Why Artificial Intelligent cars are a BAD idea.

The biggest companies have been recently show-casing their "Driver-less" cars. While I was watching a presentation on one of these where the head of Sales was showing me all the details, networking, sensors, cameras, and cellular technology come together to provide the "Ultimate Driving Machine", I couldn't help but think... OMG, they found a way to bring the computer to me for easier hacking abilities. NO WAY. What this sales guy doesn't know is that if I can touch the device, I can take admin control over it. Here is a picture of this car:
Let's think about this. Ok, a driver-less car is a cool idea and is the thing of the coolest science fiction, futuristic movies. It will reduce automobile accidents by 90% or whatever. Great!
But this picture alone shows me where the hack-able device is, what sensors it is monitoring, I know the operating system that it is running, how to connect to it, and if this device is like EVERY OTHER DEVICE that this company has made, I know how to reset the local admin password.

If I want to setup a test environment, I setup a random account on a burner phone. I schedule a pickup, pull out my screw driver, and take the technology. Once I have the device in my lab, I can monitor how this device does a Phone Home process. I could re-route this command to my own servers & tell the car to accept / execute the commands that I tell it.

If you think that this idea is so far out, that no one would be able to do this??? Well, a group of hackers found the Sim (cell phone) card used for OnStar that has been built into cars for over a decade.
Hard to fix OnStar Hack
They were able to send TEXT messages to that Sim card coded with the commands that OnStar uses in their production to control the car.
These hackers bragged that they had total control over the car, “We basically had complete control of the car except the steering.” Can you imagine adding steering? This would give a remote exploiter to FULL control over the car that you are in. Would you step into that car? I can just see the story that is posted all over Facebook, twitter, CNN, etc. "200 Driver-less cars were used as battering rams on the White House. Iranian Cyber Army is claiming responsibility."

In conclusion, thieves & hackers are determined and intelligent enough to control a driver-less, AI car. Car technicians are not particularly tech savvy. We will have issues with this in the future, and I will be extraordinarily careful around AI cars. I hope that in the future I get the chance to do a PenTest on the newest model of AI car just to see what I can do.

What are your thoughts on this? How would you hack a car? What would you do if you could? Would you decrypt the sim card so you could clone it? Would you hack the phone home location to take over the entire fleet of cars???

Comments

  1. A year or two ago, I commented on an article about a movie plot idea that was (and still is) not outside the realm of plausibility today. To summarize, a blackhat hacker (or group) charges a nominal fee of willing criminals worldwide, the blackhat uses a botnet to hack cars worldwide to control them, and all at the same time (worldwide) the botnet drives the cars into banks, giving the poor occupants a wild and possibly fatal ride, potentially mowing down pedestrians, and the cars (attempt) to punch a hole into the banks' physical security, giving the willing criminals *potential* of getting money from the banks. The sudden, unexpected event would overwhelm the police, FBI, and other counterparts worldwide who cannot respond to perhaps 30 simultaneous bank robberies in one city alone. Sure, some willing criminals would be caught, some would get little to nothing out of it, but a few just might score 'big enough' in their minds to make it worth it to them. And the blackhat, he/she would already be paid. So then it comes down to the international manhunt of who orchestrated it, and how.

    It would be quite a thriller of a movie, but a terror/horror of an event. Yet it is not too far from reality today. All (potentially) involved really should prepare to prevent such an occurrence.

    ReplyDelete

Post a Comment

Popular Posts