If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   In an absolute surprise, it turns out the 500 little computers in a modern car are a great target for hackers. Instead of sending annoying Viagra ads, they can get control of your car's steering, engine and brakes   (arstechnica.com) divider line 73
    More: Scary, Ford Escape, ECU, embedded devices, brakes, CD players, actuators, cars, Onstar  
•       •       •

2049 clicks; posted to Geek » on 30 Jul 2013 at 10:26 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



73 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-07-30 09:40:07 AM
30% of tech articles: "x" can be hacked if you try.
 
2013-07-30 10:32:10 AM
Again?
 
2013-07-30 10:35:04 AM

LasersHurt: 30% of tech articles: "x" can be hacked if you try.


Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.
 
2013-07-30 10:38:32 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


Sure, and so is being shot in the head. This is probably as likely to happen. And over time, protections will be built to resist. As with all other tech.
 
2013-07-30 10:38:37 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.
 
2013-07-30 10:40:31 AM
Unless the car has some fancy cellular data connection, how are you going to get access? Bluetooth only has a short range, so you'd have to be tailgating the target so close, you'd be better off running them into a tree the old fashioned way. I suppose you could pre-program the car to do something, but again there are much more straightforward ways to kill someone if you have physical access to their vehicle, like cutting their brake lines.
 
2013-07-30 10:43:03 AM
So, if someone opens up my car, pulls some chips, solders in new ones, they can make my car do different things?

Honestly, if you're trying to murder me, wouldn't it be easier to just shoot me?
 
2013-07-30 10:47:55 AM

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.


Mesh networking, persistent cellular connections, are already a thing.  Robot cars are coming too, which will make heavy use of the aforementioned.
 
2013-07-30 10:56:58 AM
Drive old, cheap non-hackable cars?
 
2013-07-30 10:58:20 AM

StrikitRich: Drive old, cheap non-hackable cars?


Someone can "hack" your brake lines with a pair of snips.
 
2013-07-30 11:06:06 AM

StrikitRich: Drive old, cheap non-hackable cars?


Or tell them to leave out any optional device that can connect wirelessly to another device. From what I hear this is also a problem with HVAC units and other things you wouldn't ever even think of. Because people thought it was a good idea to add in a feature to remotely monitor these things they are open to hackers and leave a giant whole in your network. And the problem is a lot of times the info security people don't realize that some of this stuff can be remotely accessed so they don't take steps to disable its remote access or lock it down.
 
2013-07-30 11:07:55 AM
So remember kids, if you see a laptop sitting on the passenger seat with a cable running under your dashboard to your OBD connector... You may be hacked!

I really wonder how much persistent information can be changed... The little brake computers etc are quite dumb and take their orders from the main OBD. Shutting off your car should reset anything in those.
 
2013-07-30 11:09:49 AM
Hack this

www.velomania.ovh.org
 
2013-07-30 11:10:14 AM
Mad_Radhu


Unless the car has some fancy cellular data connection, how are you going to get access?

Man in the middle attack OnStar, I know Dodge 0ffers in dash Wi-Fi on some vehicles.
 
2013-07-30 11:12:53 AM

Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]


Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.
 
2013-07-30 11:20:21 AM
Instead of ads for Viagra they give you a wish for Depends.
 
2013-07-30 11:23:44 AM

Lexx: ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.

Mesh networking, persistent cellular connections, are already a thing.  Robot cars are coming too, which will make heavy use of the aforementioned.


i see towing companies and body shops investing in this stuff in a big way.
 
2013-07-30 11:26:25 AM
Quantum Apostrophe:

Hack this

www.velomania.ovh.org


Anyone can remotely affect the speed, braking and direction of a bicycle by pulling up next to it and poking it with a long stick.

Or, if you don't want to be obvious, a wrench and screwdriver can perform various hacks that you won't discover until you pull up to your first intersection or make a sharp turn.
 
2013-07-30 11:29:46 AM

Lexx: Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]

Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.


Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"
 
2013-07-30 11:32:38 AM
Quantum Apostrophe:

Let's see, hacking can affect a car's steering, braking, and acceleration. Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"


Gosh. He really hated on bicyclists and say "go team cage!" there in his response to your silly question.

A little touchy there?
 
2013-07-30 11:35:42 AM

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.


They could get physical access to your car once and install a receiver, then send the 'attack' signals later (while following you, etc.) I imagine such a device could be pretty small and easy to hide. Just a thought.
 
2013-07-30 11:42:50 AM

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


i.imgur.com
/picture unrelated... or is it?
 
2013-07-30 11:46:31 AM

Random Anonymous Blackmail: Mad_Radhu


Unless the car has some fancy cellular data connection, how are you going to get access?

Man in the middle attack OnStar, I know Dodge 0ffers in dash Wi-Fi on some vehicles.


Yeah but those systems aren't attached to the ECU and CAN, they are separate.  You may be able to unlock the doors, start the car, or turn it off under certain circumstances, but not access the other ECUs.  However, engineering a wireless device to hook into the diagnostic port to be able to receive communication, be it cellular, or bridging the connectivity to the compromised 'On Star' or router in the car could work.  You'd have to break into the car to install it.  Even better would be to find someone who uses that Progressive safe driving thing that plugs in.  Just make your device look like the progressive device, or even crack the progressive device to be able to do both, and none would be the wiser.
 
zez
2013-07-30 11:48:55 AM
Speed Racer did it in the episode "The Car Destroyers"

http://www.youtube.com/watch?v=QJ9Vbl7WaCA
 
2013-07-30 11:49:32 AM
Stick to pre-94 cars and you're fine. Maintained properly they'll blow the same emissions as a brand new car, and that's really what most of the laws about cars are really about anyway.

The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to. Since it was a stick, the computer could only compensate so much, but the salesman still wanted to know what we'd done to the car.

/86 Corolla and 89 MR2. I'm happy.
 
2013-07-30 11:51:38 AM

Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?


If foul play was involved, it was more likely just being ran off the road by another vehicle.
 
2013-07-30 11:57:04 AM
SGT Ace:

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual. Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection. I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.

They could get physical access to your car once and install a receiver, then send the 'attack' signals later (while following you, etc.) I imagine such a device could be pretty small and easy to hide. Just a thought.


You can buy little bricks off-the-shelf that plug into your OBD port and use GPS and the cellular network to send information to a server. They hide right under the dash. I think I saw a system in the SkyMall catalog marketed to helicopter parents and paranoid couples for under $500. It'd be a pretty expensive piece of custom hardware to do what they're talking about in the article though.

One thing that would make things easy on the manufacturers to lock down the CAN would be to simply put write authentication on the ECU. It's the single point of entry to the CAN and the master of the bus. (Logical bus, not beep-beep bus.)

There are a ton of read functions that are required such as service code scanners, emission control check scanners etc, but there is no reason to write *ANYTHING* persistent to the ECU under operating conditions, with the possible exception of a LOJACK / OnStar type shutdown.
 
2013-07-30 12:06:59 PM
Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked.  Modern ABS brakes, I get it, there's a computer that can be hacked.  But the steering is STILL 100% dependent on a mechanical linkage.  I don't see how it can be hacked not to work.
 
2013-07-30 12:08:19 PM
more2read.com
Bah, that's kid stuff.  I can hack a sophisticated near indestructible car with my C64 and control it with this Atari joystick...
 
2013-07-30 12:18:01 PM

Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?


For some reason the FBI doesn't want journalists looking into it.  I'm sure it's nothing.  Our government only kills Americans in other countries.

http://pubrecord.org/law/10948/were-suing-records-journalist-michael /
 
2013-07-30 12:22:36 PM

thorimm: Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked.  Modern ABS brakes, I get it, there's a computer that can be hacked.  But the steering is STILL 100% dependent on a mechanical linkage.  I don't see how it can be hacked not to work.


Sorry. Steering in most cars is hydraulic (hence, "power" steering. Where do you think the power comes from?). Also, if you activates the brakes selectively in the right front and leave the left alone, guess what the car wants to do.

Oh, and got a car with all-fours steering? Yup, you better believe that's computer controlled, not mechanical.
 
2013-07-30 12:23:58 PM
Okay. I'm apologizing now for my lack of English fu. Ipad makes it next to impossible to edit, so I have to just go with the best I've typed. . .
 
2013-07-30 12:25:16 PM
thorimm:

Drive-by-wire for the accelerator, I get it, there's a computer that can be hacked. Modern ABS brakes, I get it, there's a computer that can be hacked. But the steering is STILL 100% dependent on a mechanical linkage. I don't see how it can be hacked not to work.

Intelligent Parking Assist System.

Actually, ABS would seem the hardest to do anything to. It requires a really tight control loop and you don't want it to have to go back to the ECU for instructions other than to turn ABS on or off. Everything else is handled by a dedicated microcontroller that's factory programmed.
 
2013-07-30 12:37:04 PM
I guess the way I would secure cars from these sort of attacks, for starters:

1) The ECU becomes a firewall, and the ODB connector is the external interface. Probably add a second external interface for things like OnStar that are more complex. But *nothing* talks directly the CAN but the ECU.

2) Anyone can read, but nothing *writes* to the ECU from the external interfaces without authenticating.

3) Make the authentication key specific to the individual car. Just like RFID car keys, you have to get the code from the dealer. Car companies might actually like that because it prevents anyone from making modifications without going through a dealership, and you don't have the problem of someone cracking the key for all of one model car.

Any other ideas?
 
2013-07-30 12:55:23 PM
PsyLord:

Bah, that's kid stuff. I can hack a sophisticated near indestructible car with my C64 and control it with this Atari joystick...

Pshaw! In Palookaville three guys hacked an armored car with a drill, a cork and a ladder.
 
2013-07-30 01:06:09 PM

Abe Vigoda's Ghost: Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?

If foul play was involved, it was more likely just being ran off the road by another vehicle.


Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?  Why risk a physical confrontation that may or may not work when you have an untraceable reliable method of hacking which has proven to be easy to use?

I don't think you'd make a very good assassin.
 
2013-07-30 01:13:24 PM

dehehn: Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?


You act like people haven't crashed going too fast in suburbs before. Or like several times per year. Especially in powerful cars.
 
2013-07-30 01:30:01 PM

dehehn: Abe Vigoda's Ghost: Ivo Shandor: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

[i.imgur.com image 640x390]
/picture unrelated... or is it?

If foul play was involved, it was more likely just being ran off the road by another vehicle.

Even though the technology is there and he was mysteriously driving 100 miles an hour through the suburbs?  Why risk a physical confrontation that may or may not work when you have an untraceable reliable method of hacking which has proven to be easy to use?

I don't think you'd make a very good assassin.


Actually, If I was going to off the guy, I would go with a low tech bullet to the head.
Simple solutions are often the best solutions.

Dear NSA: I'm not an assassin, nor do I play one on TV. This is all hypothetical internet tough guy stuff.
 
2013-07-30 01:30:33 PM

Quantum Apostrophe: Lexx: Quantum Apostrophe: Hack this

[www.velomania.ovh.org image 750x463]

Let's see, hacking can affect a car's steering, braking, and acceleration.  Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"


Project much?  I myself have a bicycle, and make use of it.  Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked.  This is a huge problem in the making for ANYONE using the roadways.

But that doesn't fit into your narrative of bicycle haters.

//bikes don't belong in the same space as much bigger, much faster vehicles.  Pedestrians, cyclists, and drivers - they should all have their own lanes.
 
2013-07-30 01:33:02 PM
I'm less concerned about the "hackability" of these systems than I am with the fact that adding more complex systems increases the likelihood of conflicts and/or failure. About six months after we bought it, my wife's 2010 Jetta TDI started randomly sputtering and dying when she'd slow down to make a turn. We thought it might have been bad fuel, but it turned out that the problem was that the car needed a firmware update. I shouldn't have to worry about my or my wife's life depending on my compliance with "VW Patch Tuesday".
 
2013-07-30 01:52:05 PM
There are more wireless systems then people seem to realize. Just a few:

Bluetooth (range with an amplifier is longer than you think)
GPS
Cell (onstar, etc...)
Tire pressure sensors (these have been hacked before)
Wifi on some new cars
Lojack systems (not sure about this one, but I think some can remotely kill the car so there must be a receiver as well as transmiter)

Some (all?) of these are on different buses than the brakes, etc... but there is communication between the buses, and escalation has been proven possible.
 
2013-07-30 02:02:13 PM

Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.


My brakes will still work, doofus. Read that again and process that through your pig-like brain.
 
2013-07-30 02:09:20 PM

Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.


Until I hack a stick into your spokes while you ride.
 
2013-07-30 02:32:11 PM
img2u.info

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities. I'm pretty sure any systems exposed to external input, like WiFi or BlueTooth are pretty thoroughly checked to make sure there is no access to critical systems. Most vehicles, for example, have low- and high-speed CAN buses; low-speed is for things like infotainment/OnStar/Satellite/Keyfob(Body Controller) while high-speed handles the more critical ECM/TCM functionality.

There are communication bridges, which also act as firewalls that prevent something from, say the low-speed bus, trying to control something in some way on the high-speed bus it shouldn't (like acceleration). These bridges only convert a small sub-set of commands, and meant more to sending information OUT to the low-speed bus. Nothing on the high-speed bus would be directly interfaced to a wireless system.
 
2013-07-30 02:32:37 PM

LasersHurt: Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.

Until I hack a stick into your spokes while you ride.


Can you even drive and brandish a stick at the same time? I've seen your posts...
 
2013-07-30 02:34:06 PM

Quantum Apostrophe: LasersHurt: Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.

Until I hack a stick into your spokes while you ride.

Can you even drive and brandish a stick at the same time? I've seen your posts...


And you wonder why everyone thinks you're a troll or a dick, or some combo of the two.
 
2013-07-30 02:36:24 PM

Quantum Apostrophe: Lexx: Smugly putting a picture of a bike in your post and boasting it's hack-proof is a red herring; riding a bicycle makes no difference whatsoever when there are cars on the road that can be hacked. This is a huge problem in the making for ANYONE using the roadways.

My brakes will still work, doofus. Read that again and process that through your pig-like brain.


You're beyond an idiot, and have completely missed my point.  UNSAFE CARS ARE UNSAFE FOR EVERYONE ON THE ROAD.

Yes, your bicycle brakes work, and are unhackable.  Good for you.

What happens when the car driving behind you gets hacked, and its brakes stop working?  Or if the car driving besides you gets hacked, and suddenly veers to the side?  Or the car behind you suddenly experiences mysterious acceleration?
 
2013-07-30 02:37:23 PM

BretMavrik: I'm less concerned about the "hackability" of these systems than I am with the fact that adding more complex systems increases the likelihood of conflicts and/or failure. About six months after we bought it, my wife's 2010 Jetta TDI started randomly sputtering and dying when she'd slow down to make a turn. We thought it might have been bad fuel, but it turned out that the problem was that the car needed a firmware update. I shouldn't have to worry about my or my wife's life depending on my compliance with "VW Patch Tuesday".


Don't worry.  I'm sure they'll fix that by having the car do automatic firmware upda- OH GOD THE BRAKES AREN
 
2013-07-30 02:54:03 PM
So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?
 
2013-07-30 02:55:44 PM

StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?


Let's see how many accidents there are with self-driving vehicles first, then compare.
 
2013-07-30 03:16:12 PM

LesserEvil: Car manufacturers use these things called "FMEAs" to mitigate potential liabilities. I'm pretty sure any systems exposed to external input, like WiFi or BlueTooth are pretty thoroughly checked to make sure there is no access to critical systems. Most vehicles, for example, have low- and high-speed CAN buses; low-speed is for things like infotainment/OnStar/Satellite/Keyfob(Body Controller) while high-speed handles the more critical ECM/TCM functionality.

There are communication bridges, which also act as firewalls that prevent something from, say the low-speed bus, trying to control something in some way on the high-speed bus it shouldn't (like acceleration). These bridges only convert a small sub-set of commands, and meant more to sending information OUT to the low-speed bus. Nothing on the high-speed bus would be directly interfaced to a wireless system.


Ya, rly.

The separation between the buses as you describe it is how it normally works, and how it's supposed to work, but they do not hold up to attack. It has been shown that the units that bridge buses can be compromised and this a vulnerability in one bus absolutely can affect the others.

There are multiple papers about this topic, but I like this one:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf
 
2013-07-30 03:19:54 PM

StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?


Correct me if I'm wrong, but you can still do automatic/semi-automatic transmissions without ANY computer systems involved.

/Red herring is red
 
2013-07-30 03:21:04 PM
Roslin: I heard you're one of those people. You're actually afraid of computers.

Adama: No, there are many computers on this ship. But they're not networked.
 
2013-07-30 03:36:12 PM
LesserEvil:

Yay! Someone who seems to know what they're talking about!

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities.

FMEAs happen at the ECU. All the subsidiary controllers trust it to tell them what to do. So if you can inject a command on to the bus directly, bypassing the ECU, the subsidiary controller will do whatever it's told.

Upon re-reading the article that sounds like what they did... Spliced directly into the CAN, which is a lot more involved than just plugging in to the OBD connector. With that kind of attack you would have to get each subsidiary controller verify that a command actually came from the ECU and reject any that came from an interloper.

The only way to do *that* would be to have the entire high-speed CAN encrypted, which would require a lot more processing power in all the subsidiaries.
 
2013-07-30 03:56:17 PM

maxheck: LesserEvil:

Yay! Someone who seems to know what they're talking about!

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities.

FMEAs happen at the ECU. All the subsidiary controllers trust it to tell them what to do. So if you can inject a command on to the bus directly, bypassing the ECU, the subsidiary controller will do whatever it's told.

Upon re-reading the article that sounds like what they did... Spliced directly into the CAN, which is a lot more involved than just plugging in to the OBD connector. With that kind of attack you would have to get each subsidiary controller verify that a command actually came from the ECU and reject any that came from an interloper.

The only way to do *that* would be to have the entire high-speed CAN encrypted, which would require a lot more processing power in all the subsidiaries.


Yup, and if it's one thing car manufacturers really do not want to do, it's upgrade those controllers. IIRC, those things still run basic algorithms from 50 years ago. The only thing they want to change is the calibrations used in them.

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

All these scare stories will at least assure that we keep mechanical linkages to the important bits, like brakes and steering.

Shutting down a car is certainly hackable under specific circumstances and equipment, but that is generally exploiting hardware ALREADY DESIGNED to kill the engine (LoJack/OnStar/Various Auto Lease systems). Even remote starters have limitations on how they operate.

On the other hand, there is no shortage of "innovation" that exposes cars to security exploitation, like my BIL's Toyota Prius Hybrid, which never requires a key to be inserted to unlock or start... just proximity of the fob... Toyota also gave us the ever-accelerating gas pedal, which I still believe, firmly, was a rare network lockup from the signal of the gas pedal into the controller. Audi's Windows experiment was a disaster, too, tying too many critical systems into Windows CE and delivering a poorly tested product.

The Big Three, at least, are extremely paranoid about "innovations" and that might not be a bad thing where integration of computer systems are involved.
 
2013-07-30 04:16:22 PM
LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf
 
2013-07-30 05:20:55 PM
Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?
 
2013-07-30 05:24:39 PM

WayToBlue: LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf


Glossing over the PDF, I think you may not fully understand what comprises a vehicle's communications systems. Much of what the document talks about is well know... for example, a device plugged into the OBD port or the radio most certainly do have full access to the LOW-SPEED CAN BUS. This doesn't equate to accessing the high-speed bus, or an ability to exploit that bus. Assertions that bridges (typically the BCM, or 'Body Control Module' provides this service) can be exploited ignores the fact that there is little density, long history and relatively high code obscurity (not that I'd rely on security through obscurity, but it elevates the difficulty) make such an exploit highly implausible on anything except a badly designed 'new' device (and as I stated, auto manufacturers don't really like re-inventing the wheel)

Attack vectors depend on accessibility of the systems they are attempting to subvert. Subversion is simple for some systems, for example... unlocking a car, while a non-trivial exercise, is certainly plausible with current vehicle systems through wireless access. Subversion is not exploitation. You might subvert a system in a vehicle to shut it down, or prevent operation, but external access is limited. Of course, INTERNAL ACCESS, like being plugged into an OBD port increases the potential, but again, that vector faces some pretty high hurtles - subversion is a lot easier at that point, but exploitation potential remains small enough to be almost impossible. Of cours,e if you have that sort of access to the system, you might as well as directly hack the high-speed CAN bus, in which case all bets are off.

The CAN Bus is a no-security protocol, like many other embedded systems communications buses. So what? They are closed systems requiring physical access.

Let's say you exploit a radio through bluetooth (the radio and the car must be on, and in range - the radio isn't even listening unless it is in a "powered on" state). Assuming the radio manufacturer is dumb enough to allow execution from RAM, and dumb enough to provide a vector to put data on the device, AND execute... what then? OK, if you re familiar enough with the radio's systems, now you need to understand the vehicle's BCM and have a vulnerability there to exploit. Again, we are talking about systems that live mostly in ROM (Yes, they are flashable, but again, there is a whole other level of access required to do this, and you'd still need to get CODE executed to flash what you want, where you want it). That's two layers, and once you have access to the high-speed CAN bus, what then? You can disrupt systems, but without taking over a controller, you can't shut them out of the system.

I'm not saying people should trust drive-by-wire. As vehicle systems get more complex, so do potential problems (see my comment above about Toyota). I'm just saying, based on my experience actually WORKING in the automotive industry, writing code that went into controllers, as well as code to support that development (such as calibration editors and real-time diagnostics tools) I find it highly unlikely, outside of a few outlier makes, that hackers would "gain control" of your vehicle. I think this is more "panic" than "reason" at this point.

The PDF you mention is basically a thorough assessment of potential attack vectors and threats. It is THEORY. So far, I have not seen a single case where somebody actually took a stock vehicle, hacked Bluetooth or the keyfob signal and somehow gained control. The only "successes" at this sort of thing were usually heavily weighted in favor of that success by target choice and attack vector. In practice, those examples fail miserably.

Oh, and I know a few things about exploits, too. On the side I've been involved in the console modding scene as a rather active developer and voice.

If you are a script writer in Hollywood, I'm sure you'll ignore this and make up whatever fantasy technological nonsense works as a plot device. ENHANCE! Heh.
 
2013-07-30 05:32:32 PM

BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?


I don't think car automatic firmware updates are mainstream yet. But if or when they do, absolutely that's an attack vector. You don't even need to hack the firmware site, you just need to impersonate it from the car's perspective.

Stuff like this? Link? Pretty much asking for someone to exploit it.
Creating a truly networked vehicle, mbrace2 offers not only open internet access, but special versions of popular apps - including Facebook, Yelp and Google Local Search - designed specifically for in-vehicle use. And because it connects the car and the "cloud", the system can be upgraded whenever new software and applications become available.
 
2013-07-30 05:33:12 PM

BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?


If there is a car manufacturer allowing customers to do their own "firmware updates" they are incredibly retarded.

Dealerships perform flashes with tools that communicate on the bus, flashing either calibrations or the entire firmware with calibrations (mostly the former). The calibrations are an area set aside for all of the "settings" a manufacturer needs to customize for that vehicle, like transmission shift points. When you buy custom performance ROMs for a car, you are basically getting the identical controller software, with updated calibrations. No code is executed from the calibration area (really just the compiler-defined data area, but usually strictly defined and checksummed for integrity).

Assuming you had that sort of access (say you borrowed a TechTool), sure, you could exploit a vehicle's system, but it would be about the same as typing "Del /S *.*" on a PC you can access.... that's not really an "exploit" in the nature the fear-mongers are talking about. You can brick your electronics devices by improperly flashing them, too.... again, it only really counts if I can brick your iPhone just by being in close proximity and using the WiFi or BT connection.
 
2013-07-30 05:39:19 PM

LesserEvil: BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?

If there is a car manufacturer allowing customers to do their own "firmware updates" they are incredibly retarded.

Dealerships perform flashes with tools that communicate on the bus, flashing either calibrations or the entire firmware with calibrations (mostly the former). The calibrations are an area set aside for all of the "settings" a manufacturer needs to customize for that vehicle, like transmission shift points. When you buy custom performance ROMs for a car, you are basically getting the identical controller software, with updated calibrations. No code is executed from the calibration area (really just the compiler-defined data area, but usually strictly defined and checksummed for integrity).

Assuming you had that sort of access (say you borrowed a TechTool), sure, you could exploit a vehicle's system, but it would be about the same as typing "Del /S *.*" on a PC you can access.... that's not really an "exploit" in the nature the fear-mongers are talking about. You can brick your electronics devices by improperly flashing them, too.... again, it only really counts if I can brick your iPhone just by being in close proximity and using the WiFi or BT connection.


Click my link. The advertising blurb is practically saying, "Want to track a driver? Want to unlock doors? Want to spam false trouble reports to a dealership?" No, these aren't drive-you-off-a-cliff severity problems, but they're obnoxious and if that sort of tech becomes mainstream, you and I both know that stuff will happen at least a few times.
 
2013-07-30 05:40:41 PM

ProfessorOhki: BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?

I don't think car automatic firmware updates are mainstream yet. But if or when they do, absolutely that's an attack vector. You don't even need to hack the firmware site, you just need to impersonate it from the car's perspective.

Stuff like this? Link? Pretty much asking for someone to exploit it.
Creating a truly networked vehicle, mbrace2 offers not only open internet access, but special versions of popular apps - including Facebook, Yelp and Google Local Search - designed specifically for in-vehicle use. And because it connects the car and the "cloud", the system can be upgraded whenever new software and applications become available.


Well, there's a vector - I doubt we'd see the Big Three take that sort of chance. Liability and threat potential drive a LOT of what happens in engineering a vehicle. FMEA stands for "Failure Mode Engineering Analysis" and in theory, suppliers of components for a vehicle (even the guys supplying brake pads) have to have one to cover any eventuality, or at least everything anybody ever thought of or encountered. I would hope Mercedes has fully taken into consideration all the potential gotchas, but again, as I stated above for Audi's and Toyota's cases, some companies don't always think things through.

It may be that the "mbrace2" radio is completely disconnected from the vehicle bus except for a secondary controller acting as a gateway? I have no idea, but every Big Three engineer I've ever worked with would raise shields on that sort of access.
 
2013-07-30 07:17:10 PM
LesserEvil

WayToBlue: LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Glossing over the PDF, I think you may not fully understand what comprises a vehicle's communications systems. Much of what the document talks about ... <lots of words outlining how unlikely it would be for them to do exactly they did>


Read it closer, this is not theory, they have done it. I have seen it. The ECUs are exploitable, the buses can be bridged.

From the paper I linked to:

"Building on our previous work, we first established a set of messages and signals that could be sent on our car's CAN bus (via OBD-II) to control key components (e.g., lights, locks, brakes, and engine) as well as injecting code into key ECUs to insert persistent capabilities and to bridge across multiple CAN buses... Consequently, by modifying the "bridge" ECUs (either via a vulnerability or simply by reflashing them over the CAN bus as they are designed to be) an attacker can amplify an attack on one bus to gain access to components on another. Consequently, the result is that compromising any ECU with access to some CAN bus on our vehicle (e.g., the media player) is sufficient to compromise the entire vehicle.

Combining these ECU control and bridging components, we constructed a general "payload" that we attempted to deliver in our subsequent experiments with the external attack surface. To be clear, for every vulnerability we demonstrate, we are able to obtain complete control over the vehicle's systems. We did not explore weaker attacks."


From the earlier work they referenced (http://www.autosec.org/pubs/cars-oakland2010.pdf) that was more about attacking the ECUs and bridging buses.

"We found multiple opportunities for attackers to amplify their capabilities-either in reach or in stealth. For example, while the designated gateway node between the car's low-speed and high-speed networks (the BCM) should not expose any interface that would let a low-speed node compromise the high-speed network, we found that we could maliciously bridge these networks through a compromised telematics unit. Thus, the compromise of any ECU becomes sufficient to manipulate safety-critical components such as the EBCM. As more and more components integrate into vehicles, it may become increasingly difficult to properly secure all bridging points.

Finally, we also found that, in addition to being able to load custom code onto an ECU via the CAN network, it is straightforward to design this code to completely erase any evidence of itself after executing its attack. Thus, absent any such forensic trail, it may be infeasible to determine if a particular crash is caused by an attack or not. While a seemingly minor point, we believe that this is in fact a very dangerous capability as it minimizes the possibility of any law enforcement action that might deter individuals from using such attacks."


BTW, they were expecting the RE to be one of the hardest parts which you mentioned, but in reality they found it to be fairly simple.

To be clear, they were able to show IN REAL LIFE, not theory, that they could exploit a device on the low-speed bus, use that to exploit a bridging device like the telematics unit, and then control then take complete control of the vehicle. They wrote exploits, performed them remotely, all of it. It works.
 
2013-07-30 07:59:24 PM

Lexx: UNSAFE CARS ARE UNSAFE FOR EVERYONE ON THE ROAD.


That's weird, that was my point.

Lexx: Yes, your bicycle brakes work, and are unhackable. Good for you.


That's what I said, yes.

Lexx: What happens when the car driving behind you gets hacked, and its brakes stop working?


Since I pay attention, pretty much what would happen anyways: I get out of the way or otherwise react. Since I have no way of knowing AT THAT TIME what the reason for the cager's behavior was, the only thing that counts is that no one can hack a cable in a jacket pulling on brakes.
 
2013-07-30 08:30:53 PM

ProfessorOhki: StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?

Correct me if I'm wrong, but you can still do automatic/semi-automatic transmissions without ANY computer systems involved.

/Red herring is red


Yes, you can do auto trans with no computer. You just can't really do fuel injection, but make it so the computer doesn't receive a signal, and the best a hacker could do is shut it off. Better to snip the brake lines at that point, and even with that, there are redundancies so the driver still has some brake function.

Pretty much as long as you're pre-1994 (OBDII), your car is reasonably safe from hacking. It's just that most people don't maintain their cars for that long.
 
2013-07-30 09:28:03 PM
TheMysteriousStranger designs a lethal hack-proof car:

Radio attached to a computer that is wired to the door locks.  It will will also have one byte output to the other computers that can command them to send back a diagnostic or GPS coordinates.  In no way will it have any control over the brakes, wheel, gas, or anything else beside the door locks.    Needless to say computers that even as much as tough the brakes, etc. will not have a radio connection and will only get the one byte command.

Admittedly this won't stop the hacker if he has physical access, but that is no big deal.  People with physical access have always had the ability to sabotage brakes.  Indeed that is actually physically replacing the computer.
 
2013-07-30 11:41:36 PM

maxheck: Quantum Apostrophe:

Let's see, hacking can affect a car's steering, braking, and acceleration. Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"

Gosh. He really hated on bicyclists and say "go team cage!" there in his response to your silly question.

A little touchy there?


As someone who rode his bicycle for errands (while maintaining a perfectly awesome 4 door sedan that has served wonderfully for years) for 6-12 months, including going to work on it (it's only 2 miles), and now rides a motorcycle for the same purposes (I got tired of changing clothes at work and always wanted a motorcycle, AND something on the farking bicycle was breaking every god damned week requiring me to load it in the car and drive to the bike shop. Tires, tubes, rims, etc.)...

Anyone who uses the word 'cagers' is a farking shiatbag without any remote worth.  Period. It's a stupid term for stupid people who don't deserve a bike, and make people who aren't farking retards look bad, just like militant feminists/vegans.

Debating taking up the bike riding again for the free exercise. I really hated changing clothes though. And it's only 2 miles. And I hit the gym 2-3 times a week now instead.
 
2013-07-30 11:42:20 PM

Peki: The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to.


And your conclusion was that computers are bunk, rather than salesmen?
 
2013-07-30 11:42:45 PM

Quantum Apostrophe: your attempt to suck the dick of all the other cagers here.


Wowee... go get 'em, champ.
 
2013-07-30 11:44:25 PM

dehehn: you have an untraceable reliable method of hacking which has proven to be easy to use?


Don't / hasn't.
 
2013-07-31 07:36:08 AM

poot_rootbeer: Peki: The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to.

And your conclusion was that computers are bunk, rather than salesmen?


Well, okay, not the computers. The people who programmed them.

/only as good as the data you input
 
2013-07-31 02:48:34 PM
Real easy solution - RIP EVERY ONE OF THEM OUT, replace transmission with manual, learn how to drive and brake without traction control or abs, and replace efi controller with aftermarket Megasquirt controller.  DONE.

/no seriously, take a goddamn aggressive driving course
 
2013-07-31 03:00:41 PM
While I'm at it....

wikispeed.org
http://wikispeed.org/

Aluminum/carbon fiber construction.  Modular design allowing for complete servicing by DiY owner. Rear wheel drive manual.  0-60 in five seconds.  Five star crash rating pending.  100+ MPG.  Less than 30K.  The car has I believe five computers.  They all fit into a shoebox sized compartment that takes like ten minutes to change out.  Engine/suspension/transmission can be serviced at any Honda dealer.

And they can't build more than I believe fifty per year without adding airbags and other superfluous "safety" equipment(ie:  big auto consumer rape) which would weigh the car down defeating the entire point of a fuel efficient sports car.

Thanks nanny state lefties.  By making us "safer" you've protected us from innovation and protected the entrenched multi-national car companies.  Really appreciate it.
 
Displayed 73 of 73 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report