Wait, Now I Need Security Software For My Car, Too?

from the trojan-brakes? dept

Remember a few months ago when a disgruntled ex-employee from a car dealer was able to login to the dealer’s computer system and remotely disable over 100 cars? And, of course, there have been concerns over the ability to use systems like OnStar to remotely disable cars as well, with concerns about what would happen if malicious hackers were able to get their hands on the controls. Now, to add to those concerns, some researchers are reporting that modern day car computing is vulnerable to malicious hacks that could put drivers in danger.

The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry….

The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.

The researchers asked what could happen if a hacker could gain access to the network of a car, said Tadayoshi Kohno, a University of Washington computer scientist. He said the research teams were able to demonstrate their ability to circumvent a wide variety of systems critical to the safety of drivers and passengers.

They also demonstrated what they described as “composite attacks” that showed their ability to insert malicious software and then erase any evidence of tampering after a crash.

The researchers were able to activate dozens of functions and almost all of them while the car was in motion.

Happy driving, everyone…

To be fair, the researchers admit that they did not look at what kinds of “defense” the car might have to block such attacks, but they do point out that those developing car computing systems probably don’t have as much experience or concern in the security realm. For the most part, this sounds like it’s not a problem that anyone’s going to face in the short-term. If anything, I’m guessing we’ll have a lot more moral panic stories about what will happen before any reports of something bad actually happening. However, at some point, it seems likely that these sorts of stories will pass over from the hypothetical into the real world, and at that point, I’ll be looking for a car that runs on open source software.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Wait, Now I Need Security Software For My Car, Too?”

Subscribe: RSS Leave a comment
MK says:

Custom patches or mod chips for cars?

Instead of deliberate attacks, I wonder when someone will write a custom software or create a mod chip for a car. Instead of tinkering with the physical components, it might be possible to boost a car’s performance by disabling some built-in safety limits. This kind of modification might also be difficult for police to notice in an otherwise normal looking car.

Anonymous Coward says:

Re: Re: Custom patches or mod chips for cars?

Existing – Yes.

Legal – Sometimes.

Per the Clean Air Act, its against Federal Law to tamper with the emission control devices in cars for a certain number of years. Your ECU is part of the emissions control system. Removing a speed limiter is probably a different story, however I don’t believe I know of any of the plug-in tuners that carry the CARB or Federal OK #’s.

P3T3R5ON (profile) says:

Re: Re: Re: Custom patches or mod chips for cars?

Despite all the aftermarket add-ons for cars these days saying ‘not for street use’ ‘not carb legal’ etc…. If your vechicle passes emissions then you’re ok. Except you still have to have some safety standards mandated by state law… (exterior lights, dB level, etc)

‘Chipping’ a car simply changes a few strings of engine timing code to apply a performance based map for air to fuel ratio in the car… most easily chipped cars are ones that are already running a forced induction application.

As far as ‘hacking’ a cars ECU, it’s not like taking out a computer on the internet, you need physical access to the vehicle… except OnStar type vehicles…. for now. Once cellphone connectivity comes standard with cars then the ECU will be able to be remotely attacked.

(insert sarcasm) I’m so glad the the auto industry is finally realizing that this potential threat could soon become a very real issue and much sooner then they think.

Matt (profile) says:

Re: Custom patches or mod chips for cars?

People have been doing that for a long time. Some states limit the HP of engines for emissions, this can be gotten around with mod chips. Mod chips can significantly increase performance of cars adding a noticable ammount of horsepower hitting the road. A lot of cars don’t perform as POWERFULLY as they can at the manufacturer’s implemented handicap in order to keep mileage or weardown (for warranties) within certain limits.

Anonymous Coward says:

If this story becomes big enough news and develops into an urban legend, I can imagine a scene in a “hacking” movie where the computer savvy supporting character is riding with the main character and has to hack into and move several cars while simultaneously controlling his own. The main character would now be in a position to save the day.

I picture Shia Lebouf as the supporting actor, I think he does a great frustrated and misunderstood scene.

abc gum says:

Re: To be fair:

“Hackers (currently) must gain physical access to the car in order to perform these hacks. They need access to the diagnostics port. I only say this because it wasn’t mentioned at all in the post.”

The need for physical access to the car and to the network of a car was stated. The diagnostics port in particular was not. The team that demonstrated this used the diagnostics port, as is reported in other articles on the subject. I doubt that the diagnostics port is the only point of access which would allow such manipulations.

mkam says:

Re: Re: To be fair:

Just need to get access to the CAN bus on the car, which the ODB port provides. All you have to know is what wires you are looking for under the car and tap in to the High Low wires for the bus. If you start looking at how much modern cars are sending around on this bus (get a CAN–>USB device for a laptop) you would definitely be surprised.

Rob (profile) says:

Re: Security

But that is not the only access to the computer. Others have already mentioned OnStar. There are also cars with blue tooth and I think, one of the points made was concerning the future as cars get more wireless/bluetooth capability.

Also, if you ever allow anyone else to drive your car (mechanic, valet, or even a ‘friend’), you have just allowed someone to connect to your cars computer…but you didn’t know it, so does that also make you a dumbass?

Come on, be nice. If the car makers do not take steps to protect consumers NOW, as the software develops the protection will be more difficult to program in later and that is the point I took from the article.

Hephaestus (profile) says:

hmmmm .....

Here is a scenario for you. Every year you go to get your car smogged as part of the inspection. That includes them hooking up to the diagnostics port to check the emissions. Hack the machine that does the emissions test to insert nefarious code to do what you want at the time you want.

It would be funny to have every car in a state start blowing their horns, flash their lights, turn on the windsheild wipers at the same time, randomly unlock and lock the doors, and pop the trunk. Or in the case of cars with user based self adjusting seats … squish!!!

yeah I know improbable because of the different OS’s and versions used on the CPU’s. It would be funny though.

Anonymous Coward says:

Re: Possible Bright Side

If I could do this I’d rather make the car accelerate directly into the nearest manure truck. Disabling the stereo is too good for the asshole that parks outside my window at 4 AM every night with his windows down and stays there for an hour, blasting mexi-pop and mariachi music at ear-splitting decibel levels.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...