Ford Escape: Hackable.

Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat. Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day's experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn't so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.) The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers."

I doubt anyone is surprised. If it's a computer, chances are that eventually it will be hacked. Disabling the brakes? Not good. And I believe it's Infiniti is developing a car that has drive-by-wire steering, where the steering wheel is not physically coupled to the front wheels, which means a computer is translating your input (turning the steering wheel) into orders to turn the wheels.

Ford is a little unique in that they have an interface to their car's computer systems that people are allowed to tap in to, someone developed a vibrating shifter for manual transmissions that tells you when to shift, intended for people who are new to stick-shifts. Supposedly this is port doesn't let you in to a modifiable portion of the computer, but still....

http://tech.slashdot.org/story/13/07/25/1732257/hackers-reveal-nasty-new-car-attacks


In other DefCon news, a hack was demonstrated that easily and totally bypassed Volkswagon's security systems, making it really easy to steal their cars and with leaving no trace, giving the insurance companies a potential out by saying there was no evidence of theft. Volkswagon sued in court to keep the information from being disclosed at DefCon and surprisingly won, so they're going to get a little bit of time to cover their butts before more information on this hack gets in to the wild.

Kwikset "Smartkey" locks vulnerable to some interesting attacks

Yet another DefCon demonstration. In this case, the lock is advertised as secure and flexible because it's easy for the owner to reprogram the lock for a house sitter or whatever, then change the lock back when they need to. It's not a digital lock, needs a key like most others. Two vulnerabilities are demonstrated in videos with this article. The first uses a piercing blade and a hammer, the blade is inserted in the keyway and the hammer whacks it until it pierces the thin metal of the back of the lock. A wire with a loop is then inserted to turn the tailpiece, the thing that actually engages as the lock. Once that's turned, the lock is unlocked and unless there's a very close physical inspection, you can't see that the lock is broken because your key still works in it.

There's another technique that's been around for years called Bumping, after you bump a lock any key will work in it and the lock is physically broken. This is different.

The second technique uses a screwdriver and a pair of pliers. The lock is supposedly rated to 300 pounds-force-inch of torque to turn the cylinder, turns out that it will turn with about a hundred.

Kwikset, of course, denies that these vulnerabilities exist.

http://www.wired.com/threatlevel/2013/08/kwikset-smarkey-lock-vulns/