Security Vulnerabilities that Cross the Physical Divide to Compromise Cars, Pacemakers, Mobile Phones, and ATMs
With Blackhat USA behind us and Defcon in its full throes, there seems to be a trend away from purely digital hacks and toward physical devices. These include cars and implantable medical devices. To be fair, physical world security has been trending for a few years, including demonstrations of how to hack an ATM and smart meters.
I’ve been interested in the intersection of digital and physical security for over a decade and hacked into my BMW in 2008, partly to troubleshoot a problem with my navigation system, but also just to scope out the landscape. I had to build a serial (RS 232) adapter with a breadboard and solid state components to jack my laptop into the wiring harness, and my soldering iron skills leave one with the impression of kindergarten artwork, but it worked. And yet my project was completely occluded by much of the research you can find with a simple Google search.
In that spirit, I’ve assembled nineteen links to research that cross the divide from some guy at the keyboard of his Linux PC in his parent’s basement, dressed in only flip-flops and pajama bottoms, and rebuilding his Linux pentesting platform for the hundredth time this month, to those pioneers with the smarts to break out oscilloscopes and the dexterity to disassemble the dashboard of a Prius. Please to enjoy this smorgasbord of articles, research papers, and videos:
Automobile Hacking / Vulnerabilities
1. Watch Hackers Hack into Toyota Prius, Ford Escape
2. Hacking into cars via the wireless Tire Pressure Monitoring System (TPMS)
3. Comprehensive Experimental Analyses of Automotive Attack Surfaces
4. Police ‘stumped’ by car thefts using electronic skeleton key
The following is not technically automobile hacking—nor marine craft hacking—but it vaguely fits into the category of how to compromise a technology, navigation, that transportation systems of all types have come to rely on.
5. Texas students fake GPS signals and take control of an $80 million yacht
Medical Device Hacking / Vulnerabilities
6. Black hat hacker can remotely attack insulin pumps and kill people
7. Yes, You Can Hack A Pacemaker (And Other Medical Devices Too)
8. FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks
9. Medical Devices Hard-Coded Passwords
As a side note, Barnaby Jack, security researcher for IOActive, was a star in hacking physical devices, including medical implants and ATMs. His recent death at the age of 35 is sad and a great loss for the security community.
Misc Device Hacking / Vulnerabilities
10. ATM hack gives cash on demand
11. IOActive Smart Meter Worm PoC
12. Remotely listen in via hacked VoIP phones
13. Your Smartphone Can Photograph You, and Share the Pictures, Without Your Knowledge
14. Rooting exploit could turn Google Glass into secret surveillance tool
Microchip Hacking / Vulnerabilities / Backdoors
15. SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones
16. Backdoor found in popular FPGA chip
And Old School Lock Picking + A Vulnerability in Card Key Hotel-Style Locks
17. Lock Picking 101 • Forum for Lock Picking, Locks, Safes, Picks and Locksmiths
18. Reverse engineer the master key given access to a single tenant (sub-key) lock and key
19. Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix
This is just a sampler buffet of physical security goodness. Please share your links in the comments below and I’ll assemble a web page with as complete a set of listings as I can.