[jkaushik]

Everything is online now, our bank account and every other details but the point is these huge financial corporations and institutions have laws, guidelines and also the financial strength to safeguard their systems. Huge chunks of money are being used to keep our banks safe from cyber attack.
But are the auto companies capable enough, at least now, to invest in strengthening and safeguarding the security of their connected systems used in cars against cyber attacks.

[DigitalOne]

Are connected cars are vulnerable to cyberattacks? Yes, obviously any system connected to a wider internet is vulnerable.

Do we need to sleep over it? I think no. Cyberattacks on cars does not open up a new line of causing harm. And here's why I think so -

If the attacker is a run-of-the-mill terrorist, there are existing methods to kill masses (as we have unfortunately seen in Mumbai, Paris, New Zealand, or Nice in recent years).

For a targeted assassination (example, attacking specific cars of a World leaders), security forces are more than capable to thwart any cyber attacks.

For a nation to attack another nation, there are better targets (for e.g. Electricity grid) that can cause greater economic damage. Somebody mentioned Stuxnet in this context.

[DudeWithaFiat]

Quote:

Originally Posted by DigitalOne

there are better targets

Chasing the little mice inside my skull, this is a good reason why cyber-security of cars are important - because everyone's attention is somewhere else.

I had mentioned Stuxnet only as an example to how even nations are vulnerable. I didn't mean that someone is going to use 'car attacks' to attack a nation.

No one can predict what is going to happen in the future. Once cannot definitely say connected cars are a target or not a target - only time can say.

P.S:- How much panic an attack can induce is also a factor in deciding what kind of attack is to be performed. Imagine the panic when connected cars acts by its own and cause wreck vs a shootout. What is going to panic the public more? Until something happens, it is always a fantasy to most of us. Had anyone ever thought of terrorists hijacking a plane and flying into the Twin Towers or any building for that matter?

[Mortis]

Thank god we don't have flying cars yet !! Imagine thousands of cars crashing to earth in the span of a few minutes !! I think it makes most sense to have the connected part of the car on one separate loop which won't cause any problems if hacked and your functional bits on a separate loop so that the car functions remain operational and manually controlled at all times

[RM Motorsports]

How much data is collected by your car ???

Cars have become the most sophisticated computers many of us own, filled with hundreds of sensors. Even older models know an awful lot about you. Many copy over personal data as soon as you plug in a smartphone.

Washington Post Hacked into a Chevy Volt to Show How Much Cars Are Spying on Their Owners.

https://www.washingtonpost.com/techn...hevy-find-out/

https://www.youtube.com/watch?v=2gR6...ature=emb_logo

[Aditya]

Thanks to Kapil Dasgupta for sending this information in. Heartfelt gratitude for sharing it with other enthusiasts via this Team-BHP page!

Quote:

Hi, I'm a Team BHP fan and found this interesting article about today's "connected car" technology and how it has so many serious security flaws:
https://www.which.co.uk/news/2020/04...lkswagen-polo/

As I didn't find anything about it on Team BHP, I thought I would share it with you guys.

[sridharj77]

I was reading about the remote car hacks (by spy agencies, research hackers and others).

Some links for your reading pleasures below:

https://en.wikipedia.org/wiki/Michae...eged_foul_play

https://www.wired.com/2015/07/hacker...-jeep-highway/

https://www.ic3.gov/media/2016/160317.aspx (FBI Link)

Also, electronic vehicles are susceptible to EMP attacks (although 90% did start backup, but just playing out a doomsday scenario for fun).

This got me thinking about which vehicles can survive such remote car hacks/EMP attacks etc and the answer seemed to be completely mechanical systems that have electrical power but no on-board electronics.There are many such vehicles in the US - older trucks, vintage yet roadworthy cars and many bikes. (https://www.askaprepper.com/vehicles-emp-survival/ for EMP attacks which may also be impossible to remote car hacks, as there are no on-board computers).

What cars in India are roadworthy, reliable, comfortable (to some extent) but also difficult to be hacked? The original M800, Ambassador, Tata Sumo (?), 1st gen Esteem are likely contenders, but I am not sure if they use any electronics for Fuel etc.

Keen to know your thoughts!

[Mods - please move this thread if this is not the right forum]

[Behemoth]

In the current scenario there would be very few new cars that would qualify this criteria as all cars now have a fuel injection system which would need electronics. Electronics are the first thing to get fried when an EMP hits.
Basically if a car were to be EMP proof, in my opinion the following things would be reuqired:
1) A battery disconnect system so that the electrical battery circuit is disconnected in normal use from the starter motor. If the circuit is kept connected the circuits would be more prone to failure
2) The fueling system needs to be entirely mechanical with no electronic components. So basically something like a low pressure mechanical fuel pump based diesel engine (like what you see in old hand crank generators!)
3) Starter motor and alternator are two high risk items and prone to failure due to coils and induction in them due to emp. They can be protected from emp by isolating them in a Faraday cage and also disconnecting them from circuits. But still it depends on the class of EMP eg if it is an M class solar flare if may survive but it will not survive an X class flare. If Earth were to experience another flare like the Carrington event of 1859, I doubt any of today's electronics would survive! It is actually not a question of "if" it is a question of "when".

So basically what you are looking at is a custom built old jeep - Thar / Bolero (at least 10 years old) with some modifications to make it more emp proof.
Ironically if such an emp/ solar flare does hit, the only vehicles we may still see running on the roads may be the Jugaad generator vehicles we see running on the roads of UP which are made from old diesel gensets!

[DicKy]

Really don't know about the mechanical side of things, but I reckon an old school diesel with mechanical fuel pump will be the best bet followed by a carbureted petrol.

Also don't know about spark plug side of petrol engines vulnerability to EMP attacks.

So guess it would have to be any of the old cars.
Ambassadors/Padminis
Old Mahindra Jeeps, including closed bodied Armada/Bolero, old Scorpios if it had mechanical fuel pumps, Tata Sierra/Sumo/Estate/Safari
Old Marutis before the 2000 MPFI switch

Qualis/ Tavera if they have mechanical fuel pumps instead of electric.

Ofcourse CVs won't be affected much, even recent ones.
Though most studies say cars will survive EMP attacks and stuff like starter motors, spark plugs, electric fuel pumps won't be affected much.

And regarding long term fuel storage ability, old school diesels may have the upper hand for their non fussy dietary preference.


Again, let us be real. We are not in the Americas or Australia or even Africa/West Asia/ Siberia.
It is India. Fuel will be rationed or fought over, and you won't even have space in the roads left to use your vehicle.
People will most likely spill onto the streets.

[Vians]

I was wondering if we have anyone with connected car experience to help consult and build a secure and robust system. I have the backing of a large global platform and would love to hear from a practitioner who has been working on it. IoT from tires has helped me save time and money and the use cases are endless. Please send me a DM if you can help.

[whitewing]

Now, this : BitSight Discovers Critical Vulnerabilities in Widely Used Vehicle GPS Tracker

Quote:

BitSight announced today the discovery of six severe vulnerabilities in the MiCODUS MV720 GPS Tracker, a popular vehicle GPS tracker made in China and used worldwide by consumers for theft protection and location management, and by organizations for vehicle fleet management. If exploited in an attack, threat actors could not only access and control the tracker – they could potentially cut off fuel, physically stop vehicles, or surveil movement of vehicles in which the device is installed. MiCODUS is a Shenzhen, China-based manufacturer and supplier of automotive electronics and accessories which has 1.5 million GPS tracking devices in use today across 420,000 customers, including government, military, law enforcement agencies, and Fortune 1000 companies. The MiCODUS MV720 is a hardwired GPS tracker that offers anti-theft, fuel cut off, remote control and geofencing capabilities.

Quote:

Some of the more severe attack scenarios at risk upon the potential exploitation of these vulnerabilities, which earned as high as a 9.8 CVSS score, include:

• Remotely cutting off the fuel line of a vehicle that is in motion;
• Gaining access to vehicle location information, user routes, geofences and real-time location tracking for surveillance purposes; and
• Monitoring and controlling all communications to and from the GPS tracker, including intentionally issuing incorrect vehicle location information to the GPS server.