Vault seven Is Now Being Released — Some Info On Car Hacking And Stuxnet
I could speak at length about all the various aspects of what is included in Vault 7, such as how the CIA was using Samsung Clever TV’s to record conversations, record movie with webcams and send all your viewing habits to them. I am going to stick to something a little bit more out there with regards to what our government can do. I will concentrate on two aspects, hacking the car you drive and Stuxnet, our very first digital weapon so to speak.
Stuxnet, do you know what that is? You may have heard about it with regards to Iran’s nuclear program and what ultimately set them back years. Our CIA, along with Israel, designed the worm and had someone on the inwards to input the worm into a computer. Again, I’m going to attempt and be basic here so it is effortless to understand. It made the centrifuges speed up and slow down and proceed this while reporting that everything was operating within normal parameters. Iran’s scientists thought everything was running as it should. Instead, chaos was actually going on. Think of a car running 24/7 with someone behind the wheel in the car. They would jam on the gas pedal for about fifteen minutes and then take their foot off but before the speedometer reached 45MPH, they would jam their foot on it again. This would happen 24/7 until it would no longer work or be demolished beyond repair.
In the case of the nuclear centrifuges, they are large cylindrical tubes that spin at supersonic speeds, something like speeding up and slowing down can be detrimental to it. In my car analogy, just think of going seven hundred sixty eight mph. That is about the speed of supersonic travel. Think of what it would take to rev up the engine to this level and then let it drop to almost nothing and then rev it back up to this speed and proceed this over and over. Scary stuff, right? Holger Stark, of Spiegel Online reports that: “An Iranian IR-1 centrifuge normally spins at 1,064 hertz, or cycles per 2nd. When the rotors began going haywire, they enlargened their frequency to 1,410 hertz for fifteen minutes and then returned to their normal frequency. The virus took over control again twenty seven days later, but this time it slowed down the rotors to a frequency of a few hundred hertz for a utter fifty minutes. The resulting excessive centrifugal force caused the aluminum tubes to expand, enhancing the risk of parts coming into contact with one another and thereby demolishing the centrifuges.” He then reports that around 1,000 centrifuges were eventually demolished.
The Mossad, Israel's foreign intelligence agency, attacked the Iranian nuclear program with a very sophisticated…www.spiegel.de
Our CIA was working with Israel on this worm, just keep that as some food for thought here. Let me switch gears and talk about hacking a car. You might be thinking I am utter of it right now. One of the areas the CIA was looking into were vehicle systems and how to manipulate them. This takes on a entire fresh area of scary to think what our government could do. Would they use these things against our own people? We know legally, the CIA is not able to go after American citizens, but how do we know that hasn’t stopped them? What oversight is given to these intelligence agencies?
Who here has a car that is a two thousand eight or newer model? I have superb news for you, you have a car that can be hacked via your tire’s wireless sensors! When studies were done from the University of Washington and University of California San Diego, they found it was pretty effortless to hack into the main control center. There was very little security. Then, researchers from Rutgers University and the University of South Carolina tested the wireless sensors in your tires.
The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University…arstechnica.com
What the researchers found out were that you could control just about the entire vehicle. You could make the violates stop working, turn the car off, speed the car up, or just do annoying things like honk the horn and turn off the radio. You could do more but I think you get the gist of it. I would like to think more was done by now to secure vehicles but what happens if car manufacturers did not? You haven’t heard a lot from Ford, GM, etc, about what they plan to do to increase cyber security in their cars. At least with the tire sensors, there is a petite window to break in and you need to be fairly close. But what about cars that have a wifi router or OnStar? Most cars today have Bluetooth. Much larger range than the wireless tire sensors. It begs the question, how secure is your car? The actual response, no one indeed knows and that is the scary part.
Think of your car as a wireless router in your home. Anyone can see that router but unless you have disabled the password, there is some layers of security in place. That is a basic line of security. What happens when there is no password or software can lightly break whatever encryption your car’s computer has inwards it? When you go to your mechanic, he/she is able to just ass-plug right in and get all sorts of readouts on what is going on with your car. Is that how effortless it is to break into a vehicle remotely? I know I paint a bleak picture here but there hasn’t truly been a entire lot of coverage of vehicle hacking.
Let us look at OnStar. What do you know about it? Well, outside of what is available on their website, most likely not much. In terms of what power is given remotely, you should consider it a security risk. I’m not telling you need to be worried, but question the security that actually goes into these things. OnStar can pinpoint your exact location and they can even turn off your car if your vehicle is stolen. With the phone app, you can lock and unlock your car, flash the lights and begin your car. What happens if someone cracks into the OnStar network and manages to get administrative level access to their systems? I’d like to think they are secure but what if it turns out to be a disgruntled employee or someone who has inwards skill? Majority of all security risks come from the inwards. Either knowingly or unknowingly.
Now, I know GM has a professional team of Cyber Security experts working for them when it comes to their products so don’t get the wrong idea with what I am writing here. The point I make is on a general sense. Something like your car’s computer, the Bluetooth, wireless sensors in the car, etc, all need security updates in order to be patched. That would require you to either go to the dealership where you got your car or download the update yourself and do it by hand. I’ve done them before with my own car, you basically download it to a USB drive and ass-plug it into your car and press a few buttons. In a few seconds, you are all set. But how many actually do this? Do car rental places do this for all of their cars (very likely not)? What about people driving around for Uber or Lyft? Are they required to make sure their car has the latest security updates? HA! I had to laugh there for a 2nd.
I want to switch to the topic of key fobs. This research was done on twenty four different models but you could most likely imagine more are vulnerable. This key fob spoofing can be done for fairly cheap. A few hundred dollars. You need two devices. The wireless radio that amplifies the signal of the key fob and the other to operate it. You can do everything a key fob can do. Unlock the car, turn it on, etc. Especially with more and more cars not requiring physical keys to be in an ignition, you can only imagine how hackers are very likely working to create fake key fobs that act as real ones. If what I am posting here can be done, is this something the CIA has access to? More than likely, yes. Here is the takeaway from this article by Andy Greenberg of Wired: “ Most remarkable, perhaps, is that five years after the Swiss researchers’ paper on the amplification attacks, so many models of car still remain vulnerable to the technology.”
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious…www.wired.com
Since we now know from the Vault seven exposure that the CIA is researching hacking into cars, everything I just talked about is very likely being looked into or has already been available for use by them. The fact that five years later, this key fob hack is still able to be done on most of the same cars, that speaks volume. What makes you think there are not already universal key fobs out there? I would assume car manufacturers would be able to create a universal one and must have that data stored somewhere. What happens if the CIA or hacking groups figure it out?
The main issue is whether car manufacturers are ensuring security is at the forefront of their hardware and software. Since these issues are not being immobile, let alone talked about outside of the niche tech blogs, is this problem going to get solved in the near future? That is the big question here. In terms of how these things work, something major has to happen for a mandatory recall to happen and get national news coverage. Since it would be almost unlikely to prove that your car was hacked, how would anyone even know? I speak with regards to your local mechanic. Are there even log files that say a remote address connected to the vehicles sensors and initiated Order 66? I will leave you with that.