Is your car on the Internet?
We published some press releases in the past that dealt with networked subsystems in cars. Security researchers connected to the Controller-Area Network (CAN) and tried to inject commands (which worked scarily well). We claimed that automobile manufacturer were way behind in security compared to everyone who has to secure systems in the Internet. The claim was half-part fact and half-part conjecture. Now it’s time to correct our claim. Cars can now leak information and push it to the Internet:
Electric cars manufactured by Nissan surreptitiously leak detailed information about a driver’s location, speed and destination to websites accessed through the vehicle’s built in RSS reader, a security blogger has found. … “All of these lovely values are being provided to any third party RSS provider you configure: CNN, Fox News, Weather Channel, it doesn’t matter!” Halverson wrote here. “While a lot of these providers are probably not aware of these (rather valuable) parameters the car passes, they probably sit in thousands of HTTP logs already, waiting to be parsed out – or perhaps supported in the future.”
There you go. Your car not only leaks oil now. Maybe mechanics need to pick up the craft of penetration testing and port scan your car for service. So if any of you out there go about hacking your car, let us know if you find something interesting.