Intermarkets' Privacy Policy
Support


Donate to Ace of Spades HQ!


Contact
Ace:
aceofspadeshq at gee mail.com
Buck:
buck.throckmorton at protonmail.com
CBD:
cbd at cutjibnewsletter.com
joe mannix:
mannix2024 at proton.me
MisHum:
petmorons at gee mail.com
J.J. Sefton:
sefton at cutjibnewsletter.com


Recent Entries
Absent Friends
Bandersnatch 2024
GnuBreed 2024
Captain Hate 2023
moon_over_vermont 2023
westminsterdogshow 2023
Ann Wilson(Empire1) 2022
Dave In Texas 2022
Jesse in D.C. 2022
OregonMuse 2022
redc1c4 2021
Tami 2021
Chavez the Hugo 2020
Ibguy 2020
Rickl 2019
Joffen 2014
AoSHQ Writers Group
A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published. Contact OrangeEnt for info:
maildrop62 at proton dot me
Cutting The Cord And Email Security
Moron Meet-Ups






















« The Last Of Us | Main | Dirty Bi-sexual Sex Video [OregonMuse] »
July 27, 2013

Hackaz: we in U ride'n medical stuff

Last night's ONT linked a story about some guys who got a Prius to break bad and do all sorts of unexpected nasty stuff by farkling it up through the (mandated by the govt BTW) onboard diagnostic port.

Industry apologists will whine that they had to do it with a hardwired connection to a laptop to make the bad things happen, yada, yada, yada.

That's fine, but the OBD ports are typically tucked away out of sight in most cars, so slipping something like an Arduino processor in there tucked up under the dash to do the damage at some prescribed time when a specific set of conditions are met isn't out of the realm of possibility.

The real problem is that the OBD micro-controller firmware even allows an external device to initiate dangerous vehicle actions (like applying brakes, farkling steering, etc) when the vehicle in motion.

The lesson of the past 20 years regarding tech and hacking is this: if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.



Oh my -- more vehicle hacking fun. Some boffin has cracked the remote control keyfob encryption used in a slew of higher end luxury cars.

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.
Problem averted, world saved by the judge, right? Well, maybe not so much...
It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.
The industry position seems to be one of stonewall and denial that they have a problem that needs fixing. If owners were aware of this issue, they'd rightly be demanding recalls and retrofits of a more secure system. Since in reality the cat has been out of the bag for 3+ years now, denial may not be the best course of action because: (eastern European hackerz + organized crime = profits). Again:
if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.


In years past, the FDA was kind of in the dark about security vulnerability evaluation of various life critical medical devices, but they appear to be getting on board now that various hackers have exposed numerous vulnerabilities in medical gear out in the field. Having FDA behind a problem seems to help cut through a lot of manufacturer stonewalling and denial.
...Last year, Barnaby Jack, a security researcher with IOActive, showed he could force some Medtronic pumps to dispense fatal insulin doses from up to 300 feet away. He also has a Black Hat talk planned this year on a new vulnerability in wireless pacemakers and defibrillators. Jack said he notified the FDA in both cases.

"It's been primarily positive," he said. "They don't have the expertise on board to be able to make a thorough check, but they're certainly open to hearing about vulnerabilities. They certainly open the right doors for us."...

Barnaby was scheduled to give a talk at this years Blackhat Hacker conference in Las Vegas about vulnerabilities in medical devices, but died suddenly a couple of days ago. He was 35yo. BTW, the NSA's Gen Alexander will be giving the keynote at Blackhat on July 31. I see this as a pretty positive thing.

If you want to be paranoid for the rest of the day, peruse the list of speakers and topics for Blackhat. Here's a small sampling:


  • We will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.

  • The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature [I sidebar'd this one a few days ago]

  • The Bad: Bluetooth Smart's key exchange is weak. We will perform a live demonstration of sniffing and recovering encryption keys using open source tools we developed. The Ugly: A passive eavesdropper can decrypt all communications with a sniffed encryption key using our tools

  • earn how to build an Android SpyPhone service that can be injected into any application. The presentation will feature a live demonstration of how phones can be tracked and operated from a Web based command and control server and a demonstration of how to inject the SpyPhone service into any Android application.

digg this
posted by Purp at 01:12 PM

| Access Comments




Recent Comments
Ace-Endorsed Author A.H. Lloyd: "Sydney Sweeney apparently loves getting her hands ..."

publius, Rascally Mr. Miley (w6EFb): ">> I read that she was an accomplished jazz singer ..."

Beartooth: "Merry Christmas Horde! We've been slow in getti ..."

Puddleglum, cheer up for the worst is yet to come: "304 Deidre Hall was a nurse on Emergency! before s ..."

Miklos, addressing his other brother Miklos: "Sit down No, get me a beer first ..."

Pug Mahon, I'll hang up and listen...: "Revocation on my play-list right now. Standard-iss ..."

Miklos, attempt no Maths here: "Unfortunately, I must disregard most Official Medi ..."

Miklos, attempt no Maths here: "Unfortunately, I must disregard most Official Medi ..."

publius, Rascally Mr. Miley (w6EFb): " Diedre Hall has an identical twin sister, Andr ..."

Alberta Oil Peon: "Hah . Smart writers. Posted by: Sebastian Melmoth ..."

davidt: "Lynda Carter in Battle of the Network Stars. ..."

Notsothoreau: "Part 2 Sadly however, as both the public and prof ..."

Recent Entries
Search


Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64