No video

Takeover Hack Could Affect Millions of Trucks

  Рет қаралды 73,637

Seytonic

Seytonic

Күн бұрын

Get 20% off DeleteMe US consumer plans at joindeleteme.co... using promo code SEYTONIC at checkout
Get 20% off DeleteMe UK / CA consumer plans at international.... using promo code SEYTONIC at checkout
0:00 Intro
0:14 Truck Hack!
5:26 The 3 Million Door Hack
8:38 Cracking passwords in your browser
Sources:
www.ndss-sympo...
• Unmasking the Risk of ...
www.wired.com/...
go.theregister...
www.bleepingco...
www.wired.com/...
blog.sucuri.ne...
wordpress.org/...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
===============================================

Пікірлер: 268
4 ай бұрын
At this age, adblock is no longer about blocking ads. But more to secure you from malicious website.
@multigameplayer1001
@multigameplayer1001 4 ай бұрын
was it cia or fbi saying to use AB? its part of online safety.
@timecop1983Two
@timecop1983Two 4 ай бұрын
yeah ad blocker is not working anymore
@drlauch2256
@drlauch2256 4 ай бұрын
@@timecop1983Two it still is u just gotta use the right one :D
@SLRNT
@SLRNT 4 ай бұрын
@@timecop1983Twoworks fine. are you using chrome?
@RadikAlice
@RadikAlice 4 ай бұрын
@@multigameplayer1001 It was the FBI yeah
@JohnDlugosz
@JohnDlugosz 4 ай бұрын
Don't forget another scenario: drivers or owners hack the ELD to bypass its features of ensuring regulations are followed.
@runed0s86
@runed0s86 4 ай бұрын
How dare someone have control over their own private property
@jakedhale
@jakedhale 4 ай бұрын
​@@runed0s86"how dare someone break the law"
@waveril5167
@waveril5167 4 ай бұрын
So you want sleep deprived truckers that can kill u with one hit?
@Lynxiro
@Lynxiro 4 ай бұрын
Driver be like: "Why would I care about worker protections that were put into place for a reason."
@Skimmerlit
@Skimmerlit 4 ай бұрын
@@jakedhaleYeah, activists have no business blocking roads or disobeying unjust laws. Law is law.
@gus473
@gus473 4 ай бұрын
The S in ELD stands for Security.... 😎✌️
@THEJPR
@THEJPR 4 ай бұрын
The "s" in digitization is for security.
@draido-dev
@draido-dev 4 ай бұрын
the R in capitalism stands for morality over profit
@waterbloom1213
@waterbloom1213 4 ай бұрын
​@@draido-dev As if those that have tried alternatives had any sort of moral high ground
@blunderingfool
@blunderingfool 4 ай бұрын
@@draido-dev How's that 10 millon+ body count, commie? You think you wouldn't be 10'000'001? Keep dreaming, you'll never be the Csar.
@xynonners
@xynonners 4 ай бұрын
​@@draido-devcorporatism
@AshnSilvercorp
@AshnSilvercorp 4 ай бұрын
Another case of: _Why are we connecting an infotainment system running Android 6 that can connect to a network to the critical core components of the vehicle?_
@WoolyCow
@WoolyCow 4 ай бұрын
wdym? we should connect everything to everything! think of the convenience! the convenience i say!
@tripplefives1402
@tripplefives1402 4 ай бұрын
They are required by law to be both on the internet and connected to the vehicle controllers.
@jeremykothe2847
@jeremykothe2847 4 ай бұрын
The spec was probably written by the guy behind the Verge pc build video.
@muizzsiddique
@muizzsiddique 4 ай бұрын
I don't know, I store all my crypto on a Windows Vista PC that is connected to the internet.
@jeremykothe2847
@jeremykothe2847 4 ай бұрын
@@muizzsiddique I'm thinking of upgrading mine to Vista. Is it stable yet?
@AnastasiyaSoyka
@AnastasiyaSoyka 4 ай бұрын
I've become increasingly convinced that automobile software security will not be taken seriously unless and until a hacker (or more likely state threat actor) causes a loss of property or life by taking control of a vehicle. It seems like humans prefer to ignore problems until they cannot be ignored any longer.
@christopherkidwell9817
@christopherkidwell9817 4 ай бұрын
It is more that the government is requiring these things and the companies say "You require these things BUT make US pay for them so WE are not going to upgrade/update until YOU mandate it to save US the outlay of funds!"
@aaronpower8741
@aaronpower8741 4 ай бұрын
@@christopherkidwell9817 I think you are spot on there, but I would word it slightly differently - Government: "You must have an ELD". Company: "We don't care about this. We don't want this. But we must have it, so therefore we'll buy the cheapest model that ticks the government box". If a hacker halts an entire truck fleet, or crashes an expensive machine in to a brick wall, then the company will care. But not until then.
@awesomecronk7183
@awesomecronk7183 4 ай бұрын
Until they take it from me or it breaks down for good my 90s car is the newest car I'll use
@christopherkidwell9817
@christopherkidwell9817 4 ай бұрын
@@aaronpower8741No, many of the companies know that the ELD's can be hacked, have warned that doing nothing would be better than requiring these hackable devices, and have objected strenuously. The problem here is the government trying to do the "We have to do something to cut down on the truck crashes!" when the truck crashes in the grand scheme of things are already rare.
@SuperPerry1000
@SuperPerry1000 4 ай бұрын
The words you never want to hear as a security tech: "Hey, let's wire this system up to the internet! It'll be so much easier!" So you're telling me that if someone wanted to, say, cause mass vehicular homicide but not get arrested or killed themselves, all they'd need to do is hack into the truck, apply the accelerator, disable the brakes and watch the show. Hmm.
@tripplefives1402
@tripplefives1402 4 ай бұрын
Old news though. They started using ELDs back in the early 2000s. They are always online and directly interfaced with the canbus.
@ic.84
@ic.84 4 ай бұрын
The obsession to make everything "smart" strikes again...
@aurorajunior6328
@aurorajunior6328 4 ай бұрын
Zack freeman once said if it’s functionally is dependent on the cloud, it’s not smart
@Resprays
@Resprays 4 ай бұрын
Mr Robot showed the precise reason to never have a smart home
@ImARealHumanPerson
@ImARealHumanPerson 4 ай бұрын
​@@Resprays😅
@ticijevish
@ticijevish 4 ай бұрын
Hypponen's Law: "If it's smart, it's vulnerable."
@BillAnt
@BillAnt 4 ай бұрын
Security is like Swiss cheese, they plug one hole while creating another. Often times the best security is simple and low tech. It's baffling that the WordPress distributed attack can even work when most sites have a Captcha, a timeout, or total lockout of password attempts within a few tries.
@rvre
@rvre 4 ай бұрын
Hopefully this ELD issue will be solved before it's too late. I know that the US roads are dangerous enough and truckers have an extremely hard and important job. Wow that's a really interesting wordpress exploit. Extremely clever. Love when you upload mate.
@Stratxgy.
@Stratxgy. 4 ай бұрын
True
@shaknaisrael5271
@shaknaisrael5271 4 ай бұрын
Four years on from an FBI warning. I don't think we can really hope that these systems will actually do something as simple as signing firmware.
@christopherkidwell9817
@christopherkidwell9817 4 ай бұрын
Hopefully we will realize that having these ELD's in the vehicles is too dangerous and will repeal these laws, saying "There was no real widespread issue in the past, there is no need for these devices!"
@christopherkidwell9817
@christopherkidwell9817 4 ай бұрын
@@shaknaisrael5271Signing won't solve the issue. The only thing that will solve the issue? Removing these devices from their access via the OBD ports.
@wackymoder
@wackymoder 4 ай бұрын
There are wordpress scanner bots out there EVERYWHERE. ISTG my website gets hit by at least 5 bots **A DAY** that are looking for this wordpress crap.
@jerbear7952
@jerbear7952 4 ай бұрын
Semis dont even have individual keys. Internationals inly have about 6 key variations. I've had to borrow keys from other drivers when ive locked myself out of my truck before.
@51Sebus
@51Sebus 4 ай бұрын
Damm 9:27 thx I am running a wordpress website and was wondering why the heck I have so many failed loggin attempts. Again thx very much
@roberteischen4170
@roberteischen4170 4 ай бұрын
U-block coming in clutch yet again. Seriously, everyone should download it.
@JimJi
@JimJi 4 ай бұрын
I am amazed you dug up the 9 prong plug for trucks... great research!
@tripplefives1402
@tripplefives1402 4 ай бұрын
Ironically its got the same wires just a different plug. Its really just a serial port with some extras.
@Veeger
@Veeger 4 ай бұрын
None of the "designers" of these systems know anything about security. The future looks farcical .
@internallyinteral
@internallyinteral 4 ай бұрын
IMO because they're not paid to care. Even if they could do something the manufacturers say NOPE to expensive
@christopherkidwell9817
@christopherkidwell9817 4 ай бұрын
@@internallyinteralFor damned good reason. They do NOT have unlimited funds in the real world, both these truck companies AND the device manufacturers. That is why when the government mandates things like this they should ALSO mandate minimum standards AND make the device themselves to those minimum standards OR do a contract with private companies that are well written to mandate HIGH SECURITY.
@runed0s86
@runed0s86 4 ай бұрын
​@@christopherkidwell9817 Input sanitization and memory-safe programming practices are basic skills.
@YTDeletes90PercentOfMyComments
@YTDeletes90PercentOfMyComments 4 ай бұрын
The designers of ELDs is the largest surveillance state in the world. If they wanted it to be secure it would.
@Aeduo
@Aeduo 4 ай бұрын
@@runed0s86 and just, not allow the device's hardware to even assert the bus at all.
@araghon007
@araghon007 4 ай бұрын
I live in Slovakia and the public transport system in my city still uses Mifare Classic cards
@macjonte
@macjonte 4 ай бұрын
We had them in Stockholm as well until some years ago when people found new ways to ride for free. ;)
@mronbrandsoap
@mronbrandsoap 4 ай бұрын
A lot of PACS systems have this kind of issue. Unfortunately, mifare classic has been broken for so long that the config cards were going to be cloned at some point. I do wonder how hard it'd be to use a long range reader at a bar and just snag a whole load of cards and look for patterns, eventually getting the UID / keys for every room.
@dhruvgulati1667
@dhruvgulati1667 4 ай бұрын
Seytonic please also bring awareness about obd port tools like car sound changers that play sound using engine revs fetching data from obd dongles.
@artifactingreality
@artifactingreality 4 ай бұрын
Did you really give DeleteMe power of attorney as it says in the ToC?
@SpragginsDesigns
@SpragginsDesigns 4 ай бұрын
I used to be a truck driver and the ELDs are easy to bypass.
@smol_yote
@smol_yote 4 ай бұрын
As a trucker I can confirm our trucks use locked down android tablets, also under the dash there are cellular routers and switches to give us the truck full connectivity. Hacking these are trivial and a rogue driver only needs to pull the fuse box panel to get access to said equipment
@dhruvgulati1667
@dhruvgulati1667 4 ай бұрын
Door locks is old vulnerability, its in mass media now
@linuxguy1199
@linuxguy1199 4 ай бұрын
Uploading of unsigned firmware just shoes absolutely *zero* though was given to security.
@Somerandom1922
@Somerandom1922 4 ай бұрын
Governments really ought to learn that if they want to enforce something technology related they almost always have to regulate the security for it too. 99% of the time, the free market doesn't care about your security, good security practices are expensive to implement for "no advantage" (for businesses) so why would they spend the time and money?
@Lucian0410
@Lucian0410 4 ай бұрын
Common uBlock W
@foxtailedcritter
@foxtailedcritter 4 ай бұрын
Wish people would stop blaming the flipper. Six years ago there was a tutorial you could look up here that taught you how to make your own box to read and copy hotelcards and anything really to duplicate it. I hid mine in my backpack.
@tverdyznaqs
@tverdyznaqs 4 ай бұрын
1:18 god these connectors go SO HARD, I wish I could be charging my phone via something like this instead of boring old usb
@yntenseinfo
@yntenseinfo 4 ай бұрын
The question is, why? Why make smart everything?
@ImDGreat
@ImDGreat 4 ай бұрын
laziness
@Veeger
@Veeger 2 ай бұрын
New product, new profit.
@MissFoxification
@MissFoxification 4 ай бұрын
In certain vehicles you can reset the security system and/or add new keys via the OBD port. On my old vehicle it had a 15m timer, after that the old keys were removed, the system reset and it would accept new keys. That was all it would take to steal that vehicle and it's from one of the major manufacturers, that also has a line of trucks. Perhaps the good old kill switch should be connected to the OBD port.
@tripplefives1402
@tripplefives1402 4 ай бұрын
Modern vehicles with drive by wire can be controlled and driven remotely through the OBD port because it exposes the canbus.
@MissFoxification
@MissFoxification 4 ай бұрын
@@tripplefives1402 That's now how it works. Not every function is connected to the bus and most of them are just transmitting sensor information. You can't just log in and drive them around like you claim. It doesn't work like that. The system is comprised of limited microcontrollers and it carries mostly sensor information. Depending on the system it's only 1Mbit/s or 5Mbit/s for modern cars. The worst I have seen is the ability to trigger the self parking mode. At freeway speeds that could easily become fatal. Things like lane assist and collision avoidance could potentially be weaponised because the bus carries the data. For most it will be functions like altering some engine parameters which could be used to choke the engine. But as I said, it's limited. It's not a remote control.
@tripplefives1402
@tripplefives1402 4 ай бұрын
@@MissFoxification you do know that they hacked a jeep for defcon and remotely drove it around like freaking 10 years ago right?
@MissFoxification
@MissFoxification 4 ай бұрын
@@tripplefives1402 You clearly lack an understanding of the technology and are making massive assumptions. Dunning-Kruger strikes again. Let me put this really simply for you. You can not connect to a system and operate something that is not connected to the system. That's like saying you can turn my oven off by connecting to my wifi, even though my oven is not connected. Drive by wire does NOT mean "Everything is connected to everything else". Use some common sense. If every single vehicle could be remotely operated we'd have products on the market that take advantage of that. There'd even be third party "self driving" systems. There's also be cars getting smashed into walls, being hijacked and driven around.. it would be non stop chaos. You just don't know what you are talking about and are guessing. Stop it, you're being a fool. At least look up the system, look at how it works and learn something instead of assuming you know it all.
@sirseven3
@sirseven3 4 ай бұрын
Yes. Really easy to have an additional relay that is tied to the single 12v power wire but be sure that wire doesn't splice anywhere else as some vehicles share circuits with crucial components.
@JohnDlugosz
@JohnDlugosz 4 ай бұрын
Sounds like the plot to the next _Fast & Furious_ movie! ChatGPT, please write a script for a movie in the "Fast & Furious" franchise that features hackers hacking the ELD of long-haul truckers.
@JohnDlugosz
@JohnDlugosz 4 ай бұрын
Title: **Fast & Furious: Digital Convoy** ### Act 1: The Setup 1. **Introduction to the World of ELD Hacking** - Open with a thrilling scene of a long-haul truck carrying a secret cargo. The truck's Electronic Logging Device (ELD) gets hacked, causing chaos on the freeway and allowing the cargo to be stolen by a mysterious group. - Introduce the protagonist, a former hacker turned trucker, who is wrongfully accused of the heist. 2. **The Fast & Furious Team Assembles** - The protagonist reaches out to the Fast & Furious team for help in clearing their name and uncovering the real culprits. - The team gathers, intrigued by the technological aspect of the crime and its implications on the trucking world. 3. **Understanding the Threat** - The team learns about the vulnerabilities in ELD systems and how they can be exploited to control commercial trucks remotely. - They discover a larger plot to disrupt the nation's supply chain by targeting and hijacking high-value shipments. ### Act 2: The Conflict 4. **The Investigation Begins** - The team splits up to gather information, with some going undercover in the trucking world and others diving into the hacker community. - They encounter a secretive hacker group known for their skills in infiltrating complex networks and systems. 5. **First Confrontation** - The team attempts a daring operation to intercept a truck heist, leading to a high-speed chase involving hacked trucks and the team's signature vehicles. - They manage to thwart the heist but realize it's just a small part of a much larger scheme. 6. **The Mastermind Revealed** - Through a combination of hacking, street racing, and detective work, the team identifies the mastermind behind the plot: a tech mogul with a vendetta against the trucking industry. - The mogul's plan is to create chaos, then offer a "secure" alternative to ELDs, giving them control over the nation's logistics. ### Act 3: The Resolution 7. **Preparing for the Final Showdown** - The team devises a plan to hack into the mogul's system and expose their scheme to the authorities while also setting up a trap to capture them. - They modify their vehicles for the ultimate confrontation, integrating counter-hacking technologies and preparing for a battle on the roads. 8. **The Final Showdown** - An epic sequence involving high-speed chases, hacking battles, and intense confrontations on a moving convoy of trucks. - The team successfully hacks into the mogul's system, exposing their crimes and clearing the protagonist's name. 9. **Resolution and Aftermath** - The mogul is arrested, and the trucking industry is saved from their malicious plan. The protagonist is hailed as a hero, and the vulnerabilities in ELDs are addressed. - The team celebrates their victory, reflecting on how technology can be both a weapon and a tool for good. They ride off, ready for their next adventure. ### Key Themes & Elements - **Technology vs. Humanity**: The screenplay explores the impact of technology on everyday lives and the importance of human ingenuity and resilience in the face of digital threats. - **Community and Loyalty**: The Fast & Furious franchise's core themes of family, loyalty, and the strength of community are highlighted through the team's camaraderie and their integration into the trucking world. - **Action and Innovation**: True to the franchise, the screenplay features innovative action sequences, integrating traditional high-speed chases with technological warfare and strategic hacking. ======== That's actually pretty good -- I'd certainly want to see it. SORA, please ...
@mikevhx5682
@mikevhx5682 4 ай бұрын
Works on ships too 😊
@Gandingas
@Gandingas 4 ай бұрын
The possibility of a compromised truck causing a horrible accident that could result in fatalities is enough to deter me from trying to exploit these kinds of vulnerabilities, if it were autonomous trucks, maybe but only to corrupt the path finding system to mess with them or just corrupt the control system to disable them.
@runed0s86
@runed0s86 4 ай бұрын
You should always be trying to find exploits and break the systems that you use so you know how to defend against real-world scenarios.
@Gandingas
@Gandingas 4 ай бұрын
​@@runed0s86​​ very true luckily we have these white hats exposing these vulnerabilities and hopefully it gets corrected before a bad actor exploits them causes a horrible accident
@ISBP
@ISBP 4 ай бұрын
I DOWNLOADED THIS VIDEO SO I CAN WATCH THIS ON THE DRIVE TO MY HOTEL 😭💀
@Daniel55game
@Daniel55game 4 ай бұрын
Thanks to you and a couple other youtubers I became privacy conscious. All the techniques added one on top of the others in order to prevent big tech from getting informations out of me, became a real asset in the same area from hackers and the like. Ublock origin is now just another thing that made me more proud of this choice. Switching was hard but worth it.
@expl0siveR3x
@expl0siveR3x 4 ай бұрын
Cover Baltimore bridge next, apparently the ship was hacked, but I doubt it
@allo-other
@allo-other 4 ай бұрын
The Law of Unforeseen Consequences strikes again.
@ventusprime
@ventusprime 4 ай бұрын
2:40 why the firmware upload is not locked ????
@supernovahm1178
@supernovahm1178 4 ай бұрын
It's up to the hardware and firmware developers to implement this how they wish. A lot of ELD companies have installers which need to be able to service the devices and having bluetooth capability is a benefit. Bluetooth firmware updates are fairly common in many devices. However bluetooth is complex and lots of companies don't implement it or security for it, correctly.
@-bravoechodelta255-6
@-bravoechodelta255-6 4 ай бұрын
lmao dormakaba. its two words squished together, dorma and kaba, 2 manufacturers that merged.
@Begin176
@Begin176 4 ай бұрын
I love Tuesday, only because you upload.
@Xand_err
@Xand_err 4 ай бұрын
We all do man😂
@renakunisaki
@renakunisaki 4 ай бұрын
Because why would you bother with security in a multi-ton death machine that's also critical infrastructure?
@TCBOT
@TCBOT 4 ай бұрын
its called a key and an imoblizer unstealable if done well like 2000s volvoes
@nineplusten
@nineplusten 4 ай бұрын
10:37 A more effective way would be to point the domain to localhost in your device's hosts file, as this does not rely on extensions.
@muizzsiddique
@muizzsiddique 4 ай бұрын
The hackers domain being blocked is usually as a result of the default filter lists that uBO uses. There are bound to be other content blockers that use those same lists since they're not all unique to uBO.
@boris-bikepack
@boris-bikepack 4 ай бұрын
Used to work 2nd line for these systems lol, glad I bailed early!
@adyisriyal
@adyisriyal 4 ай бұрын
Fast X irl soon w the trucks 😂
@BlueJDev
@BlueJDev 4 ай бұрын
Duuuooode, the D in devolution is not silent! I prefer the term Backwards progression though
@Juanguar
@Juanguar 4 ай бұрын
Yeesh using the obd port is absolutely irresponsible But then again I don’t see an another way for them to connect without developing a whole new way to do so
@Landee
@Landee 4 ай бұрын
uBlock Origin the goat
@michaelhicks8603
@michaelhicks8603 4 ай бұрын
Hacking obd is not just plug and play in that it would require physical access to a staging vehicle first in order to directly observe can-bus functions. There is an added layer of complexity due to potential differences between add-on accessory’s in the same models of vehicles, differences in year models ect. Normally the can-bus functions are at least obscured to such a degree where they appear as a big list of sequential things with no names associated. It is possible that some lexicon is used for some classes of things but over all it would be extremely difficult to produce a one-size fits all exploit for even 1 model of truck or car from 1 year and one manufacturer.
@aaronpower8741
@aaronpower8741 4 ай бұрын
What you are saying makes it an unlikely target for script kiddies, but state sponsored hackers??? Prime target I'd say.
@schizophrenicgaming365
@schizophrenicgaming365 4 ай бұрын
The commands are obscured but the analytics have generic definitions so i cant imagine it would be hard to compare the current value of, say, the TPS sensor, to other commands going through the canbus until you match the value to whatever command the ECM/injector pump is listening for. But maybe not, i dunno
@SLLabsKamilion
@SLLabsKamilion 4 ай бұрын
That's the case for consumer passenger vehicles, but heavy trucks use J1939, which is extremely standardized so things like refrigerated trailers work when attached to most rigs.
@michaelhicks8603
@michaelhicks8603 4 ай бұрын
@@schizophrenicgaming365 that doesn’t make sense. The commands are yours, it’s the object classes that are obscured in can-bus. You don’t just call the left indicator or O2 sensor, you have to call a list of “things”. Imagine a table full of numbers from 1 to 500. One of those numbers will be associated with the left indicator and another the O2 sensor. You have to sit there and find what each thing is in that years model of car with this or that set of factory add-ons and so on
@TenForceFalls
@TenForceFalls 4 ай бұрын
A story that’s scary local to me. Let’s go CSU Rams!
@Mohamova
@Mohamova 4 ай бұрын
But how the distributed cracking password can work with prrsence of CORS?
@UKsystems
@UKsystems 4 ай бұрын
i believe that manafacturers can issue a software update for the vehicle stopping the screed from doing much to it
@brianstephenson3682
@brianstephenson3682 4 ай бұрын
Is there a reason the ELD needs to be able to transmit on the OBD2/CAN bus? Why not just disable the tx functionality so that it operates in a 'listen only' mode? That would at least prevent the vehicles from being remotely hijacked (by ELDs anyway).
@turner7777
@turner7777 4 ай бұрын
Isn’t it impossible to control engine throttle, brakes and steering wheel etc?
@cinemoriahFPV
@cinemoriahFPV 4 ай бұрын
What about ships?
@PubRunner
@PubRunner 4 ай бұрын
Are there similar devices in container ships?
@Kimi9507rw
@Kimi9507rw 2 ай бұрын
I would like to do a postgrad thesis on ELDs. Does anyone have a good suggestion for a topic
@CZghost
@CZghost 4 ай бұрын
If I would be in a hotel with those vulnerable locks, I would be definitely worried. Who can say that what the researchers found wasn't found independently by threat actors as well? Or somebody who reads those security reports might just as well say "Hold my Red Bull" and re-discover the exploit by themselves, and go werac havoc. Flipper Zero isn't exactly hard to get your hands on, and if you know how to code, and you know how to code malware and some cracking tools that are designed to break codes, then you might as well just use it in the wild. So nope, hearing that there are no documented cases of it being used in the wild doesn't calm me in any way. It's good that those hotels are usually very expensive for me. I might as well just look for a hotel that uses the classic FAB keys. Yeah.
@covle9180
@covle9180 4 ай бұрын
Hey guys, guess what! The solution to your data being abused everywhere by for-profit companies, is to give your data to another for profit company! Who'd've thought!
@ThePotatoChronicler
@ThePotatoChronicler 4 ай бұрын
Does the ELD problem also exist in Europe?
@Kali9030
@Kali9030 4 ай бұрын
Looks like many of these product developers just don't spare enough time with pentesters to find the bugs.
@haydenhayden
@haydenhayden 4 ай бұрын
I love the internet of things! I love adding computers and internet access to mundane things that don’t need it!
@tripplefives1402
@tripplefives1402 4 ай бұрын
Trucks have been computerized since 2007ish. They used to have sat connections, then 3g and 4g. Modern systems just have a bluetooth dongle and you run the sodtware on an android tablet.
@Rogue_78
@Rogue_78 4 ай бұрын
I could imagine a ransomware hack where they lock data and then lock the trucks separately
@alex59292
@alex59292 4 ай бұрын
The Elds driving multiple trucks in my head reminds me of fast and furious
@lmexperimt
@lmexperimt 4 ай бұрын
Great content. I guess you finally hired a video editor 😂
@BradleySmith1985
@BradleySmith1985 4 ай бұрын
the ELD maybe should only have read access or a physical switch for admin/ wright access.
@SLLabsKamilion
@SLLabsKamilion 4 ай бұрын
that's not how CAN bus frames work, unfortunately. Gotta write to the bus before you'll get a response code.
@BradleySmith1985
@BradleySmith1985 4 ай бұрын
@@SLLabsKamilionwell that is a bummer
@gameteindifference2350
@gameteindifference2350 4 ай бұрын
So, why aren't these ELDs made as read-only devices? Why do they need complete control over the trucks' computer?
@supernovahm1178
@supernovahm1178 4 ай бұрын
The way the electrical communications busses in lots of vehicles work, allows for them to send controls over the same busses which ELD's listen to. Any device on the bus can pretend to be an ECU or report false data, etc. Only cryptographically secure communications using a feature called the transport protocol can actually be signed and authenticated - everything else which is standardised is not cryptographically secure. However it is worth noting that before wireless communications entered this space - all vehicles were essentially air-gapped. A device which connects to the bus and which allows remote updating is a clear vulnerability. It is obviously necessary that such wireless communications be implemented in such a way that a malicious actor cannot take advantage of them. However like I said earlier - because bluetooth is complex, many companies either cannot be bothered or cannot afford to properly learn it or have their engineers learn it. And they fall miles short of implementing it in a secure fashion.
@gameteindifference2350
@gameteindifference2350 4 ай бұрын
@@supernovahm1178 It seems like in several aspects of life, convenience and privacy/security are inversely related. It's very difficult, if not impossible, to have both at the same time. A shame, really.
@timecop1983Two
@timecop1983Two 4 ай бұрын
do you have any cyber security certs؟؟؟
@ejonesss
@ejonesss 4 ай бұрын
why not build a transmitter to sweep the entire 1.4 ghz band or what ever band the wifi is working on to prevent the data from getting out. a more legal way would be a deauth attack similar to what hackers use to steal the wifi passwords . if the really want to wreak havoc just corrupt the firmware by crashing the installer while flashing making the truck a several hundred thousand dollar brick
@TCBOT
@TCBOT 4 ай бұрын
easy fix replace tcm and ecm done
@rustymustard7798
@rustymustard7798 4 ай бұрын
Hey, I'm watching this from your hotel room!
@Seytonic
@Seytonic 4 ай бұрын
👀
@gFamWeb
@gFamWeb 4 ай бұрын
2:30 the "upload firmware" page is the root page? this is like putting a hammer outside your glass door and saying "but it's locked!"
@cdkw8254
@cdkw8254 4 ай бұрын
uBlock is the goat in all realms
@19ate4
@19ate4 4 ай бұрын
A government self-made problem And of course, “ companies” that government employees have stock in will have a solution to this problem.
@StillConfusing
@StillConfusing 4 ай бұрын
why the hell would the wireless antennae be on on at all time? like what
@paulsaulpaul
@paulsaulpaul 4 ай бұрын
Kind of like paying off a ship captain to crash his ship in the Suez Canal to create a supply shortage... you can just spend a month spread a worm to shutdown most/all of the trucking in a country at the same time. Nicely done.
@techwhipped
@techwhipped 4 ай бұрын
Oh great instead of hackers holding database information for ransom now there going to holding truck companies for ransom remotely.
@Aeduo
@Aeduo 4 ай бұрын
One of those devices would have to be remarkably poorly designed to be able to participate on the bus or send commands if it's really not necessary for their function, rather than just sitting on the bus and listening for what's happening.
@markyoungkush2925
@markyoungkush2925 4 ай бұрын
Guess I added that domain to my pinhole server
@Rockport1911
@Rockport1911 4 ай бұрын
Iam not worried about outside hackers that much, even tho making every truck ina country suddenly not move anymore would be a desater. I fear that the data of ELD can be tempered with to allow owner/ drivers to drive longer without getting caught. We have seen this in the past where DPF/ AdBlue systems got hacked into thinking they where installed or always toped of to save expenses...
@Ash-V
@Ash-V 15 күн бұрын
uBlock continuing to do the Lord's work
@darkromano_
@darkromano_ 4 ай бұрын
Thanks for the video!
@RetroEcoChicken
@RetroEcoChicken 3 ай бұрын
those rf cards are not news............someone even proved that you can get the code just by beeing close to it or putting something on a door that would also get the info.
@asdproducts6590
@asdproducts6590 4 ай бұрын
wait what if you send incorrect passwords to the hackers, it wold be funny lol
@easternplatypus
@easternplatypus 4 ай бұрын
IoT at it again
@Hex-Mas
@Hex-Mas 4 ай бұрын
GAWD SPEED uBlock
@fixmehanicar
@fixmehanicar 4 ай бұрын
You just unplug it and continue driving on paper log. Noting new noting spectacular.
@elmehdiezziar
@elmehdiezziar 4 ай бұрын
Wow😊
@whothis8933
@whothis8933 4 ай бұрын
So brave is not blocking the dynamic site?
@BillAnt
@BillAnt 4 ай бұрын
The latest version does including fingerprinting.
@fokyewtoob8835
@fokyewtoob8835 4 ай бұрын
I’m so tired of these freaking unskippable ads
@gamer_X322
@gamer_X322 4 ай бұрын
Use ad block
@RadicalInteger
@RadicalInteger 4 ай бұрын
صندلی اداری؟
@ImbraWolf
@ImbraWolf 4 ай бұрын
smart doesn't mean secure
@SASTSimon
@SASTSimon 4 ай бұрын
HELLO
@ricearoni2015
@ricearoni2015 4 ай бұрын
where is hello world?
@commanderpaladin
@commanderpaladin 4 ай бұрын
Imagine mining crypto on elds
@D.von.N
@D.von.N 4 ай бұрын
Do you think the black market obeys some legal letters from delete me? It will actually delete you from your accounts before you say 'excuse me'.
@ardwetha
@ardwetha 4 ай бұрын
Truck n roll
@denismilic1878
@denismilic1878 4 ай бұрын
I'm not an important person and I build all my "smart" devices with my custom protocols and firmware. I feel pretty safe no hacker wants to invest time to hack my systems because the gain is very small.
@ILoveTinfoilHats
@ILoveTinfoilHats 4 ай бұрын
Security by obscurity isn't security
@denismilic1878
@denismilic1878 4 ай бұрын
@@ILoveTinfoilHats yes you are right BUT if you are not interested target you are pretty safe.
@internallyinteral
@internallyinteral 4 ай бұрын
​@@ILoveTinfoilHatswhy not both??
@Timmahh.
@Timmahh. 4 ай бұрын
The release of this info stinks. I wonder if this is to give someone a tip or suggestion. How was the company/companies involved in mfg not contacted to fix before releasing.
@schwingedeshaehers
@schwingedeshaehers 4 ай бұрын
mfg? and what do you mean, which one wasn't notified before?
@KnowledgeBomB2
@KnowledgeBomB2 4 ай бұрын
What you mad cause y'all getting hacked 😊
@Timmahh.
@Timmahh. 4 ай бұрын
@@schwingedeshaehers manufacturing. I said there ‘companies involved’ so the can release a software patch etc
@Timmahh.
@Timmahh. 4 ай бұрын
@@KnowledgeBomB2 maybe if I was a trucker or something lmao
@Sl0st629
@Sl0st629 4 ай бұрын
🔓 🔑 Easy
@d.bk-201
@d.bk-201 4 ай бұрын
11 views and 22 likes is insane
@koghs
@koghs 4 ай бұрын
Views are updated slower than likes because views also log shitton of other info used for KZfaq analytics.
@InakiArzalluz
@InakiArzalluz 4 ай бұрын
Also caching and such
@desertdude540
@desertdude540 4 ай бұрын
Google quality software.
@redslashed
@redslashed 4 ай бұрын
bruh
@sockraltiltemper5402
@sockraltiltemper5402 4 ай бұрын
Please God let bad actors shit house prime trucking
@remixedcat
@remixedcat 4 ай бұрын
government mandated vulnerabilities
3 Million Hacked Toothbrushes used in a DDoS Attack?!
8:30
Seytonic
Рет қаралды 113 М.
I Was Scammed With 800 MicroSD cards
10:56
Seytonic
Рет қаралды 208 М.
Fast and Furious: New Zealand 🚗
00:29
How Ridiculous
Рет қаралды 48 МЛН
Little brothers couldn't stay calm when they noticed a bin lorry #shorts
00:32
Fabiosa Best Lifehacks
Рет қаралды 17 МЛН
Magic trick 🪄😁
00:13
Andrey Grechka
Рет қаралды 32 МЛН
Smart Sigma Kid #funny #sigma #memes
00:26
CRAZY GREAPA
Рет қаралды 19 МЛН
Russian Missile Alert System Hacked
9:24
Seytonic
Рет қаралды 131 М.
All Apple Products are Vulnerable to New Password Stealing Hack
10:42
Stealing Files From Your Power Supply?!
9:12
Seytonic
Рет қаралды 139 М.
Stop Hackers With This!
10:15
Seytonic
Рет қаралды 102 М.
Undercover CIA Websites Got Informants Killed
9:53
Seytonic
Рет қаралды 560 М.
The Hacking Empire Built on Discord
9:57
Seytonic
Рет қаралды 214 М.
Hiding Malware in Space Pictures
9:12
Seytonic
Рет қаралды 115 М.
Russian TV Hacked by AI Putin... Panic Ensues
10:16
Seytonic
Рет қаралды 277 М.
The $15,000 A.I. From 1983
22:04
Popular Science
Рет қаралды 414 М.
Fast and Furious: New Zealand 🚗
00:29
How Ridiculous
Рет қаралды 48 МЛН