Mini Cooper Forum banner
1 - 16 of 16 Posts

·
Registered
Joined
·
4,868 Posts
Discussion Starter · #1 ·
I posted it here since Mini/BMW got the HK System. Hope you all do not mind.

The National Highway Traffic Safety Administration has launched an inquiry into the supplier of Fiat Chrysler’s hacked radio systems.
By Jessica Mendoza, Staff writer AUGUST 2, 2015

Fiat Chrysler may not be the only car company with cybersecurity problems.

In a memo posted on its website last week, the National Highway Traffic Safety Administration (NHTSA) – the United States’ top auto safety regulator – said an estimated 2.8 million car audio systems supplied by manufacturer Harman International Industries, Inc. could be vulnerable to the same kind of hacking that led Fiat Chrysler Automobiles to recall a record 1.4 million vehicles on July 24.

The memo is the latest sign that the NHTSA has increased its efforts at cracking down on auto companies, as the agency faces both calls from Congress to be more aggressive in catching car defects and concern from the public that the growing number of Internet-connected cars on the road lack basic security measures.

Recommended: How much do you know about cybersecurity? Take our quiz.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Charlie Miller, formerly with the National Security Agency and now with Twitter, told Reuters.


Mr. Miller is one of two hackers who, in a July 21 report for Wired magazine, demonstrated that a Jeep Cherokee could be wirelessly controlled through its radio system. The report led to the Fiat Chrysler recall and drew renewed attention to cybersecurity in the auto industry.

“This is the shot across the bow. Everybody's been saying ‘cybersecurity.’ Now you’ve got to step up,” NHTSA administrator Mark Rosekind told Reuters. “You’ve got to see the entire industry proactively dealing with these things.”

The inquiry into Harman Kardon – which provides sound systems for Mercedes-Benz, BMW, Subaru, and Volvo as well as Fiat Chrysler – opened on July 29 with the goal of determining whether radio systems that the company provided other automakers are open to the same kind of third-party control found in Chrysler’s Uconnect units, according to the memo.

“If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products,” the memo reads.

The evolving relationship between automobiles and technology has the potential to be life-saving, NHTSA officials have said. But as cars increasingly rely on computers, the risk of data breaches rises as well, CNN Money reports.

Some car companies have taken steps to safeguard their own systems, The Christian Science Monitor reported in July.

Ford and Toyota have built protective firewalls built into their hardware and hired teams of hackers to hunt for weak spots. Toyota has also installed chips in cars’ computers to narrow communication and bolster safety.

Tesla has a 'responsible disclosure' program that gives hackers incentives to disclose their findings with the company.
The government is addressing the issue as well. Massachusetts Sen. Edward Markey (D) and Connecticut Sen. Richard Blumenthal last month introduced a bill that would direct the NHTSA and the Federal Trade Commission to establish federal standards around car security and driver privacy.

“Drivers shouldn’t have to choose between being connected and being protected,” Sen. Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”
 

·
Registered
Joined
·
2,082 Posts
I don't mind:) I didn't spec the HK system:crying:
Sorry guys!
I have the HK but "just" the radio! No MINI Connected! Just crazy...what is this world coming to? Some people (i.e hackers) have too much time on their hands...try getting a JOB!
 

·
Registered
Joined
·
495 Posts
I have the HK but "just" the radio! No MINI Connected! Just crazy...what is this world coming to? Some people (i.e hackers) have too much time on their hands...try getting a JOB!
Totally in agreement.
Very scary, everything is vulnerable.
What is safe out there these days ?
 

·
Registered
Joined
·
235 Posts
Its nothing to do with HK systems in BMW/MINI, the issues that Chrysler are having are due to HK developing there entire Media system and it also has internet connections built in, this is what is been hacked. The equivalent in MINI's in Connected and you do not need HK to have it.
 

·
Registered
Joined
·
43 Posts
The security researchers didn't release the actual magic bit that they found to make their near-complete control possible. The threat depends on the equipment present. I don't know the Mini's hardware enough to really say for sure, but I can enumerate what someone might need if they wanted to turn a car into a remote control vehicle:

* Internet-connected infotainment system: A handy point of entry. And... the password almost never changes.
-- Can it talk to the car's ECU? The car's CAN network? Any other intra-vehicle networks?
-- Does the intra-vehicle network (CAN, etc.) have any access to drive-by-wire components?
-- Insecure "bluetooth data"? -- these are particularly bad because usually the end user CAN'T change the password even if they want to... and even if they could or did, it's not hard for a nearby hostile to guess or crack via brute force (we've all done it with bicycle combination locks as a kid... tick through 9999 and somewhere in the middle *click* open it comes - how fast can a computer count to 10,000?). Does this entry point have any access to the car's network?
* Are there Drive-by-wire components on the car's network? Are they potentially accessible to the internet-connected system if a few software changes were introduced?
-- Throttle
-- Steering
-- Braking
-- ECU

In an ideal "safe" design, the internet-connected portion would at worst have read-only access: Meaning all desirable data is written to an intermediary device that the infotainment center reads from - and in the event of hostile software worst case writes to a device that's never read by operationally critical systems, so worst case scenario someone replaces your map with p0rn.

Hopefully all this is mostly doomsday scenario that will never come to pass. It is better to be prepared though, even if that armament is just knowing what is possible under the right conditions.
 

·
Registered
Joined
·
4,868 Posts
Discussion Starter · #10 ·
August 5 2015 at 10:23am
By Reuters Comment on this story
IOL mot pic aug5 Harman Jeep 1
.
Two cybersecurity researchers recently hacked into the Uconnect system of a Jeep Cherokee being driven on the highway.
Stamford, Connecticut - Harman, which supplies car infotainment systems to Fiat Chrysler as well as many other manufacturers including BMW, Daimler and Volvo, says the hacking risk that led to the recall of 1.4 million Chryslers in July seems to be restricted to that automaker.

Harman Chief Executive Dinesh Paliwal said on Tuesday: “We do not believe this problem exists in any other car outside of Fiat Chrysler.”

Harman Kardon-branded infotainment products are part of Fiat Chrysler's Uconnect internet telematics system, a collection of driver aids and entertainment services.

HIGHWAY HACK

Two veteran cybersecurity researchers recently used a software vulnerability in Uconnect to break into a Jeep Cherokee being driven on the highway, intensifying the debate about the safety of increasingly connected cars and trucks.

Fiat Chrysler, working with Harman, has issued a software update for the recalled vehicles and has provided customers with additional software to improve security.

Uconnect also uses software and network connectivity provided by other companies.

“Our system was safe and secure,” Paliwal said, adding that the issue apparently started due to a “hole” or port opening in a network. “Once you leave the door of the house open, somebody will walk in and they can do whatever they want,” he said.

Fiat Chrysler declined to comment.

Reuters
 

·
Registered
Joined
·
508 Posts
It seems cruel that they used a 4x4/SUV (Jeep) to demonstrate this 'vulnerability' - vehicles bought as a 'security blanket' for the insecure. Though maybe in the US a Cherokee is actually a little grocery getter and the insecure are in 1 ton trucks.

Why can't they print a useful article, like: "How to make a tinfoil hat for your car"?
 

·
Registered
Joined
·
43 Posts
Well, it's Black Hat and DEFCON week, and new security-related news is rolling in. Apparently Tesla is the latest to find some new holes. The good news is this one required physical access, and Tesla worked quickly with the security research team to fix the troubles they found:

http://www.bbc.com/news/technology-33802344
 

·
Registered
Joined
·
508 Posts
Clearly the whole thing is a product of the 'silly season' (summer season with shortage of media news items).

I mean, an axe-murderer can pick your house door lock in the night, get in and murder you with his axe. But, like having your car hacked, it isn't a likely-enough event for anyone to worry about - well, unless you've just read this post and are of a nervous disposition.......
 

·
Super Moderator
Joined
·
8,831 Posts
I think every mini has a Harmon kardon system it's just named as such in the top of the range option you'll find. And not named other than on circuits etc in the cheaper systems. Theyll be far.more.excited about hacking aircraft! Or driverless vehicles!!!! Or.....
 
1 - 16 of 16 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top