Is your car vulnerable ?

The place to discuss everything else..
Post Reply
DaveBerlin
Posts: 8623
Joined: Wed Mar 19, 2014 12:39 pm
Location: Berlin, Germany
Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)

Post by DaveBerlin »

This might be of interest of what is here and coming. Five steps motorists must take to keep their connected vehicles safe from cyber hackers - Dave 😏

https://mol.im/a/7785997

1. Add a password for your Wi-Fi - and one that hasn't been hacked before
2. Use a garage and mechanic you trust
3. Utilise the vehicle maker's security software updates as quickly as possible
4. Recognise that phone apps could be a threat
5. Disconnect your car from your home hub
11.19/1.3L/160PS/Tekna+/DCT/PrOPILOT/KAD Gun Metallic/Trunk Lower Finisher/Rear Glass Finisher/Ambient Lighting-LED’s Innen/Entry Guards Illuminated/Sport Pedals/Front Styling Plate/LED No.Plate/Chrome Door Handles/Rear Valance/Giacuzzo Alloys + Falken

DaveBerlin
Posts: 8623
Joined: Wed Mar 19, 2014 12:39 pm
Location: Berlin, Germany
Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)

Post by DaveBerlin »

Connectivity is the reason why this is happening. By just using Nissan “Door to Door” you see how much this App knows about the QQ position etc - Dave 🤨

As cars evolve into rolling mobile computers, the potential for disastrous cyber attacks has become a new road hazard. They warned that opportunities for attacks are being revved up by the introduction of self-driving tech, electric cars communicating in real-time with the cloud, smart city infrastructures, and one another - turning the next generation of vehicles into 'moving targets' for hackers.

Connected cars are 'moving targets' for hackers, experts warn : https://mol.im/a/7871813
11.19/1.3L/160PS/Tekna+/DCT/PrOPILOT/KAD Gun Metallic/Trunk Lower Finisher/Rear Glass Finisher/Ambient Lighting-LED’s Innen/Entry Guards Illuminated/Sport Pedals/Front Styling Plate/LED No.Plate/Chrome Door Handles/Rear Valance/Giacuzzo Alloys + Falken
DaveBerlin
Posts: 8623
Joined: Wed Mar 19, 2014 12:39 pm
Location: Berlin, Germany
Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)

Post by DaveBerlin »

This subject of “Interconnected” CRS seems to be getting major concern - Dave 🤨

“Panelists from the cyber industry discussed the emerging world of data and interconnectedness, agreeing that by making communities and products "smarter" they were ironically making them that much more vulnerable to cyberattack.”

CES 2020: Fortifying the Interconnected City of the Future : https://www.govtech.com/security/CES-2020-Fortifying-the-Interconnected-City-of-the-Future.html
11.19/1.3L/160PS/Tekna+/DCT/PrOPILOT/KAD Gun Metallic/Trunk Lower Finisher/Rear Glass Finisher/Ambient Lighting-LED’s Innen/Entry Guards Illuminated/Sport Pedals/Front Styling Plate/LED No.Plate/Chrome Door Handles/Rear Valance/Giacuzzo Alloys + Falken
User avatar
calnorth
Posts: 2719
Joined: Mon Feb 11, 2019 2:01 pm
Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)

Post by calnorth »

Some manufacturers have supposedly engaged independent security specialists to test vehicle systems software. I've seen some of it in the US but suddenly waking up to vulnerability is really naive.

I'm guessing that in the rush to get the EV vehicles to market...they forgot that the software that looks like a PC desktop (GUI) is just as vulnerable as a PC/Tablet/Phone etc. It tends to explain the sudden reluctance to allow Google marketed Apps onto the the ICE head units. Some of this requires software of the military standard variety which is very expensive.

It is possible to take command of QQ (and others) functions via the Nissan CONSULT tool and that connects directly by OBD socket to the CAN bus and ECU/BCM etc. Where the CAN bus wires (2) extend to the extremities of the car (lights) ...guess what? Not sure why a QQ would be nicked that way but a real expensive vehicle might be? Of course the very rich won't be bothered.
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
User avatar
calnorth
Posts: 2719
Joined: Mon Feb 11, 2019 2:01 pm
Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)

Post by calnorth »

For those who have not seen or heard of Nissan Leaf(EV) Hacking circa 2015 and forward. It possibly explains indirectly why NissanConnect was abandoned and You+ isn't much for non EV...us with the ICE's

The first 20 mins is about remote control of the Leaf EV with a Smartphone and breaking into the Nissan App. The second 20 mins is the realisation of what damage can be done by this hacking and the paralysis of the Security Authorities and Nissan (Europe/Japan).

No Engine Management System/Can Bus was interfered with in this example...didn't need to be. However, data field symbols/ids extracted from the comms between Phone and Nissan was googled and found...on the darknet. Folk were preparing globally to attack it appears.

Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
Post Reply