Full details have now been released of just how the Jeep hack I mentioned here was carried out, and there’s a video (long, but worth it if you’re interested):
There’s two things to draw from this- that the researchers are very clever, and that the people that designed Uconnect are either naive, stupid, or foolhardy. That sort of thing is fine if you’re experimenting with code, less so if you’re developing code that can be exploited in a fast-moving 2-tonne chunk of metal. Since the video is long, I’ll pick on a few key points.
1) The “random” passphrase for the inbuilt wifi hotspot is fairly predictable.
2) Port 6667 (DBUS) was left exposed to the internet on the 3G connection, and the system calls availble there were exploitable.
3) Services were running as a superuser, so they didn’t have to work out privilege escalation.
4) Firmware updates have no signing to check validity.
5) The radio had a connection to the “drive” CANbus.
added together, that’s pretty scary.
Time to review InternetofShit.
In the PC world (and in that, I’m including Mac and Linux), the devices you have may have a life of 10 years, and in that time, these days, they will be regularly patched, so silly vulnerabilities get fixed. Also, generally speaking, things controlling dangerous machinery aren’t always connected to the Internet (though that is becoming less true as time goes on). A car will have a longer life, and probably be rarely patched, especially by the time it has it’s second or third owner, who is unlikely to take it to a franchised dealer. How about a fridge? Mine is 20 years old now, and had it been possible to buy an Internet-connected fridge then, do you think the manufacturer would be supplying firmware?
Just because you can connect something to the Internet, it doesn’t mean you should.