More Car Hacking (and RSA/Diffie Hellman/Discrete Logarithms update)

The guys behind the car hacking stories (Charlie Miller, Chris Valasek) have released the full 100+ page paper and the software tools they used to have their fun.

There’s also an amusing article from Forbes’ “hacker beat” reporter Andy Greenberg on what it feels like to be driving a car that’s been hacked.

Crypto update: the “Diffie-Hellman and RSA might be dead in a few years” idea made quite a splash on the conference circuit. Commenters have since pointed out that it was a recent breakthrough by a French mathematician that’s mainly responsible for the consternation… evidently there was only marginal progress on the Discrete Logarithm Problem for the last 25 years, until earlier this year.[1]

Moxie Marlinspike gets the “you can’t be serious” award for his quote in the article that “I don’t think [government cryptanalysts are] ahead of us.” Someone smush his face in a custard-covered copy of Kahn’s “The Codebreakers” — from a developer of supposedly secure encryption solutions, that kind of naivete beggars belief.

Anyway. Everyone seems to be recommending a switch over to ECC (Elliptic Curve Cryptography) as a fix for the predicted-death of RSA and Diffie-Hellman, but… it’s widely known that elliptic curves are highly vulnerable to quantum computing. [2]

No, we don’t have quantum computers yet, at least not in public. But I’ve noted a few times that a researcher figured out how to make an FPGA do some tricks we still don’t fully understand… 17 years ago.[3] Strangely, almost no more research along that seemly promising line has been published.

I’m unable to find the reference any more, but one article I saw on it mentioned that the FPGA turned out to have bene exploiting quantum effects. To my eye, this suggests further development might enable easy quantum computing from the comfort of your own home.

[1] http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/

[2] http://cryptography.wikia.com/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks

[3] http://www.eetimes.com/author.asp?section_id=36&doc_id=1266124&page_number=1

http://blog.ioactive.com/2013/08/car-hacking-content.html

http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/

“Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV’s chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat.

Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day’s experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn’t so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.)”

Advertisements
%d bloggers like this: