If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   In an absolute surprise, it turns out the 500 little computers in a modern car are a great target for hackers. Instead of sending annoying Viagra ads, they can get control of your car's steering, engine and brakes   (arstechnica.com) divider line 8
    More: Scary, Ford Escape, ECU, embedded devices, brakes, CD players, actuators, cars, Onstar  
•       •       •

2048 clicks; posted to Geek » on 30 Jul 2013 at 10:26 AM (49 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest

2013-07-30 11:42:50 AM
2 votes:

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


i.imgur.com
/picture unrelated... or is it?
2013-07-30 07:17:10 PM
1 votes:
LesserEvil

WayToBlue: LesserEvil

As you said, hacking through a device on the low-speed bus is simply not likely to happen (like something plugged into OBD or somebody hacking your radio), unless the particular manufacturer does something stupid (like Audi running their entire vehicle on Windows CE). Patching into the high-speed CAN is cheating. You aren't going to do that outside the vehicle, and most certainly not wirelessly.

Hacking the high-speed bus devices through a device on the low-speed bus is not only possible, but has been done several times at this point.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Glossing over the PDF, I think you may not fully understand what comprises a vehicle's communications systems. Much of what the document talks about ... <lots of words outlining how unlikely it would be for them to do exactly they did>


Read it closer, this is not theory, they have done it. I have seen it. The ECUs are exploitable, the buses can be bridged.

From the paper I linked to:

"Building on our previous work, we first established a set of messages and signals that could be sent on our car's CAN bus (via OBD-II) to control key components (e.g., lights, locks, brakes, and engine) as well as injecting code into key ECUs to insert persistent capabilities and to bridge across multiple CAN buses... Consequently, by modifying the "bridge" ECUs (either via a vulnerability or simply by reflashing them over the CAN bus as they are designed to be) an attacker can amplify an attack on one bus to gain access to components on another. Consequently, the result is that compromising any ECU with access to some CAN bus on our vehicle (e.g., the media player) is sufficient to compromise the entire vehicle.

Combining these ECU control and bridging components, we constructed a general "payload" that we attempted to deliver in our subsequent experiments with the external attack surface. To be clear, for every vulnerability we demonstrate, we are able to obtain complete control over the vehicle's systems. We did not explore weaker attacks."


From the earlier work they referenced (http://www.autosec.org/pubs/cars-oakland2010.pdf) that was more about attacking the ECUs and bridging buses.

"We found multiple opportunities for attackers to amplify their capabilities-either in reach or in stealth. For example, while the designated gateway node between the car's low-speed and high-speed networks (the BCM) should not expose any interface that would let a low-speed node compromise the high-speed network, we found that we could maliciously bridge these networks through a compromised telematics unit. Thus, the compromise of any ECU becomes sufficient to manipulate safety-critical components such as the EBCM. As more and more components integrate into vehicles, it may become increasingly difficult to properly secure all bridging points.

Finally, we also found that, in addition to being able to load custom code onto an ECU via the CAN network, it is straightforward to design this code to completely erase any evidence of itself after executing its attack. Thus, absent any such forensic trail, it may be infeasible to determine if a particular crash is caused by an attack or not. While a seemingly minor point, we believe that this is in fact a very dangerous capability as it minimizes the possibility of any law enforcement action that might deter individuals from using such attacks."


BTW, they were expecting the RE to be one of the hardest parts which you mentioned, but in reality they found it to be fairly simple.

To be clear, they were able to show IN REAL LIFE, not theory, that they could exploit a device on the low-speed bus, use that to exploit a bridging device like the telematics unit, and then control then take complete control of the vehicle. They wrote exploits, performed them remotely, all of it. It works.
2013-07-30 11:57:04 AM
1 votes:
SGT Ace:

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual. Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection. I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.

They could get physical access to your car once and install a receiver, then send the 'attack' signals later (while following you, etc.) I imagine such a device could be pretty small and easy to hide. Just a thought.


You can buy little bricks off-the-shelf that plug into your OBD port and use GPS and the cellular network to send information to a server. They hide right under the dash. I think I saw a system in the SkyMall catalog marketed to helicopter parents and paranoid couples for under $500. It'd be a pretty expensive piece of custom hardware to do what they're talking about in the article though.

One thing that would make things easy on the manufacturers to lock down the CAN would be to simply put write authentication on the ECU. It's the single point of entry to the CAN and the master of the bus. (Logical bus, not beep-beep bus.)

There are a ton of read functions that are required such as service code scanners, emission control check scanners etc, but there is no reason to write *ANYTHING* persistent to the ECU under operating conditions, with the possible exception of a LOJACK / OnStar type shutdown.
zez
2013-07-30 11:48:55 AM
1 votes:
Speed Racer did it in the episode "The Car Destroyers"

http://www.youtube.com/watch?v=QJ9Vbl7WaCA
2013-07-30 10:47:55 AM
1 votes:

ArkPanda: Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.

The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.


Mesh networking, persistent cellular connections, are already a thing.  Robot cars are coming too, which will make heavy use of the aforementioned.
2013-07-30 10:43:03 AM
1 votes:
So, if someone opens up my car, pulls some chips, solders in new ones, they can make my car do different things?

Honestly, if you're trying to murder me, wouldn't it be easier to just shoot me?
2013-07-30 10:40:31 AM
1 votes:
Unless the car has some fancy cellular data connection, how are you going to get access? Bluetooth only has a short range, so you'd have to be tailgating the target so close, you'd be better off running them into a tree the old fashioned way. I suppose you could pre-program the car to do something, but again there are much more straightforward ways to kill someone if you have physical access to their vehicle, like cutting their brake lines.
2013-07-30 10:38:37 AM
1 votes:

Lexx: LasersHurt: 30% of tech articles: "x" can be hacked if you try.

Yeah, but this is more dire than usual.  Your steering, accelerator, or braking being hacked is kind of terrifying.


The question is how they would make the connection.  I can't see a hacker running up to my car at a red light and plugging his laptop into the diagnostic port.
 
Displayed 8 of 8 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report