Would prefer not to be assasinated by CIA or who ever has something against me. How old of a car do I have to buy, or what are the features I should avoid.
What kind of modern comforts can I get away with? I don't mind something old but would be nice to get something slightly newer.
Getting a manual seems like a no brainer, what else?
Anything you can disable in existing cars to prevent you from hacks?/
autoblog.com
Other urls found in this thread:
en.wikipedia.org
wired.com
wired.com
us-cert.gov
youtube.com
blog.kaspersky.com
illmatics.com
twitter.com
pre 2006?
Nothing with satellite or nav at the very least.
All of them, unless you actually believe in clickbait fake news. It's not possible for steering/brakes to be "hacked" remotely, it's on a private CAN bus on every car made. You need physical access to the car, in which case it doesn't matter how old it is, any car can be sabotaged easily.
>en.wikipedia.org
> In 2015 hackers remotely carjacked a Jeep from 10 miles away and drove it into a ditch.
Something tells me you are wrong. Of course people can sabotage your car in other ways.
Still there is nothing wrong about eliminating a potential attack vector, especially one that can be concealed. The wikileak points out the CIA was looking into ways of assinating people and making it look like an accident. It is also possible someone gets physical access to your car and sabotages it in ways that are harder to detect until the kill switch is hit.
At the very least you could be concerned that these electronics will malfunction without anything malicious happening.
remove infotainment/internet/wireless access
???
profit???
> In 2015 hackers remotely carjacked a Jeep from 10 miles away and drove it into a ditch.
Clickbait nonsense, they had physical access to the car beforehand. There is 0 possible way they could hone in on a certain car and hack it remotely.
>Still there is nothing wrong about eliminating a potential attack vector,
There is no potential, it's on a private CAN bus. It's the equivalent of someone using your internet connection to hack your analog watch.
>I don't understand it so I'm afraid of it!
If you want to be really safe, get a pre OBD2 car. but really anything that doesn't have ABS, Traction and/or Stability control and Cruise control should be safe. A manual transmission doesn't hurt either, you have 100% control of your vehicle.
Make sure the Accelerator pedal directly connects to the throttle body (have a friend look at the accelerator on the throttle body while you pump the gas while the car is off)
The Brakes pedal should be directly connected to the hydraulic system.
So pretty much anything Pre 2006 and non-luxury.
As cars become more 'connective' car security is going to become a huge issue.
New cars send out a lot of data, more than your manufactures let on. Whole new infrastructure in car cyber security will need to be built
As some one working in the industry, you're unfortunately incorrect.
This is some /x/ level retarded shit, like fucking hell m8s you don't actually believe the boogey man is going to """""hack""""" your car do you?
If the CIA wants you dead, your car being hacked is the least of your worries
No, it won't
OK, show me a wiring diagram on a modern vehicle that allows CAN input from a data connection into a private CAN circuit. Shouldn't be hard seeing as you work in the industry.
This would imply that I care if you believe me
I don't completely disagree with you, but you are shilling way too hard for the CIA.
I write software for a living and even if I'm not an expert in automotive electronics, I think it's fair to say that software is often exploitable. What is wrong with me being skeptical?
There is no believing, I already know that you don't have any idea how modern cars work from your post. Could you work as someone who installs floor mats at a factory? Sure, in that case you may work in the industry.
Stay away from anything made by GM. Your vehicle can be completely disabled remotely via OnStar. OnStar uses this when a vehicle has been reported stolen and they have been contacted by the police. They claim you can completely opt out of this "auto theft protection" service by giving them a call, but I'm sure the functionality of disabling the vehicle remotely still remains afterwards.
We have a good idea about the public's perception regarding modern cars, so your beliefs dont really surprise me
It's cute to see you try to work it out tho, I'm curious what you'll post next
Teslas can be force updated remotely, which can effect plenty of vulnerable systems, such as suspension and power delivery. I imagine steering and braking too.
You really are a boomer if you honestly believe that no production cars in 2017 have wireless vulnerabilities.
If you are apt in technology at all it wouldn't take much to take the time to learn about how CAN, LIN, and any other communication systems work in modern cars and see they aren't exploitable in the way you think they are.
>we
Does "we" represent the floor mat installers union? The public's perception (just like yours) regarding modern cars is they have absolutely 0 idea how they work so it must be magic. If you had even a rudimentary understanding you wouldn't be concerned about remote exploits. Better come up with another vague post suggesting you do actually have a clue though, don't deviate from your strategy (make sure to have absolutely nothing but the suggestion you are somehow involved in anything in the auto industry though).
i was going to write a post about how you dont know anything about computers but its a lot easier just to call you a stupid idiot
Everything in your post is wrong. Steering, brakes, and power delivery on Teslas are on private CAN just like on any other modern car.
Onstar can literally remotely activate brakes and shut off an engine. It's not hard for a 3rd party to take control of that system.
>Telsas were remotely updated to allow for a faster discharge rate
>Power delivery is separate
So say they take cobtrol of throttle and breaks. If you are in a manual car just put it in neutral and if you have a mechanical ebrake use that.
Sure, that's why GMs are constantly getting hacked, it's that easy.
>faster discharge rate
BMS firmware
>Power delivery
Private drivetrain CAN
Two completely different things. If you think reading about something for 30 seconds on the interent concerning something you have 0 understanding of is going to somehow prove me wrong on systems I work on 50 hours a week you are delusional, probably should stick with being awkward in the shower (JK)
Hey, uh, guys - consider the following:
If they are hacking your car to kill you, you have already fucked up. You will die. Maybe in a car accident, maybe in your sleep, or maybe in a random act of violence you will meet your end. Don't fuck up that bad. It won't matter what you drive or anything else if they want you dead.
They'll just run you down with a hacked semi or Prius.
If you're subject to hack-car-assassination you can't get near roads anymore.
That's like saying having control over the fuel system in a car means nothing without control of the injectors.
I bet you also think airplane mode makes your phone safe too huh?
>be normal, non fuck-up person
>CIA develops exploits to kill select people, but not you
>oh no the CIA had exploit information leaked again just like a few months ago
>a few months later your neighbor is mad you shoveled snow onto his lawn
>your brakes suddenly don't work when you're on the highway
Sure, but if the software of the car is exploitable, then theoretically some random person also hack and kill you without having to risk physical presence of committing the act of murder - except maybe attaining physical access to your car, but that may not always be a requirement.
What if there was an algorithm that scanned the NSA databases for your Veeky Forums posts and based on some keywords it could trigger the assasination car exploit. May seem farfetched but completely possible especially as the scope of technology expands.
have you heard of on star? I can't believe you're a mechanic. A number of cars have been proven to be capable of being jacked remotely. If a car has wireless connectivity and is input by wire than it's definitely possible for the world's most powerful spy agency to have some grasp on it
That doesn't sound far fetched at all.
Speech is the one thing to worry about.
If you're on record expression unfavorable opinions the powers that be can remove you.
There are many men sitting in jail right now on falsified digital evidence.
But the courts will never catch up.
To add to this guy's post here's an image of that Jeep's CAN network. The original image was around half the resolution so I blew it up in photoshop and pressed the CSI enhance button so you could read the text a little better.
It's pretty clear the head unit is on the same CAN network as all the drivetrain, steering, and braking control units.
If the government wants you dead, you will be dead. they fucking killed Bin Laden and his whole family 5,000 miles away in a fortress , I think they would have no problem killing some fat Veeky Forums autistic living in his parents basement if they wanted. Regardless if they hack a car or just shoot you with a sniper from a football field away.
Crashing your car...with no survivors!
>it's a heartbreaker's talking about shit he doesn't understand thread
Basically you want a mechanical car, but then they'll just kill you Princess Diana style.
When I was in college, one of my classmates told another one to hit the locks on his keyfob.
He had his cellphone out while the guy locked his truck. Then the classmate with the phone turned on the guy's truck and unlocked his doors via his phone.
Kinda made me not want any sort of newer vehicle.
Stop making these threads. We have gone over this multiple times now. The conclusion was that a NA Miata is the perfect fit. Either that, or some older carbureted vehicle
I think you mean it's a
>people who read a 30 second clickbait article on something they don't understand now know more than someone who spends all day every day doing electrical diag on modern cars
Let's keep it going, I clearly need more education from wikipedia snippets to get up to snuff.
This stupid fucking moron right here COMPLETELY BTFO
(or he could be a literal government shill, who knows nowadays)
1987 mercedes benz turbo diesel.
It's all mechanical, very reliable, gets decent gas mileage, and if you're crazy like the Finns, you can mod them out to over 600 horsepower.
What is that chart supposed to indicate? It shows separate CAN circuits. Even if they were connected by CAN that doesn't make a module able to receive whatever input you want, or even able to receive new firmware. What people are suggesting in this thread is possible is the equivalent of saying the government can hack your internet connection and use it to install malware on your microwave. Just because they are connected to the same 110v circuit in your house doesn't mean you can transmit info across it, and just because a microwave has a circuit board doesn't mean you can flash new firmware onto it. If anyone in this thread bothered to read for an hour or so about CAN bus systems they would realize how ridiculously stupid some of the stuff being said in this thread and in clickbait articles is, but we both know that won't happened, so continue posting nonsense.
> yfw when the resistance will all be driving cars from the 80s
my back window rolls down lol xd
Getting a car without electric power steering, electric power brakes, abs, and drive by wire would do it. An automatic transmission is fine as long as it's not controlled by some computer. Any pre 2000s car should be good, but after the 2000s drive by wire and other electronic vehicle controls started coming in.
jesus christ just get a bicycle
Simple: dont buy tesla
>drive a shitbox turd gen already
I'm ahead of the curve, feels good
wired.com
No, it's possible now. They did it previously on a Prius or something but they were in the backseat and were plugged into the car. Now with connected head units, they are doing it remotely.
The story is nonsense and I've already addressed it in this thread.
>being this retarded
>wanting to drive a car with wireless connections
Refute it with something other than your uninformed opinion
There's 0 evidence of any hacking, only controlling the car remotely. You could do this to any OBD2 car with access to the can breakout. You would have to spend a lot of time reverse engineering all the CAN signals since they aren't universal for things like driver assist. "Hacking" a car like that is pointless, you need physical access to the car and it's incredibly time consuming, you could do way worse and leave no evidence by using a wrench. There is no possible way they could pick a random car, push firmware into it without being detected through the infotainment system, and take control of it without leaving any evidence. None of this is an opinion, this is fact. If you know better then give a step by step on how someone would actually pull off a remote hack. I can think of at least 10 things that make it next to impossible before reaching the actual impossible step of pushing firmware remotely onto a module that isn't connected to the one you have access to.
Yeah I'm sure your OBD2 scanner would throw codes for vulnerabilities.
>Implying you need to push firmware to take control of vehicles.
>Implying that a backdoor doesn't already exist.
>There is no possible way they could pick a random car
Who ever said the car needed to be picked randomly?
>push firmware into it
Who said pushing firmware was necessary to take control of the system?
>without being detected
Who said it needed to be undetected? It sounds like you're just carefully narrowing the fact pattern to meet some arbitrary requirements that you created in your own mind in order to convince yourself you're still right. None of the "obstacles" you mentioned have anything to do with preventing someone from taking over a car and killing the driver.
Cars with adaptive cruise control and whatnot do throw codes when CAN is being injected from an outside source, which is only possible in the first place after handshaking with the manufacturers scan tool/computer to ensure it's coming from the right source at the right time. So in a way, your attempted sarcastic remark is 100% correct.
It would be impossible to hide, there is no grand conspiracy because thousands of engineers would have to keep it a secret
Ask yourselves this, as there are multiple people in the thread that seem to think this is the case, do you REALLY think you somehow figured something out that huge companies that spend tens of thousands of man hours figuring this stuff out don't already know, by reading a Wired article and half of a wikipedia page?
Stop fucking replying to Fuckbreaker. That LARPing faggot got kicked out of /k/ for a reason.
Mr Davis pls go
>It would be impossible to hide, there is no grand conspiracy because thousands of engineers would have to keep it a secret
t. Someone who has literally never worked on software
Did you even read the articles? It was an exploit in Uconnect that allowed access to the CAN network through the head unit that would let them send standard commands that the car already used as part of it's control systems. They did not need to install new firmware on any of the various subsystem control units because the only part of the car that was actually compromised was the head unit.
I don't know why you're even arguing this when FCA sent out a recall for the vulnerability.
us-cert.gov
>Who ever said the car needed to be picked randomly?
I should clarify, let's say they decide to "hack" your Civic. How do they get the VIN? Once they get the VIN, how do they find the IP? Do they first hack the dealership records, then the auto manufacturer? It's like saying because someone sees you on the street and sees you have a Samsung phone, they can now access it. Even with the information the car is behind just as much or more security than any other connected device.
>Who said pushing firmware was necessary to take control of the system?
I did, because that's how their alleged "hack" would have to work, as something like a steering module would never be programmed to receive input from the infotainment, it would have to be reprogrammed (this is assuming it's for some reason on the same CAN bus, which it certainly isn't on any manufacturer that I know of)
>without being detected
That's the whole point of these clickbait fearmongering articles. If you need physical access and/or you leave a trace then why not just "hack" the car with a wrench and some dykes?
anything without bluetooth grs sat nav or data
The CIA doesn't give a shit about you. If you're posting here, it's a good inkling that nobody is out to get you.
Ducking paranoid idiots. Might as well just stay inside all day and board up your windows.
heartbreaker you are a know nothing retard
you have no idea what you are talking about
Lmao I love it when losers carry on about big brother coming to get them
No one gives a fuck about your insignificant lives
There will never be some dystopian future where you are the leader of the rebellion or whatever just because you are a self proclaimed red pilled genius... seriously just wake the fuck up and realize that your life is worthless and even if it werent it's easier for the big bad evil guys to let you die from shoving your face full of hot pockets than spend a million dollars on a drone strikes...
Most importantly you just come off as a tin foil hat psychopath and an instant turn off for any potential friend or fuck
>thinks he knows more about hacking than government funded teams of CIA/NSA hackers
top kek
not everyone is a nobody like yourself :^)
fun facts:
the NSA/CIA only allows encryption methods it has broken to be marketed to the public
also every CPU after, like, the celeron series has a separate processor embedded in it with access to everything on your PC at the hardware level
With these facts, why do people like
think that the government doesn't already have a backdoor to every recent vehicle, or better yet, some kind of wide open hardware component they have access to?
It's going to be fun when self driving cars rule the roads so occupants have more time to watch advertisements.
>Asking why a tripfag is a retard
user...
I don't need to read the article, even what you said in your post has two things at odds with each other. Chrysler's "fix" was a firmware update. How would that prevent someone from accessing the car remotely? Those are two completely separate issues. The story of the supposed hackers doesn't add up. Since everyone in this thread including this guy
clearly knows more than me after reading over TWO internet articles on non technical sites, why don't you tell me how a hack would be carried out on a modern car, let's just take a 2016 Mercedes C class. We'll give you a massive headstart and just say all modules in the car can be reprogrammed and are all connected in one giant CAN circuit (of course this isn't the case but since it prevents modern cars from being hacked we'll have to throw you a bone). Without physical access to the car
-how do you get the VIN
-how do you get the IP
-how do you construct a remote firmware package that leaves everything working, unnoticed to the driver
-how do you deploy it
-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)
Are you really questioning governments (or anyone with an internet connection for that matter) ability to find out someones VIN and IP?
read a book
Please stop.
>how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)
two guys gimped together an app on a 3g cellphone that tells you what every running Jeep something or other from MY 15-mid 16 is doing, where its headed, and how fast its going.
this is from the efforts of TWO guys.
Do you really think the NSA can't figure out how to get into nanna's 2016 camry and turn off the power steering?
That's one step (the easiest one by far), yet you can't even tell me how it's done, because you have 0 idea.
If you can spell out each step in my post I will never post again
>Do you really think the NSA can't figure out how to get into nanna's 2016 camry and turn off the power steering?
If it's on a private CAN, yes, it doesn't matter how much access to the car you have if the system is not physically connected or unable to receive info from the one you have access to, just like my microwave example earlier.
>-how do you get the VIN
>-how do you get the IP
>-how do you construct a remote firmware package that leaves everything working, unnoticed to the driver
>-how do you deploy it
>-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)
Be the Government and start the program ten years ago. That's fucking how. Every electronic device capable of receiving meaningful data entry has government-mandated backdoors built in. We just had a massive media outbreak when the actual documents pertaining to these specific systems in Intel processors, implemented on the hardware level, became public knowledge. Every keystroke you've ever struck is in the government's hands. Your phone is literally a 24/7 bug. Any camera or microphone that could possibly connect to the internet is giving the CIA a line in. They know everything you do, write, and say. The idea that they do not have this connection to your car, and this hardware cannot communicate with the drive control systems of a vehicle is fucking obnoxiously retarded. They are the Deep State. If they want that capability, and they do, they will have it.
The trick is that the CIA forces Toyota to give them the keys to said system in the first place.
>completely ignores he was disproven on multiple points by multiple anons, skips back to earlier post like a scratched record
ok, you win
>Chrysler's "fix" was a firmware update.
Chrysler's fix was an update to Uconnect to fix the exploit that allowed the hackers to gain control of the head unit. The CAN network still has the exact same vulnerability only now it requires them to be physically connected to the car which isn't really an issue.
>The story of the supposed hackers doesn't add up.
Yes I'm sure your dumbass knows more than FCA, the US government, and two guys that find and fix exactly these kinds of vulnerabilities for a living. This was all a big conspiracy to trick people into thinking their cars can be remotely hacked and FCA did a full recall and mailed out hundreds of thousands of USB drives as a multi-million dollar joke.
>That's one step (the easiest one by far), yet you can't even tell me how it's done, because you have 0 idea.
hahah you're so dumb it hurts. VIN's are stored on the dealers network.
Quite the tinfoil hat there, sounds like a lot of work just to monitor porn watching habits. You can't build a backdoor into a circuit that isn't connected to anything wireless, which is most of the safety related features on modern cars.
Which points? This thread is archived forever, if after months of research any user can actually come up with some reason I'm wrong about something instead of saying "your retarded" and linking a clickbait article I'd like to hear from them.
The fix was a response to a massive shock in buyer confidence caused by a successful clickbait article across many news sites. If what the story described is true then the problem could not have been fixed by a firmware update, it would only cause whoever wanted to "hack" it to go back to the drawing board decoding all the CAN signals, which is a massive pain in the ass to do. If the steering and brakes were able to receive input from the infotainment at any point then it's still a massive security problem that you won't see in any other car. After reading the article they say the actual remote exploit was a problem with Sprint, but it still doesn't explain how anyone would tie an IP with an exact VIN.
>t still doesn't explain how anyone would tie an IP with an exact VIN.
by correlating mac address with gps location
>Which points?
well, for starters:
-how do you get the VIN
-how do you get the IP
-how do you carry out this "attack" (how do you know where the vehicle is, who is driving it, etc. in real time)
keep in mind this is from a single post
>also
>but it still doesn't explain how anyone would tie an IP with an exact VIN.
the NSA can read completely encrypted PCs made after about 2007, what makes you think they can't access DMV and IP records?
jesus fucking christ
>If what the story described is true then the problem could not have been fixed by a firmware update
No you idiot, it was fixed by patching the vulnerability in the Uconnect software that allowed an attacker to gain control of the head unit in the first place. If they can't gain control of the head unit to send commands to the CAN network then this exploit no longer works. I don't get why you're having so much trouble understanding this or how you're so convinced you're correct when you clearly have no idea what you're talking about.
Some people here are playing too much Ubisoft's Watch Dogs 2.
Where did you get the mac address?
>the government has secret backdoors in everything!
If you truly believe this it sounds like there's no reason debating, as the reply from you is going to be "the government can do anything and kill you at any second." Even if you move to a unibomber shack they are just going to take over a plane and stage an accidental crash into it to prevent you from sharing any more of their secrets.
>If you truly believe this it sounds like there's no reason debating
if you don't think the NSA can access DMV records, find your car's IP, or look through the contents of your RAM while your pc is on, then you're clearly in the shallow end of things
*tips tinfoil hat*
>Where did you get the mac address?
from the vin
Are you actually fucking retarded? Do you not believe something can be recorded from your RAM?
> he doesn't know about Intel Management Engine
I have no trouble understanding, it's quite the opposite, since I actually know how wireless data in modern cars and it's communication with CAN works, unlike the writer, or you, there are massive gaps left out of how this supposed hack took place, all of which I've already pointed out. If you knew anything about how CAN works it would be quite easy for you to explain the initial problem and the fix. How would firmware on a module prevent someone from getting wireless access to it? It's two completely different issues.
Where was this, a secret database? The dealership wouldn't have it. The manufacturer could, but not necessarily, I don't see why they would need to keep track of it.
Hahahahahaha get a load of this goy! Keep believing Bin Laden wasn't a CIA employee and died of kidney failure in an American hospital
>Where was this, a secret database? The dealership wouldn't have it. The manufacturer could, but not necessarily, I don't see why they would need to keep track of it.
You really don't know much about technology do you. All devices that interact with a network have a mac address. Yes, the manufacture will have this.
any and all data that has traveled through any ISP globally in the last ten years ( or more) is logged in real time by the US government.
\
>I have no trouble understanding
Obviously you do.
blog.kaspersky.com
Here's the entire fucking play by play of how it was done.
Preferably something pre-2010 and that isn't GM-made. After 2010 there isn't much info about wether the ECU and its coadjuvant modules send any information outside via hidden means or if the communication is strictly in a 'intranet' scheme.
I say not GM because it's been proven that OnStar has been used in such a way with the consent of the justice, and because their cars have been in those kinds of shady accidents, including one with two councilman of a major city in Brazil; they were driving a Chevrolet Astra.
Sauce on the Huezil accident? I don't think the Astra was being produced after 2010 and, being an old model, I doubt it ever had OnStar.
Actually, this is the play by play
illmatics.com
Which, shockingly, confirms that
1. it's next to impossible to hone in on a certain car
>You need the IP address of the vehicle. You could just pick one at random or write a worm to hack them
all. If you knew the VIN or GPS, you could scan the IP ranges where vehicles are known to reside until
you found one with corresponding VIN or GPS. Due to the slow speed of devices on the Sprint network,
to make this practical, you’d probably need many devices to parallelize the scan, possibly up to a few
hundred.
2. You would need a lot of time, another example of the car you wanted to hack, $10k in diagnostic equipment, and hope the vehicle isn't updated in the meantime
3. The exploit was barely fixed at all by Chrysler, and the only meaningful prevention of the issue was done by Sprint. The problem was (and still is) the D bus chip being able to send data to the V850 chip which in turn could broadcast CAN messages.
Just like I said, they needed access to the car to do what they did. Even with MASSIVE security issues in that particular car it still isn't possible to hone in on one and remotely hack it. Better read than I expected though, aside from the "l33t" stuff. Check it out, maybe all you guys that learned about CAN bus for the first time in this thread will actually learn something.
The CAN had a direct connection the head unit. Hack the head unit and you have access to the CAN. Also, they fixed the exploit they used to gain access to the CAN. There are still a billion other ways to get access to the CAN that nobody has discovered, just the method those 2 guys used has been patched.
Why are you having such difficulty understanding that more and more cars are having their CAN tied to the head unit and safety systems that allow them to be hacked? This isn't 1998 anymore.