Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacking Automotive Systems

kdawson posted more than 4 years ago | from the one-hundred-twenty-while-in-park dept.

Security 360

alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.

cancel ×

360 comments

Sorry! There are no comments related to the filter you selected.

Cccess to unlocked car = can damage it, duh (4, Insightful)

noidentity (188756) | more than 4 years ago | (#32206058)

Someone with access to your unlocked car can cause it to malfunction by messing with its systems, story at 11!

Re:Cccess to unlocked car = can damage it, duh (0)

Anonymous Coward | more than 4 years ago | (#32206434)

Sir, I came to the comments with one single thing in mind... and I'd have to leave frustrated:
No jokes about Toyota? Seriously? I think you guys need more coffee!

Re:Cccess to unlocked car = can damage it, duh (1)

ebombme (1092605) | more than 4 years ago | (#32206592)

This isn't Fark. It's /. On a side note... I can't wait to hack my new car.

Re:Cccess to unlocked car = can damage it, duh (4, Informative)

clone53421 (1310749) | more than 4 years ago | (#32206788)

Then it’s a good thing that they’ve already thought of that, I guess.

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.

So what? (4, Insightful)

franz (35176) | more than 4 years ago | (#32206060)

Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.

Re:So what? (5, Insightful)

thijsh (910751) | more than 4 years ago | (#32206306)

There are some real-world scenario's where this can be used... A cut break-line will be detected by professionals, just like explosives, and every car is inspected prior to leaving with a VIP. So cutting the break line on the presidents limo probably won't get an attacker anywhere. But if the attacker could load software that stalls the engine or cuts the brakes at a predefined time (and place) the attackers can kidnap or kill the VIP without any advance indication that the car has been compromised.

FTA: "In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown."

Remove the clicking and countdown and no-one will know the car is sabotaged until it's too late. When I would be in charge of securing the president or other VIPs during transport I would want to be able to know if the vehicle has undetectable security flaws like this... The problem is that you don't even know if the software might have been compromised in the months/years that the car has been in service.

Re:So what? (1)

geekoid (135745) | more than 4 years ago | (#32206814)

Way to miss the point.

If you have complete access to a car, yu can find a way to screw with it.

If I was in charge of automobile security,I'd get the source.

Re:So what? (2, Interesting)

germansausage (682057) | more than 4 years ago | (#32206318)

Wrong method, it leaves obvious evidence. Clip some vicegrips on the flex hoses going to the front wheel cylinders. You've just eliminated 60% of the cars braking power. The pedal feels normal, or even a bit firmer than usual. Do it right and the vicegrips will come off when the car hits whatever it hits when the brakes (mostly) fail.

Re:So what? (1)

khchung (462899) | more than 4 years ago | (#32206374)

Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.

But can you make it so that the brake lines is cut sometime later *WHEN* you want it to?

Stick a phone/PDA/etc into the port, and you can cut the brake lines when you see the target car just as it approaches a red light or intersection.

This is /.! Can't you guys imagine the possible ways to exploit a digital interface vs a mechanical one?

Re:So what? (1)

RealRav (607677) | more than 4 years ago | (#32206382)

Yes but if I attached a cell phone with GPS tracking to your car I can cut the brakes at just the right time. Muhahaha!

Re:So what? (3, Informative)

fl!ptop (902193) | more than 4 years ago | (#32206504)

if I climbed under your car in the parking lot, I could cut the brake lines

This is true, however your target would notice their brakes didn't work before pulling out of the parking space, when they pressed them to put the car into gear. Even if the car had a standard transmission, your target wouldn't get far in the parking lot before realizing something was wrong.

Getting the brakes to fail at any time after the car is in motion would be impressive.

Re:So what? (1)

Comboman (895500) | more than 4 years ago | (#32206806)

Getting the brakes to fail at any time after the car is in motion would be impressive.

Pretty easy actually; you put a slow leak in the brake fluid line instead of just cutting it. Of course, my knowledge of automotive sabotage is based totally on MacGyver reruns rather than actual experience, YMMV.

Re:So what? (3, Funny)

geekoid (135745) | more than 4 years ago | (#32206832)

Fine, A tine explosive the sets after the vehicle hits 55 mph.

Yeah... (4, Funny)

Pojut (1027544) | more than 4 years ago | (#32206066)

...no matter how insecure they are, until hackers find a way to wirelessly connect to my car that doesn't have a wireless connection, I'm not going to worry.

Now if you'll excuse me, I have to make sure some crazy ex-girlfriend doesn't have something stuffed in my OBDII port. "Your mom's OBDII port is stuffed!" Dammit! Almost made it without the mom joke...

Re:Yeah... (2, Funny)

gardyloo (512791) | more than 4 years ago | (#32206086)

Almost made it without the mom joke...

      That's what she said.

Re:Yeah... (1)

Pojut (1027544) | more than 4 years ago | (#32206124)

That's what she said.

She says a lot of things...that ungrateful biznatch...

I'm not worried about those hacks (3, Insightful)

wiredog (43288) | more than 4 years ago | (#32206084)

We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

Re:I'm not worried about those hacks (2, Funny)

BarryJacobsen (526926) | more than 4 years ago | (#32206154)

We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

If they can, I'm rushing out to get OnStar - that'd be a lawsuit waiting to happen!

Re:I'm not worried about those hacks (1)

Keruo (771880) | more than 4 years ago | (#32206184)

Most car stereos have bluetooth. The stereo system is connected to other systems in car.
Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.

Re:I'm not worried about those hacks (1)

drinkypoo (153816) | more than 4 years ago | (#32206252)

Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.

It's actually not that farfetched; these days, a car stereo is a little computer. I mean, that's been true at least since the development of the digital FM radio, but now they have to speak complex protocols, and that means complex software. If your stereo is hooked up to a complex bus in your car, then likely there is a path to your ECU.

Of course, it's generally trivial to disable car alarms, and it's also trivial to attach a small wireless module to the OBD-II port, so the possibility of such attacks is actually quite high, even though the probability is low: It's not going to happen on drive-by, but it would be easy enough to do to someone else's car. The problem with doing something like this is that it's not necessarily to take it out of a twisted lump of metal later so you don't get caught.

Re:I'm not worried about those hacks (4, Insightful)

zmaragdus (1686342) | more than 4 years ago | (#32206194)

OnStar themselves can do several things like disable your engine, track your car, open the doors, etc. I would expect that it's theoretically possible (though unlikely) that a person could hack into your car via that method. It would certainly be quite a feat of hacking, but I believe it is possible.

Re:I'm not worried about those hacks (1)

2obvious4u (871996) | more than 4 years ago | (#32206264)

I don't know if they can access the full functionality of the OBDII port, but they can stop your car. That is enough for me to never buy one of their cars.

Re:I'm not worried about those hacks (1)

maxume (22995) | more than 4 years ago | (#32206522)

If it is otherwise a good deal, you can just yank the antenna.

Re:I'm not worried about those hacks (1)

khchung (462899) | more than 4 years ago | (#32206324)

We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

How hard would it be to stick and hide a remote controlled smartphone/PDA/custom receiver under the car that connects to the port on the car? Instant remote control to everything that can be controlled from the port.

Re:I'm not worried about those hacks (4, Insightful)

ledow (319597) | more than 4 years ago | (#32206342)

People have physical access to the outside of my car, it doesn't mean they can change my speedo, mileometer, fuel mixture, etc. quickly and without me realising that something has happened. They certainly can't do it just by plugging a box into the port even if they *do* break into my car... because my car is mechanical and doesn't run with this sort of shit (Note: I can and have removed the entire ECU box from a car in the past - it runs, but slowly and less efficiently and may not pass an emissions test, but it still works in a driveable condition - very modern cars literally do not work without them so they are "essential" and thus should work as bloody advertised).

All of these things were done over an ODB cable to a standardised port on every car. On every decent model of car, they should be read-only information about the car's engine. The port is standardised, commonplace, accessible from the driver's seat (by law in the EU), hidden, and (with these models) accepts almost any device / commands without question. It's standard practice to connect an OBD box to modern cars if they have an indicator light up (in fact, it's usually the ONLY way to clear such a light). My car has one. I'm pretty damn sure that you can't modify my mileage or speedo via that route, though, or my fuel mixture, or stop my brakes working. About the worst you might be able to do is clear a warning light. This is because the OBD is designed properly, doesn't allow things it doesn't and it helped by the fact that my speedo is a needle connected to a magnetic induction coil produce by a spinning cable spun at a ratio of the speed of the wheels, and my mileometer is a tick-over-style mechanical one. The Prius-scare should have shown people what happens when you take away control of a vehicle from a driver and put it in the hand of a computer - it was discussed that virtual-ignition-systems, virtual-gearing-systems, etc. are just dangerous and provide no advantage to anyone.

Nobody is saying these things are not do-able on any car with physical work, we're asking why the hell they are modifiable over such a cable in such a "simple" way that someone could literally sell a box on eBay that, when connected to a car, can fraudulently adjust mileage, turn on hot air vents, TURN OFF THE BRAKES (FFS!), and basically cause it to crash and explode whenever you want. That's *NOT* what the OBD standard is for - it's for diagnostics and diagnostic indicators. Why the hell can I adjust the hot air vent through that cable?

The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter. The only "writable" things should be to clear diagnostic lights, which will inevitably pop up again if the problem is "real". So you can't just switch off the ABS light on a car and then sell it as having working ABS... OBD logs and records such actions in the car itself and will redisplay those indicators if there is a real problem still.

Why the hell would you *ever* want to be able to modify information like that? Why should a mechanic ever be able to adjust the mileage on the car? It's stupid, not-thought-through and terrible design. Next up is being able to open the doors of any car that has Bluetooth OBD, or changing the VIN numbers or whatever. It's just ridiculous. Even if the car is computer controlled, there are some places where access control of sorts should prevent certain actions.

Re:I'm not worried about those hacks (2, Informative)

Pojut (1027544) | more than 4 years ago | (#32206400)

or changing the VIN numbers or whatever

NOOO!!!! You were doing so well, with such an awesome post...and you had to pull the ol' Vehicle Identification Number Number bit, didn't you? DIDN'T YOU?!?!?!?!

p.s. Cars only have one VIN. It isn't just in the ECU, it's also stamped on the original engine, the transmission, the frame, and on a plate on the dashboard (at least in the US)

Re:I'm not worried about those hacks (1)

ledow (319597) | more than 4 years ago | (#32206558)

Duh - and all the storage locations for that particular piece of information are destroyable. None, however, are *changeable* without trace except for possibly, in the future, some stupid ECU that allows write access to places it shouldn't. Like the devices mentioned in the article, which let you do stupid crap that you shouldn't be allowed to. The article doesn't mention VIN's at all, I was just providing another example of an inflated, possible, future direction that idiotic car manufacturers might make ("But the ECU VIN is XXXXXXXXXXXXX, so it must be the car!").

P.S. Stamping a new VIN plate on metal isn't that difficult, nor is fabricating those stupid plastic dashboard plates. Making modern car's electronics return a different VIN has, up until now, been almost impossible. My old car radio knew the VIN / Number plate of the car it was in, and refused to turn on in any other car. Writable VIN's on the ECU just made that worthless.

I'm not saying it's possible, or can't be countered by other, more practical means, by modifying a VIN via software is something that should never be possible - like changing the unique serial number on any security chip. I now wouldn't like to bet that it *WASN'T* possible on the car these researcher's tested.

Re:I'm not worried about those hacks (2, Informative)

Anonymous Coward | more than 4 years ago | (#32206410)

The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable

What if you change your tire size?

Re:I'm not worried about those hacks (0)

Anonymous Coward | more than 4 years ago | (#32206782)

The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter.

This is extremely useful if you change tire sizes to adjust the speedometer to actually be accurate based on the new diameter of the wheels.

More to lose than to gain (5, Insightful)

llZENll (545605) | more than 4 years ago | (#32206104)

It would seem to me we have a lot more to lose by auto manufacturers implement software security than to gain. Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive. With almost nothing to gain, if someone wants to disable your brakes they can (gasp) damage your brake line without even opening your car door! Mess with your tires, exhaust, gas, etc. There are many more ways to mess with your car externally than via the software port. And yet somehow the earth keeps rotating.

Re:More to lose than to gain (2, Informative)

Pojut (1027544) | more than 4 years ago | (#32206216)

Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive.

No offense intended, so please don't take this as such. Mods, please mod offtopic:

You haven't worked in a shop before, have you? Whether you have a cheap OBDII scanner [amazon.com] or a full-blown diagnostic tool [snapon.com] , so long as the car uses OBDII, you can pull codes from it and subsequently replace the fouled O2 sensor, know which cylinder had a misfire, etc. The full-blown diagnostic tools are useful for crazy-hard problems to solve, but your average scanner bought at Autozone is sufficient enough for the vast majority of code-related problems you would encounter.

Also, I got news for you: electrical problems have been a bitch to deal with for literally decades. There isn't really anything that could make them more frustrating to deal with...they are already at that point due to the nature of electricity and the amount of wiring in a car.

If you take your vehicle in because your check engine light is on and you need the diagnostic code pulled, and the shop tells you it's difficult...take your car to another shop. Sure, there are some brands (BMW, for example) that have propriety connectors, but for most of the cars out on the road, their ECU can be accessed using the same tool.

Re:More to lose than to gain (1)

flabbergast (620919) | more than 4 years ago | (#32206660)

Also, I got news for you: electrical problems have been a bitch to deal with for literally decades.
Yeah, Lucas is called "The Prince of Darkness" for a reason. =D Not that Lucas [ilm.com] , the other Lucas. [wikipedia.org]

Re:More to lose than to gain (1, Informative)

Anonymous Coward | more than 4 years ago | (#32206672)

You haven't worked in a shop before, have you? Whether you have a cheap OBDII scanner [amazon.com] or a full-blown diagnostic tool [snapon.com], so long as the car uses OBDII, you can pull codes from it and subsequently replace the fouled O2 sensor, know which cylinder had a misfire, etc. The full-blown diagnostic tools are useful for crazy-hard problems to solve, but your average scanner bought at Autozone is sufficient enough for the vast majority of code-related problems you would encounter.

And you've obviously never worked with many cars that use proprietary pins on the OBDII port, which are not supported by standard scanners, in order to perform rather mundane analysis and resets. Case in point, the 2nd generation Range Rovers use an OBDII port with proprietary pin connections that are not supported on anything but the proprietary Range Rover analysis tool, in order to read out faults in the air suspension system, and worse yet, reset the ECU once the fault is corrected. The problems with the RR air suspension are not crazy-difficult to analyze, as I can figure out just about any air suspension problem WITHOUT a scanner, within minutes. (Again, case in point: finding out that your rear left air suspension is leaky, does not require a computer. As a matter of fact, the reading on the scanner will only tell you there is a pressure issue on the rear left suspension. Whether it is the actual suspension, the tubing, or a leak in the O-ring and grommet at the valve block is up to the mechanic to figure out.) And I'm not a professional mechanic, just a RR owner. BUT, I'm pretty much screwed if I want my air suspension to actually WORK again after the repair is made, due to the fact that the ECU refuses to activate the pump until the fault has been reset in the ECU, which requires the proprietary tool. (FWIW, there IS a third party tool now, that can be bought relatively cheap, which was the result of a lot of reverse engineering performed by a hobbyist that was sick and tired of needing to go to an authorized dealer, and be charged $70 or so just to get a button pressed.)

BMW is not, by any definition, a "rare case" of manufacturers using proprietary pins in order to comply with OBDII while making sure that compliance means practically nothing without the proprietary scanner/analyzer. BMW does it. Mercedes-Benz does it. Audi does it, and Land Rover does it. I'm pretty sure a lot of other common Euro cars do it as well. These manufacturers do have a point that the additional codes are added value over the bare minimum OBDII readings. However, not only do they use non-standard pins (which, for the record, are allowed in the OBDII standard) but they also keep the read and write codes secret as to make sure no other manufacturer of equipment can read the code or reset it after the repair has been completed. The added value part is a cover for making sure the majority of all owners go to an authorized dealer to get repairs done.

I'm willing to bet that you've never worked in a shop either, or at least not one that needs to deal with European vehicles. Proprietary ECU lock-up is a very real problem for non-dealer mechanics, hobbyists, and owners in general.

Re:More to lose than to gain (1)

Pojut (1027544) | more than 4 years ago | (#32206772)

I'm willing to bet that you've never worked in a shop either, or at least not one that needs to deal with European vehicles. Proprietary ECU lock-up is a very real problem for non-dealer mechanics, hobbyists, and owners in general.

Actually, I did, for nearly four years before I had to quit due to injury...and I had all of the tools necessary to read those codes. The equipment is out there...you just have to be willing to put out the cash for it.

Unless something huge has changed in the five years since I stopped working in a shop, we were able to pull codes from European cars with no problem.

Re:More to lose than to gain (1)

Attila Dimedici (1036002) | more than 4 years ago | (#32206692)

There are a significant number of OBD codes that are undefined in the standard. Auto manufacturers use these codes for things that are not covered under the standard and only release the meaning of those codes to mechanics working for one oftheir dealers. If an auto manufacturer were to add security, you can be sure they would only release the access information to their own dealers (unless the government intervened to prevent them from doing so).

Re:More to lose than to gain (0)

Anonymous Coward | more than 4 years ago | (#32206282)

"Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive."

Sadly, car manufacturers seem to it as in their interest to actively make those repairs more expensive. They make additional revenue by licensing access to detailed diagnostic codes only to certified shops. Independent mechanics, and those shops that simply can't afford the fees charged by the auto manufacturers, find themselves shut out, because they can't interpret the codes.

Re:More to lose than to gain (4, Informative)

Pojut (1027544) | more than 4 years ago | (#32206358)

www.obd-codes.com [obd-codes.com] is your friend.

So they're asking for DRM? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32206108)

I'd rather leave my port accessible- someday I may want to write some software. If someone has physically broken into my car and put something on my port, then that's my problem. Don't force DRM on us.

I love how we as geeks sometimes want it both ways. "Keep it secure! Add encryption". "Wait wait! That's DRM, I want it gone!"

Re:So they're asking for DRM? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32206446)

What's the problem with having it both secure and extensible? DRM is a problem because the authority over the system is held by someone else, not the owner. Give the owner the smart card which signs the code and everything's peachy.

This isn't a bad thing (4, Insightful)

acoustix (123925) | more than 4 years ago | (#32206110)

I want to be able to connect diagnostic equipment to my car so that I know what's going on. I don't trust a mechanic to tell me what's wrong and how much it will cost. I like being able to do most of the work myself when possible.

Re:This isn't a bad thing (1)

je ne sais quoi (987177) | more than 4 years ago | (#32206202)

Precisely. This is the most important thing that could come out of this work. Currently, it's the law that some of the diagnostic codes that are necessary to identify problems with a vehicle are publicly known. However, automobile manufacturers have more precise codes that you can only learn from the dealer's machine. Bringing it to the dealer of course means you pay out the nose. My Dad just went through this, the check engine light came on on his wife's car, so he days trying to figure out what the problem was (even taking it to the Trak Auto where they scanned the publicly available codes for free for him). Eventually though, he had to take it to the dealer to identify the problem.

It's a bum deal, the automobile manufacturers don't want the owners of the vehicles working on their cars any more. I'm not sure if it's because they realized that they could make more money for the dealers if they made it difficult, or if it's just that making the car easy to work on is not a priority any more. Regardless, hacking the car will be a good thing if we can make those codes publicly available.

Re:This isn't a bad thing (0)

Anonymous Coward | more than 4 years ago | (#32206344)

My friend's a mechanic and he has a little handheld computer reader that seems to do just what you're asking.

I apologize not knowing the make/model of the computer but I'm sure if you google something along the lines of "car computer reader" you'll come up with plenty of 3rd party options.

Re:This isn't a bad thing (2, Interesting)

je ne sais quoi (987177) | more than 4 years ago | (#32206396)

After I wrote that I found this [samarins.com] web-site that explains how to use the device and what's going on. I still think that the dealer has some codes that are not OBDII certified that they use though. Incidentally, according to that web-site I linked to, the code machine is $200, but in this [priuschat.com] thread the person says the dealer is charging them $100 just to read the codes. Wow, expensive.

Re:This isn't a bad thing (1)

Pojut (1027544) | more than 4 years ago | (#32206442)

There are a bunch of different devices you can use to check OBD II codes. I generally point hobby mechanics and people that do their own maintenance to use something like this [amazon.com] . An OBD II code is an OBD II code is an OBD II code...if you are just trying to pull the code and then clear the light without doing any other on-board diagnostics, you shouldn't spend more than $50 on a scanner. If you do, you just bought something that does more than you need.

As has been the case for a while, Snap-On still sells the ultimate scanner [amazon.com] . Most professionals wouldn't even have a need for this monster...but holy crap, when you need something like it, there is nothing else on the market that works better.

Re:This isn't a bad thing (1)

je ne sais quoi (987177) | more than 4 years ago | (#32206554)

Thanks for the suggestion, my Dad's birthday is coming up maybe I'll get him the cheaper one. :) I'm going to have to go through this soon myself though, right now I drive an 1987 4Runner with 191k miles on it and I don't really need the codes (passes emissions each year with no problems). It's starting to become unreliable so I have to buy a new car which means I'll be needing to learn about the codes.

Re:This isn't a bad thing (0)

Anonymous Coward | more than 4 years ago | (#32206696)

Even in some cars like my Neon you can pull off codes by flipping the ignition key 3 times and then you can see them display one by one in the mileage counter. Second, there's already a vast market of PCM ODBII tools like DiabloSport so you can reflash your car computer and modify your fuel, ignition, rpm limit, fans etc..

Re:This isn't a bad thing (1)

Pojut (1027544) | more than 4 years ago | (#32206532)

but in this thread the person says the dealer is charging them $100 just to read the codes. Wow, expensive.

When I worked in a shop, we did the same thing...we would charge people $85 to read the code. However, if the person decided to have their car fixed according to what had caused the code to trip in the first place, we would take that $85 off the cost of their final bill, effectively giving them the code scan for free. If they didn't want to get the work done because they were a tight-ass, you bet we charged them to do it (we would sometimes waive the fee if it was obvious the person just didn't have the money...wanting us to pull the code for your and not being able to afford the fix are two very different situations.)

Shops charge obscene amounts of money to scan your car because it causes them to step away from cars that they are actually making money on. You know that phrase time is money? No where is it more true than with a car shop. If you want your code read for free, go to an Autozone...we're there to identify what is wrong with your vehicle and fix it.

Exactly: I *WANT* to hack my car! (1)

mrchaotica (681592) | more than 4 years ago | (#32206578)

These sorts of security "flaws" also allow people to change the fuel injection mappings to increase horsepower, or enable extra electrical features not included from the factory, or do any number of other neat things. I want my car's computer to be more accessible, not less!

Manual Override (4, Insightful)

happy_place (632005) | more than 4 years ago | (#32206112)

Why not provide manual overrides for things like door locks and windows. Even CD drives have that little pinhole reset so you can manually pop the sucker open. It just seems ridiculous to automate everything in a device that is always going to be mechanical in nature.

Re:Manual Override (2, Interesting)

ickleberry (864871) | more than 4 years ago | (#32206228)

Or just get one of the few modern cars still left that doesn't come with all these unnecessary automated sales gimmicks like the Ariel Atom

Re:Manual Override (1)

khchung (462899) | more than 4 years ago | (#32206452)

Why not provide manual overrides for things like door locks and windows.

Simple - cost and liability.

I doubt a mechanical override for the window can be as simple/lightweight as the CD pinhole. An additional manual overrides (i.e. == mechanical) means

1. more parts (== more cost)
2. a heavier car (== use more gas)
3. more chance of failure (== more liability)
4. more control mechanism (e.g. child locking for the windows for the mechanical switch also!), ==> even more parts and more failure modes (== even more liability)
5. door lock override = 1 more pathway for car thief to open the door.

How many people will be willing to pay more for a car with less mileage, more problems, and easier to steal just because they worry the control system will fail?

And if you don't trust the control system to control your doors, why would you trust it to control your engine?

Re:Manual Override (1)

happy_place (632005) | more than 4 years ago | (#32206506)

Were this simply a matter of trust, then no big deal, but this is about weird hacker exploits. When you attach a computer to a simple device, you enable an assortment of unforseen additional functionality... stuff the designers never intended.

Re:Manual Override (0)

Anonymous Coward | more than 4 years ago | (#32206666)

Even so, many cars on the market today have "mechanical overrides" for the door, of a sort. Usually you can lock/unlock a door by pulling a special pin, others have the door unlock mechanically when you pull the handle, although normally only for the front seats, for obvious reasons.

Re:Manual Override (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#32206498)

There is no vehicular emergency which can't be escaped from by properly applying a hammer to a window.

Don't leave home without one, kids.

Re:Manual Override (2, Informative)

ushering05401 (1086795) | more than 4 years ago | (#32206738)

Far superior to a hammer: http://www.copsplus.com/prodnum4497.php [copsplus.com]

Also, more handy if you catch someone tampering with your onboard computer... base of the skull punch-through carries more fatality points than hammer to temple.

Re:Manual Override (1)

Cornwallis (1188489) | more than 4 years ago | (#32206790)

Why not provide manual overrides for things like door locks and windows. Even CD drives have that little pinhole reset so you can manually pop the sucker open.

Because if there was a pinhole in the window rain could get in?

They were able to (1)

gardyloo (512791) | more than 4 years ago | (#32206114)

blast hot air out of the radio? That's one wicked hack!

Re:They were able to (4, Funny)

gardyloo (512791) | more than 4 years ago | (#32206146)

Ah. Rush Limbaugh. That would be the parsimonious explanation.

Re:They were able to (1)

jellomizer (103300) | more than 4 years ago | (#32206478)

That Fred Savage, He is one versatile actor.

incoming (0)

cntThnkofAname (1572875) | more than 4 years ago | (#32206122)

Que up those "in soviet Russia..." jokes

Re:incoming (1)

Hognoxious (631665) | more than 4 years ago | (#32206776)

Que up those "in soviet Russia..." jokes

Can't find it [quepublishing.com] . Do you have the ISBN?

The only concern... (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32206148)

Is if any of these attacks are persistent/capable of lurking onboard waiting for some predefined trigger, without a device remaining connected to the diagnostics port.

While corporatist DRM apologists might disagree, the ability to do all sorts of crazy stuff by connecting to your local diagnostics port is what we call a "feature". If anything, we don't have enough control here, and much of the control we do have is inadequately documented "Oh, sure, it's ODBC, in that it is more or less electrically compatible. Good luck with those proprietary codes, and please see your dealer for regularly scheduled service!"

On the other hand, something that allows anybody with 30 seconds of physical access to flash crash_at_60.haxxx permanently into the ECU is what we would call a "major design flaw".

Re:The only concern... (1)

BLKMGK (34057) | more than 4 years ago | (#32206334)

There are some performance flashes that can be done in a demo mode that go back to normal performance after XX hours of driving but other than that I've never heard of a timed or triggered kind of thing being done. That would take extra ordinary access to the code and most flashes just modify tables for lookups. Even that is tough since the damned firmware is encrypted by most every automaker! Making this worse would really piss me off, these guys are not understanding what they are talking about IMO. Yes, the systems are integrated on a CAN BUS, they did it for a good reason, stop bitching! The last thing we need is OBD being trashed for "security" so no one can fix the cars...

Re:The only concern... (4, Interesting)

drinkypoo (153816) | more than 4 years ago | (#32206338)

You'd have to reflash the PCM (ECU is an OBD-I term; this kind of stuff is only possible with OBD-II, which actually mandates the term "PCM" — if you want to be accurate, stop calling it an ECU in this context) entirely. I imagine that this sort of functionality is available on all modern cars; possibly not all OBD-II cars, but probably anything new enough to have CAN. Most OBD-II cars on the road do not use CAN anywhere, though today a car might have three or four CAN buses; PCM to OBD-II DLC (diagnostic link connector), PCM to transmission computer, PCM to BCM (body control module) and possibly even BCM to stereo. And other models exist but I personally think buying a car with a CAN bus shared between more than two components is asking for a foot in your ass.

I happen to like my mechanical diesels, which achieve efficiencies very near to modern systems. It's only too bad International-Navistar lacked the foresight to implement the engine as a full-mechanical design, as Mercedes did; your battery can explode and the engine keeps running until you shut it off, because the shutoff is a vacuum switch on the back of the ignition lock. I've had my alternator fail completely and my battery down to about 4V in my 300SD, still made it to work. Nobody will be tampering with my DLC :D

Re:The only concern... (2, Interesting)

mrchaotica (681592) | more than 4 years ago | (#32206626)

I happen to like my mechanical diesels, which achieve efficiencies very near to modern systems.

The only problem is that the mechanical diesels don't achieve emissions very near to modern systems.

Of course, I have the same attitude you do (that the older cars are better), except I complain about failure-prone and biodiesel-incompatible diesel particulate filters while praising my rotary-injection TDI.

Didn't even know that was possible! (1)

chickenrob (696532) | more than 4 years ago | (#32206156)

>>blasting hot air or music on the radio Music, I can see, but hot air blasting out of the radio??

radio (4, Funny)

dxkelly (11295) | more than 4 years ago | (#32206166)

I want to know how they made the radio blow hot air.

Re:radio (5, Funny)

andrewbaldwin (442273) | more than 4 years ago | (#32206234)

I want to know how they made the radio blow hot air.

Simple!

Just tune it to the local talk radio channel covering politics/religion/sport**...

** select / delete according to your views

There's a CSI episode in this (1)

nedlohs (1335013) | more than 4 years ago | (#32206174)

The bad guy thought he'd committed the perfect crime, little did he know that someone on the CSI team would have hunch to check the firmware in the car and find the nefarious code snippet.

Re:There's a CSI episode in this (0)

Anonymous Coward | more than 4 years ago | (#32206508)

saw that one. good episode.

Re:There's a CSI episode in this (0)

Anonymous Coward | more than 4 years ago | (#32206590)

I assume they pulled his fingerprints off that snippet too. I'd have worn gloves and a hairnet and eat at a Taco Bell right before implementation.

Hans Reiser is going to be.... (0)

Anonymous Coward | more than 4 years ago | (#32206198)

.... so pissed when he reads this.

This just reaffirms... (4, Funny)

DarkKnightRadick (268025) | more than 4 years ago | (#32206210)

...my decision to make my next vehicle a 1968 VW Beetle.

Re:This just reaffirms... (1)

2obvious4u (871996) | more than 4 years ago | (#32206294)

bugapaluza! [bugapaluza.com]

Re:This just reaffirms... (0)

Anonymous Coward | more than 4 years ago | (#32206614)

I am going to build a vw thing. All carbed and points. No digital anything. Not even a clock. It will still run even if an EMP goes off.

Re:This just reaffirms... (3, Informative)

netsavior (627338) | more than 4 years ago | (#32206862)

68 was an ok year, but I would go with a 69, unless you can find a late 68. In late 68 and 69 on the independent rear suspension transaxle was added. The swing axle was dangerous, as it causes camber changes when you go over a bump, and it was less fun to drive in my opinion. Of course if you get a much earlier model it will be swing, and I would keep it that way, but if you want a 68, be sure to get the *right* 68.

G-dammit! (2, Interesting)

BLKMGK (34057) | more than 4 years ago | (#32206286)

The auto industry ALREADY encrypts the daylights out of most of their code! Which makes modifying it for performance reasons a PITA. I have to pay some guy a pile of cash to "flash" my current ECU because only a few guys have managed to figure out the code for it unlike with other cars. Duh, it's a computer and it controls things so yes it can be messed with.But the auto industry already encrypts it and makes this difficult. So long as the auto dealers are able to modify things like speedometers and other things this will always be a "threat" so stop running around like Chicken Little. Sheesh! What they should turn off the OBD-II standard codes so no one but a dealer can diagnose and make minor changes to cars? See how SEMA will like that and all of the independent garages and shade tree mechanics. then they will bitch that it's too locked down. Make up your minds and stop being so short sighted...

Re:G-dammit! (1)

Windows Breaker G4 (939734) | more than 4 years ago | (#32206566)

Yup! This! Mod parent up. Also this isn't really news, I mean this is what on star does and they just do it though obd2. Also the amount of stuff you can do varies car to car. Some are a lot more integrated then others. Gm and luxury brands are probably among the worst offenders.

Get Off My Lawn (1)

Anonymous Coward | more than 4 years ago | (#32206292)

Being an owner, driver, maintainer, and repairer of two classic (pre-1975) non-computerized cars, I'm really getting a kick out of this thread.

"Disable the brakes" (1)

dotgain (630123) | more than 4 years ago | (#32206310)

I find this very hard to believe. Disable the ABS system maybe, but the brake system is designed to work above all else - if a computer can disable the brakes that suggests a malfunction can too.

Re:"Disable the brakes" (1)

Lumpy (12016) | more than 4 years ago | (#32206560)

No it's a bad design. like the toyota prius. if it freaks out it will only use the regren function. Its why many will have melted rotors and brake pads because the computer will not allow full brake pressure when standing on the pedal because it wants ot be eco friendly.

Mostly because the engineers are stupid. Leave the mechanical connection to the brakes. put in a wider close gap and add in regenerative as the first 1/3rd of the pedal is pushed before the pads touch. It's engineering 101. and any 1st year undergrad would do this.

Ah, the Rootbacca defence (3, Funny)

Rogerborg (306625) | more than 4 years ago | (#32206314)

Why did my client accelerate to 90mph? I put it to you, ladies and gentlemen of this supposed jury, that he did not. No, it was Evil Hackzorz, doubtless acting on the orders of the Saucer People, or perhaps the Mole Men. This is technically possible - for all you know - so you must have a reasonable doubt that my client was responsible.

Appearing in a celebrity traffic trial near you in 3... 2...

I DONT WANT FSCKING DRM ON MY CAR!!!! (2, Insightful)

halfdan the black (638018) | more than 4 years ago | (#32206368)

I want to be able to access the computer that I OWN in the CAR THAT I OWN to be able to modify it, reprogram the fuel maps, so forth. Its hard enough right now to be able to access modern engine control systems, just what I need, a bunch of chicken little, fscking "security experts" claiming that cars are "insecure", raising all kinds of alarm, then the car makers react, start putting all kinds of deliberate DRM on the computer systems, and it becomes absolutely fscking impossible to modify your own car.

If I want to modify the computer on MY CAR, THAT IS MY RIGHT, NOT A SECURITY ISSUE!!!!!

Re:I DONT WANT FSCKING DRM ON MY CAR!!!! (2, Interesting)

ledow (319597) | more than 4 years ago | (#32206460)

Sorry, but I think we'd all much rather have a car where the ABS (or, indeed, the brake-pedal) can't be disabled entirely, where brakes can't be activate entirely by software, where you can't play with mileometer just by sticking a box on the OBD port, or where the car cannot lock everybody inside if it crashes (the software, not the car!).

It's not a question of software freedom - it's a question of not having that capability automated in the first damn place. In every car I've ever owned, when I press the brake the wheels are slowed by huge hydraulic pressure whether or not the ECU / ABS is working. Sure, I wouldn't do without the ABS either but if it stops working, I can still bring the car safely to a halt. What we're discussing here are cars with computers that *DO* have control over what the brake pedal does - from nothing no matter how hard you press it, to full brakes no matter how you release it - and not the driver.

Some of the other things mentioned on the researcher's FAQ include the bonnet(hood)-latch behind software controlled. One software crash = one real crash. That's a sort of DRM you *don't* want anyway - where your entire ability to use the product is under the control of a computer that could crash at any minute, with serious consequences. Especially not when you're doing 70 mph.

It's the design that's stupid, not OBD, ECU's or being able to tune your car using it if you really want to. They are separate issues. Why, why, why on earth would anyone *EVER* want to legitimately activate a mode on their car where the brake function no longer corresponds to the brake pedal position?

Firmware update? (1)

Big Nemo '60 (749108) | more than 4 years ago | (#32206388)

From TFA:

"Another discovery: although industry standards say that onboard systems are supposed to be protected against unauthorized firmware updates, the researchers found that they could change the firmware on some systems without any sort of authentication."

1. some onboard systems are not compliant to standards, in what they are vulnerable to firmware tampering.

2. tampering with the firmware could be a more complex but very insidious form of sabotage (and it would not require to leave something connected to the ODBII port).

Now excuse me, I am going to find where the ODBII port on my car is located. Just to be on the safe side. ;-)

The only electronic thing in my car... (1)

Gordonjcp (186804) | more than 4 years ago | (#32206430)

... is the clock. I already know that doesn't work.

I did have a problem with the throttle sticking, but that was because the little spring that pulls it shut had stretched and fallen off.

Dear researchers (5, Insightful)

BitZtream (692029) | more than 4 years ago | (#32206468)

Please to be shutting the fuck up and panicing people.

I WANT my car to allow me to do those things. Thats why I have an ODB-II dongle hooked up between my car and the PC thats in it ... so I can control my cars features the way I want.

Being that the ODB port is generally directly under the drivers side dash, its rather hard for someone to plug into it without it being noticed. If they've plugged into it, they've got physical access to your car, which means they can do a lot more damage than fucking up your heater and blasting you with hot air.

You said you didn't want to spread fear and panic, and you're lying, thats exactly your goal, and to use that to get attention for yourself.

This isn't anything new, its been this way for at least 10 years if not longer (I haven't tried anything on older models) maybe all the way back into the ODB-I days and probably well before that when some cars had interfaces of their own standard.

Alarmist talk will get you locked out (2, Insightful)

Dr_Marvin_Monroe (550052) | more than 4 years ago | (#32206502)

Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.

Sensationalism at it's finest. (4, Interesting)

Lumpy (12016) | more than 4 years ago | (#32206530)

I've been "HACKING" car computers for a decade now. and a lot of other people have as well. Most hot-rodders from import tuners to vette performance guys have been hacking ECM's. Many of the honda hackers even go as far as opening up the ECM and desoldering chips to hack them. Changing the ignition timing table, fuel tables, Disable the Rev limiter, Disable Passkey for engine swaps (I do this with the GM 3800sc and it's ecm from the Buicks) add features, change a Standard ECM program to a program that understand boost for a turbo install... etc.....

Heck a friend of mine is hacking the computer that controls the new power steering system in cars so we can retrofit power steering to vehicles that dont have it.

I guess us car ECM hackers are the new "EVIL DOERS"

Re:Sensationalism at it's finest. (0)

Anonymous Coward | more than 4 years ago | (#32206858)

Ditto, I was on the DIY-EFI & GMECM mailing lists over 10 years ago as well... Those were the days. ;)

Automotive computer hacking... (2, Informative)

pongo000 (97357) | more than 4 years ago | (#32206536)

...has been around since OBD-1 [tunercat.com] days, as far back as 1984 [tunerpro.net] . OBD-2 programming systems are available for anything from 1994 [eidnet.org] through 2010 [hptuners.com] . There are even scanners that allow you to enter the PIDs of your choice [scangauge.com] (obtained from monitoring the data line while performing operations with a scantool).

Since newer vehicles control nearly everything via CANbus, it's no surprise that someone has taken the time to monitor the bus and inject various commands. This sort of hacking has been around for over 20 years (despite auto manufacturers' attempts to protect their hardware with security keys and seeds). I don't see them "solving" this "problem" anytime soon...unless they come up with a way to make a "secure" bus (perhaps using fiber optics).

Here come the spy stories (1)

valadaar (1667093) | more than 4 years ago | (#32206544)

How long until we see a major thriller use this as more technobable? And of course, they will use wireless technology by hacking into the cellphone the victim has foolishly left plugged in, allowing access to the car's operating system via the 12-volt power supply. The horror!

Benefits of hacking (1)

m0s3m8n (1335861) | more than 4 years ago | (#32206650)

As a VW owner, I can attest to the benefits of "hacking". How about adding 50 HP (and lots of torque) with a software upgrade.

shift in mentality (1)

Max_W (812974) | more than 4 years ago | (#32206654)

Now imagine that a car is shipped with a virus in the firmware. And at the same moment of time millions of cars on highways suddenly become unmanageable.

This article reminds again that computers more and more run our civilization. We are to begin to regard an unlawful interference into computer systems as a very serious life-threatening crime.

A certain shift in mentality is required. We shall not be amused by "black hat", "white hat", or other "hacking" subculture phenomena, but view malicious code writers as what they are, - vicious, or even murderous criminals.

Future police officers and judges should be trained at schools to understand ideas and intents in the programming code.

I can imagine a judge, specializing, say, in C++ domain, or PHP&MySQL domain, Java, etc. To lock up a criminal for good a police officer and judge are at least to understand the code which this criminal wrote. Otherwise they cannot be sure.

And they -soak you- for the hardware, too (1)

david.emery (127135) | more than 4 years ago | (#32206676)

ABS warning light came on in my 2000 Nissan Frontier. They traced the fault to the ABS control module, and the replacement part is $1000!!! That's an appalling amount of money for a couple bucks worth of silicon!

I'm coming to the conclusion that there needs to be industrial or even government standards for computer security, and there ought to be an investigation on the price of (safety related) repair parts.

I guess "researchers" have not met any modders? (5, Interesting)

netsavior (627338) | more than 4 years ago | (#32206706)

As a car modder, who has been doing this kind of stuff (not malicious) since the early 1990s, wow welcome to the future guys.

Just an example: When my throttle position is above 90% depressed, my A/C compressor disengages(or rather the A/C Clutch engages), giving me that little bit of horsepower and theoretically saving my compressor from 7500 RPM (engine speed, not compressor speed) redline. I did this in an afternoon using only software.

The ECU has a lot of control over the car, especially in drive by wire cars... My car happens to have a cable accelerator, and I vastly prefer that because of throttle response time (a physical link is better most of the time than a software one, assuming both are properly maintained).

If they were really trying to be malicious without being deadly, you could change the air/fuel ratio to be really lean and burn up the valve train the first time they hit the gas pedal, there is no physical override for that, not like brake pedals (which if you turn it off it merely removes the power assist and only prevents you from stopping the car if you aren't strong enough to push the pedal down.)

How can I ... (1)

PPH (736903) | more than 4 years ago | (#32206762)

... hack the dashboard display to tell all the LLBs to get the f**k out of the left lane?

True story about crashing an automotive computer (1)

terrahertz (911030) | more than 4 years ago | (#32206774)

I once had the occasion to rent a car and drive it around on a fine Sunday afternoon. The afternoon was so fine, so inspiring to my pedal-mashing sensibilities, that on a whim I decided to take the car as close to airborne as I could over a rather steep hill.

I ended up catching a little too much air, and bottomed-out the car pretty hard. Upon landing with a loud crunchy thud, all the dash lights went out, the power steering died, and I had to wrestle the car off the road in quite a hurry.

Sitting there, miles from home, on the day of the week when it would be hardest to get a tow and make other transportation arrangements, and worried about what I had done to the car (I was sure it was really messed up based on the noise and the behavior), I was a bit panicked for a second there. After a moment's reflection, I decided "what the hell" and turned the key in the ignition to see what would or wouldn't happen.

And the damn thing started right up, with nary a complaint or anomaly. I deduced that the shock of bottoming-out must have crashed the computer and killed all the electronics, and the good old "reboot and see what happens" actually worked!

No excuse for vendor lock! (1)

couchslug (175151) | more than 4 years ago | (#32206808)

Access to ALL functions of automotive computer systems facilitates support when factory support ends and aftermarket support takes over.

This should have been approached from a MECHANICS POV, not that of a frightened rabbit. Vehicle computer systems should be easy to access, instead of vendor-locked so others can't see (and potentially correct or improve) factory settings.

Pre-computer vehicles were easy to troubleshoot and maintain precisely because systems were simple to access/repair/modify. Newer systems have greater capability, but restricting access to dealers who won't be supporting the vehicle after it's about ten years old (and charge a shitload of money before that, because they can) is not helpful to the consumer.

Obligatory personal computer analogy:

How about all PCs be sold potted in fiber-reinforced epoxy so "saboteurs" can't monkey with them?

Who are these guys? (1)

Grand Facade (35180) | more than 4 years ago | (#32206826)

I want to tune my Neon!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>