At the recent BlackHat security conference in the US it was revealed that the 3 most "hackable" cars on the market (and thus theft by electronic means) were:
2014 Jeep Cherokee
2014 Infiniti Q50
2015 Cadillac Escalade

And the 3 least hackable were:
2014 Audi A8
2014 Honda Accord
2014 Dodge Viper

So how did our humble Freelander2 do. Unfortunately it was not in the group of cars tested, but, both the 2014 BMW X3 and the 2014 RR Evoque were and they scored identical "hackability" ratings as follows:

Surface Attack: most
Network Architecture: least
Cyber Physical: most

Also included in the survey was the 2010 RRSport. On the same criteria it score as follows:
Least
Average
Least

That's interesting in that the older RRS scored better than the much newer generation RRE. What went wrong LR to produce a newer model that's more vulnerable to attack?

Since the new RRS2 is been stolen off driveways within a week of purchase in some cases without the need of breaking in to get keys, then I would say yes it's possible

They just use the ODB port reprogram a new key and off they go, they also according to a rrs2 owner set the alarm off, block the rearming when you come out a open and lock it so when they access the car to reprogram the alarms not set

I guess the DIsco Sport will be using similar security which worries me Former Mod/Member, with the most post & Chicken George Arch nemesis

You need to read the paper which goes with the article (available for download from the authors' site - I seem to have misplaced the url, but can probably find it again if anyone wants it) to get the real picture. They're not actually claiming that one vehicle is more hackable than another, just that in the absence of any information on how its ECUs and electronics have been implemented there is the potential for hackability.

I.e. they state that they have no access to, or knowledge of, the components of the various cars' networks - they are black boxes. Thus they are simply looking at what might be the case if the electronics have been badly implemented. If the electronics have been well implemented the potential attacks will be protected against, and the car will be (relatively) safe.

They take account of several factors - components which might allow remote attack, components which might be vulnerable to attack, and the network architecture connecting those components. They are also concerned only with the kinds of attacks which might allow remote code execution, not simply injecting false sensor readings, etc.

Thus, for example, if a vehicle has bluetooth it is potentially remotely hackable. If it has park assist the hacker could potentially gain control of the steering and steer the car into a lane of oncoming traffic. Some indication of how easy that might be to do is given by the network architecture connecting the bluetooth and steering controllers - if they're on the same network it's potentially relatively easy, if not much harder.

The network architecture is important in this context - more important than the number of potentially hackable components. The Jeep is rated most hackable, yet it has the fewest ECUs of all the vehicles examined (a mere 17 iirc). The most complex vehicle (a Range Rover) has no less than 98 ECUs, and yet it is rated less hackable than the Jeep because it's network architecture is more complex, and thus less easy to hack.

Of course, even if a car is potentially relatively easily hackable it's not so easy in practice! Let's say, for example, we want to hack an FL2 and cause it to brake suddenly. We might pick the bluetooth module as our attack point, as it's potentially the most hackable. (Other attack points might include a keyless entry system, even a tyre pressure monitoring system, but in practice these are less likely to give us the required level of access.) First problem is the limited range of bluetooth and the fact that it's normally only active when the ignition is on, so we may have to execute our hack whilst the car is on the move, and from within bluetooth range. But, let's say we succeed in hacking the bluetooth module and injecting our own code into it. Next problem is that the bluetooth module and the braking controller are on different networks, and the network gateway may well block any attempted communication between the two. So now we have to hack the network gateway to allow us to talk to the braking controller. And having done that we have to attack the braking controller, either by hacking it too or by injecting network messages which will fool it into behaving as we want. And we have to do all that without knowing anything about now the electronic modules work, and what protections might have been built in to prevent us from doing what we're trying to do.

So in practice it's like War Games (I think that's the film I mean, but quite possibly not!) - in principle it's possible to hack the pentagon and launch a nuke, but in practice ... well, it hasn't been done yet.

Quote:

That's interesting in that the older RRS scored better than the much newer generation RRE. What went wrong LR to produce a newer model that's more vulnerable to attack?

Nothing went wrong - the car just got a lot more complex, adding new features and new ECUs which can be attacked. Again, note that there are no claims that these components are vulnerable in practice, just that in the lack of knowledge of their implementation one cannot say that they are not.

There is, of course, one very easy way to protect completely against such attacks. Buy a Defender

npinks wrote:

Since the new RRS2 is been stolen off driveways within a week of purchase in some cases without the need of breaking in to get keys, then I would say yes it's possible

Don't forget the latest technology also has an app, 'Incontrol' which allows you to view your vehicle status from your smart phone, a readily accessible 'way in'.
Potentially if I can 'hack', Mike's email account, I can send myself a password, then reset the account password,I open the car all from the little phone in my pocket.

Internet connectivity is, indeed, regarded as bringing a whole new dimension to remote hackability!

This is just one event
http://www.rrsport.co.uk/forum/topic37008.html Former Mod/Member, with the most post & Chicken George Arch nemesis

Pab
You present a very worrying background. Yes the outright refusal of the "black box" electronics suppliers to the vehicle manufacturer to facilitate access to source code does put the investigators at a disadvantage, however in the report I have they do state what, where and how they hack into these vehicles and what that means re the vehicles vulnerability. Clearly you'd need to be very well versed in the disciplines of IT to do this kind of crime if you're that way inclined. I'd be hopeless at it - TV remote is too much for me.

And, we must remember that whilst all the hurdles of access to overcome that you describe you must be aware that once some scum has done that they will sell the process of "How To" on the dark side of the net. And after that no car is secure as the industry will constantly be playing catch-up.

The full report which I have (92 pages in depth) does focus on the potentiality of theft, and/or removing or adopting any personal (i.e. the current owner's) on board data. If you would like it PM me your email and I'll send you a copy.

Sadly the survey only covered a limited number of cars from a short list of manufacturers so we don't know how widespread the problem is in reality. But it does give an insightful review of how little the auto industry is doing to protect what is after all the second most expensive purchase most of us will make in our lives.

Quote:

... once some scum has done that they will sell the process of "How To" on the dark side of the net.

Quote:

And after that no car is secure as the industry will constantly be playing catch-up.

Pab
Report sent

And received, thank you.