Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Intel Team Takes On Car Hackers

samzenpus posted more than 2 years ago | from the who's-driving dept.

Security 153

nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."

Sorry! There are no comments related to the filter you selected.

Interesting readings (4, Informative)

Anonymous Coward | more than 2 years ago | (#41054879)

http://www.autosec.org/publications.html

Boy, does this have the potential for bad (5, Insightful)

Scareduck (177470) | more than 2 years ago | (#41054883)

Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.

Re:Boy, does this have the potential for bad (0)

Anonymous Coward | more than 2 years ago | (#41055007)

Especially when the car records everywhere you've been. "We see you went into a bad neighborhood yesterday citizen. Would you care to explain why?"

Re:Boy, does this have the potential for bad (4, Interesting)

Trepidity (597) | more than 2 years ago | (#41055153)

A more likely short-term motivation is that they want exclusive ability to sell expensive repairs and required-for-maintenance devices.

Re:Boy, does this have the potential for bad (4, Informative)

Miamicanes (730264) | more than 2 years ago | (#41055291)

Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.

Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit. It's just like UEFI. If I have a copy of the key, it's awesome. If the only copy of my key is held by Microsoft or Sony, it's a shameless pwnage of my consumer rights whose physical and political defeat is a moral imperative.

Re:Boy, does this have the potential for bad (0)

Anonymous Coward | more than 2 years ago | (#41055863)

Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.

Isn't that just because the lower priced cards are failed versions of the higher priced cards? In other words, some of the cores are bad on some of the cards and instead of throwing them out they just disable the bad cores and sell it as a cheaper model. That way, they have a single manufacturing process and save money. You can unlock the extra cores in some cards but there's no guarantee that they will work. Has this changed?

Re:Boy, does this have the potential for bad (4, Interesting)

CanHasDIY (1672858) | more than 2 years ago | (#41056341)

Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit.

Oh, they'll give it to the mechanic's, alright - that is, the one's who work for their dealership.

Cars have actually been going that way for years, in a shameless attempt to kill of independent shops and shadetree mechanics; the process goes like this:

- new model of Car X comes out
- new model requires a special tool for trivial adjustment, i.e. toe adjustment on the steering wheels
- manufacturer patents the tool, so only they can make/sell it
- manufacturer refuses to sell the tool to anyone other than one of their own branded shops
- customers are forced to take Car X to the manufacturer branded dealership to have trivial repair made, at more than double what it would cost for an independent shop to make the same repair

Source: One of my many trades (one, specifically, that I actually have an education in) is 'auto mechanic.')

Re:Boy, does this have the potential for bad (4, Funny)

orgelspieler (865795) | more than 2 years ago | (#41056373)

I think this is the first time I've seen anybody do a computer:car analogy in reverse on this forum.

Re:Boy, does this have the potential for bad (1)

slick7 (1703596) | more than 2 years ago | (#41055413)

Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.

It's more like not letting the parameters being altered so as to run on water. One for BIG OIL.

Well if XP SP3 has been any indicator (0)

bstrobl (1805978) | more than 2 years ago | (#41054885)

The car will waste 20% of its engine capacity on keeping the computers running and an eventual update will delete the breaks...

Re:Well if XP SP3 has been any indicator (-1)

Anonymous Coward | more than 2 years ago | (#41055141)

brakes*. If English is your first language, you should be ashamed of yourself.

Re:Well if XP SP3 has been any indicator (1)

Anonymous Coward | more than 2 years ago | (#41055447)

English is my first language and I am utterly ashamed. I would have much preferred something without all the stupid spelling. my eyes are [ tearing ]

Signed Code (1)

sottitron (923868) | more than 2 years ago | (#41054895)

Its almost as if you'd want a system that only ran signed code...

Re:Signed Code (1, Funny)

Anonymous Coward | more than 2 years ago | (#41054963)

That solution is too easy. They brought in McAfee researchers because they want a 30MB solution that will continuously scan the car software, causing unpredictable hiccups, pop ups, and all that good stuff.

Re:Signed Code (0)

Anonymous Coward | more than 2 years ago | (#41055053)

That solution is too easy. They brought in McAfee researchers because they want a 30MB solution that will continuously scan the car software, causing unpredictable hiccups, pop ups, and all that good stuff.

so true

Re:Signed Code (0)

Anonymous Coward | more than 2 years ago | (#41055255)

McAfee, hmm? I even remember the good ol' days on Win98, when after installing McAfee the darn thing simply refused to boot.
Now you won't be able to turn on your engine, or what?

Re:Signed Code (2)

ColdWetDog (752185) | more than 2 years ago | (#41056855)

McAfee, hmm? I even remember the good ol' days on Win98, when after installing McAfee the darn thing simply refused to boot.
Now you won't be able to turn on your engine, or what?

Well, one could argue that with WIn98, that was the appropriate response.

Re:Signed Code (1)

gr8_phk (621180) | more than 2 years ago | (#41055027)

That already exists. For a number of systems in cars, the bootloader requires proper authentication to flash new code.

So long as they keep the "infotainment" systems off the vehicle bus everything should be fine. However, there are some nice things that can be done if these devices can talk to each other....

Distributed Processing (1)

Jane Q. Public (1010737) | more than 2 years ago | (#41055775)

That's the main thing. Devices that are irrelevant to essential system services, like sound systems, climate control, phone and WiFi, should be kept apart from the central processor.

If they need to communicate at all (I would argue no), it should be in one direction only: control signals from the main processor outward, with nothing in the other direction except for hard-wired feedback such as "Yes, I am turned on." By that I mean: they should be separate hardware systems with their own specialized software. Maybe a microcontroller, or some such. But one thing such peripheral systems should NOT be, is simply software subsystems running on the main processor.

The main processor should be limited in its communication/control of such devices. Feedback such as "Bluetooth is turned on" might be useful to some extent, but Bluetooth, WiFi, climate control, etc. should be offloaded from the main processor to subsystems of their own.

That simply eliminates most of the problem, and I know of no good reason they could not be designed that way. Just don't lump everything into a single system and OS. That's a big mistake.

Re:Signed Code (0)

Anonymous Coward | more than 2 years ago | (#41055043)

Its almost as if you'd want a system that only ran signed code...

...where you retain the ability to control the crypto keys that the signed code uses.

Signed code under the control of the user is okay. Signed coded working only for and only on behalf of someone else is not okay.

and can only goto the dealer for services no more (0)

Anonymous Coward | more than 2 years ago | (#41055061)

and can only goto the dealer for services so you have no more jiffy lube or any other NON dealer plan to get car work done from the oil change level and up.

Re:Signed Code (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#41055237)

Its almost as if you'd want a system that only ran signed code...

And only ran signed code that was verifiably resistant to unexpected or undesired behavior in the face of maliciously crafted input...

Just plain installing and running a malicious binary certainly is a handy; but the world is rotten with bad things being done, entirely with unintended features provided by officially installed legitimate programs that have taken a bite of malicious input...

Re:Signed Code (0)

Anonymous Coward | more than 2 years ago | (#41055339)

Is there any "signed code" system that actually is 100% reliable at preventing unauthorized code from running? Every time some major platform comes out that has these restrictions, some clever person finds a way to bypass or disable it. Maybe if it involves glitching the CPU then it's considered not an issue (since it involves some kind of hardware hacking), but otherwise if there is a software exploit that can achieve it, then all bets are off.

McAfee (0)

Anonymous Coward | more than 2 years ago | (#41054905)

Your car's anti subscription has expired. Without this protection, your car may get viruses and cease to drive. You wouldn't want that, would you? You should pay the $199.99 fee to renew for three years to insure you car is properly protected.

Re:McAfee (1)

Miamicanes (730264) | more than 2 years ago | (#41055445)

Or worse... they start treating oil filters like laser toner, and declaring them to be "expired" the moment your odometer ticks off 3,000 miles.

Or you could.... (1)

drewco (1631735) | more than 2 years ago | (#41054943)

not let a computer drive your car. They've been doing this for years, and it works pretty well. Problem solved.

Re:Or you could.... (1)

Zero__Kelvin (151819) | more than 2 years ago | (#41055545)

Or you could use a horse and carriage. They've been doing this for years, and it works pretty well. Unless of course the "problem solved" to which you refer was related to efficiency, performance, reduction of emissions, etc. in which case the problem isn't so solved by your solution after all.

Re:Or you could.... (0)

Anonymous Coward | more than 2 years ago | (#41055691)

My experience with other people's driving shows me that no, it doesn't work pretty well.

Of course I'm the most awesome driver ever since Dale Earnhardt Sr. was taken from us to drive Jesus around in Heaven.

Why if I had the money, I'm sure I could drive the Chicago Bear's bus to win the Indy 500.

Re:Or you could.... (1)

moeinvt (851793) | more than 2 years ago | (#41056405)

I highly doubt that you can even buy a car these days that doesn't contain dozens of microprocessors and microcontrollers exercising all sorts of software.

I actually think it would be cool if you could buy a decent car that didn't use this type of technology. A car where you could be reasonably sure that you couldn't be tracked or shut down by the government. Also, something that would remain largely functional or at least something that could be repaired with basic mechanical tools after an EMP event.

Call it the "Ford Paranoia" or the "Chevy Technophobe".

Uh huh... (2, Insightful)

Hartree (191324) | more than 2 years ago | (#41054979)

Sounds like the auto makers are getting tired of individuals being able to change their own cars engine/transmission settings, and or, do fixes that usually require paying the dealer.

Congress mandated an open set of engine/car diagnostic codes due to them not releasing service information some years back. Sounds like they're investigating the possibility of re-imposing something similar via "security" concerns.

"Think of the children that could be put at risk if $evil-auto-hacker isn't protected against!"

And as per usual (1)

Flipstylee (1932884) | more than 2 years ago | (#41054981)

Those that can hack these systems will hold their best exploits until they need them,
want to get famous, or just for the lulz. Nothing has changed, this was a problem from the beginning,
signed code or not (that is a step in the right direction though IMO).

CAN is cool, but... (5, Insightful)

iamgnat (1015755) | more than 2 years ago | (#41054983)

I played with having a computer in my car for a few years and it is shocking what you can do once you have access to the CAN bus. I mean it's cool that I can plug a device in and program it so that it will catch the commands from my window switches and have them instead activate my blinkers, but that (theoretically as far as I know) a compromised update to your radio could let it do the same thing is a bad thing and that there is a growing trend for cars to be more connected (e.g. wifi hotspots, etc..) is outright scary.

Maybe they could start by separating networks for the critical functions and entertainment systems. The only possible access to the critical systems should be by a physical connection. They don't need (bad) software security experts to help solve this problem. They need good network architects. It shouldn't simply be a matter of the engine verifying that the "more gas" command came from the ECU and not the radio. The radio should simply never be able to get a message to the engine without wiring changes.

Re:CAN is cool, but... (3, Informative)

vlm (69642) | more than 2 years ago | (#41055131)

The radio should simply never be able to get a message to the engine without wiring changes.

My father's decade old SUV talked to the transmission to control radio volume based on road speed.

The hard part is making a single RW bus read only in the proper direction at all times.

Thankfully it didn't run windows so there's no virus issue. But radios and engine/transmission computers have been talking for quite awhile.

Re:CAN is cool, but... (1)

Baloroth (2370816) | more than 2 years ago | (#41055245)

Thankfully it didn't run windows so there's no virus issue.

Ha. Hahah, wow, this is... well, just straight up completely wrong. Just because it isn't Window's doesn't mean it can't get virii or other malware, not by a long shot. But anyways, even assuming you want the radio talking to the transmission, it should be a one-way communication: the radio shouldn't be able to send the transmission commands. It's odd to think of needing a firewall on your car, but with that's definitely needed for a situation like that.

Re:CAN is cool, but... (0)

Anonymous Coward | more than 2 years ago | (#41055831)

Use a diode and a voltage sensor circuit in the radio...?
Do we need CANbus and/or gigabit ethernet to do that?

Re:CAN is cool, but... (1)

NJRoadfan (1254248) | more than 2 years ago | (#41055935)

It likely used a wire sending a speedometer pulse signal from the instrument cluster (usually a sine wave). The same signal is used for cruise control. No CAN-BUS needed.

Re:CAN is cool, but... (1)

ceoyoyo (59147) | more than 2 years ago | (#41056029)

"The hard part is making a single RW bus read only in the proper direction at all times."

That's not hard at all. If you want to be really sure you use an optoisolator.

Re:CAN is cool, but... (4, Interesting)

slim (1652) | more than 2 years ago | (#41055155)

Not just theoretically -- University of Washington researchers crafted an MP3 that let them at the CAN via the MP3 player: http://www.newscientist.com/blogs/onepercent/2011/03/how-an-mp3-can-be-used-to-hack.html [newscientist.com]

Re:CAN is cool, but... (1)

Atryn (528846) | more than 2 years ago | (#41056529)

The as-yet-unpublished research was presented to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, established to investigate the safety and security of automobile electronics following the large-scale recall of malfunctioning cars in 2010.

LOL... or, one manufacturer might use such exploits to create a series of improbable events labeled "malfunctions" which damages their competitor's sales and forces large scale and costly recalls. Hmmm... Industrial Espionage just moved up a tick in the automotive industry... distributed industrial sabotage.... trademark pending?

Different bus (0)

Anonymous Coward | more than 2 years ago | (#41055305)

At least when I worked on these, there was one bus for the car systems brakes, engines etc.) and one for the systems like radio (more about traffic data transmitted as a sideband than a fancy display), DVD players and Net.

McAfee often crashes my computer (it causes a thread deadlock by linking two things never intended to be linked and locks the machine up). So I don't rate McAfee (or other virus vendors) for anything.

Better to have proper security like separate bus data, and secure OS's than some patch thrown on afterwards that pretends to catch things that have infected you machine.

Intel? No, some middle manager in Intel has made a bad choice, he should be sacked.

Re:CAN is cool, but... (0)

Anonymous Coward | more than 2 years ago | (#41055497)

Dunno about other brands, but the one I'm toying with at the moment has a "CAN gateway" that separates the up to six busses inside the car. The "infotainment" CAN bus is one of them. I haven't checked yet if there's some firewall functionality in there, but I sure hope so. On the other hand, I can read the oil level and some other parameters from the onboard computer... hm...

Re:CAN is cool, but... (0)

Anonymous Coward | more than 2 years ago | (#41055539)

It's a good idea, but in reality you would have to have multiple partitions, because there are some operations that are inherently "wireless" but would need access to critical systems (in the mechanical sense) in order to work. For example, people want keyless/wireless access to locks and remote starters. Either of those could be abused if someone got access remotely (e.g., locking a passenger in, or engaging the starter while the car is driving). If you were careful about it, you could probably have a system that recognized different security when the car was parked versus when it was driving, and that had physical and software protections that engaged when it was moving. It would still be a maze of twisty logic and engineering to figure out, and would not be as simple as the partition you describe. That would only be the start.

I hope they don't think grafting an AV program onto a system would be a "solution". It's at best a band-aid. If you have to rely on signatures and other signs of malware, then you've already designed a bad system.

Re:CAN is cool, but... (0)

Anonymous Coward | more than 2 years ago | (#41055839)

As an industry insider, I can tell you first hand that they do not understand security and how it impacts safety.

An example of their cluelessness: A particular ECU I worked on is considered safety critical, so required several additional ECU integrety self-checks not required (or even allowed) in non-safety critical ECUs. For one test, I needed a psuedo-random nuber generator with a very long period. A math wonk I know loaned me a copy of "Applied Cryptography" saying that there are some good PRNGs in it. When my boss saw the title of the book, he exclaimed "What the ****!!! You are not putting putting encryption in the software are you?" I showed him the part of the book I was using and assured him there would be no encryption code in the software, just a good random number generator. Even now he is dubious of the PRNG code, as though getting the algorithm from a book on cryptography somehow taints it. (Yes, we considered using the hardware registers, but because all internal timing is derived from a single master clock source, the registers were not useful for our needs.)

Re:CAN is cool, but... (2)

Jane Q. Public (1010737) | more than 2 years ago | (#41055893)

That's simply poor systems design. You are vastly better off making it distributed.

There is no way a single processor should be involved in all these things. For example, a sound system could talk to your transmission more-or-less directly (or share input from the transmission, at any rate) without sharing any processor or code with the central control system.

Similarly, there is no reason that other devices like Bluetooth, WiFi, cabin temperature, phone, and so on should be connected to the main control system. Instead they should be on separate subsystems of their own, probably with their own microcontrollers.

Isolating those systems allows MUCH easier optimization of them, for one thing, without complicating (or introducing bugs or security issues into) the main control system.

At most, control of those devices should be through a central processor that allows for voice control... again separately from the central system. The only thing the central system should be receiving is hard-wired feedback about system status. And I argue that it need not bother with most of those subsystems at all.

Re:CAN is cool, but... (3, Insightful)

enbody (472304) | more than 2 years ago | (#41056263)

Maybe they could start by separating networks for the critical functions and entertainment systems.

Cars used to have multiple busses, but they unified them to save weight to improve fuel efficiency.

That is, they chose fuel efficiency over security. Remember, right now fuel efficiency will sell more cars than a more nebulous "security" that few can appreciate (until something really bad happens).

I hope it's not band-aid (3, Interesting)

slim (1652) | more than 2 years ago | (#41054987)

McAfee makes me think of AV, and AV makes me think band-aid. Please, please let's not end up with a situation where cars are susceptible to viruses, therefore an AV application scans for viruses. Cars (or at least, the important bits of them) should be secure from the ground up.

The problem has been that the designers have given computer security no thought *whatsoever*, and applied techniques already well known to security people, too late for some victims.

For example, the first remote keys were susceptible to replay attacks. Anyone with half a clue about computer security already knew at that time that needed a challenge/response scheme. But keys with challenge/response came later. And keys with sufficiently secure crypto algorithms came later still.

For example, it's common to have the audio system, the ignition, the satnav, etc. all on the same data bus, with no authentication. From a security point of view, that's a disaster waiting to happen. Researchers have already demonstrated hacking the MP3 player to unlock the doors -- pointing out it's not much of a stretch to having hacked cars unlock themselves and email their GPS location to the attacker.

Re:I hope it's not band-aid (0)

Anonymous Coward | more than 2 years ago | (#41055329)

My car with its carbureted engine, throttle linkage and cylinder and servo type brakes is infinitely secure from "car viruses" :)

Re:I hope it's not band-aid (1)

Amouth (879122) | more than 2 years ago | (#41055637)

got to love classic cars

Re:I hope it's not band-aid (1)

slim (1652) | more than 2 years ago | (#41055859)

got to love classic cars

Because who needs a comfortable car that starts reliably and uses fuel efficiently?

Re:I hope it's not band-aid (1)

Amouth (879122) | more than 2 years ago | (#41056041)

that's not true.

I've got an MG Midget, that after a fair amount of modifications from original, is extremely reliable, extremely fun to drive, and gets better gas mileage than my wife's civic and my miata.

Re:I hope it's not band-aid (0)

Anonymous Coward | more than 2 years ago | (#41056047)

Soon, everything from the Android market in your car! If you have that glorious HUD displaying the essential information on your windscreen, you can now have windscreen blocking warnings about the app you downloaded yesterday while driving on the Autobahn. Other glitter of joy can be had from the automotive NFC and smart traffic systems relaying on ad hoc wireless networks coming in the future.

I died because of Farmville?!?!? (2)

Impy the Impiuos Imp (442658) | more than 2 years ago | (#41054995)

Worked on some of the first Microsoft-based car nav radios, a Windows-CE based auto-specific system. MS was in the mode of "Hey, 3rd party apps are a feature!" and the auto companies were like, "Not gonna happen."

Not in the land of Congressional hearings and $100 million recalls. You think Facebook dodging the class action suit in that other thread is a big deal, imagine a lawyer trotting broken or dead bodies before the camera because one of the Big Three didn't properly vette Angry Birds: Cruisin' Down the Highway.

Viruses and malware are just a matter of time.

Re:I died because of Farmville?!?!? (1)

Atryn (528846) | more than 2 years ago | (#41056603)

...Angry Birds: Cruisin' Down the Highway.

I prefer a multi-player FPS type game... imagine an augmented reality interface where you can see the virtual turrets mounted on your hood and aim them at other cars logged into the game. You could see those cars taking damage and then eventually being "destroyed". Of course, you also have to watch your six and consider your shield levels as well. If you had passengers in the car, maybe they could man the rear guns or monitor system health and repairs...

I think I just made family road-trips much more fun...

Never connect the critical systems to the internet (2)

rolfwind (528248) | more than 2 years ago | (#41054997)

Needless to say, never connect the critical systems to the internet or to other computers connected to the net. Besides security concerns-- ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.

Re:Never connect the critical systems to the inter (1)

vlm (69642) | more than 2 years ago | (#41055213)

ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.

Most importantly an attempt to eliminate the resale market.

Perhaps in the future you'll have to register and buy annual (or more often) updates for your car from the app store, and you won't be allowed to change the owner of the car, why the heck would you be permitted to do that, are you some kind of car thief?

I'm sorry sir your engine computer hardware is yours, but the software that runs on it is only licensed to the original buyer. You can only buy an engine computer software license with the purchase of a new engine computer. A new engine computer is only $999.95 or you can buy a $125 month two year service contract and get a complimentary new engine computer for free. Its all to protect you from hackers, you see.

Re:Never connect the critical systems to the inter (0)

Anonymous Coward | more than 2 years ago | (#41055941)

That is actually true in some cases.

One example is a certain car maker when it comes to making keys for its engine anti-theft system. If you lose eight keys (which might happen if there were multiple owners), you have to buy a new ECM that will be thousands.

Compare that to Ford's where if you lose all keys, you attach a terminal, wait 10 minutes (it has a delay), zero all keys out, add two keys, and one's vehicle is ready to go. Subsequent keys can be added without a programmer very easily.

So, for the added benefit of supposedly better security, one has to go to the dealer for any new keys and pay hundreds for the key, plus a few C-notes depending on how the dealer feels that day.

Re:Never connect the critical systems to the inter (1)

mikechant (729173) | more than 2 years ago | (#41056251)

and you won't be allowed to change the owner of the car,

That's pretty far fetched; unless all the car manufacturers did this at the same time, the sales for those cars with this 'feature' would drop through the floor since they would have no resale value. If all the car manufacturers *did* do it at the same time it would probably be some sort of cartel issue and illegal.

Much more likely is that you would have to officially update the registration with the manufacturer in order to carry on receiving necessary updates after a change of owner, and to do this you would have to pay a 'reasonable admin fee to cover costs' (as they would put it), which could be quite lucrative for the car manufacturers, but not seriously affect resale values if set at the 'right' level. This way they get a cut of all resales for doing virtually nothing.

Re:Never connect the critical systems to the inter (1)

equex (747231) | more than 2 years ago | (#41056039)

Needless to say ? It can't be overstated, if you ask me. This is disaster waiting to happen, grab some popcorn after you secure yourself a 20+ year old car in good shape.

A revolutionary idea (1)

MadCat221 (572505) | more than 2 years ago | (#41055001)

Here's a revolutionary way to combat illicit car hacking. It'll blow your mind away.

Ready?

Are you sure?

Don't make the car computer have a wi-fi antenna.

Groundbreaking, isn't it?

Re:A revolutionary idea (4, Informative)

slim (1652) | more than 2 years ago | (#41055093)

Don't make the car computer have a wi-fi antenna.

There are plenty of other vectors. The keyless ignition system. The remote central locking. The MP3 decoder. The digital radio. With physical access -- direct connection to the bus.

Re:A revolutionary idea (2)

Baloroth (2370816) | more than 2 years ago | (#41055299)

If you have physical access to the bus, it's already game over. The rest should all be segregated from the car's central computer, either through a one-way filter (aka a firewall) or simply by not being on the same network. There is no reason the radio should be able to start the car or unlock the doors, and for its part the keyless entry shouldn't be able to disengage the brakes or start the radio (but should be able to start the engine or unlock the car). The keyless system presumably has security already, so it shouldn't be a problem anyways.

Find a better answer (0)

Anonymous Coward | more than 2 years ago | (#41055607)

If you have physical access to the bus, it's already game over.

We don't accept that answer for Internet security, so we shouldn't accept that answer for critical control systems networks.

Imagine the heads rolling if reactor control servers had no security from bad devices on their building networks.

Re:A revolutionary idea (1)

squizzar (1031726) | more than 2 years ago | (#41055313)

Surely they should just have a physical separation between the busses - one for safety-critical features (Engine, Transmission, ABS, Lighting etc.) and one for entertainment and other 'utility'. If a controller needs to link between the two then it should only support a very limited range of commands, and there should be no direct method for passing a command or data from the 'utility' bus to the 'safety' bus. Ideally these critical controllers should be read-only on the 'utility' bus. These portions of the code need to be tested and verified, preferably openly and independently. Thus there would be no way to inject bad commands onto the safety critical bus except by physically connecting something to it.

You don't even need malicious software for things to go wrong... my Audi A4's radio uses the diagnostic bus to get speed information for volume control, it died and knocked out communications for everything in the car... for the sake of a couple of extra wires.

Stupid stuff again (4, Informative)

Compaqt (1758360) | more than 2 years ago | (#41055009)

Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?

How about this: Just mount an iPad (or Galaxy) into the console.

Done.

But, no, they want to show you the oil level on a touchscreen instead of in front of the steering wheel. Meaning they have to hook it into the engine computer. Giving attackers an in.

Re:Stupid stuff again (3, Insightful)

slim (1652) | more than 2 years ago | (#41055259)

Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?

Because it's the cheapest way to provide features that customers want, and competitors will deliver.

Re:Stupid stuff again (1)

Sentrion (964745) | more than 2 years ago | (#41055279)

I wouldn't be so concerned if the car computer was only outputing data. That might be fun and useful with few, if any, security risks for most drivers. I do, however, have a problem with my accelerator or brake system being controlled by some external device rather than my hard-wired foot pedal. For what it's worth, many military aircraft are triple-redundant, meaning that your flight stick is primarily fly-by-wire, but in the event of a failure your flight stick is also directly connected to hydraulic lines to control the flight surfaces, so if all else fails you can put some muscle into your flight stick and control the flight surfaces by wire like a WWI byplane. I would prefer if some sort of redundancy or manual override was something that I could take for granted as a natural assumption. But given how business is done these days I think such an assumption would be naive. Look at power windows - they may be your only way out after a crash or in a flood, but where is the emergency hand crank? It is conspicuously absent.

Re:Stupid stuff again (2)

tlhIngan (30335) | more than 2 years ago | (#41055821)

. I do, however, have a problem with my accelerator or brake system being controlled by some external device rather than my hard-wired foot pedal. For what it's worth, many military aircraft are triple-redundant, meaning that your flight stick is primarily fly-by-wire, but in the event of a failure your flight stick is also directly connected to hydraulic lines to control the flight surfaces, so if all else fails you can put some muscle into your flight stick and control the flight surfaces by wire like a WWI byplane.

Incorrect. The brakes have always been hydraulic and barring loss of hydraulic fluid, will always work (and if applied sharply so they don't fade, will stop a car with a racing engine).

Throttle though has been disconnected - you may have something called "cruise control" in which the car computer controls the speed - well, you're putting the throttle control in front of the computer. (Brakes are considered too safety-critical though).

As for aircraft - a modern fighter is too unstable to control manually - if the computers die out, there is no choice BUT to eject because it's uncontrollable. And many of the larger planes cannot be controlled by hand - the flight surfaces are too hard to move without assistance, and often times, do not work as expected (most airliners don't use ailerons once cruising - to turn, they use spoilers instead as ailerons are too draggy and can stall).

Plus, mechanical overrides are nice in theory, but there have been enough instances where hydraulic fuild is lost, or cables get pinched so mechanical control is locked up tight. Fly by wire (or really, fly by network as you need two-way connectivity) surprisingly increases reliability.

Re:Stupid stuff again (0)

Anonymous Coward | more than 2 years ago | (#41055927)

... For what it's worth, many military aircraft are triple-redundant, meaning that your flight stick is primarily fly-by-wire, but in the event of a failure your flight stick is also directly connected to hydraulic lines to control the flight surfaces, so if all else fails you can put some muscle into your flight stick and control the flight surfaces by wire like a WWI byplane.

I would prefer if some sort of redundancy or manual override was something that I could take for granted as a natural assumption. ...

Then you're prepared to pay Pentagon pricing ($ millions) for your car?

Re:Stupid stuff again (1)

ceoyoyo (59147) | more than 2 years ago | (#41056115)

You gave a single redundant system... what are the other two?

If your doors don't open after a crash it's not very likely your windows will. And windows have this great manual override - they break. you do have something to break windows with in your car, don't you?

Re:Stupid stuff again (0)

Anonymous Coward | more than 2 years ago | (#41056467)

If your doors don't open after a crash it's not very likely your windows will.

If you career off the road into a lake and sink, the door will likely be difficult to open due to the pressure difference between the interior and the exterior of the vehicle. If you wind the window down, the pressure will be equalised allowing you to open the door more easily. Smashing the glass with something hard is a less desirable alternative, or, failing that, you could just sit there and wait for the water to slowly seep in elsewhere.

Re:Stupid stuff again (0)

Anonymous Coward | more than 2 years ago | (#41055973)

As an industry insider, I can tell you that, so far, these displays are far simpler than any tablet, smartphone or other PDA. Currently, the only way to hack them would be by accessing the CAN bus.

It would be possible to provide a one-way means to send data to a tablet or smartphone. Use a one-way opto-isolator to send data to a Bluetooth or WiFi node. Because of the isolator. there would be no way for the node to inject messages back on to the CAN bus, so even if the node were hacked, it would be useful for either sending monitored data to an unautorized device, or to correct the data being sent to the authorized device.

To capture audio system revenue? (1)

swb (14022) | more than 2 years ago | (#41056451)

I always wondered if this wasn't at least partly done to capture the customer's audio system spending.

Car makers traditionally have been way behind the times in terms of car audio, and even simple upgrades were always really expensive due to the highway robbery prices they charged (since they were nearly always a dealer add-on).

So you bought the base model radio and then went to Best Buy or wherever and bought a better model, speakers, power amp for less money than the car maker wanted.

At first car makers seemed to resist buy going double-DIN, but the carmakers fixed that with brackets, double-DIN stereos and other faceplate doodads.

Now with the integration, you can't do squat. My 2007 Volvo S80 uses the stereo for the car's menu system; even the dash stuff would be hard to work around; it's not a typical double-DIN setup. Even the speakers are used as part of the safety systems and backup sensor.

If you really wanted aftermarket audio, I think you'd almost need a completely remote system (maybe controlled by smartphone or some other touchscreen mounted separately like an aftermarket GPS or phone holder). And then there's the whole speaker issue...

Re:Stupid stuff again (1)

mordred99 (895063) | more than 2 years ago | (#41056843)

It is not just that, What does Onstar or similar service do? They have 100% full access to the vehicle. They can start it, they can monitor your fluid levels, tell you how to get someplace, etc. This mean you are GPS tracked, and they have full access to shutdown or start your car at all times. I never wanted that system in my cars and I typically find the fuse for the onstar circuit in my car and pull it once the free year (or 3 months) is out. They cannot tell me where I am if they cannot work. All these systems are is basically a cell phone (which is why you have a cell number with their service) and they can communicate at all times with whoever is monitoring it, even when you are not paying for their service. Since Car companies want to provide this service to nervous betty who cannot find the local wal-mart, and needs help at all times, and pays for the service, all of us are exposed to the gaping security hole that is these services.

stop car by crashing it with carp bloated software (0)

Anonymous Coward | more than 2 years ago | (#41055011)

stop the car by crashing it with carp bloated software.

Re:stop car by crashing it with carp bloated softw (1)

Anonymous Coward | more than 2 years ago | (#41055437)

Why would you be loading fishing software onto a car?

More likely case (1)

onyxruby (118189) | more than 2 years ago | (#41055207)

The car manufactures risk being held liable for people stealing their cars through remote exploits. For years now insurance claims have been denied for certain auto theft claims based on the theory that certain types of keys couldn't be replicated. During the interim of course hackers had figured out how hack the key systems and started stealing the cars without the keys.

Sooner or later the inevitable happened and they got caught on video doing so. I believe there was a story over the UK a few weeks ago about this. Now that the evidence is ironclad the issue has to be acknowledged and Intel is simply targeting a market that is newly available. There is no reason that other companies can't target this same market to provide security services either. To be frank I'm surprised nobodies 'stolen' a car at defcon or black hat yet for one of the demo's.

Re:More likely case (1)

vlm (69642) | more than 2 years ago | (#41055289)

For years now insurance claims have been denied for certain auto theft claims based on the theory that certain types of keys couldn't be replicated.

I find this hard to believe as everyone knows tow truck drivers and repo men (often one and the same) can tow anything. A quick snip and the parking brake doesn't matter either.

Same problem with motorcycles. You don't need a lockpick to steal a cycle, you need a pickup truck with a ramp and one of those mounting bar things. I've seen harleys stuffed into vans too.

Re:More likely case (1)

Atryn (528846) | more than 2 years ago | (#41056835)

To be frank I'm surprised nobodies 'stolen' a car at defcon or black hat yet for one of the demo's.

It would have been highly amusing if Gen. Alexander's car had refused to either arrive or depart Defcon this year... Or whatever car he was being chauffeured in.

so is this good or bad? (1)

alen (225700) | more than 2 years ago | (#41055235)

few months back there was an article here about how car computers are ripe for hacking and everyone said the car companies suck for such crappy security

now that they are doing it the car companies suck for locking down their cars

Grammar Nazi (2)

ari_j (90255) | more than 2 years ago | (#41055263)

I am very impressed with a person "who forced ATMs to ... cause medical pumps to release lethal doses of insulin." But why are ATMs and medical pumps connected to each other in the first place?

Re:Grammar Nazi (1)

Penurious Penguin (2687307) | more than 2 years ago | (#41055847)

It's that silly new convention where commas are no longer used before "and" -- e.g., "The loud noises make the hamster [twitch and cause] the walls to shake". I'm all for a benevolent linguistic dictatorship, but sadly, Language = Mob-Rule, or at least popularity. When weighing the value of popularity, you can always remember the Mc (*)Billions Served, or turn on the radio.

Security is haaaard, woo woo! (1)

Okian Warrior (537106) | more than 2 years ago | (#41055307)

We need updates "over the air", without operator intervention! It's too inconvenient for owners to have to come into a dealer for updates, that's unreasonable!

And it won't allow us to do the updates as often as we like! We're always fixing bugs, so we need the ability to update the software every 6 hours... sometimes even less! Look at Firefox and Windows - how often do they update? It's an industry standard!

And encryption? That's haaaard! It takes time and effort to implement and it adds no value to the end product. We could better monitize our developer value by having them implement bells and whistles! More features is perceived as better value, making the left automatic window button work differently than the right one is seen as more valuable by the end user! Don't spend time on encryption, it's features all the way!

==============

Force the manufacturers to update once a year or less, this will help make sure that they get it right and only fix things that are needed.

Force the manufacturers to recall the vehicle for an update. Yes, it's inconvenient. Yes, it's necessary. Pro tip: Making it expensive to fix will encourage the manufacturer to get it right the first time.

Force the manufacturers to open the spec on the software, including the update channel. If a hacker can crack it, it's not secure enough.

This is not hard. Other products have figured this out already (for example, printer industry). When it's expensive to fix, it puts pressure on the manufacturer to get it right the first time.

LEXUS fallout (1)

ElitistWhiner (79961) | more than 2 years ago | (#41055499)

So that fiery CHIPS officer and his family in San Diego for whom no human amount of effort could save themselves from terror by electronic FAILUNDER comes down to ' its not our fault?' someone reprogrammed the blackboxen?

McAfee? (0)

Anonymous Coward | more than 2 years ago | (#41055625)

McAfee: "Warning! Very serious problem detected! McAfee has been compromised and cannot correct the problem. Please fix now. To upgrade to our more verbose warning messages, please click here now and make your credit card ready."

My car is theft proof (1)

IWantMoreSpamPlease (571972) | more than 2 years ago | (#41055627)

It's got two things going for it

(a) it's a manual
(b) it's a TVR

(for those that don't get (b), you really have to know what you are doing to start one, look up Top Gear for more info)

Re:My car is theft proof (1)

PPH (736903) | more than 2 years ago | (#41055825)

(a) it's a manual

I can top that. My car has a device sure to stump all but the most expert car thieves:

A knob on the dashboard labeled 'Choke'.

Now get off my lawn!

Re:My car is theft proof (0)

Anonymous Coward | more than 2 years ago | (#41056157)

(for those that don't get (b), you really have to know what you are doing to start one, look up Top Gear for more info)

Yeah, I've driven English cars too.

Blocking performance enhancement? (0)

Anonymous Coward | more than 2 years ago | (#41055667)

Manufacturers standardise on a few engine types nowadays across their entire range, with power profiles being controlled by the ECU. Its common practice to upgrade an engine by "chipping" the ECU to give higher speed, remove artificially imposed maximum speeds, better acceleration and so on - think of it as overclocking your car!

Car makers are using security as a smokescreen to prevent owners from fiddling with those money-making parameters.

OK, I know that cheaper cars will have less effective brakes, less durable transmissions, not so well specified tires; these can be changed when you hot your car up, but the basic improvement in engine power output will no longer be available to the user if security is imposed. You want faster? Give us more money!!!

Better plan (0)

Anonymous Coward | more than 2 years ago | (#41055675)

Stick with a dumb auto. The world is not ready for smart cars.

Re:Better plan (1)

Attila Dimedici (1036002) | more than 2 years ago | (#41055743)

Too late

What about trailer tractors? (1)

Lexible (1038928) | more than 2 years ago | (#41055701)

Is building up viably secure automotive computing platforms part of a push toward a fleet of automated teamsters?

Between McAfee and the hackers. (1)

Ukab the Great (87152) | more than 2 years ago | (#41055835)

I'll take the hackers, thank you--with them I at least have some chance of purging *their* malware from my computer system.

Why cars need Free Software (0)

Anonymous Coward | more than 2 years ago | (#41055975)

Old battles are renewed in new arena.
  Proprietary interests will deny device owners access to their data with the excuse of protecting public safety.
  Proprietary interests will claim that security by obscurity is better than proven network security standards.
  Engineering implementers need the wise counsel of those who understand the Law.

http://www.slideshare.net/chaiken/alison-chaikenlibreplanet2012

Biometrics, no? (1)

Penurious Penguin (2687307) | more than 2 years ago | (#41056109)

Strange that they left out biometrics [huffingtonpost.com] [Ford], which is probably an imminent method of security in the future. WTF McAfee would be taking the lead in that, I don't know.

McAfee researchers? Really? (2)

guygo (894298) | more than 2 years ago | (#41056137)

Really? McAfee researchers? This is the company that crashed millions of their business customers' systems with an untested update. As I write this there are 1000s of home McAfee customers who have lost Internet connectivity because of another untested update. These are the people you want to listen to when it comes to security? Oh Pulease!

Re:McAfee researchers? Really? (0)

Anonymous Coward | more than 2 years ago | (#41056491)

McAfee does not equal trust in my book. I have been bitten too many times by either their updates or but what they do not protect against. After they are no longer a viable option, ever, and have not been in lots of years. I am actually quite surprised they have not gone belly-up.
Fool me once, shame on you. Fool me twice, shame on me.

relevant XKCD (0)

Anonymous Coward | more than 2 years ago | (#41056571)

http://xkcd.com/463/

Sorry Officer ... (2)

moeinvt (851793) | more than 2 years ago | (#41056767)

Bonus points to the first person that talks their way out of a traffic ticket with the excuse that their car has been hacked.

McAfee On Board (2)

ThatsNotPudding (1045640) | more than 2 years ago | (#41056781)

Having McAfee running anything on your car will, at minimum, will add 3 seconds to your acceration times, and knock 5 mpg off your milage. You will also have to run the A/C more to offset the extra heat load on the CPU. Plus, about every fifth update, it will kill your car so dead, you will have to call AAA for a tow.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?