If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   In an absolute surprise, it turns out the 500 little computers in a modern car are a great target for hackers. Instead of sending annoying Viagra ads, they can get control of your car's steering, engine and brakes   (arstechnica.com) divider line 73
    More: Scary, Ford Escape, ECU, embedded devices, brakes, CD players, actuators, cars, Onstar  
•       •       •

2048 clicks; posted to Geek » on 30 Jul 2013 at 10:26 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



73 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-07-30 03:16:12 PM

LesserEvil: Car manufacturers use these things called "FMEAs" to mitigate potential liabilities. I'm pretty sure any systems exposed to external input, like WiFi or BlueTooth are pretty thoroughly checked to make sure there is no access to critical systems. Most vehicles, for example, have low- and high-speed CAN buses; low-speed is for things like infotainment/OnStar/Satellite/Keyfob(Body Controller) while high-speed handles the more critical ECM/TCM functionality.

There are communication bridges, which also act as firewalls that prevent something from, say the low-speed bus, trying to control something in some way on the high-speed bus it shouldn't (like acceleration). These bridges only convert a small sub-set of commands, and meant more to sending information OUT to the low-speed bus. Nothing on the high-speed bus would be directly interfaced to a wireless system.


Ya, rly.

The separation between the buses as you describe it is how it normally works, and how it's supposed to work, but they do not hold up to attack. It has been shown that the units that bridge buses can be compromised and this a vulnerability in one bus absolutely can affect the others.

There are multiple papers about this topic, but I like this one:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf
 
2013-07-30 03:19:54 PM

StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?


Correct me if I'm wrong, but you can still do automatic/semi-automatic transmissions without ANY computer systems involved.

/Red herring is red
 
2013-07-30 03:21:04 PM
Roslin: I heard you're one of those people. You're actually afraid of computers.

Adama: No, there are many computers on this ship. But they're not networked.
 
2013-07-30 03:36:12 PM
LesserEvil:

Yay! Someone who seems to know what they're talking about!

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities.

FMEAs happen at the ECU. All the subsidiary controllers trust it to tell them what to do. So if you can inject a command on to the bus directly, bypassing the ECU, the subsidiary controller will do whatever it's told.

Upon re-reading the article that sounds like what they did... Spliced directly into the CAN, which is a lot more involved than just plugging in to the OBD connector. With that kind of attack you would have to get each subsidiary controller verify that a command actually came from the ECU and reject any that came from an interloper.

The only way to do *that* would be to have the entire high-speed CAN encrypted, which would require a lot more processing power in all the subsidiaries.
 
2013-07-30 03:56:17 PM

maxheck: LesserEvil:

Yay! Someone who seems to know what they're talking about!

Car manufacturers use these things called "FMEAs" to mitigate potential liabilities.

FMEAs happen at the ECU. All the subsidiary controllers trust it to tell them what to do. So if you can inject a command on to the bus directly, bypassing the ECU, the subsidiary controller will do whatever it's told.

Upon re-reading the article that sounds like what they did... Spliced directly into the CAN, which is a lot more involved than just plugging in to the OBD connector. With that kind of attack you would have to get each subsidiary controller verify that a command actually came from the ECU and reject any that came from an interloper.

The only way to do *that* would be to have the entire high-speed CAN encrypted, which would require a lot more processing power in all the subsidiaries.


Yup, and if it's one thing car manufacturers really do not want to do, it's upgrade those controllers. IIRC, those things still run basic algorithms from 50 years ago. The only thing they want to change is the calibrations used in them.

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

All these scare stories will at least assure that we keep mechanical linkages to the important bits, like brakes and steering.

Shutting down a car is certainly hackable under specific circumstances and equipment, but that is generally exploiting hardware ALREADY DESIGNED to kill the engine (LoJack/OnStar/Various Auto Lease systems). Even remote starters have limitations on how they operate.

On the other hand, there is no shortage of "innovation" that exposes cars to security exploitation, like my BIL's Toyota Prius Hybrid, which never requires a key to be inserted to unlock or start... just proximity of the fob... Toyota also gave us the ever-accelerating gas pedal, which I still believe, firmly, was a rare network lockup from the signal of the gas pedal into the controller. Audi's Windows experiment was a disaster, too, tying too many critical systems into Windows CE and delivering a poorly tested product.

The Big Three, at least, are extremely paranoid about "innovations" and that might not be a bad thing where integration of computer systems are involved.
 
2013-07-30 04:16:22 PM
LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf
 
2013-07-30 05:20:55 PM
Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?
 
2013-07-30 05:24:39 PM

WayToBlue: LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf


Glossing over the PDF, I think you may not fully understand what comprises a vehicle's communications systems. Much of what the document talks about is well know... for example, a device plugged into the OBD port or the radio most certainly do have full access to the LOW-SPEED CAN BUS. This doesn't equate to accessing the high-speed bus, or an ability to exploit that bus. Assertions that bridges (typically the BCM, or 'Body Control Module' provides this service) can be exploited ignores the fact that there is little density, long history and relatively high code obscurity (not that I'd rely on security through obscurity, but it elevates the difficulty) make such an exploit highly implausible on anything except a badly designed 'new' device (and as I stated, auto manufacturers don't really like re-inventing the wheel)

Attack vectors depend on accessibility of the systems they are attempting to subvert. Subversion is simple for some systems, for example... unlocking a car, while a non-trivial exercise, is certainly plausible with current vehicle systems through wireless access. Subversion is not exploitation. You might subvert a system in a vehicle to shut it down, or prevent operation, but external access is limited. Of course, INTERNAL ACCESS, like being plugged into an OBD port increases the potential, but again, that vector faces some pretty high hurtles - subversion is a lot easier at that point, but exploitation potential remains small enough to be almost impossible. Of cours,e if you have that sort of access to the system, you might as well as directly hack the high-speed CAN bus, in which case all bets are off.

The CAN Bus is a no-security protocol, like many other embedded systems communications buses. So what? They are closed systems requiring physical access.

Let's say you exploit a radio through bluetooth (the radio and the car must be on, and in range - the radio isn't even listening unless it is in a "powered on" state). Assuming the radio manufacturer is dumb enough to allow execution from RAM, and dumb enough to provide a vector to put data on the device, AND execute... what then? OK, if you re familiar enough with the radio's systems, now you need to understand the vehicle's BCM and have a vulnerability there to exploit. Again, we are talking about systems that live mostly in ROM (Yes, they are flashable, but again, there is a whole other level of access required to do this, and you'd still need to get CODE executed to flash what you want, where you want it). That's two layers, and once you have access to the high-speed CAN bus, what then? You can disrupt systems, but without taking over a controller, you can't shut them out of the system.

I'm not saying people should trust drive-by-wire. As vehicle systems get more complex, so do potential problems (see my comment above about Toyota). I'm just saying, based on my experience actually WORKING in the automotive industry, writing code that went into controllers, as well as code to support that development (such as calibration editors and real-time diagnostics tools) I find it highly unlikely, outside of a few outlier makes, that hackers would "gain control" of your vehicle. I think this is more "panic" than "reason" at this point.

The PDF you mention is basically a thorough assessment of potential attack vectors and threats. It is THEORY. So far, I have not seen a single case where somebody actually took a stock vehicle, hacked Bluetooth or the keyfob signal and somehow gained control. The only "successes" at this sort of thing were usually heavily weighted in favor of that success by target choice and attack vector. In practice, those examples fail miserably.

Oh, and I know a few things about exploits, too. On the side I've been involved in the console modding scene as a rather active developer and voice.

If you are a script writer in Hollywood, I'm sure you'll ignore this and make up whatever fantasy technological nonsense works as a plot device. ENHANCE! Heh.
 
2013-07-30 05:32:32 PM

BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?


I don't think car automatic firmware updates are mainstream yet. But if or when they do, absolutely that's an attack vector. You don't even need to hack the firmware site, you just need to impersonate it from the car's perspective.

Stuff like this? Link? Pretty much asking for someone to exploit it.
Creating a truly networked vehicle, mbrace2 offers not only open internet access, but special versions of popular apps - including Facebook, Yelp and Google Local Search - designed specifically for in-vehicle use. And because it connects the car and the "cloud", the system can be upgraded whenever new software and applications become available.
 
2013-07-30 05:33:12 PM

BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?


If there is a car manufacturer allowing customers to do their own "firmware updates" they are incredibly retarded.

Dealerships perform flashes with tools that communicate on the bus, flashing either calibrations or the entire firmware with calibrations (mostly the former). The calibrations are an area set aside for all of the "settings" a manufacturer needs to customize for that vehicle, like transmission shift points. When you buy custom performance ROMs for a car, you are basically getting the identical controller software, with updated calibrations. No code is executed from the calibration area (really just the compiler-defined data area, but usually strictly defined and checksummed for integrity).

Assuming you had that sort of access (say you borrowed a TechTool), sure, you could exploit a vehicle's system, but it would be about the same as typing "Del /S *.*" on a PC you can access.... that's not really an "exploit" in the nature the fear-mongers are talking about. You can brick your electronics devices by improperly flashing them, too.... again, it only really counts if I can brick your iPhone just by being in close proximity and using the WiFi or BT connection.
 
2013-07-30 05:39:19 PM

LesserEvil: BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?

If there is a car manufacturer allowing customers to do their own "firmware updates" they are incredibly retarded.

Dealerships perform flashes with tools that communicate on the bus, flashing either calibrations or the entire firmware with calibrations (mostly the former). The calibrations are an area set aside for all of the "settings" a manufacturer needs to customize for that vehicle, like transmission shift points. When you buy custom performance ROMs for a car, you are basically getting the identical controller software, with updated calibrations. No code is executed from the calibration area (really just the compiler-defined data area, but usually strictly defined and checksummed for integrity).

Assuming you had that sort of access (say you borrowed a TechTool), sure, you could exploit a vehicle's system, but it would be about the same as typing "Del /S *.*" on a PC you can access.... that's not really an "exploit" in the nature the fear-mongers are talking about. You can brick your electronics devices by improperly flashing them, too.... again, it only really counts if I can brick your iPhone just by being in close proximity and using the WiFi or BT connection.


Click my link. The advertising blurb is practically saying, "Want to track a driver? Want to unlock doors? Want to spam false trouble reports to a dealership?" No, these aren't drive-you-off-a-cliff severity problems, but they're obnoxious and if that sort of tech becomes mainstream, you and I both know that stuff will happen at least a few times.
 
2013-07-30 05:40:41 PM

ProfessorOhki: BohemianGraham: Not sure if this is going to come across as a tard post or not, but couldn't someone hack the firmware sites of various vehicles, and upload some of this shiat in the guise of a new firmware update for the vehicle? Or am I really being to tin foil hatty there?

I don't think car automatic firmware updates are mainstream yet. But if or when they do, absolutely that's an attack vector. You don't even need to hack the firmware site, you just need to impersonate it from the car's perspective.

Stuff like this? Link? Pretty much asking for someone to exploit it.
Creating a truly networked vehicle, mbrace2 offers not only open internet access, but special versions of popular apps - including Facebook, Yelp and Google Local Search - designed specifically for in-vehicle use. And because it connects the car and the "cloud", the system can be upgraded whenever new software and applications become available.


Well, there's a vector - I doubt we'd see the Big Three take that sort of chance. Liability and threat potential drive a LOT of what happens in engineering a vehicle. FMEA stands for "Failure Mode Engineering Analysis" and in theory, suppliers of components for a vehicle (even the guys supplying brake pads) have to have one to cover any eventuality, or at least everything anybody ever thought of or encountered. I would hope Mercedes has fully taken into consideration all the potential gotchas, but again, as I stated above for Audi's and Toyota's cases, some companies don't always think things through.

It may be that the "mbrace2" radio is completely disconnected from the vehicle bus except for a secondary controller acting as a gateway? I have no idea, but every Big Three engineer I've ever worked with would raise shields on that sort of access.
 
2013-07-30 07:17:10 PM
LesserEvil

WayToBlue: LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Glossing over the PDF, I think you may not fully understand what comprises a vehicle's communications systems. Much of what the document talks about ... <lots of words outlining how unlikely it would be for them to do exactly they did>


Read it closer, this is not theory, they have done it. I have seen it. The ECUs are exploitable, the buses can be bridged.

From the paper I linked to:

"Building on our previous work, we first established a set of messages and signals that could be sent on our car's CAN bus (via OBD-II) to control key components (e.g., lights, locks, brakes, and engine) as well as injecting code into key ECUs to insert persistent capabilities and to bridge across multiple CAN buses... Consequently, by modifying the "bridge" ECUs (either via a vulnerability or simply by reflashing them over the CAN bus as they are designed to be) an attacker can amplify an attack on one bus to gain access to components on another. Consequently, the result is that compromising any ECU with access to some CAN bus on our vehicle (e.g., the media player) is sufficient to compromise the entire vehicle.

Combining these ECU control and bridging components, we constructed a general "payload" that we attempted to deliver in our subsequent experiments with the external attack surface. To be clear, for every vulnerability we demonstrate, we are able to obtain complete control over the vehicle's systems. We did not explore weaker attacks."


From the earlier work they referenced (http://www.autosec.org/pubs/cars-oakland2010.pdf) that was more about attacking the ECUs and bridging buses.

"We found multiple opportunities for attackers to amplify their capabilities-either in reach or in stealth. For example, while the designated gateway node between the car's low-speed and high-speed networks (the BCM) should not expose any interface that would let a low-speed node compromise the high-speed network, we found that we could maliciously bridge these networks through a compromised telematics unit. Thus, the compromise of any ECU becomes sufficient to manipulate safety-critical components such as the EBCM. As more and more components integrate into vehicles, it may become increasingly difficult to properly secure all bridging points.

Finally, we also found that, in addition to being able to load custom code onto an ECU via the CAN network, it is straightforward to design this code to completely erase any evidence of itself after executing its attack. Thus, absent any such forensic trail, it may be infeasible to determine if a particular crash is caused by an attack or not. While a seemingly minor point, we believe that this is in fact a very dangerous capability as it minimizes the possibility of any law enforcement action that might deter individuals from using such attacks."


BTW, they were expecting the RE to be one of the hardest parts which you mentioned, but in reality they found it to be fairly simple.

To be clear, they were able to show IN REAL LIFE, not theory, that they could exploit a device on the low-speed bus, use that to exploit a bridging device like the telematics unit, and then control then take complete control of the vehicle. They wrote exploits, performed them remotely, all of it. It works.
 
2013-07-30 07:59:24 PM

Lexx: UNSAFE CARS ARE UNSAFE FOR EVERYONE ON THE ROAD.


That's weird, that was my point.

Lexx: Yes, your bicycle brakes work, and are unhackable. Good for you.


That's what I said, yes.

Lexx: What happens when the car driving behind you gets hacked, and its brakes stop working?


Since I pay attention, pretty much what would happen anyways: I get out of the way or otherwise react. Since I have no way of knowing AT THAT TIME what the reason for the cager's behavior was, the only thing that counts is that no one can hack a cable in a jacket pulling on brakes.
 
2013-07-30 08:30:53 PM

ProfessorOhki: StrangeQ: So is this the thread where the "manual transmissions and mechanical linkages are vestigial systems that need to be done away with" crowd goes into complete denial about the risks associated with giving up control of your vehicle to a computer?

Correct me if I'm wrong, but you can still do automatic/semi-automatic transmissions without ANY computer systems involved.

/Red herring is red


Yes, you can do auto trans with no computer. You just can't really do fuel injection, but make it so the computer doesn't receive a signal, and the best a hacker could do is shut it off. Better to snip the brake lines at that point, and even with that, there are redundancies so the driver still has some brake function.

Pretty much as long as you're pre-1994 (OBDII), your car is reasonably safe from hacking. It's just that most people don't maintain their cars for that long.
 
2013-07-30 09:28:03 PM
TheMysteriousStranger designs a lethal hack-proof car:

Radio attached to a computer that is wired to the door locks.  It will will also have one byte output to the other computers that can command them to send back a diagnostic or GPS coordinates.  In no way will it have any control over the brakes, wheel, gas, or anything else beside the door locks.    Needless to say computers that even as much as tough the brakes, etc. will not have a radio connection and will only get the one byte command.

Admittedly this won't stop the hacker if he has physical access, but that is no big deal.  People with physical access have always had the ability to sabotage brakes.  Indeed that is actually physically replacing the computer.
 
2013-07-30 11:41:36 PM

maxheck: Quantum Apostrophe:

Let's see, hacking can affect a car's steering, braking, and acceleration. Bicycles ride on the same roads as cars... I see you've thought your cunning plan through.

Same goes for pedestrians and other drivers... I see you've not given much thought to anything in your attempt to suck the dick of all the other cagers here. "Oh look at me I hate cyclists too! Let's fark!"

Gosh. He really hated on bicyclists and say "go team cage!" there in his response to your silly question.

A little touchy there?


As someone who rode his bicycle for errands (while maintaining a perfectly awesome 4 door sedan that has served wonderfully for years) for 6-12 months, including going to work on it (it's only 2 miles), and now rides a motorcycle for the same purposes (I got tired of changing clothes at work and always wanted a motorcycle, AND something on the farking bicycle was breaking every god damned week requiring me to load it in the car and drive to the bike shop. Tires, tubes, rims, etc.)...

Anyone who uses the word 'cagers' is a farking shiatbag without any remote worth.  Period. It's a stupid term for stupid people who don't deserve a bike, and make people who aren't farking retards look bad, just like militant feminists/vegans.

Debating taking up the bike riding again for the free exercise. I really hated changing clothes though. And it's only 2 miles. And I hit the gym 2-3 times a week now instead.
 
2013-07-30 11:42:20 PM

Peki: The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to.


And your conclusion was that computers are bunk, rather than salesmen?
 
2013-07-30 11:42:45 PM

Quantum Apostrophe: your attempt to suck the dick of all the other cagers here.


Wowee... go get 'em, champ.
 
2013-07-30 11:44:25 PM

dehehn: you have an untraceable reliable method of hacking which has proven to be easy to use?


Don't / hasn't.
 
2013-07-31 07:36:08 AM

poot_rootbeer: Peki: The first time I realized computers in cars were bunk was when a salesman told me he didn't believe the mileage we were getting in the car because the chip is programmed to keep the car within the EPA estimates; even if you can get more, supposedly you shouldn't be able to.

And your conclusion was that computers are bunk, rather than salesmen?


Well, okay, not the computers. The people who programmed them.

/only as good as the data you input
 
2013-07-31 02:48:34 PM
Real easy solution - RIP EVERY ONE OF THEM OUT, replace transmission with manual, learn how to drive and brake without traction control or abs, and replace efi controller with aftermarket Megasquirt controller.  DONE.

/no seriously, take a goddamn aggressive driving course
 
2013-07-31 03:00:41 PM
While I'm at it....

wikispeed.org
http://wikispeed.org/

Aluminum/carbon fiber construction.  Modular design allowing for complete servicing by DiY owner. Rear wheel drive manual.  0-60 in five seconds.  Five star crash rating pending.  100+ MPG.  Less than 30K.  The car has I believe five computers.  They all fit into a shoebox sized compartment that takes like ten minutes to change out.  Engine/suspension/transmission can be serviced at any Honda dealer.

And they can't build more than I believe fifty per year without adding airbags and other superfluous "safety" equipment(ie:  big auto consumer rape) which would weigh the car down defeating the entire point of a fuel efficient sports car.

Thanks nanny state lefties.  By making us "safer" you've protected us from innovation and protected the entrenched multi-national car companies.  Really appreciate it.
 
Displayed 23 of 73 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report