Every day millions of us rely on tech to protect our cars from thieves. Immobilizers, for instance, ensure only the owner of the right key fob can start the vehicle.
But now that technology has become a security threat, after hackers told Forbes they could lock down up to 25,000 cars at once. It’s all thanks to a vulnerability (now fixed) that made it frighteningly simple to quickly take remote control of a car’s immobilizer and prevent drivers from starting their vehicle.
Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine.
But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.
To prove it was possible, the researchers from British cybersecurity company Pen Test Partners hacked the vehicle of one of their own employees, disabling his car whilst they were in the U.K. and he was in Greece, not long before he was due to head to a wedding.
‘We own your immobilizer’
Ken Munro, cybersecurity researcher and partner at Pen Test Partners, first described the hack to Forbes at the DEF CON convention in Las Vegas.
He found that it was possible to turn the immobilizer on and the car off by sending a simple request via a browser. Once he’d entered the command, it took less than a second for the immobilizer to be triggered.
It was as if Munro was acting as one of the SmarTrack call center employees who were permitted to turn the immobilizer on. SmarTrack systems just weren’t correctly checking that the commands were being sent by an authorized user, Munro said.
Munro warned that it would be impossible for anyone to start the car again with the immobilizer fitted. The only option would be to have the tech removed entirely, he added. “We now control the immobiliser, so only we can de-immobilize the car.”
And, if the hacker turned the immobilizer on when the car is moving, it would simply prevent the car from running as soon as the engine stopped. As Munro noted, that could be “quite nasty” if the car has an auto start and stop function (such a feature is found in many modern models to help cut emissions in traffic).
Munro was also critical of Thatcham Research, the industry body which had given accreditation to the SmarTrack devices, saying it was safe to use. “People buy these devices thinking that the accreditation means something. We’ve shown that in some cases, fitting a theft tracker makes your car less secure,” Munro said.
Thatcham said that it accredits security products against a minimum set of requirements, including alarm and driver identification functionality. “The process also includes an attack test where the system on the vehicle needs to resist physical deactivation for two minutes,” the spokesperson added. “We do not, however, test the security of the vehicle system or the surrounding ecosystem.”
READ MORE | #30Under30: Technology Category 2019
Fortunately for SmarTrack customers, the flaws have now been addressed. “All potential vulnerabilities have now been resolved,” a Global Telemetrics spokesperson said. “Our customers can be assured that no password or personal details were compromised by this process and there are no security or safety concerns with any of our products.
“Security has always been and remains of paramount importance to us and as a result of the contact from Pen Test Partners we now have reassessed our ongoing security improvement project to ensure we remain market leaders in security and safety.”
To deal with the issues, Global Telemetrics brought in cybersecurity consultancy Hedgehog Security. Peter Bassill, founder of Hedgehog, confirmed that what Munro claimed to have found was accurate.
Of the ability to shut down 25,000 cars at once, Bassill said: “It’s one of those assertions security researchers make… but there’s certainly capability where that could’ve happened… it certainly would’ve taken longer than one line of code, but the art of the possible is certainly possible.”
He said the vulnerabilities were likely down to developers writing code without enough attention to security. But Bassill has been working with new developers on the SmarTrack team to patch the vulnerabilities and set up processes to make sure issues are fixed quickly in the future.
But, as Bassill and Munro are warning, there are many immobilizers being used in millions of cars across the world. With many similar devices potentially containing security weaknesses, something we use every day without thought could very quickly become the latest weapon in a hacker’s arsenal.
-Thomas Brewster; Forbes
Surge Of Smartphone Apps Promise Coronavirus Tracking, But Raise Privacy Concerns
Topline: A pan-European team of researchers announced Wednesday their plan to release a smartphone app that would notify users if they’ve been exposed to someone infected with coronavirus, the latest example of tech-driven coronavirus solutions that have also raised concerns about user privacy.
- A European project called Pan-European Privacy Preserving Proximity Tracing is working toward releasing a coronavirus tracing app in the next week that would use anonymous Bluetooth technology to track when a smartphone comes in close range with another, so if a user were to test positive for coronavirus those at risk of infection could be notified.
- Contact tracing, or determining people who may have been exposed to someone with a virus, is an established aspect of pandemic control and was used effectively to tackle coronavirus in countries like China, Singapore and South Korea in the form of smartphone tracking.
- University of Oxford researchers and the U.K. government are working on a similar project— but unlike other smartphone tracking systems, the British version in development would be based on voluntary participation and bet on citizens inputting their information out of a sense of civic duty.
- The U.S. government is in talks with companies like Facebook FB and Google GOOGL and other tech companies about tracking if users are social distancing using large amounts of anonymous, aggregated location data— this information is less precise, and more likely to anticipate outbreaks rather than pinpoint individuals who have been exposed to the virus.
- 1.5 million Israelis have voluntarily downloaded a mobile app that alerts users if they’ve come into contact with someone with coronavirus— but Prime Minister Benjamin Netanyahu has still ordered that potential coronavirus carriers have their phones monitored, a controversial move the government says is necessary, as the 17% of the population using the app is not enough to fight off the pandemic.
- Moscow , on a city-wide lockdown since Monday, announced Wednesday that a new phone app that will officials to track the movements of people diagnosed with coronavirus in the capital city would be launched on Thursday, saying the government will lend a smartphone to anyone unable to download the app.
Crucial quote: “We’re exploring ways that aggregated anonymized location information could help in the fight against [coronavirus]. One example could be helping health authorities determine the impact of social distancing, similar to the way we show popular restaurant times and traffic patterns in Google Maps ,” Google spokesman Johnny Luu told the The Washington Post. He made sure to note it “would not involve sharing data about any individual’s location, movement, or contacts.”
Key background: Private and public entities alike are looking for ways to fight off coronavirus as the pandemic continues. On Wednesday, there were more than 900,000 confirmed cases worldwide and nearly 50,000 deaths.Officials told The New York Times NYT that The National Health Service, Britain’s centralized national health system, is trusted by citizens— and paired with the strong data privacy laws in place, said they think people would agree to join the effort to share their private information to help trace infections. However, American tech firms are reported to still be skeptical about sharing substantial data with the U.S. government ever since Edward Snowden revealed the NSA was collecting information from the firms clandestinely.
Surprising fact: The information tech companies have access to data that sheds light on Americans’ behavior in light of the coronavirus pandemic. According to a Facebook analysis, restaurant visits fell about 80% in Italy and 70% in Spain— while Americans only stopped eating out at a rate of 31%.
Apple Is Donating 9 Million Masks To Combat The Coronavirus
Topline: Apple will donate 9 million N95 protective masks to combat the coronavirus, Vice President Mike Pence said on Tuesday, making Apple one of several California tech companies pitching in as hospitals across the country report a shortage of protective gear.
- Pence thanked Apple for agreeing to donate 9 million N95 respirator masks to healthcare facilities across the country during a press briefing on Tuesday.
- Pence’s remarks come after Apple CEO Tim Cook tweeted over the weekend the company was “working to help source supplies for healthcare providers fighting COVID-19” and “donating millions of masks for health professionals in the US and Europe,” but did not offer more specifics.
- N95 respirators are masks that form a protective seal around a wearer’s mouth, filtering out at least 95% of particles in the air, according to the Centers for Disease Control, which makes them necessary to protect healthcare workers from being exposed to the disease from patients.
- Facebook has also said it is donating its stockpile of 720,000 masks purchased during the California wildfires last year, which degraded the air quality in the San Francisco Bay Area.
- Apple did not immediately respond to a request for comment from Forbes asking if all of the donated masks were stockpiled because of the wildfires or if the company got them from somewhere else.
Chief critic: Teddy Schleifer, a reporter at Recode, wrote that health systems shouldn’t rely on the generosity of big tech companies to make up for the failures of the federal government.
“But there is a risk in relying on corporate philanthropy—rather than the government—in solving this problem. For starters, it depends on the voluntary generosity of these companies to deal with an unprecedented emergency, an altruism that could vanish at any time,” he wrote.
Crucial quote: “And I spoke today, and the president spoke last week, with Tim Cook of Apple. And at this moment in time Apple went to their store houses and is donating 9 million N95 masks to healthcare facilities all across the country and to the national stockpile,” Pence said.
Key background: Apple is one of several California tech companies to give away N95 masks. In addition to Facebook, Salesforce, Tesla and IBM have also announced mask donations.
News peg: Doctors and nurses are sounding the alarm that they don’t have enough masks to protect healthcare workers. Not only does inadequate protective gear put important frontline health workers at risk, public health experts say, any situation endangering medical personnel may only further depletes the U.S. health system which already doesn’t have enough capacity to handle a surge in cases. State officials in New York and Illinois have criticized President Donald Trump for not stepping in to force companies to manufacture masks or allocate masks from private companies to ensure that states don’t outbid each other for the same supplies.
–Rachel Sandler, Forbes Staff, Breaking News
Video Games Are Being Played At Record Levels As The Coronavirus Keeps People Indoors
Topline: With school closures, mandatory work-from-home policies and lockdowns taking place in the U.S. as a result of the Covid-19 coronavirus pandemic, gaming has seen higher engagement, especially over this past weekend.
- Steam, the most popular digital PC gaming marketplace, reached new heights Sunday, drawing a record 20,313,451 concurrent users to the 16-year-old service, according to third-party database SteamDB.
- Counter-Strike: Global Offensive, released by Steam-owner Valve in 2012, seems to be the top beneficiary of the increased engagement, breaking it’s all-time peak on Sunday with 1,023,2290 concurrent players, topping its previous peak last month by a million, which itself beat the record set in April 2016.
- Like other esports, CS:GO has had to cancel events due to the virus, particularly the Intel Extreme Masters in Katowice earlier this month, though its peak viewership reached over a million, making it one of the most watched tournaments in the esports’ history.
- Activision Blizzard’s new free-to-play battle royale spinoff Call of Duty: Warzone, launched March 10 on PC, Xbox One and PlayStation 4, is also likely benefiting, drawing in a staggering 15 million in three days, besting the record 10 million in three days by last year’s battle royale sensation Apex Legends.
- These new heights follows similar effects of the virus on China and Italy: Telecom Italia’s CEO told Bloomberg it saw a 70% increase in traffic over its landline network, with Fortnite playing a significant part, while Chinese live-streaming service Douyu experienced increased viewership of the country’s most popular games, according to market analyst Niko Partners.
- While gaming was considered “recession proof” during the 2008 market crash, stocks aren’t immune to the current historic drops: software developers like Activision Blizzard are facing a 9% decrease in price year-to-date, while hardware companies that rely on Chinese manufacturing like Nintendo are seeing bigger drops of 24%.
What To Watch For: If these records keep rising as the closings and lockdowns continue. Arriving this week is Nintendo’s long-awaited Animal Crossing: New Horizons for the Switch console, a relaxing “life-simulator” that’s set to have a big day with many fans not-so-jokingly asking Nintendo to launch early.
Surprising Fact: Plague Inc., a game that tasks players in creating a virus that wipes out humanity, surged in popularity late January, becoming the top-paid game on the Chinese app store at one point, but the game has now been removed in China at the direction of the government.
Download issues of Forbes Africa
- Single Digital Issue: Forbes Africa April 2020 - 30 Under 30 R50.00
- Single Digital Issue: Forbes Africa March 2020 R50.00
- Single Digital Issue: Forbes Africa February 2020 R50.00
- Single Digital Issue: Forbes Africa December 2019/ January 2020 R50.00
- Single Digital Issue: Forbes Africa November 2019 R50.00
Subscribe to Forbes Africa
[BREAKING] Coronavirus Update: Global COVID-19 cases pass one million
Quarantine Reflections: How Businesses Must Lead From The Heart Now
How Inverroche Is Pioneering South Africa’s Craft Gin
Forbes Africa #30Under30 List: Leading The Charge
Surge Of Smartphone Apps Promise Coronavirus Tracking, But Raise Privacy Concerns
- Cover Story4 weeks ago
Africa’s 50 Most Powerful Women
- Health2 hours ago
[BREAKING] Coronavirus Update: Global COVID-19 cases pass one million
- Video3 weeks ago
Clara Foods’ Arturo Elizondo Is Creating Egg Proteins To Replace The Need For Poultry | Forbes
- Brand Voice4 weeks ago
Here’s how Mariam Kane-Garcia is leading the way at Total South Africa
- Health3 weeks ago
Here’s The Worst Places To Travel Because Of The COVID-19 Coronavirus Outbreak
- Entertainment3 weeks ago
DJ Zinhle: The ‘Lazy Kid’ Who Achieved Platinum Success
- Entrepreneurs3 weeks ago
Jack Welch: Managerial Genius Who Made One Disastrous Mistake
- Brand Voice3 weeks ago
A Decade of Gert-Johan Coetzee