Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses.

CANtact car hacking device
Eric Evenchick knows what it’s like to be at the mercy of modes of transport. That might be why the former Tesla intern is so keen to hack his way to gaining greater control over the vehicles he travels in. When we speak over encrypted call app RedPhone, he’s stuck in Hong Kong airport waiting for a delayed flight to Singapore, where he’ll announce the open sourcing of the CANard tool during the BlackHat Asia conference.
His code will make it cheaper and easier than ever before for tinkerers to get to the innards of their connected cars to determine if there are any useful tweaks they can make, or any worrisome security vulnerabilities that more malicious hackers could exploit. Evenchick is hopeful CANard, based on the widely-used and much-loved Python language, will have a greater impact on the car industry in general. It should allow security researchers of all ilks to easily probe cars for weaknesses, which, Evenchick hopes, will get them to take vehicle hacking more seriously.
His own tinkering with the code has turned CANard into a more powerful tool in recent weeks. In particular, it now has the ability to carry out proper diagnostics over the Controller Area Network (CAN), the network-on-wheels found in almost all modern automobiles to send data around the vehicle, he tells FORBES. This means anyone who knows or learns Python (it’s a good language for newcomers to coding) can start to probe what functions can be accessed using their computer, whether they run an Apple AAPL +0.72% Mac, Microsoft MSFT -0.16% Windows or Linux PC. They’ll also need to buy some associated hardware to connect laptops to the diagnostics, or OBD2, port, which Evenchick has also produced. He’ll be shipping CANtact, a CAN to USB interface for the low, low price of $59.95 (USB and OBD2 cable not included). There will only be 100 available in the first batch, but the hardware is open source too, meaning it’s easily replicable and even cheaper for those with the right skills.
Eric Evenchick’s CANtact car hacking device that plugs into cars’ ODB2 port
In recent months, breaches of car security have been repeatedly carried out by the security research community. In January, Corey Thuen revealed a startling lack of security in an OBD2 dongle from Progressive Insurance. Later in the year, DARPA-backed hackers took control of a car remotely using a laptop.
Previously, car hacking was the domain of those who had access to more expensive, bespoke hardware and knew the protocols used by cars. But it has been increasingly opened up to the masses in recent years. Researchers Chris Valasek and Charlie Miller open sourced their own car cracking tools back in 2013, which also contained Python scripts for vulnerability testing, followed by a guide to hacking vehicles without actually having access to an automobile. But they didn’t include the hardware component as Evenchick has done and he believes his full toolset is more accessible that what has come before.
“I want to make this easy. Python developers can get the code in one line … and start working with it. It’s also built as a library rather than just a collection of scripts. The plan is to build more functionality out around it, and contribute that back into an open source tool,” he says over email after our call.
Researchers aren’t racing each other to hack cars, however. As the majority of car manufacturers aren’t keen to open their doors to security researchers, and it isn’t cheap to buy and test vehicles, Evenchick, Miller, Valasek and many others are driving the message home that everyone should start probing their automobiles for vulnerabilities so that makers wake up to the problems. Better that than waiting for a disaster to change the way manufacturers think about security, says Evenchick.
“Making diagnostics available for cheap means that we can not only audit the security of these systems, but also use them for their intended purpose: fixing cars,” he adds. “One of the big problems is access to vehicles. Ford, let’s say, won’t let anyone with security skills in to hack it.
“I don’t have access to as many cars as I like… I’ve literally borrowed friends cars.” He says he repeatedly finds weak authentication across cars’ diagnostic functions. “You have the ability to read and write data that you really shouldn’t.”
Craig Smith, founder of the OpenGarages car security body and CEO at security research firm Theia Labs, believes Evenchick’s open source tools are great for lowering the barrier of entry for researchers and anyone interested in understanding how their car works. As vehicles can have upwards of 100 million lines of code running on them, it’s makes it essential as many security researchers as possible can validate these systems, he adds.
But there is still one “missing piece of the puzzle”: what to do with researchers’ findings. “Very few auto manufacturers have published processes detailing how a researcher should contact them about their findings. Without these policies researchers do not know how to contact the manufacturers in a way that will be productive in addressing the issue. This can lead to researchers being sued and/or getting cease and desist letters.”
Evenchick has been working on car technology for almost half a decade, during which time he interned at Tesla for four months in 2012, building some of the software functionality in the famous electric car. Though he isn’t permitted to go into detail on his time there, he says the company has one of the more responsible approaches to car security, with its bug bounty offering funds for vulnerability disclosures and a full information security programme.
Other car makers aren’t as forward-thinking, but a handful of new groups, in particular I Am The Cavalry, are working hard with industry and in Washington DC to enforce better practices across vehicle manufacturers. With pressure mounting on them to act, car companies might feel the need to act before a catastrophe strikes.


forbes.

Popular posts from this blog

UK GENERAL ELECTIONS:Inquiry announced into memo alleging Sturgeon wants Tory election victory.

Image
Civil service instigates investigation into leaked memo from Foreign Office about supposed comments made in February Scotland’s first minister, Nicola Sturgeon, with David Cameron in her office at the Scottish parliament earlier this year. Photograph: WPA Pool/Getty A civil service inquiry into a leaked memo which claimed that Nicola Sturgeon privately wanted to see David Cameron remain in power after the general election has been instigated following calls from the First Minister. Ms Sturgeon described the allegation as “100% untrue” and accused Whitehall of “dirty tricks”.
Read more

Sandhurst's sheikhs: Why do so many Gulf royals receive military training in the UK? A parade outside the building at Sandhurst Continue reading the main story In today's Magazine The death list that names 5,000 victims Is this woman an apostate? Voices from a WW1 prison camp The Swiss selfie scandal Generations of foreign royals - particularly from the Middle East - have learned to be military leaders at the UK's Sandhurst officer training academy. But is that still a good idea, asks Matthew Teller. Since 1812, the Royal Military Academy Sandhurst, on the Surrey/Berkshire border, has been where the British Army trains its officers. It has a gruelling 44-week course testing the physical and intellectual skills of officer cadets and imbuing them with the values of the British Army. Alongside would-be British officers, Sandhurst has a tradition of drawing cadets from overseas. Many of the elite families of the Middle East have sent their sons and daughters. Perhaps the most notable was King Hussein of Jordan. Continue reading the main story Find out more Matthew Teller presents Sandhurst and the Sheikhs, a Whistledown production for BBC Radio 4, on Wednesday 27 August 2014 at 11:00 BST It will be available on iPlayer shortly after broadcast Four reigning Arab monarchs are graduates of Sandhurst and its affiliated colleges - King Abdullah of Jordan, King Hamad of Bahrain, Sheikh Tamim, Emir of Qatar, and Sultan Qaboos of Oman. Past monarchs include Sheikh Saad, Emir of Kuwait, and Sheikh Hamad, Emir of Qatar. Sandhurst's links have continued from the time when Britain was the major colonial power in the Gulf. "One thing the British were excellent at was consolidating their rule through spectacle," says Habiba Hamid, former foreign policy strategist to the rulers of Dubai and Abu Dhabi. "Pomp, ceremony, displays of military might, shock and awe - they all originate from the British military relationship." Sheikh Hamad Bin Isa Al Khalifa, King Abdullah, Sultan Qaboos Sandhurst alumni: King Hamad of Bahrain, King Abdullah of Jordan and Sultan Qaboos of Oman It's a place where future leaders get to know each other, says Michael Stephens, deputy director of the Royal United Services Institute, Qatar. And Sandhurst gives the UK influence in the Gulf. "The [UK] gets the kind of attention from Gulf policy elites that countries of our size, like France and others, don't get. It gives us the ability to punch above our weight. "You have people who've spent time in Britain, they have… connections to their mates, their teachers. Familiarity in politics is very beneficial in the Gulf context." "For British people who are drifting around the world, as I did as a soldier," says Brigadier Peter Sincock, former defence attache to Saudi Arabia, "you find people who were at Sandhurst and you have an immediate rapport. I think that's very helpful, for example, in the field of military sales." The Emir of Dubai Mohammad bin Rashid Al Maktoum with his son after his Passing Out Parade at Sandhurst in 2006 Sheikh Mohammad bin Rashid Al Maktoum, Emir of Dubai, with his son in uniform at Sandhurst in 2006 Her Majesty The Queen's Representative His Highness Sheikh Hamad bin Khalifa Al-Thani, The Emir of Qatar inspects soldiers during the 144th Sovereign's Parade held at The Royal Military Academy Sandhurst on April 8, 2004 in Camberley, England. Some 470 Officer cadets took part of which 219 were commissioned into the British Army Hamad bin Khalifa Al-Thani, the Emir of Qatar until 2013, inspects soldiers at Sandhurst in 2004 Emotion doesn't always deliver. In 2013, despite the personal intervention of David Cameron, the UAE decided against buying the UK's Typhoon fighter jets. But elsewhere fellow feeling is paying dividends. "The Gulf monarchies have become important sources of capital," says Jane Kinninmont, deputy head of the Middle East/North Africa programme at the foreign affairs think tank Chatham House. "So you see the tallest building in London being financed by the Qataris, you see UK infrastructure and oilfield development being financed by the UAE. There's a desire - it can even seem like a desperation - to keep them onside for trade reasons." British policy in the Gulf is primarily "mercantile", says Dr Kristian Coates Ulrichsen, of the Baker Institute in Houston, Texas. Concerns over human rights and reform are secondary. The Shard at dusk The Shard was funded by Qatari investors In 2012 Sandhurst accepted a £15m donation from the UAE for a new accommodation block, named the Zayed Building after that country's founding ruler. In March 2013, Sandhurst's Mons Hall - a sports centre - was reopened as the King Hamad Hall, following a £3m donation from the monarch of Bahrain, who was educated at one of Sandhurst's affiliated colleges. The renaming proved controversial, partly because of the perceived slight towards the 1,600 British casualties at the Battle of Mons in August 1914 - and partly because of how Hamad and his government have dealt with political protest in Bahrain over the last three years. A critic might note that the third term of Sandhurst's Officer Commissioning Course covers counter-insurgency techniques and ways to manage public disorder. Since tension between Bahrain's majority Shia population and minority Sunni ruling elite boiled over in 2011, more than 80 civilians have died at the hands of the security forces, according to opposition estimates, though the government disputes the figures. Thirteen police officers have also lost their lives in the clashes. "The king has always felt that Sandhurst was a great place," says Sincock, chairman of the Bahrain Society, which promotes friendship between the UK and Bahrain. "Something like 20 of his immediate family have been there as cadets. He didn't really understand why there was such an outcry." David Cameron and King Hamad David Cameron meeting King Hamad in 2012... A protester is held back by police ... while protesters nearby opposed the Bahrain ruler's human rights record Crispin Black, a Sandhurst graduate and former instructor, says the academy should not have taken the money. "Everywhere you look there's a memorial to something, a building or a plaque that serves as a touchstone that takes you right to the heart of British military history. Calling this hall 'King Hamad Hall' ain't gonna do that." Sandhurst gave a written response to the criticism. "All donations to Sandhurst are in compliance with the UK's domestic and international legal obligations and our values as a nation. Over the years donations like this have saved the UK taxpayer a considerable amount of money." But what happens when Sandhurst's friends become enemies? In 2001, then-prime minister Tony Blair visited Damascus, marking a warming of relations between the UK and Syria. Shortly after, in 2003, Sandhurst was training officers from the Syrian armed forces. Now, of course, Syria is an international pariah. Journalist Michael Cockerell has written about Libyan dictator Colonel Gaddafi's time at the Army School of Education in Beaconsfield in 1966: "Three years [later], Gaddafi followed a tradition of foreign officers trained by the British Army. He made use of his newfound knowledge to seize political power in his own country." Ahmed Ali Sandhurst-trained Ahmed Ali was a key player in the Egyptian military's removal of Islamist President Mohammed Morsi That tradition persists. In the 1990s Egyptian colonel Ahmed Ali attended Sandhurst. In 2013 he was one of the key figures in the Egyptian military's removal of Islamist President Mohammed Morsi, now rewarded by a post in President Sisi's inner circle of advisers. In the late 1990s there were moves by the British government under Tony Blair to end Sandhurst's training of overseas cadets. Major-General Arthur Denaro, Middle East adviser to the defence secretary and commandant at Sandhurst in the late 1990s, describes the idea as part of the "ethical foreign policy" advocated by the late Robin Cook, then-foreign secretary. Tony Blair and Robin Cook Tony Blair and Robin Cook at one point planned to end Sandhurst's training of overseas cadets The funeral of King Hussein in 1999 appears to have scuppered the plan. "Coming to that funeral were the heads of state of almost every country in the world - and our prime minister was there, Tony Blair," says Major-General Denaro. "He happened to see me talking to heads of state - the Sultan of Brunei, the Sultan of Oman, the Bahrainis, the Saudis - and he said 'How do you know all these guys?' The answer was because they went to Sandhurst." Today, Sandhurst has reportedly trained more officer cadets from the UAE than from any other country bar the UK. The May 2014 intake included 72 overseas cadets, around 40% of whom were from the Middle East. "In the future," says Maryam al-Khawaja, acting president of the Bahrain Centre for Human Rights, "people will look back at how much Britain messed up in the [Middle East] because they wanted to sell more Typhoon jets to Bahrain, rather than stand behind the values of human rights and democracy." "It's one thing saying we're inculcating benign values, but that's not happening," says Habiba Hamid. Sandhurst is "a relic of the colonial past. They're not [teaching] the civic values we ought to find in democratically elected leaders." line Who else went to Sandhurst? Princes William and Harry, Winston Churchill, Ian Fleming, Katie Hopkins, Antony Beevor, James Blunt, Josh Lewsey, Devon Harris (From left to right) Princes William and Harry Sir Winston Churchill Ian Fleming, creator of James Bond (but did not complete training) Katie Hopkins, reality TV star Antony Beevor, historian James Blunt, singer-songwriter Josh Lewsey, World Cup-winning England rugby player Devon Harris, member of Jamaica's first bobsleigh team line Sandhurst says that "building international relations through military exchanges and education is a key pillar of the UK's international engagement strategy". Sandhurst may be marvellous for the UK, a country where the army is subservient to government, but it is also delivering militarily-trained officers to Middle Eastern monarchies where, often, armies seem to exist to defend not the nation but the ruling family.

Image
Generations of foreign royals - particularly from the Middle East - have learned to be military leaders at the UK's Sandhurst officer training academy. But is that still a good idea, asks Matthew Teller. Since 1812, the Royal Military Academy Sandhurst, on the Surrey/Berkshire border, has been where the British Army trains its officers. It has a gruelling 44-week course testing the physical and intellectual skills of officer cadets and imbuing them with the values of the British Army. Alongside would-be British officers, Sandhurst has a tradition of drawing cadets from overseas. Many of the elite families of the Middle East have sent their sons and daughters. Perhaps the most notable was King Hussein of Jordan. Four reigning Arab monarchs are graduates of Sandhurst and its affiliated colleges - King Abdullah of Jordan, King Hamad of Bahrain, Sheikh Tamim, Emir of Qatar, and Sultan Qaboos of Oman. Past monarchs include Sheikh S
Read more

Ebola Outbreak: Guinea Declares Emergency As Overall Deaths From Ebola Rise To 1,069

Image
Health workers take passengers' temperatures infrared digital laser thermometers at the Felix Houphouet Boigny international airport in Abidjan on Aug. 13, 2014. Ivory Coast on Monday banned air travellers from Guinea, Liberia and Sierra Leone, the three countries worst-hit by the Ebola outbreak, and ordered its flagship carrier Air Cote d'Ivoire to cease flights to and from them. Reuters/Luc Gnago Guinea, one of the worst-hit West African nations in the ongoing Ebola outbreak, announced a state of emergency Wednesday. The World Health Organization, or WHO, also  said  that four new people died in Guinea between Aug. 10 and Aug. 11. The total death count in Guinea from the latest epidemic was estimated at 377 by WHO while the number of cases reported had risen to 510. Overa
Read more