Cars, Security and a Peek into my Life
The L-shaped ones on the right are “torsion wrenches”. Use one of those simultaneously with one of the “picks” on the left.
It automates the above process, and while often seen in movies, it’s not that seamless.
It’s way noisier than you’d like it to be, and causes more damage to the lock than picks, leaving evidence of your presence.
(always be mindful of where you leave fingerprints.)
Spotted at SecTor 2014
– 150 ft inside a structure (eg. your home)
– 300 ft outside
Even if you’re living in the centre of a barren, 1,000 foot field (why are you doing that?), still password protect your WiFi (your SSID) using WPA2.
And change your router password, because when was the last time you did.
Real brief: the problem is cars operate on the CAN bus network, which was designed in the 1980s, when the internet didn’t exist. Learn about CAN here.
Speaking with Chris Valasek, physical access is still required to hack the car. For now. (I’d try coming in via Bluetooth.)
Read it online at Autonet.
That’s how car hacking works: the system doesn’t ask where the message came from or who sent it, it just accepts and executes it.
Plus the ending, because it’s true.
To attack, it’d be more efficient to roll that newspaper into a baton, than go after the target’s car.
***
Back to ‘Keri on Driving’ – Index
Blog tag = auto security
A group of security professionals have formed “The Cavalry“: dedicated to improving collaboration between the cyber security and automotive industries.
Because what if things like adaptive cruise control, electronic braking and stolen vehicle recovery technology could be used nefariously? What if all Toyotas in Canada were instructed to go left next Tuesday at 1pm? Like that.
Specifically, they’re proposing a Five Star Automotive Cyber Safety Program:
1 – Safety by Design
2 – Third-Party Collaboration
3 – Evidence Capture
4 – Security Updates
5 – Segmentation & Isolation
Why I signed:
Non-security nerds: I know this stuff can seem shadowy and strange, with a name like “The Cavalry” and a blank profile pic, but in this particular case it’s okay, I know one of the guys in real life; I signed with my real name, not Blog.
Online security.
There’s 1 day left of SecTor, Canada’s premiere security conference.
That blog title is not dramatic, it’s like 98%. Makes sense, look how fast we adopted the internet of everything, that’s currently pretty vulnerable and held together with popsicle sticks, a nightmare is coming, one day you’ll tell your grandchildren of a time when people’s password was password, tada! You have a job for life.
I went straight for the car hacking stuff.
Check out the Keynote while eating lunch, and making friends.
Sit in on a talk, which looks like this.
That’s Christopher Pogue of Nuix, talking about cybercrime and forensics. He made a good point: if the 3rd parties and vendors connecting to your network aren’t secure, neither are you.
Or if you feel shy, go to the lock picking village and grab a seat; I find people into locking picking are generally welcoming and fun.
Take the requisite conference-bathroom-selfie.
Don’t be shy to ask questions! And don’t let the nature of the information put you off, it’s a friendly crowd.
Too bad you missed the annual party, though. Finally after 1,000 emails got meet Sabrina, who runs communications & media, and edited my article about the car hacking keynote by Chris Valasek.
Whom I also met IRL, read that piece here.
Tickets and location information here, and whomever’s running their Twitter is funny @SecTorCa #SecTorCA
One day I’d like to give a talk, maybe another year of quiet study first.
I have 3 possible topics, but they’re not yet strong enough to type here.
Blog tag = SecTor
