JPFlathead

What will an EMP generator do? Make my MPG worse? I dont see how an EMP will do anything, except, _maybe_ make the engine stall.

adamjwiseman

4BBL is the only way to go!!

Horror stories I've read suggested it could burn out more than just electronics, perhaps your coil and alternator, perhaps your distributor: (But I really don't know.)

From the straight dope:

"Scientists got their first hint of EMP in 1962 after a hydrogen bomb test high over the Pacific. In Hawaii, 800 miles away, 300 street lights failed, burglar alarms rang, and circuit breakers popped on power lines. Investigators concluded that the exploding bomb had unleashed a brief but intense burst of energy that, by means of various atmospheric reactions that we need not go into here, poured a killer dose of juice into every hunk of unshielded metal for hundreds of miles around and fried the electrical and electronic devices connected thereto."

*doesn't worry*
*hates new cars*
*drives off in old school Corolla and/or older school Corolla*

/1986 Corolla GTS
//1976 Corolla Wagon
///Refuses to write anything important =)

What will an EMP generator do? Make my MPG worse? I dont see how an EMP will do anything, except, _maybe_ make the engine stall.

Sure it'll stall. Permanently.

/once had a dream my ATM card had a virus

//I work waaay too many hours

Good thing Verizon disabled all of the nice Bluetooth features on my Moto v710 so it won't work with my Acura TL when I buy it in a few days.

I'm not saying car-borne viruses are impossible. Just that they are not something to worry about yet.

Even the article says only certain model of Lexus was being infected. Meaning this is not a virus that is going to make for any significant problems. A very specific combination of car, nav computer, and cell phone is required for this purported infection. Probably only seen in one out of every few thousand vehicles.

Sure, some car companies may use the same middleware, sure some car models may use the same computers, and some may use WinCE as their OS, but not enough of them use enough of the same mix of all of those to make mass infections possible.

And WinCE (windows CE or whatever they're calling it now) is Not the same everywhere. There are different versions for different processors and different versions of the embedded WinCE OS.

I think this infection was possible because the car companies or MS put normal access protections in place. That is not uncommon for systems that can't normally be hooked up to anything else. (no modem connection, no wireless, no internet). To update one of these systems, you usually have to physically plug in the manfuacturer specific cable to a computer of some sort. There is a miniscule chance of infection by those means.

But with no protections in place, and an unanticipanted Bluetooth-cellphone connection and no strong access protections, this was probably a very easy hack.

But not that bluetooth cellphones are able to provide a link to the wild world of virusland, new car systems will certainly receive the latest and greatest protections.

When MS and the car companies lock down the software and put proper controls in place, which they will, only the same sort of exploits that Windows viruses currently use will be able to infect these systems, things like buffer overflows. Buffer overflows are written to specifically address inadequacies of an exact OS versions compiled for an exact processor type.

WinCE as complied for one processor isn't the same as WinCE on another processor. Since car computers run a number of different processors, those type of exploits won't work very well across large numbers of cars.

I'm not saying this can't happen, just that it is not a problem of any meaningful significance. Even if this story is true, the virus is just infecting a Nav computer. If it were infecting the ECU, that would be a big deal, an ECU infection could kill people.

But a nav computer virus that can only infect a certain model of car with just the right nav computer and cell phone, BFD.

My daddy used to say, "Never trust a car you can't throw a weber in with two wrenches and a pair of pliers."

Entrust technology to make basic mechanics obsolete when it just friggin' ain't necessary. Red state. Guns. Ammo.

"Yeah. In related news, some anti-virus company wants to scare the shiat out of you."

--

How many people knew about McAfee before '92 with its Michaelangelo scare? They went from nobody to somebody overnight thanks the media hype they created.

As a CS major, I'm with everyone else here calling shenanigans. This story just doesn't hold water.

Sure, hack your way into the computer on my '73 Volvo. I believe the car's engine management system consists of an Etch-A-Sketch powered off the glovebox light.

LesserEil:

Agreed.

Flashing an individual module cannot simply be done over the bluetooth in the Radio/Nav system. At worst, any sort of virus introduced will merely affect the Nav system, and at best would make it hang. Perhaps there's something in the bluetooth protocol stack that's univeral and corruptable. At worst this is a denial of service. Reboot and you're fine. In a car's case, disconnect the negative terminal.

The only thing that travels over the main bus on the vehicle is very specifically what the modules want to listen to. For example, the main interface is a serial data connector (the main bus is a serial network). It is only through this connector that you can talk to all modules. And not all modules can interface into the main bus and tell the bus everything. For example, the Radio/Nav system cannot send a signal to the ECU that it increase the throttle, nor can it send a signal to the ABS that it is to apply the brakes. It can only tell the bus "hey, I'm on, I'm doing radio-type stuff." It can recieve signals on the bus that say "the ECU says the car is doing 75 mph, so raise the volume on the radio because the car is louder."

So... shenanigans on this. I also believe that the writer took the information that Immobilizer has been cracked and melded the two into alarmist claptrap that "people will steal/blow up your car with their cellphone."

150,000 cars did not become disabled because of a bluetooth virus.

Article writer is an ignorant tool.

/Connoiseur of Bosch engine/vehicle management systems, from '60's D-Jetronic to latter day Motronic/CAN-BUS/VAG systems.

HopefulMonster

If your vehicle still has the original fuel injection, you likely have a Bosch D-Jetronic system. It's a pretty clever setup- my '73 Volkswagen Fastback has the same setup. The whole thing is driven by a completely analog computer. It was introduced in '68 in the VW Type 3 line. For it's day, it was immensely clever.

Is it actually IMPOSSIBLE to create a computer that can't be infected.

calculater

So when do I get my hax0red flying car?

u can hack a calculater

Now some asshat legislator will try to make some idiotic law, when there are already 50 other laws covering this.

mistergecko: Is it actually IMPOSSIBLE to create a computer that can't be infected.


Oh, where to start...

1. No one said it wasn't possible
2. Where did you hear that it was impossible? Can you prove it? Saying it doesn't automatically make it so.
3. Define "infected"

I'm not saying you're wrong, just that your statement is to vague to actualy say anything or be of any use, other than as an attempted flame... which it may have been.

/critical thinking... it is of the upmost importance people!

Meh, I say. MEH.

A former GF owned a 71 Chevy II Nova, 3 on the tree, inline 6, 250cc.

You could dismantle the entire car with a wrench. One wrench.

I replaced the transmission in it in about an hour once.

She replaced the water pump herself. took about 20 minutes.

Thats a car.

If a device can carry data, it can carry a computer virus, he said.

Clearly the solution is to stop carrying data.

i don't need bluetooth, (iR)infrared seems much safer (for now)

On-Star > Navigation > Cellphone > Blue Tooth > onboard computer > remote engine diagnostics > remote access to blackbox > remote access to modify engine settings such as fuel/O2 setting.

Must be an oil company conspiracy - reset fuel setting - can you smell that unburnt fuel coming out your exhaust - profits ensue? No? it's big brother piggy backing on On-Star and watch'n your GPS coordinates. Nope? It's you insurance company monitoring your GPS, speed etc. Okay, maybe it's only your wife monitoring you. Have you pissed her off recently. Watch out she may stall you out in the middle of a toll bridge.

Ahhh, endless topics for Art Bell types.

Bottom Line - all this was is a proof of concept - aand it was successful! This is from one who remembers the first viruses in the 80's and when a McAfee booted from a floppy, scanned and looked for under a hundred viruses and variants. Then things got worse; not better.

Even if this is true it would be simple to design an in-car computer so make it impossible.

Design the circuit so that the program memory and general memory are separate and make it physically impossible to execute code from the general memory.

Make it so that you have to switch a physical switch to be able to update the software, and make sure that is the *only* thing you can do when the switch is flipped.

Even if someone manages to send data that causes a buffer overflow or anything they might be able to subvert one or two things but could not possibly write a virus or execute their own program.

This of course wouldn't work on general purpose PCs but should be standard practice on embedded devices.

Shenanigans.


I know I'm late but shenanigans none the less.

A former GF owned a 71 Chevy II Nova, 3 on the tree, inline 6, 250cc.

250 cc? That can't be right. I have a motorcycle with a bigger engine than that. And it's not even a fast motorcycle.

jbb
But the code is complicated enough, it may be possible to subvert it into doing something malicious just by feeding it particularly weird data. There are such things as macro viruses, that mess with microsoft Word's macro system. In some sense, macros are just data. They're not machine code anyway.

Anyway, you're probably right in a car computer. It probably doesn't do anything nearly that complicated, so there isn't enough flexibility to subvert it in any interesting way.

jgaynor

Yep, I submitted this with a different site back on the 26th Jan, according to my account :)

2005-02-06 02:24:42 PM portscanner

"I have a 1971 Ford Ranchero with a 351C engine and a C6 transmission...........It can pass anything...."

Except a gas station. :)

Bah. Remind me not to post when im still half asleep.

What am i tryin to say... 250... nevermind.

/explodes

maybe 250ci? cubic inches?

El Bastardo: Just wait until July 25th, 6:18pm. This is just the beginning.

Don't worry, i'm not afraid of robots and I welcome the coming war agianst them. I'm going to fark me up some robots, and that one that comes after me, oh man is it going to get screwed. T-100 your shiny metal ass is mine, biatch!

This is superbad news for Ng.

/will anyone get it?

Deep Hurting: This is superbad news for Ng.


Glad that company got canned, hope Warren Spector never works again. He's the George Lucas of the video game industry. Hope Eidos burns in hell, also.


/not bitter

/Vehicle computers possessed by Asherah?

I have one of the Lexuses that the last story about this claimed could be infected. I'm pretty sure it was just a bunch of crap (and an ad for Kaspersky Labs AV). They claim it can be infected by a virus from my Symbian phone. I just don't see how that would be possible. First, the car only accepts new bluetooth connections when I specifically tell it to and then only for about a minute. Second, I checked the bluetooth profiles that the nav system supports and it doesn't support any type of file transfer profile. So I'm really confused as to how it would even accept the file. Anyone have any insight into that? Does that nav system even _run_ Symbian?

It'so nice to have a real reason to give my husband about not getting OnStar. Ever since I read an article either here or on Slashdot about the government trying to subpoena people's converstation in their car through OnStar I was flat against the service.

Still my husband has been bugging me about getting it installed or getting a car that has it. I won't, will not, and if I die because I don't have it, so be it.

I wonder how long it will be before it's mandatory to have it like car insurance. Maybe another 50 years or so, but I bet it will happen.