just come off as a tin foil hat psychopath and an instant turn off for any potential friend or fuck

>>16962025
>thinks he knows more about hacking than government funded teams of CIA/NSA hackers

top kek

>>16962128
not everyone is a nobody like yourself :^)

File: 17362e1621ab8b03a7b524332dabe3a57892c8194fbf2b92a3ea77bcc2826fb7.jpg (140KB, 1280x1440px) Image search: [Google]

140KB, 1280x1440px

fun facts:
the NSA/CIA only allows encryption methods it has broken to be marketed to the public

also every CPU after, like, the celeron series has a separate processor embedded in it with access to everything on your PC at the hardware level

With these facts, why do people like
>>16962097
think that the government doesn't already have a backdoor to every recent vehicle, or better yet, some kind of wide open hardware component they have access to?

It's going to be fun when self driving cars rule the roads so occupants have more time to watch advertisements.

>>16962180
>Asking why a tripfag is a retard
Anon...

>>16962086
I don't need to read the article, even what you said in your post has two things at odds with each other. Chrysler's "fix" was a firmware update. How would that prevent someone from accessing the car remotely? Those are two completely separate issues. The story of the supposed hackers doesn't add up. Since everyone in this thread including this guy
>>16962119
clearly knows more than me after reading over TWO internet articles on non technical sites, why don't you tell me how a hack would be carried out on a modern car, let's just take a 2016 Mercedes C class. We'll give you a massive headstart and just say all modules in the car can be reprogrammed and are all connected in one giant CAN circuit (of course this isn't the case but since it prevents modern cars from being hacked we'll have to throw you a bone). Without physical access to the car
-how do you get the VIN
-how do you get the IP
-how do you construct a remote firmware package that leaves everything working, unnoticed to the driver
-how do you deploy it
-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)

>>16962195
Are you really questioning governments (or anyone with an internet connection for that matter) ability to find out someones VIN and IP?
read a book

>>16962195
Please stop.

>>16962195
>how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)
two guys gimped together an app on a 3g cellphone that tells you what every running Jeep something or other from MY 15-mid 16 is doing, where its headed, and how fast its going.

this is from the efforts of TWO guys.

Do you really think the NSA can't figure out how to get into nanna's 2016 camry and turn off the power steering?

>>16962206
That's one step (the easiest one by far), yet you can't even tell me how it's done, because you have 0 idea.

>>16962213
If you can spell out each step in my post I will never post again

>>16962220
>Do you really think the NSA can't figure out how to get into nanna's 2016 camry and turn off the power steering?
If it's on a private CAN, yes, it doesn't matter how much access to the car you have if the system is not physically connected or unable to receive info from the one you have access to, just like my microwave example earlier.

>>16962195
>-how do you get the VIN
>-how do you get the IP
>-how do you construct a remote firmware package that leaves everything working, unnoticed to the driver
>-how do you deploy it
>-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)

Be the Government and start the program ten years ago. That's fucking how. Every electronic device capable of receiving meaningful data entry has government-mandated backdoors built in. We just had a massive media outbreak when the actual documents pertaining to these specific systems in Intel processors, implemented on the hardware level, became public knowledge. Every keystroke you've ever struck is in the government's hands. Your phone is literally a 24/7 bug. Any camera or microphone that could possibly connect to the internet is giving the CIA a line in. They know everything you do, write, and say. The idea that they do not have this connection to your car, and this hardware cannot communicate with the drive control systems of a vehicle is fucking obnoxiously retarded. They are the Deep State. If they want that capability, and they do, they will have it.

>>16962220
The trick is that the CIA forces Toyota to give them the keys to said system in the first place.

File: 1423062336075.jpg (76KB, 584x326px) Image search: [Google]

76KB, 584x326px

>>16962242
>completely ignores he was disproven on multiple points by multiple anons, skips back to earlier post like a scratched record

ok, you win

>>16962195
>Chrysler's "fix" was a firmware update.
Chrysler's fix was an update to Uconnect to fix the exploit that allowed the hackers to gain control of the head unit. The CAN network still has the exact same vulnerability only now it requires them to be physically connected to the car which isn't really an issue.

>The story of the supposed hackers doesn't add up.
Yes I'm sure your dumbass knows more than FCA, the US government, and two guys that find and fix exactly these kinds of vulnerabilities for a living. This was all a big conspiracy to trick people into thinking their cars can be remotely hacked and FCA did a full recall and mailed out hundreds of thousands of USB drives as a multi-million dollar joke.

>>16962242
>That's one step (the easiest one by far), yet you can't even tell me how it's done, because you have 0 idea.
hahah you're so dumb it hurts. VIN's are stored on the dealers network.

>>16962253
Quite the tinfoil hat there, sounds like a lot of work just to monitor porn watching habits. You can't build a backdoor into a circuit that isn't connected to anything wireless, which is most of the safety related features on modern cars.

>>16962260
Which points? This thread is archived forever, if after months of research any anon can actually come up with some reason I'm wrong about something instead of saying "your retarded" and linking a clickbait article I'd like to hear from them.

>>16962263
The fix was a response to a massive shock in buyer confidence caused by a successful clickbait article across many news sites. If what the story described is true then the problem could not have been fixed by a firmware update, it would only cause whoever wanted to "hack" it to go back to the drawing board decoding all the CAN signals, which is a massive pain in the ass to do. If the steering and brakes were able to receive input from the infotainment at any point then it's still a massive security problem that you won't see in any other car. After reading the article they say the actual remote exploit was a problem with Sprint, but it still doesn't explain how anyone would tie an IP with an exact VIN.

>>16962313
>t still doesn't explain how anyone would tie an IP with an exact VIN.
by correlating mac address with gps location

>>16962313
>Which points?
well, for starters:
-how do you get the VIN
-how do you get the IP
-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)

keep in mind this is from a single post

>also
>but it still doesn't explain how anyone would tie an IP with an exact VIN.
the NSA can read completely encrypted PCs made after about 2007, what makes you think they can't access DMV and IP records?

jesus fucking christ

>>16962313
>If what the story described is true then the problem could not have been fixed by a firmware update
No you idiot, it was fixed by patching the vulnerability in the Uconnect software that allowed an attacker to gain control of the head unit in the first place. If they can't gain control of the head unit to send commands to the CAN network then this exploit no longer works. I don't get why you're having so much trouble understanding this or how you're so convinced you're correct when you clearly have no idea what you're talking about.

https://www.youtube.com/watch?v=JzWHZngfONo

Some people here are playing too much Ubisoft's Watch Dogs 2.

>>16962337
Where did you get the mac address?

>>16962344
>the government has secret backdoors in everything!
If you truly believe this it sounds like there's no reason debating, as the reply from you is going to be "the government can do anything and kill you at any second." Even if you move to a unibomber shack they are just going to take over a plane and stage an accidental crash into it to prevent you from sharing any more of their secrets.

>>16962390
>If you truly believe this it sounds like there's no reason debating
if you don't think the NSA can access DMV records, find your car's IP, or look through the contents of your RAM while your pc is on, then you're clearly in the shallow end of things

>>16962402
*tips tinfoil hat*

>>16962390
>Where did you get the mac address?
from the vin

>>16962416
Are you actually fucking retarded? Do you not believe something can be recorded from your RAM?

> he doesn't know about Intel Management Engine

>>16962360
I have no trouble understanding, it's quite the opposite, since I actually know how wireless data in modern cars and it's communication with CAN works, unlike the writer, or you, there are massive gaps left out of how this supposed hack took place, all of which I've already pointed out. If you knew anything about how CAN works it would be quite easy for you to explain the initial problem and the fix. How would firmware on a module prevent someone from getting wireless access to it? It's two completely different issues.

>>16962426
Where was this, a secret database? The dealership wouldn't have it. The manufacturer could, but not necessarily, I don't see why they would need to keep track of it.

>>16958842
Hahahahahaha get a load of this goy! Keep believing Bin Laden wasn't a CIA employee and died of kidney failure in an American hospital

>>16962477
>Where was this, a secret database? The dealership wouldn't have it. The manufacturer could, but not necessarily, I don't see why they would need to keep track of it.
You really don't know much about technology do you. All devices that interact with a network have a mac address. Yes, the manufacture will have this.
>>16962451
any and all data that has traveled through any ISP globally in the last ten years ( or more) is logged in real time by the US government.

>>16962477\
>I have no trouble understanding
Obviously you do.

https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/9493/

Here's the entire fucking play by play of how it was done.

File: 1439321485037.png (126KB, 655x666px) Image search: [Google]

126KB, 655x666px

Preferably something pre-2010 and that isn't GM-made. After 2010 there isn't much info about wether the ECU and its coadjuvant modules send any information outside via hidden means or if the communication is strictly in a 'intranet' scheme.

I say not GM because it's been proven that OnStar has been used in such a way with the consent of the justice, and because their cars have been in those kinds of shady accidents, including one with two councilman of a major city in Brazil; they were driving a Chevrolet Astra.

>>16962660
Sauce on the Huezil accident? I don't think the Astra was being produced after 2010 and, being an old model, I doubt it ever had OnStar.

>>16962571
Actually, this is the play by play
http://illmatics.com/Remote%20Car%20Hacking.pdf
Which, shockingly, confirms that
1. it's next to impossible to hone in on a certain car
>You need the IP address of the vehicle. You could just pick one at random or write a worm to hack them
all. If you knew the VIN or GPS, you could scan the IP ranges where vehicles are known to reside until
you found one with corresponding VIN or GPS. Due to the slow speed of devices on the Sprint network,
to make this practical, you’d probably need many devices to parallelize the scan, possibly up to a few
hundred.

2. You would need a lot of time, another example of the car you wanted to hack, $10k in diagnostic equipment, and hope the vehicle isn't updated in the meantime
3. The exploit was barely fixed at all by Chrysler, and the only meaningful prevention of the issue was done by Sprint. The problem was (and still is) the D bus chip being able to send data to the V850 chip which in turn could broadcast CAN messages.

Just like I said, they needed access to the car to do what they did. Even with MASSIVE security issues in that particular car it still isn't possible to hone in on one and remotely hack it. Better read than I expected though, aside from the "l33t" stuff. Check it out, maybe all you guys that learned about CAN bus for the first time in this thread will actually learn something.

>>16962477
The CAN had a direct connection the head unit. Hack the head unit and you have access to the CAN. Also, they fixed the exploit they used to gain access to the CAN. There are still a billion other ways to get access to the CAN that nobody has discovered, just the method those 2 guys used has been patched.

Why are you having such difficulty understanding that more and more cars are having their CAN tied to the head unit and safety systems that allow them to be hacked? This isn't 1998 anymore.

>>16962025
You're a tripfag. Please stop embarrassing yourself, you have no clue what you're even talking about. These hackers know far more than your dumbass.

The CAN for this was connected to onstar, THAT can be hacked. More and more cars are introducing similar systems.

>>16962703
So then you admit that the cars could be hacked and despite all the goalpost shifting you're doing now regarding the difficultly that you were in fact wrong?

>>16962086
That means the government or car maker could still have a backdoor in that update to remove public access.

Certainly, the car maker is able to send updates that check for serial numbers, thus an update can be specifically targeted to any single car.

>>16962682
In Brazil they were produced up to 2012 IIRC, but they never recieved OnStar, at least officially. I'm not finding the specific news i've read at the time but there's loads of accidents with this model involving councilmen and/or members of some city councils in Brazil.

Another note: Many city councils in Brazil, and some state departments use GM vehicles, and some of them use OnStar.

>>16957455
99 Ford Exploder Limited Edition

Can't tow any rental trailers, but you get comfy leather and amazing 12 mpg.

No one will hack you, because no one will care too...

>>16957455
Just wrap all the electronics in tin foil, that'll stop the hacking rays

>>16962708
>The CAN had a direct connection the head unit.
Not really, try actually reading their paper
>There are still a billion other ways to get access to the CAN that nobody has discovered
No, there aren't, because you can't access something that isn't connected to wireless

>>16962731
Those "hackers" confirm almost all of what I have said in this thread in their abstract, I don't see how you can appeal to authority to prove me wrong when they in fact show what I have said to be correct.

>>16962742
Did you read the paper? They had physical access to the car, they couldn't do the attack without leaving a trace, and, though they try to sneak it in at the end, they couldn't execute code without completely disabling the ECU that sends the code, which they do admit is slow, but forget to mention it would light up the dash like a christmas tree and disable a lot of function of the vehicle before they could get it to the point it was able to execute their code.

>>16962908
>They had physical access to the car, they couldn't do the attack without leaving a trace, and, though they try to sneak it in at the end, they couldn't execute code without completely disabling the ECU that sends the code, which they do admit is slow, but forget to mention it would light up the dash like a christmas tree and disable a lot of function of the vehicle before they could get it to the point it was able to execute their code.
Again shifting the goal posts from
>It's not possible for steering/brakes to be "hacked" remotely
The specifics of the hack aren't relevant here. You claim that they could not remotely get control of the vehicle which is wrong. Needing physical access to the vehicle to develop the attack isn't relevant nor is the time it takes to actually execute it.

Just admit you fucked up.

>>16963021
he's not going to do that, he dug himself too deep

>>16962097
You can introduce a computer on the DLC as a new module to the CAN system and let it pass commands to other units because the modules usually can't tell what command was sent by what module. CAN networks are ring topology so every device sees every command that passes through it. You can also spoof addresses

So if the command for brake application is sent from the radio, the BCM or ECU cannot tell if that command was sent by the brake pedal or the radio, it just knows the command was issued. In Chryslers, they will actually just do whatever is issued on the network so long as it's a valid command for some module. You can use an ELM327 and a laptop to manipulate the car simply by typing commands.

Miatas are secure. Hardly any electronics at all.

>>16963021
>It's not possible for steering/brakes to be "hacked" remotely
>Needing physical access to the vehicle to develop the attack isn't relevant
How is it a remote hack if it requires physical access to the car? Are you even reading what you are writing? That's by definition NOT a remote hack.

>You claim that they could not remotely get control of the vehicle
They didn't, they got control of the vehicle because it was in their physical possession, as explained in the article. Could they have hacked a random vehicle not knowing who it belonged to? That seems possible from the paper, but they didn't do it.

>>16963083
How do you dig yourself too deep on an anonymous imageboard? Is my e cred going to get ruined?

>>16963175
Holy shit it's someone who learned about CAN more than 2 hours ago. Have you ever seen a car with wireless data on the same bus as brakes or steering besides these Jeeps? Aside from the security issues it just seems incredibly stupid as infotainment is one of the most likely culprits for bringing down CAN.

>>16962517

>>16963197
>How do you dig yourself too deep on an anonymous imageboard?
protip:tripfags aren't anonymous

>>16963197
>How is it a remote hack if it requires physical access to the car?
Jesus Christ you're stupid. They needed physical access to the car to develop the attack, not execute it. This is standard practice when you're developing a piece of software to attack a particular system.

>That seems possible from the paper, but they didn't do it.
Again shifting the goal posts. It was possible, whether or not they went around doing it to random cars is irrelevant.

>>16963272
No one is anonymous on internet, aside from tor. Every time you visit any website, including 4chan, all of your data is mined and sold to the highest bidder.

>>16963272
Unless they are using their real name they are certainly anonymous. If anyone, tripfag or not, comes here to "win" an argument they most have not been here for long, there is no winning, every single poster knows more than every other single poster no matter what the subject is and if you use a tripcode you are always wrong.

>>16963303
It seems you either didn't read or didn't understand the article. They obtained the IP by having access to the car.

>You need the IP address of the vehicle. You could just pick one at random or write a worm to hack them
all. If you knew the VIN or GPS, you could scan the IP ranges where vehicles are known to reside until
you found one with corresponding VIN or GPS. Due to the slow speed of devices on the Sprint network,
to make this practical, you’d probably need many devices to parallelize the scan, possibly up to a few
hundred.

>During one scanning session, we found 2695 vehicles

They didn't have the ability to hone in on one VIN/IP knowing what it was. They had no ability to hone in on a specific car to hack without having the car in their possession.

>>16963350
Having the specific IP to the car isn't relevant to what you were saying. It doesn't matter if they have to hack every car in a 1 mile radius the point is it's possible. Your initial claim that you can not get remote control of braking and steering was wrong, all the details beyond that are irrelevant.

>>16963350
What sort of cash do you pull in from the CIA gig?

But seriously, some agencies actually hire agents to work for companies and write backdoors into their code. Now besides that, it is completely possible that from imcompetence or simply lack of care, that shitty software is out their waiting to be exploited.

>>16962064
>It would be impossible to hide, there is no grand conspiracy because thousands of engineers would have to keep it a secret

Umm may i remind you that they've been trying to keep secret the fact that Flight ID information on planes is not encrypted, easly read and spoofed / injected in to the system a sectret for the pas oh 20 years or so? not many people realize you could actually divert flights using auto pilot on different flight plans. remove flights off these tracking systems and inject phantoms.

keeping a car security vulnerabilities such as this one a secret is not that hard. a few NDAs and threats to burry the people will get it done.

hell there is even an app that you can hold an ipad and where the flight physically is it will overlay it's tail ID altitude/direction of travel.

someone hacked a flight and with it via connection (small box under a seat next to the wing) managed to alter altitude, direction and speed that was set in the auto pilot.

taking the other approach you could enter phantom aircraft to cause auto pilot to "divert" the flight. remove the flight from radar traffic screens and inject a false one going on the oriignal flight plan.

cars are far less complicated and far less secure.

>>16958133
Can't have that problem if you just kill your neighbor first.
>ancap-ball.jpeg

>>16962344
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

it's happened before and it will happen again.

you don't think someone could break into the car and plug into it (hell or wire into the harnes? then after the attack remove the evidence?

File: Screenshot_20170406-074052.jpg (707KB, 1848x1440px) Image search: [Google]

707KB, 1848x1440px

>>16958914
yo that was my favorite episode from wangan midnight

>>16962360
>No you idiot, it was fixed by patching the vulnerability in the Uconnect software that allowed an attacker to gain control of the head unit in the first place.

the patch basically was a 2nd processor would override the 1st hacked one (or vice versa) but they can knock one of them offline and gain control over the system.

>>16962382

That is the near future

Posting in another "heartbreaker is a retard" thread.

>>16965467
But.. He's mostly right about this one anon

>>16957634
CIA pls go

>>16957455
69 Charger

File: a0b.jpg (8KB, 200x219px) Image search: [Google]

8KB, 200x219px

>>16960618
>> yfw when

>>16962180
>With these facts
>>>/g/

>>16963021
not him but thats not what shifting goalposts is dumbass

>>16965351
>someone hacked a flight and with it via connection (small box under a seat next to the wing) managed to alter altitude, direction and speed that was set in the auto pilot.
that was also a clickbait article bro

>>16964280
>some agencies actually hire agents to work for companies and write backdoors into their code.
There's various federal laws that require backdoors to be put into secure comm systems. Those were put into place right after 9/11. As mentioned years ago on 4chan, some of those laws are secret and the public is not allowed to know the terms of coverage.

>>16957455
Anything made before 2005.

>>16957996
>Don't fuck up that bad. It won't matter what you drive or anything else if they want you dead.
Fuck you CIA
I will not be intimidated by the likes of you

>>16967671
Wrong. My car was made in 2007 and it's drive by wire. Totally screwed if the cia gets pissed

>>16967745
>Wrong
>Proceeds to prove me right
???

>be CIA
>remotely hack car to disable brakes
>guy dies in suspicious accident, cops can clearly see cars computer was messed with
>only handful of people/agencies have the ability to do this, man was critical of one of them

versus

>be CIA
>tell nigger about to go away for life that if he murders DANGEROUS TERRORIST they'll give him an ID swap and set him free
>nig comes up to guy mowing his lawn and shoots him
>when he shows up for the payment you shoot him and toss the body in the nearest river
>SENSLESS TRAGEDY AS FAMILY MAN GUNNED DOWN and then maybe SUSPECTED KILLER FOUND DEAD, GANG AFFILIATION BEING INVESTIGATED

File: 130.gif (644KB, 233x411px) Image search: [Google]

644KB, 233x411px

>>16967965

Honestly I think that this has to do with more than just assassinations.

If there is a civil unrest, .gov can, with drive by wire, just remotely lock all cars, monitor where everyone is, et cetera.

It's not just about making people mysteriously die from an accident.

>>16967985

Or call onstar to put on the brakes if a person is trying to escape from the authorities

File: sim-card-yellow.jpg (78KB, 1000x661px) Image search: [Google]

78KB, 1000x661px

>spend whole life reading /x/ threads and worrying about lizard people crashing your car remotely
>still don't realize you can disable all wireless communication to your car in 2 seconds

Looks like the civil unrest can continue. Hopefully they didn't build a secret back door into my car to kill me for leaking this top secret tip.

>>16967985
That's exactly what they want you to believe!

no but seriously, you should always be concerned about the power they have over you, but recognize it's in their best interest for everyone to believe they are one button push away from blowing up or at least having their car stall out and prevent them from attending the local governor-lynching party. Panopticon principle, basically.

>>16968019

I want 10 copies of your ingenious "sim card yellow" device.

>>16968050

Are we living in a panopticon? Probably.

File: 1373478465420.jpg (5KB, 240x180px) Image search: [Google]

5KB, 240x180px

Okay I have an idea.

For any really paranoid people, what if we make manual "killswitches" in our car, like we can somehow pull all the sparkplugs, tear electrical wiring off, drop the engine, et cetera with a hefty yank from a cable/rope (which extends into the cabin)? Of course the cable should be located in the ceiling or a glovebox.

Honestly, any car manufacturer that genuinely cares for the safety of the people should include these manual killswitches in their car.

Okay it's obvious that you're probably dead anyways if the gubbyment wants you dead, but what if in the future there are genuine "watch-dogs" type hackers that wants to bully you? Or if there are occasional genuine computer failures?

>implying the CIA would go through the trouble of hacking your car to maybe possibly kill you
>when they could just detonate the microcharges in your brain you received from those "immunizations" as a kid and pose it as a aneurysm
Retards, all of you.

File: 1404835967723.gif (507KB, 200x178px) Image search: [Google]

507KB, 200x178px

>>16968400

>yfw I live in a state where "philosophical reasons" is a valid reason for declining mandated school vaccinations so I actually don't have nanobots in me

>>16968412
As if the CIA doesn't already know that. Now they've got to come up with something else. Best be wary, without a way to take you out instantly and remotely they'll probably result in assassinating you ahead of time just to play it safe.

File: hitler_sex_large.jpg (83KB, 1040x767px) Image search: [Google]

83KB, 1040x767px

>>16968438

Eh I know I'm dead if the government wants me dead. At least it gives me a (somewhat false) peace of mind and they have to at least take an extra step to get me.

With tons of gun purchases, long google search history of conspiracy theories, lots of "how to avoid x" "how to make x" searches online, I'm probably on the list if there is one.

I already accepted the futility of trying to stay off the grid completely. My only hope is that this world doesn't really exist or whatever happens in my existence doesn't really matter (or religion, et cetera). I already found my philosophical sanctuary.

In short, I am ready to die. Let the illominatay, reptiles, Jews, interdimensional beings, Satan, whoever the fuck take over the world and kill everyone. They can't touch my soul.

I just view life as a good journey and I am just happily shitposting online. Pretty comfy.

>>16968479

Or, sometimes I fantasize that I'm in a huge and elaborate Truman Show and maybe government conspiracy theories are a big funny prank on me. Can't disprove that :)

Either way, you know that I'm having fun right now and I don't give a shit. I'm not scared at all.

>>16967985
>If there is a civil unrest, .gov can, with drive by wire, just remotely lock all cars, monitor where everyone is, et cetera.

Like if a bank robbery occurs, all non-municipal cars in the lot can be commanded to not start. That can work when the corporation has close ties to the government of that country. Eventually, such types of "domination" can occur. It technically can be done today but there are still privacy laws to be overcome.

File: 80_Variance_Points_to_match_face.jpg (128KB, 1280x720px) Image search: [Google]

128KB, 1280x720px

>>16968498
>I'm having fun right now and I don't give a shit. I'm not scared at all.
That's one way to approach being in a surveillance society. Of course, those who want to change laws to make it even more big brotherish want you to not care. By having lots of "don't care" voters, those who want big brother (and the ability to abuse such powers) can get law changes.

When the percentage of "don't care" voters is vastly greater than the number of "we do care" voters, the politicians and the corporations can have laws changed with impunity.

Check out the documentary by the National Geographic Society "Science of Surveillance". While a bit older from 2006, it gives you an startling view of what's already been implemented. You can safely assume it is far more invasive since then.

https://www.youtube.com/watch?v=kYJT-i8Jp38

File: download.jpg (5KB, 301x167px) Image search: [Google]

5KB, 301x167px

>>16957455
Did you not watch prison break Tuesday? They can totally hack it now.

>>16970553
>That's one way to approach being in a surveillance society.

To get around the various privacy laws about filming people and identifying them, the Sheriff deputies will sometimes walk around the streets and inside various buildings and libraries on patrol. Walk, not ride their SUV cruisers. That's because they have high resolution personal video cameras mounted as part of their body gear. The images are identified by computer and if a wanted person (open warrants) is detected by computer match, the deputy gets a warning in his earpiece so he goes back and nabs the person he just walked past.