BlackBerry QNX OS Not Part of the Jeep IoT Hack

As reported by BlackBerry Blogs: By now, you have likely seen the headlines on WIRED and other media outlets about the remote exploitation of a vehicle infotainment system. In summary, two security researchers were able to leverage a vulnerability in the system and take over the vehicle’s dashboard functions, steering, transmission, and brakes.

Since the exploit came to light, a formal recall has been issued for 1.4 million vehicles that may be affected by the vulnerability, it looks like a class-action lawsuit is on the way, and the National Highway Traffic Safety Administration (NHTSA) is apparently studying the issue, with a report to come.

More recently, however, the website Seeking Alpha has published its own story on the matter, which speculates on BlackBerry’s role. While the legal complaint is directed at the vehicle manufacturer and the maker of the infotainment system, the operating system used is the QNX Neutrino OS supplied by QNX Software Systems, a subsidiary of BlackBerry. So, the article asks, is the hack a vulnerability of QNX technology?

We can state unequivocally that it is not.

The QNX Neutrino OS has been deployed in more than 60 million vehicles and field-proven in a host of mission-critical and safety-critical applications. In any computing architecture, the OS can play a key role in enabling reliability and security. An infotainment system such as the one in question has several software components in addition to an OS. The security of such a system is only as strong as the weakest link. In this particular case, the vulnerability came about through certain architecture and software components that are unrelated to the QNX Neutrino OS.

Further, the two security researchers who uncovered the vulnerability have clearly demonstrated that the weakness exploited is not due to the QNX Neutrino OS.

Finally, and perhaps most important, the automaker, the infotainment system supplier and the cellular carrier that connects these vehicles to the Internet have already implemented measures to block unauthorized entry to affected systems.

Connected cars are the future, and BlackBerry is proud to play a leading role in this exciting field through QNX and BlackBerry IoT.

Electric Vehicle is Like a Laptop That You Ride

As reported by Dezeen: A Japanese inventor has developed the "world's smallest electric car" – an aluminium board with wheels that carries a passenger like a Segway and fits into a backpack (+ movie).

Kuniaki Sato's company Cocoa Motors is set to launch the new personal transportation device this autumn.

The lightweight aluminium board is approximately the size of a laptop and can carry loads of up to 120 kilograms.

Available as an indoor and outdoor version, the four-wheeled WalkCar is powered by a lithium battery and can reach speeds up to 10 kilometres (6.2 miles) per hour.

The device works similarly to the bulkier two-wheeled Segway device, with the user shifting their weight to change direction.

Stepping onto the board starts it automatically and disembarking immediately stops the motion. The device is small and light enough to pick up and pack away into a rucksack when necessary, similar to Impossible Technology's folding electric bike.

"WalkCar is the world's smallest electric car that can be mobile and put in a bag," said Cocoa Motors. "Just turn the body in the direction you want to go, you can move freely."

According to Cocoa Motors, three hours of charging provides enough power for travelling distances of up to 12 kilometres (7.4 miles).

Sato came up with the idea while studying engineering. He set up Tokyo-based Cocoa Motors in 2013 and has since developed the concept into a working prototype.

"I thought: 'What if we could just carry our transportation in our bags, wouldn't that mean we'd always have our transportation with us to ride on?' And my friend asked me to make one, since I was doing my masters in engineering specifically on electric car motor control systems," Sato toldReuters.

WalkCar is set to launch on crowdfunding website Kickstarter in October 2015, with a price tag of around 100,000 yen (£500) and shipping is expected in Spring 2016.

Last month, the "world's lightest and most compact electric bike" surpassed its crowdfunding goal in just two days.

Lexus, meanwhile, unveiled its eagerly anticipated hoverboard last week, which uses magnetic fields to carry its rider without touching the ground.

SpaceX has been Quietly Simulating Sending Manned Dragons to the ISS

As reported by Wired.co.uk: SpaceX has been launching test flights to and from the International Space Station in secret -- and they've all been a success to date.

Unfortunately for impatient space travel fans, they are all taking place entirely in Hawthorne, California.

The Crew Dragon simulation involves detailed checks of the cargo delivery spacecraft's avionics systems, including the hardware and software. The idea was to check how the two systems would operate in conjunction during a crewed flight.

"It may not sound exciting," admitted Space X vice president of mission assurance, Hans Koenigsmann, "but it's a really, really important tool."

"We can basically fly the Crew Dragon on the ground -- flip the switches, touch the screens, test the algorithms and the batteries -- all before testing the avionics system in flight. It's important to get the avionics right before putting it into the capsule."

Documenting the successful 'launch' on its website, Nasa compared the simulation setup to its own Shuttle Avionics Integration Lab in Houston where the Shuttle Program was put through the wringer before real life launches. It was a chance to ensure all the code was working as it should, and for final tweaks to be made.

SpaceX has already conducted successful launches of its cargo ship, Dragon, though it has experienced a series of setbacks related to its Falcon 9 rocket. The rocket is designed, in theory, to be salvageable and reusable, taking the Dragon spacecraft into orbit and helping ferry cargo to and fro from the ISS. On a test launch on 28 June however, the rocket exploded mid-flight within minutes of take-off, destroying the unmanned Dragon capsule and its cargo. Early analysis indicated the incident was down to a faulty strut.

Nevertheless, the SpaceX team hopes for another Falcon 9 launch by the end of the year, and this will help prep for a future Dragon V2 launch -- a manned version of the Dragon, which the Crew Dragon simulation is designed to test. SpaceX CEO Elon Musk is hoping for a 14-day manned flight to take place as soon as 2017. The V2 will be able to carry up to seven astronauts, or a mixture of crew and cargo, and is described as Nasa's future space taxi along with another manned vehicle being developed by Boeing.

There are potentially yet more stumbling blocks on the road for SpaceX, however. On 5 August Nasa told Congress that as a direct result of its underfunding of the commercial space flight scheme, it has had to extend its contract with Russian space agency Roscosmos to deliver cargo and crew to the ISS, at a cost of $490m.

"I am asking that we put past disagreements behind us and focus our collective efforts on support for American industry -- the Boeing Corporation and SpaceX -- to complete construction and certification of their crew vehicles so that we can begin launching our crews from the Space Coast of Florida in 2017," Nasa administrator Charles Bolden wrote in the statement.

Reductions in spending related to Nasa's 2016 fund requests "would likely result in funds running out for both contractors during the spring/summer of FY 2016", warned Bolden. This would likely lead to contract renegotiations and more unscheduled delays.

Electric Car Drivers Tell Ford: We'll Never Go Back To Gasoline

2015 Ford Focus Electric

As reported by Green Car Reports: Fully nine out of 10 electric-car drivers say they won't go back to cars with internal-combustion engines, according to a new Ford survey.

The results included responses from 10,000 drivers of both battery-electric cars and plug-in hybrids.

It found that 92 percent of battery-electric drivers, and 94 percent of plug-in hybrid drivers, plan to purchase another plug-in car as their next vehicle.

More often than not, that specifically means a battery electric car, Stephanie Janczak--Ford's Manager of Electric Vehicle Infrastructure and Technology--said in a recent interview with CleanTechnica.

Janczak noted that most current all-electric drivers said they would stay with that type of car, while plug-in hybrid owners were more inclined to consider switching to an all-electric vehicle.

The driving experience, and an appreciation of clean technology, were cited as the main reasons for staying electric, she said.

2015 Ford Focus Electric

The survey also found a strong correlation between electric-car ownership and renewable-energy use.

Ford says 83 percent of drivers surveyed either would consider installing solar panels at their homes, or already have them.

Using a home solar array to charge an electric car helps further reduce its carbon footprint, by limiting reliance on non-renewable grid sources used to power it.

Ford's Janczak underscored the clear relationship between electric-car ownership and home-solar use, which had first been identified in a 2012 survey of electric-car drivers by the state of California.

Smartphone apps can also be an important part of electric-car ownership, Ford's survey found.

Many respondents said they used apps to check battery levels, remotely set climate control, and monitor charging status.

2015 Ford C-Max Energi

Apps that locate charging stations, indicate charging time, let drivers reserve and pay for charging, and provide vehicle-health reports were among the "most requested" smartphone features, a Ford statement said.

Many U.S. households have more than one car, and those with electric cars were found to be no different.

About 90 percent of electric-car owners were found to have a second car--and that car tended to be powered by gasoline.

The combustion-engined cars tend to be used for longer trips that might exceed the practical range of today's electric cars, the survey says.

Could boosting the range of future electric cars get current owners to ditch these backup gasoline models as well?

Given the current level of enthusiasm for electric cars among owners, the answer could very well be "yes."

Hacking A Phone's GPS May Have Just Gotten Easier

As reported by Forbes: One of the drawbacks of our increasingly connected world is the proliferation of new wireless connections to hack. More worrying is when hackers finding cheaper and more accessible ways to exploit those vulnerabilities.

For some time it’s been possible to spoof the location of a smartphone or any other device that is connected to a global position system (GPS), but to do so required a sophisticated and often expensive GPS emulator that can cost thousands of dollars.

Now a team of researchers at Chinese Internet security firm Qihoo 360 claim they’ve found a way to make a GPS emulator that can falsify the GPS location of smartphones and in-car navigation systems, more cheaply. (Qihoo’s researchers famously hacked a Tesla Model S last year, taking control of the car’s lock, horn and flashing lights.)

Lead researcher Lin Huang, who will be the first Chinese woman to present at the Defcon security conference later today, says her team used common software-defined radio (SDR) tools to create their module and software. They also used open-source software found on Github that had come from researchers at a Chinese university and some of their own code.

The SDR or radio tools that Huang used include HackRF, once described by Forbes as the $300 wireless Swiss army knife for hackers. The small, relatively cheap board can move between radio frequencies, read and transmit to a broad range of radio frequencies – from the low range used by FM radio to the higher frequencies of WiFi or other more cutting edge protocols.

On smartphones the attack targets navigation signals being delivered at the chipset level, meaning there’s little difference if the device is made by Apple or an Android vendor.

“This is a very low-cost way,” to make a GPS emulator, Huang said on the sidelines of the annual security conference in Las Vegas, speaking with some help from a translator. “This method increases the risk for GPS devices.”

Huang was planning to use a volunteer from the Defcon audience to demonstrate the hack at work but will have to resort to using a video instead due to legal restrictions.

There aren’t many known examples of malicious GPS spoofing till now. In 2011 an Iranian government-sponsored hackers are thought to have diverted and landed an American stealth drone made by Lockheed Martin after it flew into Iranian airspace. The Iranian specialists were able to hijack the drone thanks to GPS spoofing techniques, according to a report in the Christian Science Monitor.

In 2013 researchers from the University of Austin, Texas were able to send a 213-foot yacht off course at sea using a custom-made GPS spoofing device. Prof. Todd Humphreys led the experiment to show the risks of attacks on navigation systems.

Like any security researcher who’s found a new exploit, Huang claimed dramatic consequences to the development. “Hackers can give the wrong GPS position, for example, to a drone,” she said. “If you use GPS to drive a car it can change you to a different location… [or direct the victim] to go down a cliff. Whatever they want you to do. It is very dangerous.”

Huang specializes in wireless communication systems as well as software defined radio tools like the ones she used to create her bargain-basement GPS spoofer.

She suggests that chipset manufacturers should consider introducing new software that can better detect GPS spoofing, and that GPS satellites also bear responsibility for defending against such attacks.

This Electric Vehicle Can Go Almost Anywhere

As reported by Mashable: Why have a Jeep when you could have this?

French company Swincar debuted its Spider Electric 2 offroad vehicle at "The Salon des Inventions" — an annual exhibition for inventors and their inventions — in Geneva in April, but a video of the car is now generating attention online.

The company very accurately describes it as a "mechanical spider on wheels." It uses a fully independent suspension (i.e. wheels are fully independent of each other) with massive control arms, which give it incredible levels of wheel articulation. This means all four wheels will remain on the ground no matter how treacherous the terrain gets. Its axles can even cross over each other, which is unlike any vehicle before it.

Suspended in the middle of this ridiculous setup is the the lithium-ion battery pack, along with the driver's seat and controls sitting on top. The battery pack sends its power to individual electric motors at each of the wheels. Swincar says the Spider Electric 2 can drive for four hours on a battery charge.

Swincar offers the options of traditional two-wheel steering and four-wheel steering for added agility.

IMAGE: SWINCAR

With its lightweight aluminum construction and slinky suspension, the Spider stands in sharp contrast to other four-wheeled off-road vehicles that generally use brute force to tackle rough terrain. What the Spider lacks in comparison with something like a Jeep or a Land Rover is ground clearance, meaning it wouldn't be able to climb the steepest rocks without scraping its underside.

The Spider beats traditional off-road trucks by being incredibly nimble.

According to the company's website, the Spider has been in development for seven years and the company is now looking for investors and dealers to sell the car.

Swincar is also developing a Spider for disabled drivers that can be controlled by joystick instead of a wheel and pedals.

It's unclear whether or not the Spider Electric 2 will reach production. We've reached out to Swincar for comment, and we'll update when we have one.

How Hackers Tore Apart A Tesla Model S To Kill The Car Mid-Drive

As reported by Forbes: Tesla currently has a good rep in security circles. Its cars might be some of the most connected, but they’re also some of the best protected from digital attacks. That’s what Marc Rogers, of content delivery network CloudFlare, and Lookout Mobile Security co-founder Kevin Mahaffey discovered as they tried to find ways to hack the Tesla Model S. But whilst they had much praise for the luxury vehicle, they were still able to compromise it, cracking open doors, altering the dashboards and even shutting the car off.

Rogers and Mahaffey had to rip the Tesla apart, quite literally, until they found an ethernet port that let them connect directly to the Model S’CAN bus, the controller area network across which car data is sent and received. In total, they needed to chain four separate vulnerabilities to first gain access to the infotainment systems and the touchscreen used to control certain functions of the vehicle.

From there, they were able to do all kinds of diabolical things, including forcing the speedometer to disappear, altering the suspension, unlocking doors and the trunk, making windows go up and down, as well as killing the car.

An American flag is reflected in the grill of a Tesla Model S P85D at Tesla headquarters in Palo Alto, California on April 30, 2015 during the visit of Japanese Prime Minister Shinzo Abe. AFP PHOTO / JOSH EDELSON (Photo credit should read Josh Edelson/AFP/Getty Images)

Despite the problems uncovered by Rogers and Mahaffey, they discovered Tesla had a novel way to prevent even the most severe attack, that of shutting down the car, from causing carnage. When going under 5Mph, engine shutdown saw the displays go blank and the car “lurched to a stop” until the handbrake stopped it, Rogers noted. When attacked travelling any faster than that, the screens would go blank but the car would shift into neutral, allowing the driver to find somewhere safe to stop and restart the car.

“Ironically that means it’s the only car that can protect itself against a successful cyber attack,” Rogers noted.

They were able to get malware, effectively a bespoke vehicular remote access trojan (RAT), onto the car’s network after getting physical access, meaning they could subsequently attack the car remotely. It was effectively a simple backdoor, specifically an OpenSSH tunnel into the Tesla.

Tesla disputed the hackers were able to do remote attacks, whilst confirming fixes were being delivered today. “Tesla has taken a number of different measures to address the effects of all six vulnerabilities reported by Lookout. And, we continue to develop further ways to harden our systems, informed by ongoing discussions with the security research community, as well as our own internal analysis. The update has been made available to all Model S customers through an OTA update. We will deploy this update to all vehicles by Thursday,” a spokesperson said in an emailed statement to FORBES.

“Our over-the-air software updates remotely add new features and functionality to Model S. Similarly to how you receive updates to your smartphone, Model S owners download these updates from Tesla via Wi-Fi or a cellular connection. A button will pop up on Model S’s 17” touchscreen and an owner can select a time to download the latest version of software. The ability to receive these features and fixes is free for the life of the vehicle and is one more way that Tesla is redefining auto-ownership.”

Indeed, Rogers said Tesla was doing the right thing providing over-the-air updates with a modem and cellular connection Elon Musk’s company offers for free. Mahaffey claimed that some of Tesla’s updates were more like mitigations rather than full patches, the segregation of the on-board network was good enough to help prevent potential real-world attacks.

Disclosure was also relatively painless, even if there was a “long lag” between the original warning to the time the right people at Tesla were on the case, according to Rogers. “They are very forward looking,” said Mahaffey.

The researchers, who will present their findings in full at the DEF CON conference in Las Vegas on Friday, also found two potential browser vulnerabilities that they also disclosed, though didn’t exploit.

This week saw Chris Evans take the lead security role at Tesla, making the move over from Google’s elite Project Zero research team. Evans even helped Tesla address the issues, said Mahaffey, noting: “This gives me really high hopes with Tesla going forward.”

“I would like to see what they’ve done as a reference model for others… I think they’ve got lessons to learn but they’re 75 per cent there,” added Rogers.

This isn’t the first time Tesla has been targeted by benevolent hackers. Chinese researchers from Qihoo 360 exploited the car for a $10,000 award in 2014. Its website and Twitter feeds were hit by malicious hackers earlier this year too.

There’s been a heavy focus on car security this week during the Black Hat and DEF CON conferences this week. Not only have attacks on Chrysler vehicles been demonstrated, but Qihoo researchers are also due to show GPS exploits to trick cars into following false directions and Samy Kamkar is to demonstrate a cunning way to unlock vehicles with a $50 device.