Your New Car Is Not Your Friend Its Your Enemy.
Credit consumerwatchdog.org
Kill Switch (PDF) (49 pages) (You need to read this for sure.)
Background
While self-driving cars have received lots of attention, the auto industry is quietly
installing components that carry similar risks into ordinary consumer automobiles.
Widespread use of self-driving cars is years or decades away.
However, 17 million new
cars are deployed on American roads each year in which the mechanisms that control
movement—accelerating, steering, and braking—can be overridden by computers and
software.
This computerization has been accompanied by a growing trend of connecting cars to
wide-area communications networks—making them part of the Internet of Things (IoT).
This is a dangerous combination, as it creates the potential for hackers to take control of
vehicles remotely. Unlike other “connected” technologies in which hackers can only steal
information or money, hacked cars have the potential to cause property damage and
deaths.
Whereas the military and aviation industries carefully avoid connecting dangerous
machines to the Internet, the auto industry has yet to learn this lesson.
Millions of cars on the Internet running the same software means a single exploit can
affect millions of vehicles simultaneously.
A hacker with only modest resources could
launch a massive attack against our automotive infrastructure, potentially causing
thousands of fatalities and disrupting our most critical form of transportation.
Recent reporting about United States efforts to counter Russian cyber-attacks with its own online
infiltration indicate that we increasingly live in the era of cyber warfare. An attack
targeting transportation infrastructure is a growing possibility.
Most concerning is that automotive industry executives are aware of these risks, yet are
proceeding nonetheless to deploy these technologies, putting corporate profits ahead of
consumer safety and national security.
Main Findings of the Investigation
The top ten car brands in the U.S., accounting for 95% of car sales, all sell Internet-
connected cars. The three top-selling carmakers in the U.S., GM, Toyota, and Ford,
representing nearly half the U.S. auto market, will only sell Internet-connected cars by the
end of this year. (2019)
The troubling issue for industry technologists is that these vehicles’ safety-critical systems
are being linked to the Internet without adequate security and with no way to disconnect
them in the event of a fleet-wide hack.
Most connected vehicles share the same vulnerability.
The head unit (sometimes called the infotainment system) is connected to the Internet through a cellular connection and
also to the vehicle’s CAN (Controller Area Network) buses.
This technology dating to the 1980s links the vehicle’s most critical systems, such as the engine and the brakes.
Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard A. Clarke said that what is known about the crash is "consistent with a car cyber attack." He was quoted as saying: "There is reason to believe that intelligence agencies for major powers—including the United States—know how to remotely seize control of a car. So if there were a cyber attack on [Hastings's] car — and I'm not saying there was, I think whoever did it would probably get away with it."
Experts agree that connecting safety-critical components to the Internet through a
complex information and entertainment device is a security flaw. This design allows
hackers to control a vehicle’s operations and take it over from across the Internet.
By 2022, no less than two-thirds of new cars on American roads will have online
connections to the cars’ safety-critical system, putting them at risk of deadly hacks.
Car makers have many economic motivations to connect vehicles to the Internet—from
saving money on recalls by updating vehicle software over-the-air to collecting valuable
data on how fast we drive to where we shop.
While car companies market flashy new features, such as remotely starting cars from smartphones, technologists report the
companies have not prepared for the grave security implications of a connected car fleet.
Car makers have even acknowledged to investors and shareholders the dangers of
connected cars and their vulnerability to hacking. However, technologists report the
companies are deceiving the public about the risks and their inability to eliminate them
after nearly a decade of trying.
Technical experts explain that using smartphone technology in cars, technology that was
never designed to protect safety-critical systems, is a recipe for disaster.
A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas
could result in approximately 3,000 fatalities, the same death toll as the 9/11- attack.
Expert hackers report that time and money are the only things that stand between them
and hacking a fleet of cars.
Software design practices that result in frequent hacks of
everything from consumer electronics to financial systems cannot be trusted in cars, which
can endanger not only the lives of their occupants, but also pedestrians and everyone else
on the road.
Cars can be infected with “sleeper” malware that wakes
at a given date and time, or in response to an external signal,
Security-critical components in cars are black boxes. Even the car makers themselves
often do not know the origins of the software they use, nor their true risks.
Vehicles from many major carmakers—including Tesla, Audi, Hyundai, and Mercedes—
rely heavily on software written by third parties. This includes open source software, like
Android, Linux, and FreeRTOS.
This software often comprises contributions from
hundreds or thousands of different authors around the world, and there is usually little
accountability for flaws.
The veil of secrecy surrounding automotive software and the ability to update it “over the
air” without touching the vehicle lets automakers cover up safety problems and sloppy
testing practices.
Consumers are driving cars whose systems run on unfinished and under-tested software.
A different type of kill switch:
To protect the public, carmakers should install 50-cent “kill switches” in every vehicle,
allowing consumers to physically disconnect their cars from the Internet and other wide-
area networks.
Otherwise, if a 9/11-like cyber-attack on our cars were to occur, recovery
would be difficult because there is currently no way to disconnect our cars quickly and
safely.
Mandatory “kill switches” would solve that problem.
Don't confuse this with the automatic remote controlled kill switch for 2026 cars.
Thinking people will read and heed the Kill Switch (PDF) report.
This report details how its estimated by 2022 2/3 of cars will have electronics that connect to the internet automatically.
This is 2023 so its more than two thirds of cars will have electroincs that can EASILY be hacked and controlled by ANYBODY!
Just think about that just a little.
For instance the CIA or FBI hacks into your car electronics planting a timed attack or just hacking into your cars system and taking control of your engine or breaks etc.
The CIA or FBI disables your breaks while monitoring your speed.
Your driving about 60 and need to slow down and stop at a red light or stop sign.
Of course the CIA or FBI is using your GPS location and knows where your are within 15 feet.
They see you need to sart slowing down for a stop sign or red light.
They disable your breaks.
You can't stop. You run a red light or stop sign.
You are injured or die.
The police investigate and charge you with failure to stop for a stop sign or red light if you are still alive.
Your are charged with reckless driving etc.
Or maybe manslaughter etc.
Your sued. You loose everything.
All because you car malfunction was caused by a CIA or FBI hack into your car's electronic system via the internet.
You never know they did it.
You think you were the cause of the "accident".
There is nor record of the CIA or FBI hack of course.
It also could be ANYBODY else that can hack your car's electronic system via the internet.
Is this a possibility? YES.
If you have a vehicle that can be connected to the internet, wifi etc, automatically or if you have the ability to enable the feature:
IF YOU HAVE ANY SENSE AT ALL MAKE SURE YOUR VEHICLE ISN'T CONNECTED TO THE INTERNET, EVER!
Your life depends on it.
Be aware your vehicle can still be connected to the internet without your knowledge because thats built into you cars's electronics.
The top ten car brands in the U.S., accounting for 95% of car sales, all sell Internet-
connected cars. The three top-selling carmakers in the U.S., GM, Toyota, and Ford,
representing nearly half the U.S. auto market, will only sell Internet-connected cars by the
end of this year.(2019)
The troubling issue for industry technologists is that these vehicles’ safety-critical systems
are being linked to the Internet without adequate security and with no way to disconnect
them in the event of a fleet-wide hack.
Most connected vehicles share the same vulnerability.
The head unit (sometimes called
the infotainment system) is connected to the Internet through a cellular connection and
also to the vehicle’s CAN (Controller Area Network) buses.
In-car entertainment (ICE), or in-vehicle infotainment (IVI) (Don't Fail To Read This.)
In-car entertainment (ICE), or in-vehicle infotainment (IVI), is a collection of hardware and software in automobiles that provides audio or video entertainment. In car entertainment originated with car audio systems that consisted of radios and cassette or CD players, and now includes automotive navigation systems, video players, USB and Bluetooth connectivity, carputers, in-car internet, and WiFi.
This is the piece of hardware and sofware that allows ANY hacker to take control of your vehicle and KILL YOU!
Its the entertainment system in your car that connects to the internet.
You get into your car and turn the switch. Your (IVI) system is connected to the internet.
Now its not just your phone that can be hacked.
Its your phone connected to the (IVI) system or just your (IVI) system that is connected to the internet.
If someone hacks your phone it can be turned into a brick or a spying device.
If someone hacks your (IVI) vehicle system connected to the internet you can loose control of the vehicle and they take control of your vehicle.
A cellphone hack normally won't KILL you but an (IVI) hack to your cars electronic system can KILL you.
I hope after reading this you are worried and concerned about your vehicle's (IVI) or (ICE) entertainment system that connects to the internet.
Even if you disconnect the (IVI) or (ICE) system your vehicle electorincs can still be connected to the internet in ways you don't know about.
They say smoking is a hazard to your health. True.
A new vehicle is also a hazard to your health!
You say, I don't smoke.
Its doesn't matter.
Everytime you get into your vehicle its like you light one up every time and continue to chain smoke.
If your just a passenger in a vehicle the "second hand hazard" is really your vehicle's (AVI) or (ICE) internet connected system.
As car infotainment systems can access more and more functions of the vehicle (e.g. through the CAN bus), concerns have also been voiced about potential remote car hacking
CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996. The EOBD standard has been mandatory for all petrol vehicles sold in the European Union since 2001 and all diesel vehicles since 2004.
CAN is a low-level protocol and does not support any security features intrinsically.
There is also no encryption in standard CAN implementations, which leaves these networks open to man-in-the-middle frame interception. In most implementations, applications are expected to deploy their own security mechanisms; e.g., to authenticate incoming commands or the presence of certain devices on the network.
Failure to implement adequate security measures may result in various sorts of attacks if the opponent manages to insert messages on the bus.
While passwords exist for some safety-critical functions, such as modifying firmware, programming keys, or controlling antilock brake actuators, these systems are not implemented universally and have a limited number of seed/key pairs.
CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996.
For those of you who live in Reo Linda, as Rush Limbaugh use to say, this means the (OBD)-II vehicle diagnostics in your car via the CAN bus can be HACKED because it has NO security features.
This electrical communication bus sytem is in all car and trucks.
In 1996 the CAN bus commication system has been in vehicles. ALL vehicles.
This CAN bus system is connected to your vehicle's (AVI) or (ICE) internet connected systems.
This is how the internet can control your car. This is why newer cars with (AVI) or (ICE) entertainment systems that connect to the internet are able to control your vehicle!
(I don't have a vehicle with an (AVI) or (ICE) internet system installed.
I do have a vehicle with a CAN bus installed and know it is not a secure system.
I know it can be hacked but not via the internet.
I am glad my vehicle can't be controlled via the internet.
I am so glad its not a new vehicle.
This article is news to me. I was not aware of how dangerous new vehicles are.
I am now and so are you.
7 Ways Your Car is Turning Into a Mobile Device (2019)
This technology dating to the
1980s links the vehicle’s most critical systems, such as the engine and the brakes.
Experts agree that connecting safety-critical components to the Internet through a
complex information and entertainment device is a security flaw.
This design allows hackers to control a vehicle’s operations and take it over from across the Internet.
Read All The Twitter Files Released By Elon Musk