Chinese hacker claims he can hack a car even without internet connection
Everyone knows that an internet-connected smart car is a huge hacking risk. Over the years it has been found that Internet connection is a must for hacking cars but a Chinese hacker thinks otherwise.
A Chinese hacker going by the handle of Daishen which means ‘stupid god’ has claimed that he can hack cars even if they are not connected to the Internet. He told Chinese tech news site Leiphone that he can hack not-so-smart cars including the Volkswagen Toureg, Audi A6, Audi A7, and likely quite a few more.
Daishen says that he can access the car’s GPS and stereo systems exploiting the flaws in car’s security layers. Daishen gave example of a particular unnamed car model, in which , the vehicle’s system runs an authentication check to prevent unauthorized system access, but stores the result of that check in plaintext rather than encrypting it, allowing a hacker to change the result from false to true and gain system access. He also said that most of the above cars had a poorly-guarded and easy to hack admin password which was meant for use by engineers and mechanics during the construction of the car. However, most of the times, the car manufacturers just forget about these default admin credentials making it easy for hackers to exploit them.
Daishen says his method of hacking cannot be carried out remotely and a hacker would need physical access to your car to get inside at least once. And once they’ve gotten access, further communication with the system could be realized in any number of ways – like a Bluetooth connection for example.
He also notes that while this kind of hack also doesn’t give the hacker total control of the car, but in the wrong hands, it can be used to track the car owner’s every move in real time via the car’s GPS navigation and use that data to rob or blackmail you. The hacker can also scare the living daylights out of you on a highway by making the stereo system play loud or shocking noises at random intervals resulting in fatal accidents.
The good news is that Daishen is a white-hat hacker and he does security research for public good. He says he’s already turned information on the security holes over to vehicle manufacturers. However, it is a fact that dumb cars are not patched often and that does leave a lot of cars vulnerable to hackers.
Source | TechWorm