Since journalist Michael Hastings' horrible death in Los Angeles, the conspiracy theories have lit up the interwebz. He sent an email with the subject of "FBI Investigation re: NSA" hours before his 2013 silver Mercedes slammed into a tree and burst into flames. The Los Angeles Times added, "The car was going so fast, the engine was found more than 100 feet away from the crash." Hasting's email said he going to "go off the radar for a bit." He "was researching a story about a privacy lawsuit brought by Florida socialite Jill Kelley against the Department of Defense and the FBI."
If the conspiracy theory is true, it might have been easier to assassinate a reporter with a poison-tipped umbrella, an umbrella capable of firing "a pellet the size of a pinhead, containing the poison ricin." It's happened before and although evidence of that might be easy to miss, it would not be impossible to find. However, former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke told the Huffington Post that "what is known about the single-vehicle crash is 'consistent with a car cyber attack'." The car fire was so intense that it took the LA coroner two days to identify Hastings' body, but Clarke said "a cyberattack on the vehicle would have been nearly impossible to trace 'even if the dozen or so computers on board hadn't melted'."
Clarke said, "There is reason to believe that intelligence agencies for major powers" — including the United States — know how to remotely seize control of a car.
"So if there were a cyberattack on the car — and I'm not saying there was," Clarke added, "I think whoever did it would probably get away with it."
This adds another level of interest in the upcoming Def Con 21 talk Adventures in Automotive Networks and Control Units that will be presented by Charlie Miller, former NSA and current Twitter employee, and Chris Valasek, Director of Security Intelligence at IOActive. Miller tweeted that Black Hat had previously rejected the "excellent car hacking talk" and included this video of remotely controlling the steering wheel.
According to the abstract:
Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher's point of view.
We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, we'll discuss aspects of reading and modifying the firmware of ECUs installed in today's modern automobile.
Sign up for Computerworld eNewsletters.