Security Vulnerabilities that Cross the Physical Divide to Compromise Cars, Pacemakers, Mobile Phones, and ATMs

With Blackhat USA behind us and Defcon in its full throes, there seems to be a trend away from purely digital hacks and toward physical devices. These include cars and implantable medical devices. To be fair, physical world security has been trending for a few years, including demonstrations of how to hack an ATM and smart meters.

I’ve been interested in the intersection of digital and physical security for over a decade and hacked into my BMW in 2008, partly to troubleshoot a problem with my navigation system, but also just to scope out the landscape. I had to build a serial (RS 232) adapter with a breadboard and solid state components to jack my laptop into the wiring harness, and my soldering iron skills leave one with the impression of kindergarten artwork, but it worked. And yet my project was completely occluded by much of the research you can find with a simple Google search.

In that spirit, I’ve assembled nineteen links to research that cross the divide from some guy at the keyboard of his Linux PC in his parent’s basement, dressed in only flip-flops and pajama bottoms, and rebuilding his Linux pentesting platform for the hundredth time this month, to those pioneers with the smarts to break out oscilloscopes and the dexterity to disassemble the dashboard of a Prius. Please to enjoy this smorgasbord of articles, research papers, and videos:

Automobile Hacking / Vulnerabilities

1. Watch Hackers Hack into Toyota Prius, Ford Escape

2. Hacking into cars via the wireless Tire Pressure Monitoring System (TPMS)

3. Comprehensive Experimental Analyses of Automotive Attack Surfaces

4. Police ‘stumped’ by car thefts using electronic skeleton key

The following is not technically automobile hacking—nor marine craft hacking—but it vaguely fits into the category of how to compromise a technology, navigation, that transportation systems of all types have come to rely on.

5. Texas students fake GPS signals and take control of an $80 million yacht

Medical Device Hacking / Vulnerabilities

6. Black hat hacker can remotely attack insulin pumps and kill people

7. Yes, You Can Hack A Pacemaker (And Other Medical Devices Too)

8. FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks

9. Medical Devices Hard-Coded Passwords

As a side note, Barnaby Jack, security researcher for IOActive, was a star in hacking physical devices, including medical implants and ATMs. His recent death at the age of 35 is sad and a great loss for the security community.

Misc Device Hacking / Vulnerabilities

10. ATM hack gives cash on demand

11. IOActive Smart Meter Worm PoC

12. Remotely listen in via hacked VoIP phones

13. Your Smartphone Can Photograph You, and Share the Pictures, Without Your Knowledge

14. Rooting exploit could turn Google Glass into secret surveillance tool

Microchip Hacking / Vulnerabilities / Backdoors

15. SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones

16. Backdoor found in popular FPGA chip

And Old School Lock Picking + A Vulnerability in Card Key Hotel-Style Locks

17. Lock Picking 101 • Forum for Lock Picking, Locks, Safes, Picks and Locksmiths

18. Reverse engineer the master key given access to a single tenant (sub-key) lock and key

19. Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix

This is just a sampler buffet of physical security goodness. Please share your links in the comments below and I’ll assemble a web page with as complete a set of listings as I can.