Home Tags Nissan

Tag: Nissan

Becoming Genesis—the 2018 G80 Sport

Hyundai's upmarket brand is starting to find its feet.

Nissan Leaf EV enters 10,000-mile Mongol Rally

90-mile range, plus EV charging points are few and far between in Siberia.

The 2017 New York International Auto Show: best of the rest

The 840-hp Dodge Demon, Nissan GT-R Track Edition, Bugatti Chiron, and more.

The 2017 Infiniti QX30: A stylish crossover let down by its...

Think luxury rather than sporty.

EPA: Fiat Chrysler diesels have software to thwart emissions controls

Enlarge / STERLING HEIGHTS, MI - AUGUST 26: Fiat Chrysler Automobiles CEO Sergio Marchionne speaks at an event celebrating the start of production of three all-new stamping presses at the FCA Sterling Stamping Plant August 26, 2016 in Sterling Heights, Michigan. (Photo by Bill Pugliano/Getty Images)Bill Pugliano reader comments 89 Share this story On Thursday the US Environmental Protection Agency (EPA) announced that Fiat Chrysler (FCA) diesel vehicles were found to have "at least eight" instances of undisclosed software that modified the emissions control systems of the cars.

The vehicles implicated in the EPA's Notice of Violation (NOV) include 2014, 2015, and 2016 diesel Jeep Grand Cherokees, as well as Dodge Ram 1500 trucks with 3.0-liter diesel engines.

The allegations involve 104,000 vehicles, the EPA said. The EPA says it's still in talks with FCA and hasn't ordered the company to stop selling affected cars yet, nor is it officially calling the software a "defeat device" just yet until FCA provides a more detailed explanation. In a press conference, agency officials said that the undisclosed software was discovered after September 2015, when the EPA and the California Air Resources Board (CARB) began doing additional testing on vehicles in the wake of the Volkswagen Group scandal. VW Group was discovered to have almost 600,000 diesel vehicles on US roads with some kind of illegal software on them.

The software allowed VW Group's cars to pass emissions testing under lab conditions but would reduce the effectiveness of emissions controls under real-world driving conditions, causing the cars to emit nitrogen oxide (NOx) far in excess of federal limits. According to the EPA, FCA's undisclosed software works similarly, too.

EPA Assistant Administrator Cynthia Giles told press Thursday morning that the "software is designed such that, during the emissions test, Fiat Chrysler’s cars meet the standards," for NOx emissions. However, the "software reduces the effectiveness of emissions controls when driving at high speed or for long durations," she added. These kinds of workarounds are not uncommon for car makers to use and are not illegal if they're properly disclosed and approved by the EPA.

But efforts to meet emissions standards have driven automakers to install undisclosed devices illegally for decades.
In fact in the 1970s, Chrysler—along with GM, Ford, American Motors, Nissan, and Toyota—was reprimanded by the EPA for installing defeat devices in its cars to "defeat the effectiveness of emission control systems under conditions not experienced during EPA’s certification testing." In some instances the defeat devices helped the cars start more easily in cold weather, in others, time-delay switches cut the emissions control systems while the cars shifted from low to high gears. In Europe, too, rules allow diesel vehicles to cut the emissions control system under certain conditions like cold weather.

Automakers have toed a line, though, using emissions control software where "cold" weather means as high as 64 degrees Fahrenheit. Giles noted during the EPA's press conference that the agency has tested other diesel vehicles since the Volkswagen scandal was made public and found no violations. "It is by no means impossible to make a clean diesel vehicle that meets our standards," she said. In a statement (PDF), FCA said it would continue to work with the EPA to resolve the issue. "FCA US diesel engines are equipped with state-of-the-art emission control systems hardware, including selective catalytic reduction (SCR).

Every auto manufacturer must employ various strategies to control tailpipe emissions in order to balance EPA’s regulatory requirements for low nitrogen oxide (NOx) emissions and requirements for engine durability and performance, safety and fuel efficiency.

FCA US believes that its emission control systems meet the applicable requirements." FCA added that it had spent "months providing voluminous information" to the EPA and other regulators.

The company said it had also made proposals to fix the issues, including "developing extensive software changes to our emissions control strategies that could be implemented in these vehicles immediately to further improve emissions performance." FCA has not yet been sued, but the EPA says it could be "liable for civil penalties and injunctive relief for the violations alleged in the NOV [Notice of Violation]." Correction: This story originally said the EPA found the software on the FCA diesels was illegal.
In fact, the EPA is still determining whether the software itself was illegal. However, Fiat Chrysler violated EPA rules by not disclosing the software.

Car lock hack affects millions of vehicles

Remote control eavesdrop clone is 'master key' Security researchers will highlight vulnerabilities in keyless entry systems that impact on the protection against theft of millions of cars at a conference tomorrow. The researchers, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, said they'd found that it was possible to clone a VW Group remote control after eavesdropping on a signal. The hack means its possible for thieves to unlock cars even if the owners have locked them. Worse yet, almost every vehicle the Volkswagen group has sold for the last 20 years – including cars badged under the Audi and Skoda brands – are potentially vulnerable, say the researchers.

The problem stems from VW’s reliance on a “few, global master keys”. El Reg asked Volkswagen’s PR team to comment on the upcoming research but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more. During an upcoming presentation, entitled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot. The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection. While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention.
In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers. In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote. Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles. Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen.

This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement. The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on. Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.

Alternatively, a software defined radio rig connected to a laptop might be employed.

Either way, captured data can be used to make counterfeit kit. ® Sponsored: 2016 Cyberthreat defense report

Almost every Volkswagen sold since 1995 can be unlocked with an...

Frank Derksreader comments 64 Share this story Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities. The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob—obtained with a little electronic eavesdropping, say—you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute. Similar techniques have been linked to a number of car thefts, including most recently in Houston. It seems the power of 1990s-era automotive-grade encryption is helpless in the face of $40 Arduinos and SDR.

UK ‘leccy car company Ecotricity patches leaky car recharge app

Account takeover is a pushover Security researcher Scott Helme has turned up a dumb password reset bug in UK energy company Ecotricity's car charging app. The bug is in the app the company provides for users of its network of 'leccy car recharge points: it had a bad user enumeration bug that would let an attacker reset someone else's password and therefore take over their account. As Helme explains, when a user hits the password reset, the app returns a token to their browser – and that's the same token that lands in the e-mail the app sends: “The Reset Password button contained a link as you'd expect and was for the following address: https://www.ecotricity.co.uk/ecovalidate/token/3119efbec979b11544fd809b75d5467a “The token on the end of that address may look familiar and it is indeed the token returned by the initial API request to start a password reset for the provided account! Oopsie!” Why is that an error? Because all the attacker would now need is a user ID or e-mail address to get a reset token for the victim, without needing access to the victim's e-mail, because the attacker would have the same token as would land in the e-mail. Given his suspicion that the rest of the Ecotricity API might not have had the scrutiny it needs, Helme has posted his mapping of the API to https://github.com/ScottHelme/Ecotricity-API GitHub. The company fixed the bug after receiving Helme's report. Helme's previous work we've covered included a slip in the Nissan Leaf owner's app; an information leak in the Hotel Hippo Website; and badly-secured EE BrightBox routers. ® Sponsored: Global DDoS threat landscape report

Tech firms want to save the auto industry—and the connected car—from...

As we've noted before, Ars readers are extremely skeptical about the whole "connected car" thing.

That's not because Ars is a technology site for luddites—the sad truth is that the car industry's approach to security lags far behind its desire to expose the inner thoughts of our cars to us via the cloud. As the tech and auto industries collide, the tech crowd is hoping that its more farsighted approach to ensuring secure hardware and code will start to rub off on its new bedfellow. On Wednesday and Thursday this week, the two have come together in Michigan for TU-Automotive Detroit, a conference that's focusing in part on this very topic.

And tech firms—from established players like Symantec to startups like Karamba Security—want to help the automakers find their way. The glaring lack of connected security for our cars got mainstream attention last year when Fiat Chrysler had to recall 1.4 million vehicles, but despite the FBI's plea to motorists to remain aware of security issues in cars, the driving public doesn't seem too concerned.

Earlier this week, research firm Forrester announced that more than one in three Americans wants their next car to have better Internet connectivity. Meanwhile, the hacks keep happening. Nissan's API for its Leaf electric vehicle allowed completely anonymous requests to cars. Mitsubishi might have decided to enable connected car services for its Outlander via the vehicle's Wi-Fi in part to safeguard against attacks in the cloud, but it forgot that Wi-Fi needs some common sense security protections, too.It's a problem that's common across the Internet of Things, but it's particularly troublesome for our cars, according to Dirk Gates, founder of Wi-Fi network firm Xirrus. "This is a growing problem with IoT devices: vendors trying to take short cuts to make their lives easier, and in the process compromising security and making their user’s lives tougher," Gates said. "We’ve seen this in the past with printers and projectors, even toy drones, but this sort of massive shortcut on a car is unprecedented, and it shows that all IoT manufacturers, even the big guys, need to wake up and take security seriously." "There are no shortcuts when it comes to making an IoT device a proper network endpoint supporting all the appropriate forms of security," he continued. "And to make customers' lives easier, these devices should all communicate through a cloud interface to not only allow ubiquitous access but also to provide another layer of authentication and security." Part of the issue, according to Brian Witten, Symantec's senior director for IT, is the way that car companies integrate new and existing electronic systems into the vehicles they build. With the exception of a few young upstarts like Tesla, no one starts with a completely clean sheet of paper. Rather, modules and components and code are brought in from tiers of suppliers; the OEM's job is to integrate that all together. "There's such little reuse of software within the car [industry] because each supplier has their own codebase.

Everyone is running different operating systems," Witten told Ars. "Most systems-heavy industries have moved to simplifying codebases.

The auto industry's dependence on supplies in such a tiered structure (with autonomy and inadequate security) hasn't worked in their favor.

Aviation doesn't work in the same way.

Train systems are more integrated.

Established OEMs have challenges that a lot of new players don't have, and other industries don't have either." "We crash test cars, but we don't crash test software.

There needs to be more security testing before these vehicles hit the road," Witten said. "There's an opportunity with software to deliver functionality in much shorter time cycles [than the industry norm]. Of course, it still needs to go through security and safety testing before the build is wrapped.

But I'm optimistic it can be done safely in much shorter time frames than hardware.

A problem is that a lot of security engineers haven't worked on extremely constrained devices [like the various modules in our cars], and a lot of embedded engineers haven't had to think seriously about security." Symantec moved into the automotive security field in 2015 and has just released the third of its products for the industry, an anomaly detection system that constantly monitors the CANbus (the Controller Area Network bus is the car's internal electronic network) for signs of malicious behavior.

The code isn't processor-intensive (Witten says it uses about six percent of a CPU), and it runs on hardware already in our cars, from security gateways to infotainment systems. "We need to be able to find footprints in the sand," Witten said in reference to fighting the hacking threat. "We've been in machine learning since 2004 and have tracked over a trillion security events in the cloud.
So we wanted to use that ability and those tools to build something for the car industry." Witten told us that Symantec has already signed on several of the largest OEMs and expects the company's tech will shortly be going into about 10 million new cars a year, although it declined to name them due to industry confidentiality agreements. He was cautious to point out, though, that there won't be a single fix—or even a single company—that OEMs can turn to in order to solve their security woes. Symantec's Anomaly Detection starts off learning what "normal" is for a particular model of car during the development process, building up a picture of automotive information homeostasis by observing CANbus traffic during production testing. Out in the wild, it uses this profile of activity to compare that to the car it's running on, alerting the Symantec and the OEM in the event of something untoward happening. Other companies are working on other code solutions for the car companies, like Karamba's Carwall code, for example.

Carwall's code can also be embedded into ECUs within our cars, where it performs real-time threat detection, preventing any unsigned code from running. It's still early days for the car industry's connected car reckoning, so expect to hear plenty more about hacked vehicles in the coming years.

Wi-Fi hack can disable Mitsubishi Outlander's anti-theft alarm – white hats

Wi-Fi pre-shared key in owner's manual. Hmmm Security weaknesses in the set-up of Mitsubishi Outlander leave the hybrid car exposed to hack attacks - including the potential for crooks to disable theft alarms. The Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) is a top-selling family hybrid SUV. More than 100,000 of them have been sold worldwide, around 22,000 of those in the UK alone. Security researchers at Pen Test Partners began investigating the security of the car after one of its consultants noticed that the mobile app had an unusual method of connecting to the vehicle. Most remote control apps for locating the car, flashing the headlights, locking it remotely etc work using a web service hosted by either the car's manufacturer or its service provider.

Drivers communicate through the GSM mobile network via mobile data to a module on the car. The Outlander PHEV does it differently.
Instead of a GSM module, the car comes outfitted with a Wi-Fi access point.

Drivers need to disconnect from any other Wi-Fi networks and explicitly connect to the car Access Point in order to control car functions. This means that drivers can only communicate with the car from within Wi-Fi range, a huge disadvantage. Worse yet, Pen Test Partners (PTP) found that Mitsubishi had failed to implement the system securely. The Wi-Fi pre-shared key is written on a piece of paper included in the owner's manual.

The format is too simple and too short, so PTP was able to use brute force hacking techniques to crack the keys within four days.

A more powerful rig or a cloud-based system could drastically reduce the time it would take to recover these crypto keys. The access point has a unique SSID in the format: <REMOTEnnaaaa>, where "n" are numbers and "a" are lower case letters. This meant PTP’s security boffins were able to search Wireless Geographic Logging Engine wigle.net and easily geolocate Outlander PHEVs, including several in the UK. A thief or hacker can therefore easily locate a car that is of interest to them, Pen Test Partners warns. Knowing the SSID and the associated PSK creates a means for attackers to mount all manner of attacks. After running a man-in-the-middle attack, Pen Test Partners gained the ability to replay various messages from the mobile app.

After working out the binary protocol used for messaging, the security researchers were able to successfully turn the lights on and off. the same approach allowed manipulation of the car electricity charging programme, forcing the car to charge up on premium rate electricity. PTP researcher further gained the ability to turn the air conditioning or heating on/off to order, draining the battery in the process. Much more seriously, PTP white hats were able to disable the £40K car’s anti-theft alarm - something that wasn’t possible in an earlier pen test against the Nissan Leaf electric car by the same team of security researchers. After sending the correct message, with no further authentication than having cracked the Wi-Fi PSK, it was possible to turn off the alarm of the Mitsubishi Outlander. Pen Test Partner’s Ken Munro commented: “Disable the alarm, prise the door or smash the window. Unlock the car. Nuts! This is shocking and should not be possible,” he added.
Once unlocked, there is potential for many more attacks against the car.

The onboard diagnostics port is accessible once the door is unlocked, opening the door to all sorts of mischief.

The full scope of potential malfeasance was beyond the scope of Pen Test Partners research. In particular, the security researchers haven’t as yet looked at connections between the Wi-Fi module and the CANBUS. “There is certainly access to the infotainment system from the Wi-Fi module,” Munro explained. “Whether this extends to the CAN is something we need more time to investigate.” Pen Test Partners passed on its research to Mitsubishi UK (when?) before going public. Mitsubishi told the security researchers that ‘did not consider it a problem’ and had no plans to resolve the issues PTP had unearthed. Munro expressed dismay at this response. “We had found a trivial route to disable the theft alarm of a vehicle, exposing it (or at least its contents) to theft,” Munro said. “It would not take long for someone rather less ethical to figure out the same hack and potentially share it with the vehicle theft community.” Fortunately security conscious Mitsubishi Outlander owners can protect themselves from attack even without action by Mitsubishi. Owners can unpair all mobile devices that have been connected to the car access point, as a short term workaround. “Once all paired devices are unpaired, the Wi-Fi module will effectively go to sleep,” Munro explained. “It cannot be powered up again until the car key remote is pressed ten times.

A nice security feature.” “This has the side effect of rendering the mobile app useless, but at least it fixes the security problem,” he added. A longer term fix is in the hands of Mitsubishi and would involve pushing new firmware to the Wi-Fi module so the mobile app can be used without creating a security fix.
In the longer term, Mitsubishi needs to re-engineer the rather odd Wi-Fi Access Point – client connection method completely, Pen Test Partners concludes. Mitsubishi has published a fix, whereby the user "Delete[s] Registration", which also has the effect of turning off the Wi-Fi access point.

The fix is half-way down this web page, under the heading "Delete Registration (Initialization Process)". Pen Test Partners said it would be demonstrating the hack live on its stand at the Infosecurity Europe trade show. ® Sponsored: Rise of the machines

UK gov’t approves autonomous cars on public roads before year’s end

Our friends across the pond join a small club: Florida, California, and Nevada.