The CIA may be hacking cars, as well as phones and TVs, according to WikiLeaks

The most current dump of secrets via WikiLeaks says cars are among the devices the CIA has hacked or has been trying to hack. One extreme purpose would be to gain control of the car and possibly assassinate the occupants in ways that would make it look like just another car accident. This claim is in the so-called Vault 7 dump of 8,761 documents Tuesday that WikiLeaks said came from the Central Intelligence Agency.

Other claims potentially affect any person in the connected part of the planet: Covert CIA hacking projects can get into Apple iPhone and Google Android phones. Once inside the phone, they could get around the encryption of popular apps such as SnapChat and WhatsApp. Another hack could turn the camera and microphone on a smart TV, particularly Samsungs, into remote listening and viewing posts.

What does it really mean?

The latest leak of information suggests the consumer devices we all use, and our cars, are at potential risk of being remotely hacked and monitored. At the same time, experts have said most people shouldn’t worry. Basically, our lives are too mundane too be worth tracking. But if you’re a chemicals researcher, a reporter, a dissident living in exile, a business executive conducting sensitive partnership talks overseas, a graduate student in the sciences or computer engineering, a military officer … you might be a candidate for surveillance that doesn’t require bugging your home, car, and office.

All this assumes those 8,700 documents are legit and not some giant spoof by WikiLeaks as we approach April 1st. Jonathan Liu, a CIA spokesman, said: “We do not comment on the authenticity or content of purported intelligence documents.” But a number of sources have said, publicly or privately, that the documents appear genuine. To see an overview of what’s available, go to WikiLeaks directly.

WikiLeaks didn’t publish the hacking tools

WikiLeaks said it also gained access to many of the software tools said to be used by the CIA to exploit vulnerabilities. But it isn’t publishing them, at least for now, while it ponders whether publishing them would do more harm than good. The Obama administration forged an agreement with the US tech industry that it would report vulnerabilities it finds in, say, smartphones, so the holes can be plugged. Without that commitment, overseas buyers might be less trusting of US technology.

Former CIA employee and leaker Edward Snowden said the unreported security holes leave us vulnerable (tweet above). WikiLeaks claims on its site:

As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone — at the expense of leaving everyone hackable.

How you car might be hacked

Hacking a car is easier if it’s equipped with telematics, such as GM OnStar with a two-way cellular data modem. (But it’s not the only way.) Already most automakers have a Find My Car feature in case you forgot where you parked in a sports stadium lot. It can also give you current updates or tracking info if you’re worried where your teen is at night. If you call the cops, they can track your stolen vehicle. That’s how Boston police tracked and shot one of the 2013 Boston Marathon bombers: The Tsarnaev brothers carjacked a Mercedes and the carjack victim told police how the car’s Mbrace2 telematics system could be set to tracking mode.

Without the hacks, police have sometimes applied for court warrants to enable the tracking module. They have been approved in some instances; in at least one case, a judge rejected the warrant because doing so disabled the emergency crash notification system in that brand of vehicle.

Other hacks are possible when the car is close by. Hackers have shown they can take partial control of the car if they can physically attach to the OBD-II diagnostic port, typically with the hacker sitting in the back seat with a laptop and long connector cable.

One leaked document appears to be a summary meeting of the Embedded Devices Branch in October 2013 and describes “Vehicle Systems” as one of the “potential mission areas for EDB.”

How would you assassinate someone in car? The old fashioned way would be to plant a bomb. Jokers might say you could modify the victim’s car to include a Ford Pinto gas tank, GM ignition switch, and shrapnel-spewing Takata airbag. Here’s another way: Cars don’t have steer-by-wire driving yet (exception: Infiniti Q50), but they it did, you just instruct it to take a sharp right as you drive along a cliff with no guardrail. Barring that, you could order the right front brake to almost lock up, but not the other three wheels, and the car would pivot around the right front wheel and make the same right turn. Or it could steer at highway speeds toward a concrete bridge abutment and keep the airbags from firing. There may be other ways.

Now read: What is vehicle telematics?

Leave a Reply

Your email address will not be published. Required fields are marked *

The Post5 - Technology News , Game News & More © 2016 basic tutorial | may ao thun | may ao thun | may ao so mi | web rao vat kenh dang tin