Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How To Take Control of a Car's Electronics, Cheap

timothy posted about 6 months ago | from the at-that-point-you've-already-controlled-the-door dept.

Hardware Hacking 109

mspohr writes with this excerpt from The Register: "Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road. The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems. 'A car is a mini network,' security researcher Alberto Garcia Illera told Forbes. 'And right now there's no security implemented.'"

cancel ×

109 comments

Interesting (-1, Offtopic)

Anonymous Coward | about 6 months ago | (#46196957)

FUCK BETA

Re:Interesting (-1)

Anonymous Coward | about 6 months ago | (#46196993)

Your little campaign isn't going to work. Dice has already written you off.

Re:Interesting (-1)

Anonymous Coward | about 6 months ago | (#46197005)

fuck beta

Re:Interesting (-1, Offtopic)

Jeremiah Cornelius (137) | about 6 months ago | (#46197287)

Russia is a BAD place, that tells homos buttsex is wrong!

Re:Interesting (-1)

Anonymous Coward | about 6 months ago | (#46197009)

You don't get it, do you?

Re:Interesting (-1, Flamebait)

Anonymous Coward | about 6 months ago | (#46197029)

FUCK ANONYMOUS COWARDS THAT OFFER NO CONSTRUCTIVE CRITICISM.

Dice might take you seriously if you were a bit more civil about complaining. But instead you gotta be a bunch of whiny little bitches. On behalf of Dice, GO FUCK YOURSELF.

Re: Interesting (-1)

Anonymous Coward | about 6 months ago | (#46197109)

You first

wait, the subject isn't autofilled in the beta? al (1, Insightful)

Anonymous Coward | about 6 months ago | (#46197143)

Plenty of people have offered criticism. Hold on, let me check the current beta and see how much of it has been taken...

Oh, look, it's all been ignored. There's still a massive block of whitespace at the top of the page for no apparent reason. The comment box is still so narrow it looks like I've written several pages of text when in reality it's more like three sentences. They "fixed" the sidebar along the side of the screen, though, in that instead of being a giant empty space it's plastered with ads. So there's that, I guess. I'm not entirely sure why there's an ad for diamonds next to this comment I'm writing, but I guess they ran out of tech jobs that are nowhere near me to advertise. (Edit: Oh, and the captcha text field is too narrow to display any of the text you enter. Great.)

But, then again, they were very clear: Slashdot is now an IT B2B site, not a nerd news site. The new commenting system will help ensure that those of us still stuck in the past who for some reason thought Slashdot was about "news for nerds" will GTFO and go some place else, so the important IT exec types can chat amongst themselves in their new Web 3.0 version of Slashdot.

I'll miss the old Slashdot, but if we're honest, it's been dead for years.

Here you go spaz retard (5, Insightful)

Anonymous Coward | about 6 months ago | (#46197145)

Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Re:Here you go spaz retard (-1, Troll)

Atomic Fro (150394) | about 6 months ago | (#46197485)

Slashcode is open source, ya? Can't we just "fork" the site?

Re:Here you go spaz retard (-1, Flamebait)

Anonymous Coward | about 6 months ago | (#46197911)

SLASHDOT AS YOU KNEW IT IS FINISHED.....IT IS OVER.....One look at the slashdotmedia.com webpage will confirm that for you.
If you cannot stomach the BETA redesign, if you really love the classic site layout so much, YOU MUST fork the site code and start another site such as what "AltSlashdot" are attempting to do....no if's or but's about this anymore !!!!! Personally speaking, I think it may be a good idea if Joel Spolsky (co-founder of StackOverflow) got involved.

Re:Here you go spaz retard (0)

maxwell demon (590494) | about 6 months ago | (#46197927)

Slashcode is open source, ya? Can't we just "fork" the site?

This is discussed over there. [slashdot.org]

Re:Here you go spaz retard (1)

FatdogHaiku (978357) | about 6 months ago | (#46200599)

Slashcode is open source, ya? Can't we just "fork" the site?

In SlashDot Beta, Site Forks You!

Re:Interesting (1)

Anonymous Coward | about 6 months ago | (#46197241)

Considering the fact that nobody is ddosing or hacking slashdot, I would say things are actually quite civil.

Re:Interesting (0)

Anonymous Coward | about 5 months ago | (#46201303)

says Anonymous Coward

"Cheaply" (-1, Flamebait)

Forty Two Tenfold (1134125) | about 6 months ago | (#46197125)

Whatever happened to adverbs?
While we're at it, FUCK BETA.

Re:"Cheaply" (0)

Anonymous Coward | about 6 months ago | (#46198311)

What happened to your adverbs? Beta works badly and is being improved too slowly.

Re:"Cheaply" (1)

Forty Two Tenfold (1134125) | about 6 months ago | (#46198939)

You're assuming too much. Namely that "it works" and "is being improved."

How to help ruin the internet (-1, Offtopic)

Anonymous Coward | about 6 months ago | (#46196981)

Poop out Beta

No security? How about Physical security? (0)

Anonymous Coward | about 6 months ago | (#46197007)

So basically they can't do anything unless they have physical access to the car Even the best computer security generally won’t do much against a determined hacker when they have actual physical access to the device
“No security implemented” Most of us don’t keep our cars in an environment where strangers have unrestricted access to them. For some, that is a form of “Security”.

Re:No security? How about Physical security? (2)

rudy_wayne (414635) | about 6 months ago | (#46197121)

If you need physical access then it's not a hack and doesn't show lack of security.

Re:No security? How about Physical security? (1)

AK Marc (707885) | about 6 months ago | (#46197295)

It's still a hack, but unless you can get to the port without popping the hood or accessing the interior, then the car is secure, and the comment "And right now there's no security implemented." is a lie.

Re:No security? How about Physical security? (1)

LifesABeach (234436) | about 5 months ago | (#46200781)

When folks talk about control, could control be from a parent computer like a lap top? Maybe interfaced to some cameras? My idea is that self driving cars could be developed faster if folks could write their own open source solutions. The car companies can't think of everything, but a motorist stuck in a car problem can begin.

Re:No security? How about Physical security? (1)

AK Marc (707885) | about 5 months ago | (#46200879)

The implication is that someone else could remotely control your car. The reality of plugging your computer into your car and controlling it real-time is so 2001 (Fast and Furious made it mainstream, showing the very-real ECU-in-a-laptop). Interfacing with your computer and issuing commands is something that's been done for years. It that's all this is, yawn. That's why the implication is "remote" means from outside the car, like the "no security" comment implies. After all, if someone has to be in the drivers seat to control the car, nobody would consider that "remote" even if they have a 3rd party chip in the ECU interfacing with a laptop controlled by the driver.

Re:No security? How about Physical security? (2)

JaredOfEuropa (526365) | about 6 months ago | (#46197349)

It's reasonable to assume that no hacker will have physical access to your computer. For your car, that's a much less reasonable assumption. Cars sit unattended in public places for long periods, so someone intent on messing with you will probably have little trouble gaining access to your car and installing this box.

A simple way to improve security somewhat would be to require CAN devices to be paired with the car's computer. IIRC Volvo used to do this; installing a CD player on the CAN bus required a trip to the dealer to pair it, but they've since disabled this security as it was "too troublesome".

Re:No security? How about Physical security? (1)

aix tom (902140) | about 6 months ago | (#46197723)

but they've since disabled this security as it was "too troublesome".

Exactly that. You have to see the pro/cons of security. If someone has physical access to your car and wants to mess with you, all the CAN-bus security in the world won't prevent him from snipping the break lines, drilling a hole in the bottom of your tank, or loosening the tire nuts.

And seeing how "security" at my computer sometimes prevents the legitimate user from doing stuff, I would really hate to get a "unauthorized brake attempt detected" error message when I slam on the breaks while seeing the tanker truck pull out of the side street.

Re:No security? How about Physical security? (1)

LesFerg (452838) | about 6 months ago | (#46198883)

I wouldn't mind notification as I slide the key in, such as "Would you like to remove the device from the diagnostic port before driving?".
I'm sure the technician with a legitimate purpose will be able to handle a few extra steps in activating diagnostic systems.

Re:No security? How about Physical security? (1)

Hamsterdan (815291) | about 6 months ago | (#46199525)

Having to go to the dealer to pair a device means saying goodbye to your affordable OBD-II scanner and ECU flasher.

Re:No security? How about Physical security? (1)

wagnerrp (1305589) | about 6 months ago | (#46198815)

For what it's worth, industrial data buses in general implement no form of data security. They all rely on physical security. CAN just seems to be following the standard.

beta? (-1)

Anonymous Coward | about 6 months ago | (#46197013)

Fuck.

Say what? (1)

djupedal (584558) | about 6 months ago | (#46197015)

No security? BS. That would suggest that all one has to do is lift the skirt and look. That's not the case, however, since not all the data is easily sniffed. Seems this is just a product leak/blurb to build a brand, nothing else.

FUCK BETA (-1)

Anonymous Coward | about 6 months ago | (#46197055)

No one cares unless you're in some way saying - FUCK SLASHBETA

Re:Say what? (2)

AK Marc (707885) | about 6 months ago | (#46197347)

It's only use is as a gadget in CSI for the gang to figure out to determine it was the husband that sabotaged the wife's car and drove her off a cliff, after all, the husband would need physical access, and he'd have it, as he has a set of keys.

SLASHBETA IS A FAILURE (-1)

Anonymous Coward | about 6 months ago | (#46197019)

FUCK DICE

2 days (-1)

Anonymous Coward | about 6 months ago | (#46197033)

Boycott beta

If I wanted to read week old articles on a god awful user interface I'd read Engadget!

The absolute best thing slashdot has going for it is the design of the comment section.

Re:2 days (-1)

Anonymous Coward | about 6 months ago | (#46197091)

Thank God. All the bitching idiots are leaving?

Re:2 days (-1)

Anonymous Coward | about 6 months ago | (#46197277)

You're leaving?

This is why my car doesn't have (0)

Anonymous Coward | about 6 months ago | (#46197037)

any electronics in it. Good luck hacking something that uses good, old, trusted technology from the '30s.

SLASHBETA IS FOR NIGGERS (-1)

Anonymous Coward | about 6 months ago | (#46197075)

DICE IS RUN BY THE MONKEY

Re:SLASHBETA IS FOR NIGGERS (0)

davester666 (731373) | about 6 months ago | (#46197499)

So, you like beta?

because relatively few people go along with "I'm a racist. Do what I want.". Many people immediately consider doing the opposite, just because the person making that statement doesn't want it to happen.

Not a totally remote exploit. (3, Insightful)

140Mandak262Jamuna (970587) | about 6 months ago | (#46197081)

The hacker has to physically install a dongle in the port, or plug the hard ware somewhere under the hood of the car. Once that is done, it would be possible to control the cars electronics remotely.

Re:Not a totally remote exploit. (0)

Anonymous Coward | about 6 months ago | (#46197297)

Do the police even need a warrant to do that?

Re:Not a totally remote exploit. (1)

PRMan (959735) | about 6 months ago | (#46197361)

Yes. The Supreme Court just said so.

Re:Not a totally remote exploit. (2)

Hamsterdan (815291) | about 6 months ago | (#46199533)

Yes, but they'll do it anyways

HOW TO ENJOY SLASHDOT BETA (-1)

Anonymous Coward | about 6 months ago | (#46197097)

1. Be born into a rich white family (nothing against them if step 1 is you're only situation)
2. Be molested by your uncle at age 6
3. Develop strong ASPD (sociopath)
3.5 Never use the internet until you do step 4
4. To unload all your emotion problems and also start a career in faggotry, get your MBA from an online school
5. Get hired by Dice with flying colors
6. Design Slashbeta
7. Ruin the community of nerds that have grown coming on TWO FUCKING DECADES.

Bluetooth ODB-II? (4, Informative)

chill (34294) | about 6 months ago | (#46197103)

And how does this differ from the Bluetooth ODB-II connector I use to stream car data to my cell phone? That is wireless and also requires being plugged into the diagnostic port on the car.

I can pull all sorts of data from that. If I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.

This isn't hacking. It is a product demo for VW.

Re:Bluetooth ODB-II? (-1, Offtopic)

Anonymous Coward | about 6 months ago | (#46197123)

Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975


You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Re:Bluetooth ODB-II? (0)

Anonymous Coward | about 6 months ago | (#46197155)

What if a clown did it?

Re:Bluetooth ODB-II? (1)

DarwinSurvivor (1752106) | about 6 months ago | (#46197789)

From what I understand, cars have multiple CAN networks, all isolated from each other. There is at *least* 3 in most modern cars. One for infotainment (cars stereos and heating/fan control), 1 for basic control diagnostics (that's the one under the dashboard), and one for the engine (this one is usually a P.I.T.A. to get into as they don't leave open ports plug into). If they've managed to get into the engine CAN through one of the more accessible CAN's, then they've done one hell of a job!

Re:Bluetooth ODB-II? (0)

Anonymous Coward | about 6 months ago | (#46198461)

If they've managed to get into the engine CAN through one of the more accessible CAN's, then they've done one hell of a job!

I worked with one of the network protocols used for maintenance software once*, the CAN networks might run separate however some ECUs are connected to more then one and the connection used by your local repair shop also connects to all, so they are not completely separate. The route is there and all it needs to do is to hijack one of the infotainment components showing stats from your engine.

*IIRC the protocol was new and meant to ease installation and maintenance by providing a single standard Computer to ECU communication protocol over TCP/IP. Been several years so I no longer remember the name, but one use case was to install/configure/test all ECU's in new a car by plugging it into a standard network (with nice problems, the internal protocols had low latency requirements and the people in charge wanted to plug in ~100 cars at once - really well thought out).

The different buses... (2)

batistuta (1794636) | about 5 months ago | (#46201389)

Most cars have a high speed CAN, for all functions needing messages at a rate of about 10 or 20 ms like Abs, engine, etc. There is also a low speed CAN, which is used for things like heating, and low rate signals of about 100 and 200 ms. The advantage of low speed CAN is that it can be put into low power and use it to wake up devices, like a wake up on LAN. I Then there is the LIN bus. This is a low speed, single wire cheap bus. It is used for things like wipers. These are the basic three buses.

Cars like BMW and Mercedes have two or three high speed CAN, a MOST bus for entertainment, and a flexray for safety critical applications. Other manufacturers use TTP instead of flexray, but the safety and timing is in both cases the main reason for not using CAN throughout.

Cars are also slowly rolling out Ethernet, mostly due to the high speed and low cost.

All buses are connected to each other in one way or the other via dedicated gateways. These gateways are usually not pure network gateways, but standard ECUs used for vehicle functions, also serving as gateways.

Then there are internal buses. For example some controllers include multiple ECUs connected via SPI or similar. The engine ECU is almost always connected to the CAN bus because it requires a lot of information from other systems, such as speed, gas pedal input, etc. The actual firing of the sparks is very time critical, and this is after done via a dedicated TPU controller, integrated as a sub core in the engine ECU (take a look at the MPC555 documentation), connected to the main ECU via an internal bus.

The point is that no one gives a Shit if you Fuck up your car by plugging something to one of the vehicle buses. From the OEM perspective, the car must be non hackable from the outside, but once you are in, it's your problem.

Re:Bluetooth ODB-II? (0)

Anonymous Coward | about 6 months ago | (#46199135)

Some pretty nice things can be done with ODBII you guys should checkout automatic.com (note i dont work for them). They will have a android app soon too.

They also accept bitcoin !

No, you can't send. (1)

batistuta (1794636) | about 5 months ago | (#46201309)

I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.

No, you can't send over CAN this way, at least not without risking messing up the core structure of your network. Most nodes in vehicle CAN send messages periodically. Each message type has a unique id, and sending two messages with the same id at the same time can result in collisions. But even if these don't collide, they will get overwritten right after by the next real message. If the inconsistencies are bad enough, the safety fuses will catch them and shut the system down. Any respected automotive OEM implements such mechanisms. I In CAN it's not possible to intercept messages and perform a MIM attack, unless you hack into a gateway like LIN or flexray to CAN.

I work with for the automobile industry and quite honestly, I'm sick of reading this type of articles where people gain physical access to the OBD or vehicle bus, including the respective network databases, and claim to have hacked a car. It is like saying that a house is insecure because you can break into it, turn on the stove, and cause a fire with it.

If you can hack the car from the outside, give me a call. But don't pretend to be a hacker by exploiting things that were never meant to be protected. We are encoding things that we care about and if the CAN is not encoded, is because we don't care about you fucking up the bus communication. On the contrary, we will most likely end up crashing your car and buying a new one.

Physical Access (5, Interesting)

Pcgeek21 (3530333) | about 6 months ago | (#46197131)

This issue surrounds physical access to the vehicle, at which point no amount of security is going to be able to protect it (it will only make it more difficult to do). Adding security would make it significantly more difficult for mechanics and enthusiasts to work with their vehicles. My vote is towards adding a notification light on the dash board for when a device is connected to the vehicle's computer (that cannot be turned off by the computer [e.g. controlled by an auxiliary system]), which would notify the user that something is not right (if they did not connect something).

Mod story discussion down (-1)

Anonymous Coward | about 6 months ago | (#46197167)

Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Re:Mod story discussion down (0)

Anonymous Coward | about 6 months ago | (#46197521)

They already backed off on the beta. Pay attention, dude.

Re:Physical Access (1)

Jane Q. Public (1010737) | about 6 months ago | (#46197203)

"This issue surrounds physical access to the vehicle, at which point no amount of security is going to be able to protect it (it will only make it more difficult to do). Adding security would make it significantly more difficult for mechanics and enthusiasts to work with their vehicles."

But "more difficult" might be the right thing to do.

It's true that it might make mechanics' jobs slightly more difficult. But what you said is kind of like saying locks on doors are pointless "because no amount of security is enough if you have physical access". In truth, there are few locks that a skilled locksmith can't pick open given a little time. But that doesn't mean a lock that can be picked in 5 seconds or no lock at all is a good solution in most cases.

Re:Physical Access (1)

blue trane (110704) | about 6 months ago | (#46197329)

The better solution is, eliminate the motivation to break in, in the first place.

Step one: have the government serve as an ethical example; so instead of exploiting vulnerabilities that exist in the wild, it fixes them.

Re:Physical Access (1)

davester666 (731373) | about 6 months ago | (#46197527)

own and drive a really crappy car? done!

Re:Physical Access (1)

blue trane (110704) | about 6 months ago | (#46198973)

Mo' money, mo' problems.

Re:Physical Access (1)

Zibodiz (2160038) | about 6 months ago | (#46199967)

Posting to undo an accidental moderation -- shoulda been 'funny', not 'redundant'.

Re:Physical Access (1)

phantomfive (622387) | about 6 months ago | (#46197301)

Honestly I'm not sure this is particularly worth worrying about. Maybe cars have changed, but last time I was messing around with CAN in a car, it couldn't do very much. It's not like they are going to be able to drive the car remotely. But they will be able to get some telemetric data.

Re:Physical Access (0)

Anonymous Coward | about 6 months ago | (#46199089)

I agree not much to worry about, if they have physical access there is no security.

As for driving the car, I think it might be possible assuming automatic gearbox .
The throttle is drive by wire and can be controlled via can, already done for the cruise control.
The brakes can be controlled via the ABS module already done for automatic braking.
The steering can be controlled via the electric power steering, already done for parking assist

You'll have to get to the right can bus, the diagnostic one won't work unless the gateway that connect the different buses can be reprogrammed.

Re:Physical Access (0)

Anonymous Coward | about 6 months ago | (#46197589)

If I have physical access it would just be a matter of cutting the wires to the dash circuit tells people am hacking their car. Even if the light has an burn out detection circuit, it wouldn't help because 1. 90% of people don't know how burn out detection works. 2. It's easy to add a device to emulate the built in burn out detection. However if the switch was make correctly it would increase the time to do this by maybe a 1,000 fold.
Here is how I would implement it.
1. A switch that detects if something is plug into the diagnostic port.
2. Wiring or independent circuit* that only allows the diagnostic port to function when said switch detects something in the plug.
3. Burn out detector on bulb circuit*
*This circuits should probably be implemented in side the instrument cluster.

Re:Physical Access (0)

Anonymous Coward | about 5 months ago | (#46201351)

My vote is towards adding a notification light on the dash board for when a device is connected to the vehicle's computer

Too bad, this will not work with CANbus.

I MISS THE OLD DAYS (-1, Offtopic)

Anonymous Coward | about 6 months ago | (#46197191)

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

CAN aint easy (0)

Anonymous Coward | about 6 months ago | (#46197193)

i've worked on CAN protocols. the protocol itself seems like an obfuscated / cryptic 'standard'. unless a really bright person simplifies it, i doubt the standard script kiddy can hack it.

ps. please keep the original slashdot layout. the beta is crap -- it will be even after all the bugs are worked out.

Re:CAN aint easy (0)

Anonymous Coward | about 6 months ago | (#46197367)

i've worked on CAN protocols. the protocol itself seems like an obfuscated / cryptic 'standard'. unless a really bright person simplifies it, i doubt the standard script kiddy can hack it.

ps. please keep the original slashdot layout. the beta is crap -- it will be even after all the bugs are worked out.

Never underestimate the script kiddy. I did, once. I do not speak of it.

Re:CAN aint easy (1)

sumdumass (711423) | about 6 months ago | (#46200093)

The thing about script kiddies is that they don't need to know much because they use other people's scripts and efforts.

Here is a more illustrating example. Most people who have rooted android phones have no idea how to actually root a phone. Instead, they either (themselves or pay someone to do it) use scripts and procedures developed by others in order to gain root access and do as they please. So someone set up a side business rooting phones and to the average user, they look like a hacker. To someone who has some knowledge, they are script kiddies following someone else' directions- except they aren't acting maliciously. They generally have no idea or concept of exploiting a file in order to sneak something onto the operating system of a phone that would allow them to replace the boot code which will allow them to install a new operating system which is what I would consider hacking. But they can achieve the same goals using procedures and tools outlined by the hackers so they are script kiddies.

PCIe bus has no security either (0)

Anonymous Coward | about 6 months ago | (#46197207)

CANbus has no security, you say? Well, duh. The PCIe bus has no security either. Nor does USB or any of the other hardwired buses. What's his point?

CANBUS DICE NUTS (-1)

Anonymous Coward | about 6 months ago | (#46197265)

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Credit to the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

Please read (-1)

Anonymous Coward | about 6 months ago | (#46197209)

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

From the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

Please have a soul & read this comment (-1)

Anonymous Coward | about 6 months ago | (#46197219)

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Thank you the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

I'm sick of others trying to force their "control" (-1)

Anonymous Coward | about 6 months ago | (#46197229)

FUCK BETA (how's that for being original?)

My my (-1)

Anonymous Coward | about 6 months ago | (#46197249)

Timothy has been busy lately!

Wireless access, once you've got wired access (1)

Theaetetus (590071) | about 6 months ago | (#46197273)

"Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road... the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

That's like saying I can get wireless access to your server, provided you let me have physical access first so I can plug in my wireless NIC.

Re:Wireless access, once you've got wired access (-1)

Anonymous Coward | about 6 months ago | (#46197307)

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Taken from the wise wjwln - THANK YOU
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

Re:Wireless access, once you've got wired access (0)

alostpacket (1972110) | about 6 months ago | (#46197855)

To be fair, you don't keep your server in your driveway. Or maybe you do? :)

I don't know how easy it is to find the connector though. In theory, cars should be able to tell if external devices are connected.

Re:Wireless access, once you've got wired access (1)

Hamsterdan (815291) | about 6 months ago | (#46199887)

"To be fair, you don't keep your server in your driveway. Or maybe you do? :)"

With the temperatures we have in Montreal, it would make a hell of an overclock...

How the frack do I get out of Beta (0, Informative)

Anonymous Coward | about 6 months ago | (#46197325)

Please, please, kill beta now. Delete every bit of this horrible interface.

Not with a bang, but with a Beta. (2, Insightful)

emmagsachs (1024119) | about 6 months ago | (#46197391)

What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" [slashdotmedia.com] platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.

Nevertheless, Dice is desperate to make money off of Slashdot, since it has not lived up to their financial expectations, a fact that they have revealed in a press release [diceholdingsinc.com] detailing their performance in 2013:

Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

Beta is not a cosmetic change. It is a new design that deliberately ruins the one thing that makes /. what it is today -- the commenting system. There is nothing wrong with Slashdot, from the users' perspective, that demands breaking its foundations. As others have commented, this is an attempt to monetize /. at any any cost [slashdot.org] , and its users be damned. Dice views its users, the ones who create the site [slashdot.org] , as a passive audience. As such, it is interchangeable with its intended B2B crowd. We, the current users of Slashdot, are an obstacle in Dice's way.

That is why they ignore the detailed feedback they have received in the months since they first revealed Beta. That is also why they now disregard our grievances. Their claims of hearing us are a deliberate snow job. It is only pretense, since at the same time they openly admit that Classic will be cancelled soon [slashdot.org] :

"Most importantly, we want you to know that Classic Slashdot isn't going away until we're confident that the new site is ready.

Don't hold your breath waiting for Dice to fix Beta. Their vision of Slashdot is a crippled shadow of the site as it is today. Don't let them pull the wool over your eyes. Dice doesn't need us, and it wants us out.

Slashdice delenda est!

Re:Not with a bang, but with a Beta. (1)

dcollins (135727) | about 6 months ago | (#46197757)

Mod this up.

Re:Not with a bang, but with a Beta. (1)

allsorts46 (1725046) | about 6 months ago | (#46197993)

What is $6.3 million of goodwill, anyway?

Re: Not with a bang, but with a Beta. (1)

Anonymous Coward | about 6 months ago | (#46198157)

"Goodwill" is an accounting term for the amount paid for the purchase of a company above the total value of the physical parts of the company. It's the premium one pays for the "name value".

For example, a bakery buying the "Hostess" brand name would buying "goodwill", since the brand name has no tangible value.

"Writing down" the goodwill means admitting that it isn't worth what they paid for it, either because they paid too much or because they did silo etching to make it less valuable.

Dice apparently is guilty of both, since Beta obviously makes the Slashdot "brand" less valuable.

Oh, yeah: Fuck Beta!

Re: Not with a bang, but with a Beta. (0)

Anonymous Coward | about 6 months ago | (#46198355)

I posted the parent from my phone, and it got a bit munged up. "silo etching" should be "something".

And... Fuck Beta!

Re:Not with a bang, but with a Beta. (1)

Attila Dimedici (1036002) | about 6 months ago | (#46198831)

I have expected Dice to kill slashdot ever since I heard that they bought it because I cannot imagine anyway to make slashdot a profit center. The best I can see is for it to do is to pay for itself and perhaps a little bit more, but not enough return to justify it to the accountants. I think if I was in Dice management I could make a case for it on the basis of the good will it generates and the ability to data mine it to predict technology trends (the only reason to actually capture user information in this would be in order to weight some user's opinions more heavily than others). However, I don't see how that could possibly justify the amount they spent on it, which means they will have to try to remake it into something which generates greater revenue....something I believe to be impossible.

And SourceForge? (0)

Anonymous Coward | about 6 months ago | (#46200485)

One wonders what they think about SourceForge --- it's not even mentioned in that financial report...

How To Take Control of Nerds' News, EXPENSIVELY (-1)

Anonymous Coward | about 6 months ago | (#46197393)

Next time spend your money on horses and let them fuck your asses.

FUCK BETA, FUCK YOU DICE, FUCK YOUR LOSSES.

amazing (1)

stenvar (2789879) | about 6 months ago | (#46197395)

Just imagine all the chemical and physics hacks you can do once gain access to a car's hardware!

Re:amazing (1)

maxwell demon (590494) | about 6 months ago | (#46198087)

Yeah, I've heard you can hack the tires to no longer hold air, by using a tool as simple as a knife! And what's worse, you need not even access to the inner parts of the car. The vulnerable part is right on the surface!

I've also heard that cars get regularly hacked by martens. This includes quite dangerous hacks like killing the brakes.

Re:amazing (1)

sumdumass (711423) | about 6 months ago | (#46200141)

lol.. That reminds me of a situation about 20 years ago or so. Locked the keys in the car in the middle of nowhere and hacked the door lock with a rock through the window.

No Wifi, No Beta (1)

Anonymous Coward | about 6 months ago | (#46197397)

Seems my comment is a reaction to the useless Slashdot-Beta.

Dr. Obvious (0)

Anonymous Coward | about 6 months ago | (#46197603)

And a server machine is a mini-network, and right now there's no security implemented if you plug your exploit into the control bus... So what? That's it's purpose, and the LAST thing we want is for it to be locked down so you can ONLY attach in components and diagnosis systems from the manufacturer. This even goes equally for drive-by-wire solutions; if you get physical access even for a moment you can cut the brake lines or pour sugar in the gas tank. Or attach a GPS tracker if you're so inclíned.

Security? (1)

kimvette (919543) | about 6 months ago | (#46198203)

I'm really not too worried about it, so long as any wireless connectivity is secured.

Old cars had zilch for security. Wanted to take off with it? On really old cars, just cut and twist a few wires, cross two more momentarily, and you're off. Not even a column lock to get in the way.

More recent cars? Hmm, prior to electronic keys (and keys with resistor values, i.e., GM ignition keys), slide-hammer the ignition and use a screwdriver to turn it, or if the column under the dash is acceptable, just pull and jumper a plug, and push a lever to unlock the column. You drive off in the car.

Now cars are more secure than ever. How are they stolen now? Easy: flatbed. It takes just moments, and no one second-guesses a wrecker driver on a public street or parking lot. Or, hacked, if the thief has time and the right tools to do it. It is more difficult than ever to steal and part out a car now, since components more and more often have to be "married" to the ECU/ECM and the key controller (sometimes part of the BCM, sometimes its own computer), and other components in order for them to work - but in order to marry the component (be it an ABS controller, head unit, nav unit, amp, etc.) the old component needs to be "divorced" from the original car.

What does this mean? Car thefts requires a whole lot more sophistication and funding, which leaves it to fewer and fewer players.

In any event, once you have physical access it is game over. Let's stick to locks since they have been keeping honest people honest for years, and security has gotten better than locks, even if the security is through obscurity or merely time.

So, this is a test (1)

Ralph Spoilsport (673134) | about 6 months ago | (#46198325)

I will type a line and hit return here: And then type another line. I will now type a paragraph HTML command here:

And then type another line, followed by another paragraph code here:

This will prove to myself whether or not Beta, in all of it's innovative wonder, will finally allow Slashdot to recognise a return command.

That is all.

Oh FFS. That's terrible. (1)

Ralph Spoilsport (673134) | about 6 months ago | (#46198337)

Not only did it not recognise my return char, it fucking CHANGED FONT after using a paragraph command. WHISKEY TANGO FOXTROT? This isn't beta software. This is mid Alpha, at best.

Physical access (1)

BillX (307153) | about 6 months ago | (#46198931)

Wait, someone can control something by physically plugging something into a control port designed for that purpose?

It's a neat trick, but if the bad guy has physical access, it doesn't take a wireless dongle in the CAN port to mess shit up...

So the solution is DRM for cars? (1)

caseih (160668) | about 6 months ago | (#46199381)

Am I the only one that thinks car manufacturers reactions to these "hacks" is just going to be heavy DRM on the bus, more nickel-and-diming for unlocking features, and more expensive parts because third parties are locked out because of the DMCA?

Right now in agriculture, everything is quite proprietary on the bus, but having it free and open would be a huge boon. There is no DRM at this time, but the protocols themselves are closely guarded secrets. In an ideal world, one companies' GPS receiver should work with another company's autosteer navigation system, and that should work with any company's tractor (yes steer by wire over the bus).

Of course the researchers likely aren't advocating for DRM by calling for security, but the layperson isn't going to make the distinction and I think auto companies are going to use this for fear-mongering to push expensive, proprietary solutions on us that we really don't need. Do I need my remote start kit to cost $2000 and have to come from the car company only. I mean cars are so insecure you can start a car by tapping into 4 wires under the dash with any old off-the-shelf remote start kit! Horrors!

In other news (1)

niw3 (1029008) | about 6 months ago | (#46199989)

Hackers hacked into home networks using off-the-shelf cheap ethernet cables, by plugging those into ethernet ports of home routers.

Micharl Hastings was murdered (1)

Rujiel (1632063) | about 5 months ago | (#46200853)

After Richard Clarke, fmr. national security advistor to bush jr. amd clinton, publicly brought up the concern that journalist Hastings was murdered, the trolls insisted that such control over a car wasn't possible. Well, here you go. If these guys can rig up a car, you bet your ass the feds can.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...