8.7 C
London
Wednesday, September 20, 2017
Home Tags Nissan

Tag: Nissan

The world's best-selling electric vehicle just got a redesign.
Vehicle-to-grid system could offer frequency response, incentivize electric ownership.
Hand-beaten panels, solid axles and leaf springs, and a 120kW electric motor.
Telematics torched in BMWs, Infinitis, Nissan Leaf and some Fords A bunch of mid-age Ford, Infiniti, Nissan and BMW vehicles are carrying around a vulnerable chipset from Infineon that America's ICS-CERT reckons is easy to exploit.…
Hyundai's upmarket brand is starting to find its feet.
90-mile range, plus EV charging points are few and far between in Siberia.
The 840-hp Dodge Demon, Nissan GT-R Track Edition, Bugatti Chiron, and more.
Think luxury rather than sporty.
Enlarge / STERLING HEIGHTS, MI - AUGUST 26: Fiat Chrysler Automobiles CEO Sergio Marchionne speaks at an event celebrating the start of production of three all-new stamping presses at the FCA Sterling Stamping Plant August 26, 2016 in Sterling Heights, Michigan. (Photo by Bill Pugliano/Getty Images)Bill Pugliano reader comments 89 Share this story On Thursday the US Environmental Protection Agency (EPA) announced that Fiat Chrysler (FCA) diesel vehicles were found to have "at least eight" instances of undisclosed software that modified the emissions control systems of the cars.

The vehicles implicated in the EPA's Notice of Violation (NOV) include 2014, 2015, and 2016 diesel Jeep Grand Cherokees, as well as Dodge Ram 1500 trucks with 3.0-liter diesel engines.

The allegations involve 104,000 vehicles, the EPA said. The EPA says it's still in talks with FCA and hasn't ordered the company to stop selling affected cars yet, nor is it officially calling the software a "defeat device" just yet until FCA provides a more detailed explanation. In a press conference, agency officials said that the undisclosed software was discovered after September 2015, when the EPA and the California Air Resources Board (CARB) began doing additional testing on vehicles in the wake of the Volkswagen Group scandal. VW Group was discovered to have almost 600,000 diesel vehicles on US roads with some kind of illegal software on them.

The software allowed VW Group's cars to pass emissions testing under lab conditions but would reduce the effectiveness of emissions controls under real-world driving conditions, causing the cars to emit nitrogen oxide (NOx) far in excess of federal limits. According to the EPA, FCA's undisclosed software works similarly, too.

EPA Assistant Administrator Cynthia Giles told press Thursday morning that the "software is designed such that, during the emissions test, Fiat Chrysler’s cars meet the standards," for NOx emissions. However, the "software reduces the effectiveness of emissions controls when driving at high speed or for long durations," she added. These kinds of workarounds are not uncommon for car makers to use and are not illegal if they're properly disclosed and approved by the EPA.

But efforts to meet emissions standards have driven automakers to install undisclosed devices illegally for decades.
In fact in the 1970s, Chrysler—along with GM, Ford, American Motors, Nissan, and Toyota—was reprimanded by the EPA for installing defeat devices in its cars to "defeat the effectiveness of emission control systems under conditions not experienced during EPA’s certification testing." In some instances the defeat devices helped the cars start more easily in cold weather, in others, time-delay switches cut the emissions control systems while the cars shifted from low to high gears. In Europe, too, rules allow diesel vehicles to cut the emissions control system under certain conditions like cold weather.

Automakers have toed a line, though, using emissions control software where "cold" weather means as high as 64 degrees Fahrenheit. Giles noted during the EPA's press conference that the agency has tested other diesel vehicles since the Volkswagen scandal was made public and found no violations. "It is by no means impossible to make a clean diesel vehicle that meets our standards," she said. In a statement (PDF), FCA said it would continue to work with the EPA to resolve the issue. "FCA US diesel engines are equipped with state-of-the-art emission control systems hardware, including selective catalytic reduction (SCR).

Every auto manufacturer must employ various strategies to control tailpipe emissions in order to balance EPA’s regulatory requirements for low nitrogen oxide (NOx) emissions and requirements for engine durability and performance, safety and fuel efficiency.

FCA US believes that its emission control systems meet the applicable requirements." FCA added that it had spent "months providing voluminous information" to the EPA and other regulators.

The company said it had also made proposals to fix the issues, including "developing extensive software changes to our emissions control strategies that could be implemented in these vehicles immediately to further improve emissions performance." FCA has not yet been sued, but the EPA says it could be "liable for civil penalties and injunctive relief for the violations alleged in the NOV [Notice of Violation]." Correction: This story originally said the EPA found the software on the FCA diesels was illegal.
In fact, the EPA is still determining whether the software itself was illegal. However, Fiat Chrysler violated EPA rules by not disclosing the software.
Remote control eavesdrop clone is 'master key' Security researchers will highlight vulnerabilities in keyless entry systems that impact on the protection against theft of millions of cars at a conference tomorrow. The researchers, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, said they'd found that it was possible to clone a VW Group remote control after eavesdropping on a signal. The hack means its possible for thieves to unlock cars even if the owners have locked them. Worse yet, almost every vehicle the Volkswagen group has sold for the last 20 years – including cars badged under the Audi and Skoda brands – are potentially vulnerable, say the researchers.

The problem stems from VW’s reliance on a “few, global master keys”. El Reg asked Volkswagen’s PR team to comment on the upcoming research but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more. During an upcoming presentation, entitled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot. The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection. While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention.
In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers. In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote. Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles. Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen.

This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement. The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on. Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.

Alternatively, a software defined radio rig connected to a laptop might be employed.

Either way, captured data can be used to make counterfeit kit. ® Sponsored: 2016 Cyberthreat defense report
Frank Derksreader comments 64 Share this story Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities. The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob—obtained with a little electronic eavesdropping, say—you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute. Similar techniques have been linked to a number of car thefts, including most recently in Houston. It seems the power of 1990s-era automotive-grade encryption is helpless in the face of $40 Arduinos and SDR.
Account takeover is a pushover Security researcher Scott Helme has turned up a dumb password reset bug in UK energy company Ecotricity's car charging app. The bug is in the app the company provides for users of its network of 'leccy car recharge points: it had a bad user enumeration bug that would let an attacker reset someone else's password and therefore take over their account. As Helme explains, when a user hits the password reset, the app returns a token to their browser – and that's the same token that lands in the e-mail the app sends: “The Reset Password button contained a link as you'd expect and was for the following address: https://www.ecotricity.co.uk/ecovalidate/token/3119efbec979b11544fd809b75d5467a “The token on the end of that address may look familiar and it is indeed the token returned by the initial API request to start a password reset for the provided account! Oopsie!” Why is that an error? Because all the attacker would now need is a user ID or e-mail address to get a reset token for the victim, without needing access to the victim's e-mail, because the attacker would have the same token as would land in the e-mail. Given his suspicion that the rest of the Ecotricity API might not have had the scrutiny it needs, Helme has posted his mapping of the API to https://github.com/ScottHelme/Ecotricity-API GitHub. The company fixed the bug after receiving Helme's report. Helme's previous work we've covered included a slip in the Nissan Leaf owner's app; an information leak in the Hotel Hippo Website; and badly-secured EE BrightBox routers. ® Sponsored: Global DDoS threat landscape report