Wait, Now I Need Security Software For My Car, Too?
from the trojan-brakes? dept
Remember a few months ago when a disgruntled ex-employee from a car dealer was able to login to the dealer’s computer system and remotely disable over 100 cars? And, of course, there have been concerns over the ability to use systems like OnStar to remotely disable cars as well, with concerns about what would happen if malicious hackers were able to get their hands on the controls. Now, to add to those concerns, some researchers are reporting that modern day car computing is vulnerable to malicious hacks that could put drivers in danger.
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry….
The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.
The researchers asked what could happen if a hacker could gain access to the network of a car, said Tadayoshi Kohno, a University of Washington computer scientist. He said the research teams were able to demonstrate their ability to circumvent a wide variety of systems critical to the safety of drivers and passengers.
They also demonstrated what they described as “composite attacks” that showed their ability to insert malicious software and then erase any evidence of tampering after a crash.
The researchers were able to activate dozens of functions and almost all of them while the car was in motion.
Happy driving, everyone…
To be fair, the researchers admit that they did not look at what kinds of “defense” the car might have to block such attacks, but they do point out that those developing car computing systems probably don’t have as much experience or concern in the security realm. For the most part, this sounds like it’s not a problem that anyone’s going to face in the short-term. If anything, I’m guessing we’ll have a lot more moral panic stories about what will happen before any reports of something bad actually happening. However, at some point, it seems likely that these sorts of stories will pass over from the hypothetical into the real world, and at that point, I’ll be looking for a car that runs on open source software.
Comments on “Wait, Now I Need Security Software For My Car, Too?”
Custom patches or mod chips for cars?
Instead of deliberate attacks, I wonder when someone will write a custom software or create a mod chip for a car. Instead of tinkering with the physical components, it might be possible to boost a car’s performance by disabling some built-in safety limits. This kind of modification might also be difficult for police to notice in an otherwise normal looking car.
Re: Custom patches or mod chips for cars?
I thought this was an existing, legal, market.
Re: Re: Custom patches or mod chips for cars?
Existing – Yes.
Legal – Sometimes.
Per the Clean Air Act, its against Federal Law to tamper with the emission control devices in cars for a certain number of years. Your ECU is part of the emissions control system. Removing a speed limiter is probably a different story, however I don’t believe I know of any of the plug-in tuners that carry the CARB or Federal OK #’s.
Re: Re: Re: Custom patches or mod chips for cars?
Despite all the aftermarket add-ons for cars these days saying ‘not for street use’ ‘not carb legal’ etc…. If your vechicle passes emissions then you’re ok. Except you still have to have some safety standards mandated by state law… (exterior lights, dB level, etc)
‘Chipping’ a car simply changes a few strings of engine timing code to apply a performance based map for air to fuel ratio in the car… most easily chipped cars are ones that are already running a forced induction application.
As far as ‘hacking’ a cars ECU, it’s not like taking out a computer on the internet, you need physical access to the vehicle… except OnStar type vehicles…. for now. Once cellphone connectivity comes standard with cars then the ECU will be able to be remotely attacked.
(insert sarcasm) I’m so glad the the auto industry is finally realizing that this potential threat could soon become a very real issue and much sooner then they think.
Re: Custom patches or mod chips for cars?
I guess you don’t you dont know much about cars. We have been writing mod chips since the beginning of the ECM. WOW.
Re: Custom patches or mod chips for cars?
Thats exactly what “performance upgrades” have done for the past 10 or so years
Re: Custom patches or mod chips for cars?
People have been doing that for a long time. Some states limit the HP of engines for emissions, this can be gotten around with mod chips. Mod chips can significantly increase performance of cars adding a noticable ammount of horsepower hitting the road. A lot of cars don’t perform as POWERFULLY as they can at the manufacturer’s implemented handicap in order to keep mileage or weardown (for warranties) within certain limits.
The big question
… Why are cars wireless enabled in the first place? I can understand for emergency rescue signals, but it still should be separate from the mechanisms that control the car’s movement.
Re: The big question
Cheap field data for the factory engineers would be my guess.
Re: The big question
Actually, it’s rather handy to have OnStar slow down and shut the engine of your car off, if it’s been stolen. They like to do this just as the police officer who was led to the stolen car pulls up behind the thief in your car.
reminds me of this
http://farm1.static.flickr.com/129/410912420_a4f22910ff.jpg
Re: reminds me of this
Win
Re: Re: reminds me of this
Ironically, BMW is one of those cars that runs on a version of windows. The cars can even be opened tirelessly by parroting the key remote, and then OBD2 access is a snap. Some cars have actualy been stolen this way.
Hmm, I guess that’s what you get in this fast changing tech world.
Large airplanes fly-by-wire.
Wonder if they can be remote-controlled.
Re: Large airplanes fly-by-wire.
The story says that if the car has the ability to auto park steering could taken over. The next Darpa challenge should be alot easier, just grab up an existing autoparking car and put in a CUDA-Nvidia based mini super, and some terrain scanning hardware.
If this story becomes big enough news and develops into an urban legend, I can imagine a scene in a “hacking” movie where the computer savvy supporting character is riding with the main character and has to hack into and move several cars while simultaneously controlling his own. The main character would now be in a position to save the day.
I picture Shia Lebouf as the supporting actor, I think he does a great frustrated and misunderstood scene.
To be fair:
Hackers (currently) must gain physical access to the car in order to perform these hacks. They need access to the diagnostics port. I only say this because it wasn’t mentioned at all in the post.
Re: To be fair:
“Hackers (currently) must gain physical access to the car in order to perform these hacks. They need access to the diagnostics port. I only say this because it wasn’t mentioned at all in the post.”
The need for physical access to the car and to the network of a car was stated. The diagnostics port in particular was not. The team that demonstrated this used the diagnostics port, as is reported in other articles on the subject. I doubt that the diagnostics port is the only point of access which would allow such manipulations.
Re: Re: To be fair:
Just need to get access to the CAN bus on the car, which the ODB port provides. All you have to know is what wires you are looking for under the car and tap in to the High Low wires for the bus. If you start looking at how much modern cars are sending around on this bus (get a CAN–>USB device for a laptop) you would definitely be surprised.
Nope
I’ll go with an old Ford Falcon with a six banger.
Or the 1971 Nova 6 I used to own.
Now the 62 Nova II wagon I had was cool.
None of those cars had any sort of software problem.
Re: Nope
No, they just have every other possible problem. Ever hear of “rotating spark plugs?”
McAfee Antivirus: BMW Edition
(incidentally, it also happens to reduce your max speed to 30 mph)
Re: Re:
I don’t need no stinkin’ AV for my Linux Lexis…
This revelation brings new meaning to the acronym BSOD.
Aha!
So that’s how Government Motors (attempted) to destroy the name of Toyota.
Re: Aha!
Guess they (GM) underestimated people’s devotion to an over rated car company (Toyota) that continues to produce cars inferior to their competition.
Security
Are you allowing people to plug into your car’s computer on a random basis? If you are, you’re a dumbass. Typical misreported newz.
Re: Security
But that is not the only access to the computer. Others have already mentioned OnStar. There are also cars with blue tooth and I think, one of the points made was concerning the future as cars get more wireless/bluetooth capability.
Also, if you ever allow anyone else to drive your car (mechanic, valet, or even a ‘friend’), you have just allowed someone to connect to your cars computer…but you didn’t know it, so does that also make you a dumbass?
Come on, be nice. If the car makers do not take steps to protect consumers NOW, as the software develops the protection will be more difficult to program in later and that is the point I took from the article.
hmmmm .....
Here is a scenario for you. Every year you go to get your car smogged as part of the inspection. That includes them hooking up to the diagnostics port to check the emissions. Hack the machine that does the emissions test to insert nefarious code to do what you want at the time you want.
It would be funny to have every car in a state start blowing their horns, flash their lights, turn on the windsheild wipers at the same time, randomly unlock and lock the doors, and pop the trunk. Or in the case of cars with user based self adjusting seats … squish!!!
yeah I know improbable because of the different OS’s and versions used on the CPU’s. It would be funny though.
Possible Bright Side
Is there any way to hack into a car and disable the stereo?
Re: Possible Bright Side
ThisThisThis!
Seriously, I’ve been wishing for such capabilities for years. Instead I’ve been faking it by standing on the lawn pointing a hairdryer at booming shitboxes on wheels, but that just makes them slow down. 🙁
Re: Possible Bright Side
If I could do this I’d rather make the car accelerate directly into the nearest manure truck. Disabling the stereo is too good for the asshole that parks outside my window at 4 AM every night with his windows down and stays there for an hour, blasting mexi-pop and mariachi music at ear-splitting decibel levels.
This reminds me of....
“If GM made cars like Microsoft…”. Here’s the link.
http://www.snopes.com/humor/jokes/autos.asp
Re: This reminds me of....
Now that I’m looking at this Snopes list again, items 7 and 13 are now true…. LOL!
“Wait, Now I Need Security Software For My Car, Too?”
I think you should just format your engine and re – install the operating system on it. Make sure you do all the patch updates afterwords.