If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   In an absolute surprise, it turns out the 500 little computers in a modern car are a great target for hackers. Instead of sending annoying Viagra ads, they can get control of your car's steering, engine and brakes   (arstechnica.com) divider line 73
    More: Scary, Ford Escape, ECU, embedded devices, brakes, CD players, actuators, cars, Onstar  
•       •       •

2048 clicks; posted to Geek » on 30 Jul 2013 at 10:26 AM (49 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



73 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-07-30 09:40:07 AM
30% of tech articles: "x" can be hacked if you try.
 
2013-07-30 10:32:10 AM
Again?
 
2013-07-30 10:35:04 AM

LasersHurt: 30% of tech articles: "x" can be hacked if you try.


Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.
 
2013-07-30 10:38:32 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


Sure, and so is being shot in the head. This is probably as likely to happen. And over time, protections will be built to resist. As with all other tech.
 
2013-07-30 10:38:37 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.
 
2013-07-30 10:40:31 AM
Unless the car has some fancy cellular data connection, how are you going to get access? Bluetooth only has a short range, so you'd have to be tailgating the target so close, you'd be better off running them into a tree the old fashioned way. I suppose you could pre-program the car to do something, but again there are much more straightforward ways to kill someone if you have physical access to their vehicle, like cutting their brake lines.
 
2013-07-30 10:43:03 AM
So, if someone opens up my car, pulls some chips, solders in new ones, they can make my car do different things?

Honestly, if you're trying to murder me, wouldn't it be easier to just shoot me?
 
2013-07-30 10:47:55 AM

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.


Mesh networking, persistent cellular connections, are already a thing.  Robot cars are coming too, which will make heavy use of the aforementioned.
 
2013-07-30 10:56:58 AM
Drive old, cheap non-hackable cars?
 
2013-07-30 10:58:20 AM

StrikitRich: Drive old, cheap non-hackable cars?


Someone can "hack" your brake lines with a pair of snips.
 
2013-07-30 11:06:06 AM

StrikitRich: Drive old, cheap non-hackable cars?


Or tell them to leave out any optional device that can connect wirelessly to another device. From what I hear this is also a problem with HVAC units and other things you wouldn't ever even think of. Because people thought it was a good idea to add in a feature to remotely monitor these things they are open to hackers and leave a giant whole in your network. And the problem is a lot of times the info security people don't realize that some of this stuff can be remotely accessed so they don't take steps to disable its remote access or lock it down.
 
2013-07-30 11:07:55 AM
So remember kids, if you see a laptop sitting on the passenger seat with a cable running under your dashboard to your OBD connector... You may be hacked!

I really wonder how much persistent information can be changed... The little brake computers etc are quite dumb and take their orders from the main OBD. Shutting off your car should reset anything in those.
 
2013-07-30 11:09:49 AM
Hack this

www.velomania.ovh.org
 
2013-07-30 11:10:14 AM
Mad_Radhu


Unless the car has some fancy cellular data connection, how are you going to get access?

Man in the middle attack OnStar, I know Dodge 0ffers in dash Wi-Fi on some vehicles.
 
2013-07-30 11:12:53 AM

Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]


Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.
 
2013-07-30 11:20:21 AM
Instead of ads for Viagra they give you a wish for Depends.
 
2013-07-30 11:23:44 AM

Lexx: ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.

Mesh networking, persistent cellular connections, are already a thing.  Robot cars are coming too, which will make heavy use of the aforementioned.


i see towing companies and body shops investing in this stuff in a big way.
 
2013-07-30 11:26:25 AM
Quantum Apostrophe:

Hack this

www.velomania.ovh.org


Anyone can remotely affect the speed, braking and direction of a bicycle by pulling up next to it and poking it with a long stick.

Or, if you don't want to be obvious, a wrench and screwdriver can perform various hacks that you won't discover until you pull up to your first intersection or make a sharp turn.
 
2013-07-30 11:29:46 AM

Lexx: Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]

Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.


Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"
 
2013-07-30 11:32:38 AM
Quantum Apostrophe:

Let's see, hacking can affect a car's steering, braking, and acceleration. Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"


Gosh. He really hated on bicyclists and say "go team cage!" there in his response to your silly question.

A little touchy there?
 
2013-07-30 11:35:42 AM

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.


They could get physical access to your car once and install a receiver, then send the 'attack' signals later (while following you, etc.) I imagine such a device could be pretty small and easy to hide. Just a thought.
 
2013-07-30 11:42:50 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


i.imgur.com
/picture unrelated... or is it?
 
2013-07-30 11:46:31 AM

Random Anonymous Blackmail: Mad_Radhu


Unless the car has some fancy cellular data connection, how are you going to get access?

Man in the middle attack OnStar, I know Dodge 0ffers in dash Wi-Fi on some vehicles.


Yeah but those systems aren't attached to the ECU and CAN, they are separate.  You may be able to unlock the doors, start the car, or turn it off under certain circumstances, but not access the other ECUs.  However, engineering a wireless device to hook into the diagnostic port to be able to receive communication, be it cellular, or bridging the connectivity to the compromised 'On Star' or router in the car could work.  You'd have to break into the car to install it.  Even better would be to find someone who uses that Progressive safe driving thing that plugs in.  Just make your device look like the progressive device, or even crack the progressive device to be able to do both, and none would be the wiser.
 
zez
2013-07-30 11:48:55 AM
Speed Racer did it in the episode "The Car Destroyers"

http://www.youtube.com/watch?v=QJ9Vbl7WaCA
 
2013-07-30 11:49:32 AM
Stick to pre-94 cars and you're fine. Maintained properly they'll blow the same emissions as a brand new car, and that's really what most of the laws about cars are really about anyway.

The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to. Since it was a stick, the computer could only compensate so much, but the salesman still wanted to know what we'd done to the car.

/86 Corolla and 89 MR2. I'm happy.
 
2013-07-30 11:51:38 AM

Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?


If foul play was involved, it was more likely just being ran off the road by another vehicle.
 
2013-07-30 11:57:04 AM
SGT Ace:

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual. Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection. I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.

They could get physical access to your car once and install a receiver, then send the 'attack' signals later (while following you, etc.) I imagine such a device could be pretty small and easy to hide. Just a thought.


You can buy little bricks off-the-shelf that plug into your OBD port and use GPS and the cellular network to send information to a server. They hide right under the dash. I think I saw a system in the SkyMall catalog marketed to helicopter parents and paranoid couples for under $500. It'd be a pretty expensive piece of custom hardware to do what they're talking about in the article though.

One thing that would make things easy on the manufacturers to lock down the CAN would be to simply put write authentication on the ECU. It's the single point of entry to the CAN and the master of the bus. (Logical bus, not beep-beep bus.)

There are a ton of read functions that are required such as service code scanners, emission control check scanners etc, but there is no reason to write *ANYTHING* persistent to the ECU under operating conditions, with the possible exception of a LOJACK / OnStar type shutdown.
 
2013-07-30 12:06:59 PM
Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked.  Modern ABS brakes, I get it, there's a computer that can be hacked.  But the steering is STILL 100% dependent on a mechanical linkage.  I don't see how it can be hacked not to work.
 
2013-07-30 12:08:19 PM
more2read.com
Bah, that's kid stuff.  I can hack a sophisticated near indestructible car with my C64 and control it with this Atari joystick...
 
2013-07-30 12:18:01 PM

Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?


For some reason the FBI doesn't want journalists looking into it.  I'm sure it's nothing.  Our government only kills Americans in other countries.

http://pubrecord.org/law/10948/were-suing-records-journalist-michael /
 
2013-07-30 12:22:36 PM

thorimm: Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked.  Modern ABS brakes, I get it, there's a computer that can be hacked.  But the steering is STILL 100% dependent on a mechanical linkage.  I don't see how it can be hacked not to work.


Sorry. Steering in most cars is hydraulic (hence, "power" steering. Where do you think the power comes from?). Also, if you activates the brakes selectively in the right front and leave the left alone, guess what the car wants to do.

Oh, and got a car with all-fours steering? Yup, you better believe that's computer controlled, not mechanical.
 
2013-07-30 12:23:58 PM
Okay. I'm apologizing now for my lack of English fu. Ipad makes it next to impossible to edit, so I have to just go with the best I've typed. . .
 
2013-07-30 12:25:16 PM
thorimm:

Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked. Modern ABS brakes, I get it, there's a computer that can be hacked. But the steering is STILL 100% dependent on a mechanical linkage. I don't see how it can be hacked not to work.

Intelligent Parking Assist System.

Actually, ABS would seem the hardest to do anything to. It requires a really tight control loop and you don't want it to have to go back to the ECU for instructions other than to turn ABS on or off. Everything else is handled by a dedicated microcontroller that's factory programmed.
 
2013-07-30 12:37:04 PM
I guess the way I would secure cars from these sort of attacks, for starters:

1) The ECU becomes a firewall, and the ODB connector is the external interface. Probably add a second external interface for things like OnStar that are more complex. But *nothing* talks directly the CAN but the ECU.

2) Anyone can read, but nothing *writes* to the ECU from the external interfaces without authenticating.

3) Make the authentication key specific to the individual car. Just like RFID car keys, you have to get the code from the dealer. Car companies might actually like that because it prevents anyone from making modifications without going through a dealership, and you don't have the problem of someone cracking the key for all of one model car.

Any other ideas?
 
2013-07-30 12:55:23 PM
PsyLord:

Bah, that's kid stuff. I can hack a sophisticated near indestructible car with my C64 and control it with this Atari joystick...

Pshaw! In Palookaville three guys hacked an armored car with a drill, a cork and a ladder.
 
2013-07-30 01:06:09 PM

Abe Vigoda's Ghost: Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?

If foul play was involved, it was more likely just being ran off the road by another vehicle.


Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?  Why risk a physical confrontation that may or may not work when you have an untraceable reliable method of hacking which has proven to be easy to use?

I don't think you'd make a very good assassin.
 
2013-07-30 01:13:24 PM

dehehn: Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?


You act like people haven't crashed going too fast in suburbs before. Or like several times per year. Especially in powerful cars.
 
2013-07-30 01:30:01 PM

dehehn: Abe Vigoda's Ghost: Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?

If foul play was involved, it was more likely just being ran off the road by another vehicle.

Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?  Why risk a physical confrontation that may or may not work when you have an untraceable reliable method of hacking which has proven to be easy to use?

I don't think you'd make a very good assassin.


Actually, If I was going to off the guy, I would go with a low tech bullet to the head.
Simple solutions are often the best solutions.

Dear NSA: I'm not an assassin, nor do I play one on TV. This is all hypothetical internet tough guy stuff.
 
2013-07-30 01:30:33 PM

Quantum Apostrophe: Lexx: Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]

Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"


Project much?  I myself have a bicycle, and make use of it.  Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked.  This is a huge problem in the making for ANYONE using the roadways.

But that doesn't fit into your narrative of bicycle haters.

//bikes don't belong in the same space as much bigger, much faster vehicles.  Pedestrians, cyclists, and drivers - they should all have their own lanes.
 
2013-07-30 01:33:02 PM
I'm less concerned about the "hackability" of these systems than I am with the fact that adding more complex systems increases the likelihood of conflicts and/or failure. About six months after we bought it, my wife's 2010 Jetta TDI started randomly sputtering and dying when she'd slow down to make a turn. We thought it might have been bad fuel, but it turned out that the problem was that the car needed a firmware update. I shouldn't have to worry about my or my wife's life depending on my compliance with "VW Patch Tuesday".
 
2013-07-30 01:52:05 PM
There are more wireless systems then people seem to realize. Just a few:

Bluetooth (range with an amplifier is longer than you think)
GPS
Cell (onstar, etc...)
Tire pressure sensors (these have been hacked before)
Wifi on some new cars
Lojack systems (not sure about this one, but I think some can remotely kill the car so there must be a receiver as well as transmiter)

Some (all?) of these are on different buses than the brakes, etc... but there is communication between the buses, and escalation has been proven possible.
 
2013-07-30 02:02:13 PM

Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.


My brakes will still work, doofus. Read that again and process that through your pig-like brain.
 
2013-07-30 02:09:20 PM

Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.


Until I hack a stick into your spokes while you ride.
 
2013-07-30 02:32:11 PM
img2u.info

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities. I'm pretty sure any systems exposed to external input, like WiFi or BlueTooth are pretty thoroughly checked to make sure there is no access to critical systems. Most vehicles, for example, have low- and high-speed CAN buses; low-speed is for things like infotainment/OnStar/Satellite/Keyfob(Body Controller) while high-speed handles the more critical ECM/TCM functionality.

There are communication bridges, which also act as firewalls that prevent something from, say the low-speed bus, trying to control something in some way on the high-speed bus it shouldn't (like acceleration). These bridges only convert a small sub-set of commands, and meant more to sending information OUT to the low-speed bus. Nothing on the high-speed bus would be directly interfaced to a wireless system.
 
2013-07-30 02:32:37 PM

LasersHurt: Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.

Until I hack a stick into your spokes while you ride.


Can you even drive and brandish a stick at the same time? I've seen your posts...
 
2013-07-30 02:34:06 PM

Quantum Apostrophe: LasersHurt: Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.

Until I hack a stick into your spokes while you ride.

Can you even drive and brandish a stick at the same time? I've seen your posts...


And you wonder why everyone thinks you're a troll or a dick, or some combo of the two.
 
2013-07-30 02:36:24 PM

Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.


You're beyond an idiot, and have completely missed my point.  UNSAFE CARS ARE UNSAFE FOR EVERYONE ON THE ROAD.

Yes, your bicycle brakes work, and are unhackable.  Good for you.

What happens when the car driving behind you gets hacked, and its brakes stop working?  Or if the car driving besides you gets hacked, and suddenly veers to the side?  Or the car behind you suddenly experiences mysterious acceleration?
 
2013-07-30 02:37:23 PM

BretMavrik: I'm less concerned about the "hackability" of these systems than I am with the fact that adding more complex systems increases the likelihood of conflicts and/or failure. About six months after we bought it, my wife's 2010 Jetta TDI started randomly sputtering and dying when she'd slow down to make a turn. We thought it might have been bad fuel, but it turned out that the problem was that the car needed a firmware update. I shouldn't have to worry about my or my wife's life depending on my compliance with "VW Patch Tuesday".


Don't worry.  I'm sure they'll fix that by having the car do automatic firmware upda- OH GOD THE BRAKES AREN
 
2013-07-30 02:54:03 PM
So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?
 
2013-07-30 02:55:44 PM

StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?


Let's see how many accidents there are with self-driving vehicles first, then compare.
 
Displayed 50 of 73 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report