{"id":4742,"date":"2015-11-05T18:14:46","date_gmt":"2015-11-05T18:14:46","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4742"},"modified":"2020-02-26T11:04:02","modified_gmt":"2020-02-26T16:04:02","slug":"hacking-jailbreaking","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/hacking-jailbreaking\/4742\/","title":{"rendered":"Good-Faith: car hacking and smartphone jailbreaking are now legal in US"},"content":{"rendered":"<p>\u201cGood-faith\u201d car hacking and mobile device \u201cjailbreaking\u201d are now on their way to becoming legal in the U.S. The Library of Congress\u2019 triennial exemptions to the anti-circumvention rules within the Digital Copyright Millennium Act (DCMA), released on October 27th. Among the exemptions to section 1201 of the DCMA are allowances for \u201cgood-faith\u201d testing of vehicular computer systems for the identification and correction of vulnerabilities.<\/p>\n<p>Regulators also \u201clifted a cloud of uncertainty\u201d, according to Wired, as they announced it was lawful to hack or \u201cjailbreak\u201d an iPhone, saying there was \u201cno basis for copyright law to assist Apple on protecting its restrictive business model\u201d.\u00a0This also applies to Android devices.<\/p>\n<p>The necessity of jailbreaking is a different question, though.<\/p>\n<p>Let\u2019s take a look at the car hacking problem first.<\/p>\n<p><strong>Hacking for life<\/strong><\/p>\n<p>Apparently the regulators took heed to this summer\u2019s groundbreaking publications regarding remote car hacking, performed by the seasoned stars of the trade,<a href=\"https:\/\/business.kaspersky.com\/hacking-my-car-remotely-this-time\/4295\/\" target=\"_blank\" rel=\"noopener nofollow\"> Charlie Miller and Chris Valasek.<\/a><\/p>\n<p>For years, they studied cars\u2019 on-board systems, discovered the vulnerabilities therein, and demonstrated the possibility of malicious exploitation. Earlier this year they successfully performed a remote car takeover, using a zero-day exploit they developed to obtain the wireless control over the onboard system of a Jeep Cherokee \u2013 via the Web.<\/p>\n<p>Described appropriately as \u201can automaker\u2019s nightmare\u201d the code allows hackers to send commands through the Jeep\u2019s entertainment system \u201cto its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.\u201d<\/p>\n<p>It was \u201ca legendary fail\u201d for the car maker not to separate the infotainment system from the life-critical dashboard functions, thus making the car-hacking nightmare scenario a grim reality.<\/p>\n<p>What do the DMCA exemptions have to do with it? The short answer is that now security research of the automobiles\u2019 on-board systems is legal (apparently, before it was not entirely).<\/p>\n<p>The longer answer: the automakers no longer have a legal ground to suppress the security research of the on-board systems and\/or sharing the data acquired thereby. In other words, they can\u2019t send a cease-and-desist letter to a security researcher dissecting their (faulty) software, based on DMCA clauses.<\/p>\n<p>This new regulation thus becomes a wake-up call to automakers: they will have hard times hiding their deficiencies in on-board software. However, the law itself will come in effect in a year, so they have some time to get their software in shape and fix the\u00a0mistakes.<\/p>\n<p>These \u201csmart\u201d, more or less, internet-enabled cars are clearly an \u201cemanation\u201d of automakers\u2019 marketing departments. A common business logic demands that in order to stay ahead of competitors, a company should make new offers to the consumers on a regular basis, hence \u201csmartening\u201d the cars. However, as <a href=\"https:\/\/eugene.kaspersky.com\/2015\/07\/24\/your-car-controlled-remotely-by-hackers-its-arrived\/\" target=\"_blank\" rel=\"noopener\">Eugene Kaspersky wrote<\/a>, \u201cThroughout the auto industry there\u2019s a tendency \u2013 still today! \u2013 to view all the computerized tech on cars as something separate, mysterious, faddy (yep!) and not really car-like, so no one high up in the industry has a genuine desire to \u2018get their hands dirty\u2019 with it; therefore, the brains applied to it are chronically insufficient to make the tech secure\u201d.<\/p>\n<p>But there are lives depending on whether security becomes more important than marketing \u2013 and in a very literal sense.<\/p>\n<p><strong>Jailbreaking \u2013 legal, probably not smart<\/strong><\/p>\n<p>Jailbreaking is another problem. And a very different one \u2013 fortunately, there are no life threatening conditions, unless the smartphone is integrated into some critical system (hopefully, occurrences as such are extremely rare, if any).<\/p>\n<p>However, smartphones may be used as an entry point for infiltrating the business infrastructure, unless they are protected.<\/p>\n<p>With iOS devices, Apple\u2019s restrictive policy provided an extra security layer: with the App Store being the only source of software for the un-jailbroken devices, malicious apps are an extreme rarity there. Most of the iOS malware observed by Kaspersky Lab\u2019s experts so far only infected jailbroken devices. Some of it also made use of additional rights on the jailbroken devices, thus becoming undeletable.<\/p>\n<p>All in all, mobile malware grows in number all the time, so voluntarily decreasing devices\u2019 security levels doesn\u2019t look reasonable; moreover, the device itself can become a security hole within a business network.<\/p>\n<p>It\u2019s better to think twice before proceeding with a jailbreak.<\/p>\n<p>\u201cIn general it is far more difficult to protect a device if it is jailbroken. No security vendor will be able to close all the holes and vulnerabilities that you expose by jailbreaking your device. Our software would have to use unofficial APIs and, even then it would still be nearly impossible to control all existing vulnerabilities in jailbroken devices. To cut a long story short: jailbroken devices can hardly be protected from malware attacks,\u201d says Roman Unuchek, Kaspersky Lab\u2019s Senior Malware Analyst. \u201cAs the volume of mobile malware has risen massively in recent years it does not make sense to use an unprotected device. Jailbreaking is not a good option.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Good-faith&#8221; car hacking and mobile device &#8220;jailbreaking&#8221; are now on their way to becoming legal in the U.S. The Library of Congress&#8217; triennial exemptions to the anti-circumvention rules within the Digital Copyright Millennium Act (DCMA), released on October 27th. <\/p>\n","protected":false},"author":209,"featured_media":15323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[542,194,97],"class_list":{"0":"post-4742","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-car-hacking","10":"tag-jailbreaking","11":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hacking-jailbreaking\/4742\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hacking-jailbreaking\/4742\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hacking-jailbreaking\/4742\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/car-hacking\/","name":"car hacking"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4742"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4742\/revisions"}],"predecessor-version":[{"id":33591,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4742\/revisions\/33591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15323"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}