« The Last Of Us | Main | Dirty Bi-sexual Sex Video [OregonMuse] »

Hackaz: we in U ride'n medical stuff

Last night's ONT linked a story about some guys who got a Prius to break bad and do all sorts of unexpected nasty stuff by farkling it up through the (mandated by the govt BTW) onboard diagnostic port.

Industry apologists will whine that they had to do it with a hardwired connection to a laptop to make the bad things happen, yada, yada, yada.

That's fine, but the OBD ports are typically tucked away out of sight in most cars, so slipping something like an Arduino processor in there tucked up under the dash to do the damage at some prescribed time when a specific set of conditions are met isn't out of the realm of possibility.

The real problem is that the OBD micro-controller firmware even allows an external device to initiate dangerous vehicle actions (like applying brakes, farkling steering, etc) when the vehicle in motion.

The lesson of the past 20 years regarding tech and hacking is this: if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.

---

Oh my -- more vehicle hacking fun. Some boffin has cracked the remote control keyfob encryption used in a slew of higher end luxury cars.

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.

Problem averted, world saved by the judge, right? Well, maybe not so much...

It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

The industry position seems to be one of stonewall and denial that they have a problem that needs fixing. If owners were aware of this issue, they'd rightly be demanding recalls and retrofits of a more secure system. Since in reality the cat has been out of the bag for 3+ years now, denial may not be the best course of action because: (eastern European hackerz + organized crime = profits). Again:

if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.

---

In years past, the FDA was kind of in the dark about security vulnerability evaluation of various life critical medical devices, but they appear to be getting on board now that various hackers have exposed numerous vulnerabilities in medical gear out in the field. Having FDA behind a problem seems to help cut through a lot of manufacturer stonewalling and denial.

...Last year, Barnaby Jack, a security researcher with IOActive, showed he could force some Medtronic pumps to dispense fatal insulin doses from up to 300 feet away. He also has a Black Hat talk planned this year on a new vulnerability in wireless pacemakers and defibrillators. Jack said he notified the FDA in both cases.

"It's been primarily positive," he said. "They don't have the expertise on board to be able to make a thorough check, but they're certainly open to hearing about vulnerabilities. They certainly open the right doors for us."...

Barnaby was scheduled to give a talk at this years Blackhat Hacker conference in Las Vegas about vulnerabilities in medical devices, but died suddenly a couple of days ago. He was 35yo. BTW, the NSA's Gen Alexander will be giving the keynote at Blackhat on July 31. I see this as a pretty positive thing.

If you want to be paranoid for the rest of the day, peruse the list of speakers and topics for Blackhat. Here's a small sampling:

• We will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.


• The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature [I sidebar'd this one a few days ago]


• The Bad: Bluetooth Smart's key exchange is weak. We will perform a live demonstration of sniffing and recovering encryption keys using open source tools we developed. The Ugly: A passive eavesdropper can decrypt all communications with a sniffed encryption key using our tools


• earn how to build an Android SpyPhone service that can be injected into any application. The presentation will feature a live demonstration of how phones can be tracked and operated from a Web based command and control server and a demonstration of how to inject the SpyPhone service into any Android application.