Mumbai, India, August 27, 2014: ESET, a global pioneer in proactive protection for more than 25-years, alerts that the modern cars are computers on wheels and are increasingly connected and controlled by softwares which are prone to get hacked. In-car web browsers, RATs and IOTs could take control of the modern cars, hence showing a danger crossing the line from “proof of concept” to reality.
The researchers point out that, while hacking a car to give total control is extremely hard. But for an instance it is easier to attack individual systems such as communications or navigation, both of which could be lethal. Dependence on technology in vehicles has grown faster than effective means to secure it. Security researchers have demonstrated vulnerability to accidents and adversaries over more than a decade. Dependency and Increasing automation has led us to these problems and has grown faster than effective means to secure it.
Robert Lipovsky, Malware researcher at ESET says “Users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”
Cyber jacking or Car Hacking: It’s a word and it’s happening (soon)
The open letter has ignited a spate of commentary, with Market Oracle describing the crime as “Cyberjacking/Car Hacking”, and pointing out that the average family car contains 100 million lines of computer code, and that software can account for up to 40% of the cost of the vehicle, according to researchers at the University of Wisconsin-Madison.
Hack against cars have been demonstrated before – but so far, have relied on attackers having physical access to the vehicles. At DefCon conference in 2013, two researchers showed how they could seize control of two car models from Toyota and Ford by plugging a laptop into a port usually used for diagnostics. This week’s hack against Tesla’s flagship could mark a new stage in Cyberjacking – where attackers could compromise a vehicle remotely, without accessing the car’s hardware.
With the increasing Internet of Things sophistication in motor vehicles, hacking automobiles has become a new challenge to the hackers. Bluetooth has become ubiquitous within the automotive spectrum, giving attackers a reliable entry point to test. Two researchers who had previously demonstrated hacks against cars declared a new threat this week – In-car web browsers. In an exhaustive analysis of top car brands, the researchers found that while it was possible to compromise systems, the results were limited. A Bluetooth hack, for instance, would not compromise the vehicle – but allow attackers to ‘pair’ devices.
Android versus RAT: Rodent wins
Android users in Russia were offered a bundle of free apps – with one catch. Each had been tweaked to hide a Remote Access Trojan (RAT) built to steal information. These RAT mostly found in PCs and Android devices allows an attacker access to many data like Android/Spy.Krysanec, GPS location, contacts lists, web history, contacts lists and more.
This backdoor Trojan which ESET detects as Android/Spy.Krysanec, was found as a malicious modification of MobileBank (a mobile banking app for Russian Sberbank), 3G Traffic Guard (an app for monitoring data usage). Naturally, it was distributed through several channels, including a typical file sharing think Warez site, a third-party app of Russian social networking third-party app stores (not Google play store) and many other social sites.
Wi-Fi security: A deadly weakness?
In Black Hat hacking conference, Ruben Santamarta, Principal Security Consultant at IOActive says that Aircraft communications equipment can be hacked via Wi-Fi security, in-flight entertainment systems, specially crafted message from one ship to another ship or by a simple SMS too. These vulnerabilities allow remote hackers get access to communications systems in Ships, Aircraft, Military personnel, Emergency services.