Real World Hacking

Hacking in the virtual world is almost as prevalent as speeding on the motorways, in that there are so many people doing it, it is almost expected that things get hacked. New exploits and ways of hacking are being discovered all the time, and the cyber world has become a battleground for hackers and the companies that protect systems.

Real world hacking is getting extremely worrying
Real world hacking is getting extremely worrying

There has been for some time a movement that is not interested in hacking computers per se, but are more interested in hacking the micro controllers we now use in so many systems, for instance in the control units in vehicles.

As a couple of examples of this there has recently been two high-profile demonstrations of hacking technology that are a little scary.

Firstly a team of ‘White Hat’ hackers (so-called ‘ethical hackers’) identified a potential problem with the engine management systems in some cars, and the immobilization systems. Namely the Megamos Crypto system used to encrypt the communication of remote keys.

(reference: http://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars)

The hack was first reported back in November last year by three researchers, when, upon discovery, the information was detailed to the car manufacturers to do something about, before being published in the upcoming Usenix Security Symposium, which will be held in Washington next month (August).

The three researchers are Flavio Garcia, a computer science lecturer at the University of Birmingham, and Baris Ege and Roel Verdult, security researchers at Radboud University Nijmegen in the Netherlands.

Hacking security vulnerabilities in real world devices such as cars, luxury yachts and even medical equipment is becoming a real concern as we progress down a more technological path in our lives.
The German carmaker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals. Once this was gained the researchers plans to publicize the information at an upcoming hacking conference were dropped.

Further to this – and possibly more worrying – is that news that DARPA funded research in to hacking the actual control systems in cars.

(Reference: http://www.ibtimes.com/car-hacking-darpa-funded-researchers-take-control-toyota-prius-ford-escape-using-laptop-video)

The troubling part is that the researchers were able to take control of a Toyota Prius and a Ford Escape and do simple things such as manipulating the speedometer and various sensors. More nefarious hacks included tricking the car into jerking to the left and right, controlling the horn, triggering the seat belt tensioner and even turning off the brakes entirely.

The second example involves the spoofing of a GPS signal confusing the systems used on a luxury yacht and meaning you could direct it anywhere you wished.

(reference: http://www.upi.com/Science_News/Blog/2013/07/30/Texas-GPS-spoofing-fools-80M-superyacht-receiver/1741375208037/)

In this case researchers simple created a false GPS signal to fool a yachts GPS systems in to believing they were somewhere else. Using this technology, the researchers were able to control the yacht and send it to a destination of their choice.

This was all done with the consent of the yacht’s captain, who reported that there were no alarms or warnings of any type on the yacht.

All this could apparently be done from a range of up to 30km away using drones to provide the fake GPS signal.

If all this isn’t scary enough for you, what if I mentioned that Hacker Barnaby Jack also discovered vulnerabilities in the code used to turn pacemakers on and off and ‘tamper’ with kidney equipment, in this case it was possible to build a simple transmitter that stopped the pacemaker entirely resulting in the death of the target.

Mysteriously Barnaby, the hacker that found this exploit, died before revealing his research; it is even more strange that there are no details about the circumstances of his death, although details were sent to the manufacturers to rectify the problem.