The victim's acting is terrible, and this is _nowhere_ near as easy as it's depicted. For those wondering, this attack shown here involves using a pickle exploit to serialize malicious code that when submitted to a server, pipes in a backdoor for a remotely executable reverse shell. There is _no way_ they hacked a legitimate car manufacturer's telematics server to do this. That would require either permission and granted access (which would make this 'hack' a literal joke), or a massive amount of OSINT entirely predicated on the attacker knowing about the server's serialization vulnerabilities and them existing in the first place. On top of that, being able to identify and pinpoint a certain subnet IP for one specific victim would be like looking for a needle in a haystack, unless it was known beforehand, which would otherwise have required the attacker to have been in close physical proximity to the vehicle at some prior point in order to sniff its IPv4 or IPv6 address. This was obviously set up, likely by using an aftermarket telematics device that was plugged into this vehicle's CAM-BUS system and configured to connect to a server that they had access to and controlled.

@ko-Daegu

2 жыл бұрын

@Krompopulous Michael I know he's right but I wanted to provoke extra info didn't work sadly also this si not hacking 101 I wanted more depth I have been in the field for more than 4 years yet there are few points that I didn't fully wrap my head around wished for a paper or article but yeah

@ko-Daegu

2 жыл бұрын

@Krompopulous Michael so you know how to actually hack a car telematics server ?? that's really dope would you mind sharing any stories articles or books that helped you in the past to exploit a car manufacture??? I don't think this is 101 hacking or maybe I'm that dumb and everyone is doing it easily

@ko-Daegu

2 жыл бұрын

@Krompopulous Michael I don't know why but I can't seem to find other comments I posted but as I already stated I did it so he gets baited to prove me wrong this works more than a simple question in the internet deleted cuz I watch the vid also your comment explained to me he meant the general concept I miss understood what he was pointing at and also my tactic didn't work so it was useless to keep it

@ko-Daegu

2 жыл бұрын

@Krompopulous Michael in anther comment I posted the paper they used to copy past this demonstration the comment was deleted but it's by Miller & Valasek they already published all their work but I can't post it it seems my comment will be deleted again such a bad tactic by this channel to censor people from exposing them

@dr.z1657

2 жыл бұрын

@@ko-Daegu What did you want to know, specifically? And no, you couldn’t pay me enough money to risk jail time trying something like this. So forget about trying to ‘bait’ me with troll comments. I _have_ a code of ethics, unlike krombopulos michael, who will kill anyone, anywhere… children, animals, old people…doesn’t matter. He just loves killin’! I haven’t read the paper you’re speaking of, and don’t need to. The methodology is fairly apparent on its own. Doesn’t take a skilled hacker or anything beyond rudimentary coding and network knowledge to figure it out, no offense. In fact, all of the information you need to understand how this is done is freely available on the internet in introductory textbooks and forums such as stack overflow. I’m not even an IT professional. This isn’t my day job and I don’t possess a degree in anything computer related. Programming and networking is just something I’ve dabbled in on the side for the past several years. And I’m not a black hat. Regardless, we live in a day and age where understanding the nuts and bolts of something like this isn’t even completely necessary to accomplish something along these lines. Heck, nowadays, your average script kiddie can use automated frameworks like metasploit that will do the OSINT and payload deliveries for you. Honestly, and I mean no offense by this, but if you were having any amount of difficulty wrapping your head around anything written in my OP, you shouldn’t be dabbling on the dark side. You’re going to get yourself caught and when you do, face prison time and/or financial restitution. It’s not worth it, and besides, what would be the purpose? So you can hijack someone’s CAN-BUS and put their lives at risk, as well as the other people around them? If you’re after ransom, your average person doesn’t even _have_ crypto, let alone enough to make it remotely worth it, no pun intended. As they say, play stupid games, win stupid prizes. If you want to learn and test your mettle on safe (and legal) platforms, there are plenty of free options out there for exactly this purpose. As Michael mentioned, hack the box and DVWA to name just a few.

Cool buddy 👍🏻 From Malaysia 🇲🇾

If only they did not show the screen, it would be more convincing that the guy is a professional hacker

Ok I just won’t get a car with folding mirrors

Give the code file!

@peakyblinders48

2 жыл бұрын

is not fake bro it's real bro this in Israel

@MC2738

2 жыл бұрын

We know it’s real, we’re asking for the python script.

@holdenheilman8277

2 жыл бұрын

Cough the script I don't wanna search for a pickle script lmao

How to do that

Which magical python script is he running

Hack the BMS over load the battery and lock the driver inside.

I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️

But you can't just exploit a remote server with just one command 🤔

@peakyblinders48

2 жыл бұрын

everything is possible in Israel 🇮🇱

@FastRoperN4

2 жыл бұрын

They aren't showing you the full thing obviously

@Siik94Skillz

6 ай бұрын

well yes if all the commands needed are scripted into one executable as it is clearly done here. ----> Automation

I want to learn. Will you please give some hint where I can learn?

@aty4282

3 жыл бұрын

Forums, google, just search and someone will tell

@PrinceZiim

2 жыл бұрын

In your dreams, lol it's not as easy as it would seem, I can't say for sure because I have never attempted it, but I could imagine it would be a hassle, also you'd likely end up in a jail cell in you did take control of someone's car without permission of the owner, so there's that too

This is fucking hilarious

good isral

Homie is bashing that enter key. Also.. this does not seem real.

@kensmechanicalaffair

Жыл бұрын

It's real.

That is very god

please spanish subtitles!

So if you install a malicious update on a computer (even though it's a driving one) with full privileges, you can bring the computer to do malicious stuff? Shocker! Maybe do a video next time where you 1337 h4x a laptop, by downloading a virus and installing it onto the laptop with admin privileges, it's crazy that it can access your webcam and shut down suddenly!

this look so fake

@poorneshadhithya

3 жыл бұрын

2:24 Mirrors are closed 2:37 Mirrors are open It’s Fake!

@poorneshadhithya

3 жыл бұрын

@Eden Peter do you mean phishing? It’s not Hacking, it’s scamming.

@aaalaaamin

3 жыл бұрын

It's scripted..

@archygrey9093

2 жыл бұрын

It is

Wow this sounds like what happened to me

@rogerlaughter778

Жыл бұрын

Really?

Wonder if this is going on GitHub 😹

This is why i daily drive a 1988 mercedes and a 1996 miata. All mechanical. Cant hack those

Are you using just a command or python you downloaded to your Computer? Thanks

Which language u You used please tell

@peytonnurse2180

2 жыл бұрын

It looks like a Python file. The first few seconds you can see the file is saved as a .py

@Raphael_Layani

2 жыл бұрын

. Py

Jajajajajajajajaja😅😅😅😅 voy a hacer una broma al vecindario

You are not fooling anyone with this

I'm going to give this video a dislike while I still can.

ابوياا

I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️

I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️