"Cars hacked through wireless tire sensors"

2010-08-10 Thread Jerry Leichter 

Excerpted from 
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars

-- Jerry

The tire pressure monitors built into modern cars have been shown to  
be insecure by researchers from Rutgers University and the University  
of South Carolina. The wireless sensors, compulsory in new automobiles  
in the US since 2008, can be used to track vehicles or feed bad data  
to the electronic control units (ECU), causing them to malfunction.


Earlier in the year, researchers ... showed that the ECUs could be  
hacked The new research shows that other systems in the vehicle  
are similarly insecure. The tire pressure monitors are ... wireless,  
allowing attacks to be made from adjacent vehicles. The researchers  
used equipment costing $1,500... to eavesdrop on, and interfere with,  
two different tire pressure monitoring systems.


The pressure sensors contain unique IDs, so merely eavesdropping  
enabled the researchers to identify and track vehicles remotely.  
Beyond this, they could alter and forge the readings to cause warning  
lights on the dashboard to turn on, or even crash the ECU completely.


Unlike the work earlier this year, these attacks are more of a  
nuisance than any real danger; the tire sensors only send a message  
every 60-90 seconds, giving attackers little opportunity to compromise  
systems or cause any real damage. Nonetheless, both pieces of research  
demonstrate that these in-car computers have been designed with  
ineffective security measures.


[To be presented at Usenix.]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: NY Times article on Blackberry

2010-08-10 Thread Jon Callas 

On Aug 9, 2010, at 4:47 PM, Perry E. Metzger wrote:

> Really quite mediocre coverage of Blackberry's security issues
> 
> https://www.nytimes.com/2010/08/09/technology/09rim.html
> 
> I especially fault them for having virtually no coverage of the
> position that would oppose removing security features for the benefit
> of law enforcement -- the fact that such alterations can seriously
> harm legitimate users is not mentioned at all.

Indeed, but there are also other things not being mentioned.

One is that there is an OpenPGP package available on all RIM devices, and if 
you are using that, you get true end-to-end crypto. 

Another is that one of the things that the Saudis definitely want is control 
over whether young men and young women are talking to each other, which is a 
threat to society far more pernicious than terrorism.

Jon


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com