Infiniti Q50 Forum banner
1 - 20 of 30 Posts

·
Premium Member
Joined
·
157 Posts
Discussion Starter · #1 ·
Could Al Qaeda hack into your Infiniti Q50 and crash it? Fox "News" thinks so...

Fox "news" is a joke, they shouldn't be considered a "news" network, they're more like a source of entertainment.


 

·
Premium Member
Joined
·
1,569 Posts
Maybe that's what the software update is all about ;)

Terrible reporting. At least they ended it by saying the risk was low but it's worth making sure everything is secured in these systems, I do agree with that.

Ugh, I wish there was a better way to get these news outlets to desensationalize their reporting. There must be an article somewhere that they based this report on, it's rare they break actual news like this.
 

·
Registered
Joined
·
298 Posts
There was another guy who claimed he can crash an airplane using vulnerabilities in existing software. The thing is it's not realistic scenario in real life. Just theoretical possibility.
 

·
Premium Member
Joined
·
1,070 Posts
The bottom line is that the hacker needs *physical* access to your car's on board computers in order to start hacking and taking over your car. If someone has physical access, and given the technical knowledge and effort required, if someone is out to get you, it is just easier to just cut the car's break lines. Or go old school and plant a bomb underneath your car.

Just be nice to your car mechanic.
 

·
Premium Member
Joined
·
1,949 Posts
The bottom line is that the hacker needs *physical* access to your car's on board computers in order to start hacking and taking over your car. If someone has physical access, and given the technical knowledge and effort required, if someone is out to get you, it is just easier to just cut the car's break lines. Or go old school and plant a bomb underneath your car.

Just be nice to your car mechanic.
I suppose that is the case today...but I can remember the days that a hacker could only hack your home computer when he had physical access to your computer. Today, I'd imagine most hacking is done through the internet. So, perhaps cars getting hacked does become more of a possibility as cars become more internet-enabled. Long shot, yet, but possible down the road, no doubt...
 

·
Registered
Joined
·
51 Posts
This could be some kind of issue in the future, but right now it is just fear mongering. It must be hard for news anchors to take this stuff seriously on the air. It is also strange that they point out the Infiniti Q50 specially. They are basically like, "don't buy this car because terrorists can gain control of it." Also, I don't think there is much you can do to protect yourself from this happening to you, so we may as well not give too much thought to it.
 

·
Premium Member
Joined
·
1,692 Posts
This could be some kind of issue in the future, but right now it is just fear mongering. It must be hard for news anchors to take this stuff seriously on the air. It is also strange that they point out the Infiniti Q50 specially. They are basically like, "don't buy this car because terrorists can gain control of it." Also, I don't think there is much you can do to protect yourself from this happening to you, so we may as well not give too much thought to it.
It's especially strange considering all the other cars with these similar systems and even more internet connectivity. Why show the Q50 at all, an unreleased car with an onboard computer that needs your smartphone for any data access?
 

·
Premium Member
Joined
·
1,949 Posts
Not just Fox News talking about it...Here is an article from CNN from 2012 where they talk about the same thing, and even mention terrorism in the article.

Could hackers seize control of your car? - CNN.com

And here are articles from NBC, CBS, and Yahoo Newes talking about the hacking possibilities too.

Carjacking goes digital, 'white hat' hackers demonstrate  - NBC News.com
Closer Look: Newer Cars May Pose Hacking Risk « CBS San Francisco
Theft via text: Cars vulnerable to hack attacks - CBS News
The most deadly hacking target yet: Your car
 

·
Premium Member
Joined
·
1,949 Posts
It's especially strange considering all the other cars with these similar systems and even more internet connectivity. Why show the Q50 at all, an unreleased car with an onboard computer that needs your smartphone for any data access?
Actually, the Q50 has a SIM card with 3G access for InfinitiConnection.
 

·
Premium Member
Joined
·
1,070 Posts
I suppose that is the case today...but I can remember the days that a hacker could only hack your home computer when he had physical access to your computer. Today, I'd imagine most hacking is done through the internet. So, perhaps cars getting hacked does become more of a possibility as cars become more internet-enabled. Long shot, yet, but possible down the road, no doubt...
No, most hacking done today is by social engineering. Guessing password, getting the user to reveal the password, having them double-click on trojan installers disguised as Britney Spears nude pictures, etc. All these have a social engineering aspect that involve the computer user actively taking some kind of step that unlocks the security door for the hacker to enter. There are very few zero-day exploits out there.

Having said that, do the car makers need to design a better, more secure system? Yes!
 

·
Premium Member
Joined
·
1,692 Posts
No, most hacking done today is by social engineering. Guessing password, getting the user to reveal the password, having them double-click on trojan installers disguised as Britney Spears nude pictures, etc. All these have a social engineering aspect that involve the computer user actively taking some kind of step that unlocks the security door for the hacker to enter. There are very few zero-day exploits out there.

Having said that, do the car makers need to design a better, more secure system? Yes!
Just to derail this discussion a little...

Social engineering is usually a big part of any penetration test performed (with permission) against many businesses. One of the fun things I've seen testers do is called seeding. They create a bootable USB thumbdrive with a trojan on it (or CD's) and label them something mischievous like "financial data", "private", "mike's porn", you get the idea. You'd be shocked how many people will pick these up out of the lobby, parking lot, etc. and try them in their work computers. Once that's done, the tester gets access remotely to whatever the employee has access to.

Still, with cars, it usually requires a physical connection, and in the security world, rule #1 is that anything that someone gets physical access to is to be considered compromised by definition. That's why datacenters and other secure locations require admins to jump through so many hoops to get their hands on critical infrastructure.
 

·
Registered
Joined
·
183 Posts
Just to derail this discussion a little...

Social engineering is usually a big part of any penetration test performed (with permission) against many businesses. One of the fun things I've seen testers do is called seeding. They create a bootable USB thumbdrive with a trojan on it (or CD's) and label them something mischievous like "financial data", "private", "mike's porn", you get the idea. You'd be shocked how many people will pick these up out of the lobby, parking lot, etc. and try them in their work computers. Once that's done, the tester gets access remotely to whatever the employee has access to.

Still, with cars, it usually requires a physical connection, and in the security world, rule #1 is that anything that someone gets physical access to is to be considered compromised by definition. That's why datacenters and other secure locations require admins to jump through so many hoops to get their hands on critical infrastructure.
Interesting, interesting. The thought I always fall back to is that OnStar has the capability to immobilize your vehicle in the event of a theft or high speed chase. Already the technology exists to remotely control your vehicle, theoretically if they can immobilize it, it can be mobilized as well.
 
1 - 20 of 30 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top