Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Reveal Nasty New Car Attacks

samzenpus posted about a year ago | from the unsafe-at-any-speed dept.

Transportation 390

schwit1 writes "Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat. Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day's experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn't so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.) The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers."

cancel ×

390 comments

Sorry! There are no comments related to the filter you selected.

High risk (4, Insightful)

suso (153703) | about a year ago | (#44384711)

"The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems"

As a security researcher who believes in the spirit of the open release of vulnerabilities, I feel that this is irresponsible behavior on the part of these security researchers. We're not talking about releasing a vulnerability that will compromise someone's e-mail. We're talking about a high risk vulnerability that could cost some random person their life. These two gentleman should take a deep breath before releasing this information to the computer industry first rather than the auto industry. The auto industry may not have a tradition of attending these types of conferences and so by releasing the information at Def-con you're giving the wrong people a head start. Sure, the auto industry already knows about these problems, but you have to try to give them the benefit of the doubt when you confront them about the problems that they will try to fix it.

Re:High risk (5, Interesting)

Xaedalus (1192463) | about a year ago | (#44384805)

The mere fact that this has been announced has already started the wrong people working on it. At this point, releasing at Def-Con is the right thing to do, because not only will that patch get fixed, but others will come to similar conclusions and keep an eye out for peers who are going to exploit this. Black hats have family too.

Re:High risk (5, Insightful)

Anonymous Coward | about a year ago | (#44384813)

Right now they have to hook directly into the odb plug to do this, the same person with that kind of physical access can do any number of nasty things to your car.

They are more warning about the lack of security when this stuff becomes accessible remotely (cellular or otherwise wireless) that there are going to be serious security issues as anyone breaking into that remote access path can do serious things.

Re:High risk (5, Interesting)

Anonymous Coward | about a year ago | (#44384933)

You mean like if there was some embedded computer plugged into the same CANbus as the OBD port, that had a cellular radio on it that was already shown to be vulnerable to attack? One sold on every new car from a certain major manufacturer?

Yeah, in the future, when OnStar exists, there will be serious issues. Wait, was "future" the right word?

The underlying problem is that CANbus was designed by automotive engineers and not network security people.

Re:High risk (4, Interesting)

HornWumpus (783565) | about a year ago | (#44385073)

Honda and Accura nav systems are also apparently hooking into the OBD port. They report codes on the nav screen, can't (or won't) clear them.

Re:High risk (2)

nitehawk214 (222219) | about a year ago | (#44384821)

I feel that this is irresponsible behavior on the part of these security researchers.

Because we all know that if the researchers quietly tell the auto manufacturers they will fix the issues and make sure everything gets updated. Our upstanding auto manufacturers would certainly not try to bury issue and sue the reporters out of existence!

As a security researcher you should be used to companies trying to deny, bury and ignore reports instead of correct them.

Seriously, the only way to get a company to fix a flaw is when the pr nightmare becomes so great that it is cheaper to fix the problem than deny it.

Re:High risk (3, Insightful)

radiumsoup (741987) | about a year ago | (#44384963)

You speak as if all companies are equally bad. Somehow, I think you're either young or more sheltered than you believe you are.

Indeed there must be many ehtical companies ... (4, Insightful)

golodh (893453) | about a year ago | (#44385409)

apart from the banks, the tobacco industry, the arms industry, big pharma, big oil, marketing firms and so forth.

If only because their helmsmen are required, by law, to maximise shareholder value. Nothing else. In fact: senior management can be sued if they don't set policy to that effect.

The upshot is that no publicly traded company can really afford a moral or ethical compass. What passes for ethics in companies is usually nothing but well-understood self-interest (as in: avoidance of PR damage and a resulting slump in sales through bad publicity).

Whilst I'm against releasing any kind of software vulnerabilities before the responsible parties have had a decent chance to fix it, I'm just as skeptical as most regarding the inclination of e.g. car manufacturers to improve security unless there is a massive PR debacle. For massive PR debacle read: a nasty and widely covered crash involving a photogenic celebrity (ugly celebrities won't cut it) and his/her children, that can be traced unequivocally to the lax security of a car's on-board datacommunication infrastructure.

That's the main thing I can see as getting their attention and lending the issue any kind or urgency. If only because of CYA considerations on part of top management. The only alternative would (in my view) be compulsory network safety standards for cars.

Re:High risk (4, Insightful)

suso (153703) | about a year ago | (#44385259)

Because we all know that if the researchers quietly tell the auto manufacturers they will fix the issues and make sure everything gets updated. Our upstanding auto manufacturers would certainly not try to bury issue and sue the reporters out of existence!

As a security researcher you should be used to companies trying to deny, bury and ignore reports instead of correct them.

Seriously, the only way to get a company to fix a flaw is when the pr nightmare becomes so great that it is cheaper to fix the problem than deny it.

Yes and I also know about technically minded people denying that problems are real issues too (See libvte vulnerability [climagic.org] ). DARPA has known about these issues [youtube.com] for a while now and apparently the issues are a lot more real and scary than most people realize. We're talking about the ability for a hacker to do something to your car simply by playing a song over your iPod or on a CD. Or a program being injected the next time you get an oil change because the service center's computer had been hacked remotely.

And we're not talking about ego maniac hackers sitting in their basements causing a few cars to honk their horn because they think it will be funny, we're talking about terrorists and countries writing a song that one day everyone plays one day and we have 1 million 60mph 2 ton missles with families in them flying up the road all the same time. That will be a very bad day. But that's ok, because we tried to tell the auto manufacturers and they just didn't listen, so its their fault right?

What these researchers are doing here is treating this vulnerability as if its any other vulnerability, which its not. Human life is at stake, not your email or bank account password. Yes, they do recognize the dangers, but they don't seem to realize that they should be changing their approach accordingly. For instance, they do their tests out in the open on public roads and put someone behind the wheel who doesn't know what is going to happen. You don't really need to do that to demonstrate that there is a problem.

Re:High risk (1)

EvanED (569694) | about a year ago | (#44385369)

We're talking about the ability for a hacker to do something to your car simply by playing a song over your iPod or on a CD. Or a program being injected the next time you get an oil change because the service center's computer had been hacked remotely.

Worse: things like OnStar have cell phones. They can be called and compromised, and can lead to the same dangers as this story demonstrates with the OBD port.

Re:High risk (2)

chuckinator (2409512) | about a year ago | (#44384829)

While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.

Re:High risk (1)

gr8_phk (621180) | about a year ago | (#44384971)

While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.

That has always been my thought. However, the manufacturers are starting want the ability to remote update your engine control software. So the On-Star or equivalent system gets a CAN connection so it can talk to the modules. But the engine controller is going to have some form of authentication required and the hackers are going to be stopped right there.

I'm not concerned about someone remotely reprogramming a vehicle - you can't even do that with a hard connection without the right tools and keys. This ability to inject malicious CAN traffic may need a little more defense though.

Re:High risk (5, Insightful)

Anonymous Coward | about a year ago | (#44385217)

But the engine controller is going to have some form of authentication required and the hackers are going to be stopped right there.

Yes, I too had noticed that authentication systems were 100% proof against hackers, especially those implemented by companies that obviously have no prior interest in security.

Re:High risk (1)

h4rr4r (612664) | about a year ago | (#44385371)

They should not be on the same network. Have the CAN bus logout to a device that every X seconds is copied to another device on a bus OnStar can read from. Data must never flow the other way.

That form of authentication very likely has a default password of some type. Hackers will find that very quickly.

Re:High risk (0)

Anonymous Coward | about a year ago | (#44384985)

Which rules out every car built since the 1996 model year.

Re:High risk (3, Informative)

HornWumpus (783565) | about a year ago | (#44385091)

OBDII is not wireless.

Re:High risk (4, Insightful)

Roskolnikov (68772) | about a year ago | (#44385375)

unless you add a wireless dongle (they come in Bluetooth and wifi but they still require physical access and close proximity).
every person that has done a 'reflash' on their car to get more performance has done similar things, I can with the right parameters make my cars motor throw a connecting rod through the block, I don't consider this hacking, I consider it sky is falling stupidity... if they had done this through on-star, now that, I would consider hacking and truly the danger that should be exposed by this article.

Re:High risk (1)

Anonymous Coward | about a year ago | (#44385399)

Oh, no? [amazon.com]

Re:High risk (0)

Anonymous Coward | about a year ago | (#44385117)

Sauce?

Was that when OBD II came along, or when it was mandated?

Re:High risk (1)

blackraven14250 (902843) | about a year ago | (#44385049)

Then you've never heard of the CAN bus, which is in use on every car produced since 1996. You'd have to avoid anything with obvious wireless access, which means no lock/unlock/panic/remote start systems, and likely not even a car radio since many are on the bus as well.

Re:High risk (1)

h4rr4r (612664) | about a year ago | (#44385385)

If that is true the people who designed those should be hit by a clue by four. You do not put the doors unlock mechanism on the same bus as engine control. You sure as hell don't use it for the radio too.

Re:High risk (1)

Holi (250190) | about a year ago | (#44385289)

And what cars are those?

Me, I stay safe and only drive cars with carburetors.

Re:High risk (5, Insightful)

suso (153703) | about a year ago | (#44385343)

And what cars are those?

Me, I stay safe and only drive cars with carburetors.

Until one of the hacked cars hits you head-on at 60 mph.

Re:High risk (4, Interesting)

dgatwood (11270) | about a year ago | (#44385363)

While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.

As for me, I'm going to stick to buying cars in which the brake master cylinder is physically depressed by the pedal, and in which the emergency brake lever is physically connected with a mechanical cable....

I drove a rental car the other day with an electronic emergency brake. I've never been more uncomfortable driving a vehicle. Besides having "safety" features that made it really clumsy to drive (you can't release the emergency brake unless your foot is on the brake pedal, for example, which doesn't make any real sense if the vehicle is in a flat parking space, with the transmission in Park), I just can't see myself ever trusting a car in which a computer failure could kill the emergency brake entirely, and in which there's no way to apply more force on the emergency brake in the event of an actual emergency. That design pretty much defeats the whole purpose of having an emergency brake.

Ugh.

Re:High risk (3, Insightful)

dyingtolive (1393037) | about a year ago | (#44384833)

Or the attacker just cut your brake lines.

That's not a hack though, more of a snip.

Re:High risk (2)

Anonymous Coward | about a year ago | (#44384949)

I thought of the same thing. The one significant difference is, cut the brake line and it will be noticed at 5MPH pulling out of the driveway. This would allow the hacker to only make the brakes fail at 65 MPH.

Re:High risk (3, Insightful)

viperidaenz (2515578) | about a year ago | (#44384849)

Once someone has physical access to a vehicle, there are worse things they can do than mess with the traction control and abs systems.

Re:High risk (1)

Anonymous Coward | about a year ago | (#44385201)

Not so sure about that...it can be fairly hard to prove evidence of software tampering.

Re:High risk (3, Insightful)

chiefmojorising (114811) | about a year ago | (#44385267)

Seriously. I've got a hack that'll disable the brakes on any car ever made. It's called a hacksaw (heh) and requires even *less* access than these guys had.

Re:High risk (2)

h4rr4r (612664) | about a year ago | (#44385411)

I will notice that when pulling out of the driveway, and just have the car towed to the shop.

The lock up brakes at random on single wheels at 75 mph hack is a lot scarier.

Re:High risk (1)

Anonymous Coward | about a year ago | (#44385297)

Spoken like someone who has never had ABS decide to go bonkers on them. Nothing like "Brakes don't brake" to make you realize you need a new car AND new underwear.

Re:High risk (2)

mrex (25183) | about a year ago | (#44384913)

As a security researcher who believes in the spirit of the open release of vulnerabilities, I feel that this is irresponsible behavior on the part of these security researchers.

Then you don't believe in the spirit of full disclosure at all. What drivers have now is security through obscurity, which as we all know is no security at all. Significant public awareness of the problem will create the kind of pressure on auto makers to issue recall notices and fixes for life-endangering safety issues. Full disclosure is essential here for precisely the reason that you say means it shouldn't happen: because lives are at stake.

Re:High risk (3, Insightful)

Joining Yet Again (2992179) | about a year ago | (#44385061)

Argh, sophomores everywhere.

Security through obscurity isn't "no security at all". It's just inadequate. There's still the hurdle of overcoming obscurity.

Just like strong cryptography is great but not perfect because 1) implementation is often flawed; 2) rubber hose.

Re:High risk (2)

khasim (1285) | about a year ago | (#44385221)

Security through obscurity isn't "no security at all". It's just inadequate. There's still the hurdle of overcoming obscurity.

No.

Security is not about becoming invulnerable. That is impossible. Security is about reducing the number of people who can EFFECTIVELY attack you.

Security-Through-Obscurity does NOTHING to improve the existing security model of the system BUT IT DOES PROVIDE A WAY TO BYPASS THE EXISTING SECURITY MODEL.

Re:High risk (1)

Daas (620469) | about a year ago | (#44385059)

Plus, patching the software of a million cars isn't the same as using auto-update on Windows. My biggest concern would be an attacker getting in the car, installing a wireless device in the OBD port and controlling it from a distance, especially since you can buy an OBD II Wifi adapter for under 100$ these days.

You could do some really bad things to someone you don't like on the highway...

Re:High risk (-1)

Anonymous Coward | about a year ago | (#44385133)

As a regular person who could be a victim of these kinds of attacks, I look forward to the day when "Security Researchers" can simply be shot at their desks and the shooter can collect a bounty.

Re:High risk (1)

Anonymous Coward | about a year ago | (#44385135)

As a security researcher who believes...

Wrong, wrong and wrong. Companies will not fix holes like this because they've already done financial analysis of what it costs to recall and fix over potential lawsuits covering the death of customers.

This isn't shitty Microsoft or Apple exploits, where the PR machine is wheeled out and lackies like you pretend everything is fine. Ford and GM, the biggest automotive companies on the planet, have been doing this stuff since the 60s. They all have death costs over fix-it cost analysis before vehicles make it to motor shows.

Re:High risk (1)

garyoa1 (2067072) | about a year ago | (#44385165)

On the other hand, it would seem to me adding computer controls to things that really don't need (or shouldn't have) computer controls is the more dangerous advancement in "technology".

Break a knob... replace the knob. Break a touch screen... re-mortgage home, remove car, install screen, replace car.

Re:High risk (1)

sl4shd0rk (755837) | about a year ago | (#44385243)

We're talking about a high risk vulnerability that could cost some random person their life.

Exactly. So, don't blame the customer when they find out your crappy design isn't up to real-world safety tests.

Re:High risk (1)

Anonymous Coward | about a year ago | (#44385317)

It seems to have already happened.

Research Michael Hastings

Re:High risk (2)

Solandri (704621) | about a year ago | (#44385419)

It shouldn't really be considered high risk. Brakes are important enough that engineers designed in a second redundant braking system [howstuffworks.com] . The parking brake is still connected to the brakes by a steel cable. It will work even if the electronics or hydraulics on the brake pedal fails.

The problem is most drivers don't know that it's a redundant system, and never think of trying the parking brake if the brake pedal fails. This is one area where linguistic drift has hurt us. They were originally called the emergency brake, whose name clearly implies they're to be used in an emergency if the regular brakes fail. But since they were also used to keep manual transmission cars from rolling when parked, they've colloquially been called parking brakes. To the point where most people refer to them as parking brakes now and don't know about their emergency braking function.

This Hack (0)

Anonymous Coward | about a year ago | (#44384733)

This hack only works on journalists.

This is why my car is airgapped (1)

GameboyRMH (1153867) | about a year ago | (#44384757)

One of my cars has no electronics. The other has two systems, one logs data and the other controls how much fuel the engine gets (and soon when the spark plugs fire as well).

To access either you must plug a cable into it. Good luck.

Re:This is why my car is airgapped (2)

pegr (46683) | about a year ago | (#44384853)

OF COURSE if you give real-time access to the OBD-II port, you can have all kinds of shenanigans. So don't do that!

How many people would notice an ODB-II Bluetooth adapter plugged into the port? http://www.amazon.com/Soliport-Bluetooth-OBDII-Diagnostic-Scanner/dp/B004KL0I9I [amazon.com]

Re:This is why my car is airgapped (1)

chispito (1870390) | about a year ago | (#44385233)

OF COURSE if you give real-time access to the OBD-II port, you can have all kinds of shenanigans. So don't do that!

How many people would notice an ODB-II Bluetooth adapter plugged into the port? http://www.amazon.com/Soliport-Bluetooth-OBDII-Diagnostic-Scanner/dp/B004KL0I9I [amazon.com]

That depends on where the port is located and if the attacker is using an extension cable or some other way of stowing the adapter.

Re:This is why my car is airgapped (0)

Anonymous Coward | about a year ago | (#44384863)

The Feds are gonna push to have all cars on the net for law enforcement and the people will approve.

The Lolz are going mobile.

Re:This is why my car is airgapped (1)

viperidaenz (2515578) | about a year ago | (#44384875)

My car has a dozen computers in it. Still no more vulnerable than your two system car. It even has bluetooth. The worst someone can do wirelessly would be take control of my stereo, which isn't connected to anything else.

Re:This is why my car is airgapped (2)

blackraven14250 (902843) | about a year ago | (#44385065)

Are you sure about that? Many head units are hooked into the CAN bus.

Re:This is why my car is airgapped (2)

EvanED (569694) | about a year ago | (#44385075)

The worst someone can do wirelessly would be take control of my stereo, which isn't connected to anything else.

So you think. Stock stereo on a recent car? Very possibly untrue [autosec.org] .

"We systematically synthesize a set of possible external attack vectors as a function of the attackerâ(TM)s ability to deliver malicious input via particular modalities: indirect physical access, short-range wireless access, and long-range wireless access. .. In each case we find the existence of practically exploitable vulnerabilities that permit arbitrary automotive control without requiring direct physical access." [emphasis in original]

Turns out that car manufactures have been very naughty. And while radios are sort of on a separate bus from actual automotive controls, there are also (compromisable) devices that sit across busses, so there's not a complete air gap.

In that paper, they were able to obtain control over the car's critical automotive systems using techniques ranging from the OBD port (very old news) to CDs with mal-crafted "audio" files put into the stereo to bluetooth connections with the stereo to cellular connections like are used for OnStar.

Re:This is why my car is airgapped (0)

Anonymous Coward | about a year ago | (#44384979)

>To access either you must plug a cable into it. Good luck.

EMP. You lose.

Re:This is why my car is airgapped (1)

bobbied (2522392) | about a year ago | (#44385213)

No, EMP does not mean he looses. Cars are fairly resistant to EMP based on recent testing. Some (not all) cars may be upset by an EMP enough to stop running, but nearly 100% of them will run just fine when restarted. Most of the damage will be done by the accidents caused by the cars that stop running.

Yea, I know.. You need some evidence.. I'm looking in my spare time.

Re:This is why my car is airgapped (1)

richard.cs (1062366) | about a year ago | (#44385003)

Like you I'll not worry about it until I get a car with some silicon in it. It does have two germanium transistors in the tachometer though, maybe I should be worried :-P

Re:This is why my car is airgapped (1)

Trepidity (597) | about a year ago | (#44385205)

Out of curiosity: How far back do you have to go to find a car with no electronics in it? Early-'90s? Or is there more recent stuff still manufactured without onboard computers?

Re:This is why my car is airgapped (1)

HornWumpus (783565) | about a year ago | (#44385381)

Points were, more or less, gone by 75.

Re:This is why my car is airgapped (1)

SnarfQuest (469614) | about a year ago | (#44385261)

One of my cars has no electronics.

Really?? What does it use in place of a spark plug?

Send them to gitmo! (-1, Flamebait)

Anonymous Coward | about a year ago | (#44384759)

I hope Glorious Leader Obummer sends these terrorists to Gitmo. These anti-America. Attacks against out industries do nothing but aid the terrorists in causing us harm.

Locking down the cars for security (4, Insightful)

IndustrialComplex (975015) | about a year ago | (#44384769)

I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.

vehicle hacks... (0)

Anonymous Coward | about a year ago | (#44384795)

And this is why having a physical key to shut the damn car off should be an absolute requirement.

Re:vehicle hacks... (1)

MiniMike (234881) | about a year ago | (#44385033)

Agreed, but the proper course of action if the brakes fail is to put the car in Neutral and slowly apply the parking brake. This maintains power for steering. This is also recommended if the accelerator sticks.

Given this story, I think the safest course of action overall is to not pick up hitchhiking hackers.

So? (0)

Anonymous Coward | about a year ago | (#44384819)

So they had hard-wired physical access to the car's data network and they were able to cause trouble? News at 11! (aka so what?)

The only solution would be to run secure data channels between all the computers in a car, and while this is possible and not even a real burden, why would you?

Re:So? (1)

viperidaenz (2515578) | about a year ago | (#44384895)

But if they did that, you could just poke a hole in the brake line and have the same effect.

Re:So? (3, Interesting)

mrex (25183) | about a year ago | (#44385001)

So they had hard-wired physical access to the car's data network and they were able to cause trouble? News at 11! (aka so what?)

So what? So I could bump key my way into your car, trojan one of the devices sitting on your car area network, and cause you to crash and burn on the highway with no meaningful evidence that anything was amiss.

(RIP Michael Hastings)

Re:So? (0)

Anonymous Coward | about a year ago | (#44385291)

A minor point: bumping doesn't actually work on wafer locks (which covers all automotive locks I've ever looked at). If you want to get into a car without the key (or breaking a window) you use a slim jim.

Re:So? (1)

gr8_phk (621180) | about a year ago | (#44385019)

The only solution would be to run secure data channels between all the computers in a car, and while this is possible and not even a real burden, why would you?

It is a burden. Most of them are still running a 500kbps or 1Mbps CAN network and it's already nearly maxed out. Add a security layer and they'll just barf. It's not like you're going to run an RSA algorithm on a PIC in a door module to prevent unauthorized control of the locks and windows.

Re:So? (1)

leonardluen (211265) | about a year ago | (#44385407)

TEA [wikipedia.org] and its variants work quite well on micro-controllers with limited processing or RAM.

i have even played with XXTEA on a pair of arduinos wirelessly communicating for a personal project and my simple transmitters only worked at about 5kbps

just wait until cars are networked (0)

Anonymous Coward | about a year ago | (#44384823)

We all know it is only a matter of time before cars are all wirelessly connected to the internet.

Then the lolz getz turboz.

Re:just wait until cars are networked (1)

mandark1967 (630856) | about a year ago | (#44384869)

Just imagine the Roaming charges when that happens...

Meh... Give me access, I own your computer (5, Insightful)

Mr Krinkle (112489) | about a year ago | (#44384883)

So

if I'm sitting in your car, plugged in to the canbus, I can control things on the canbus....

Yeppers....

Just like if I have access to your laptop for long enough, I can get whatever is on it. (encryption will slow it down, but like I said, given time and access?)

But you'll probably notice me sitting in your car, plugging a cord into the port before I take the time to crash your car, with me riding in it.....
While this is amusing, I'm not that nervous about "security through not having some donkey plug his laptop in your car with a death wish while you are hurtling down the highway"

Having them use the "open" canbus specs, you can add aftermarket devices, and not have to take your car to the dealer for any service.

If they fully lock it down, the dealer will be the ONLY place that could work on it. And the ONLY parts you could add to your car.

Re:Meh... Give me access, I own your computer (1)

Flea of Pain (1577213) | about a year ago | (#44384993)

Couldn't they just attach some kind of reciever to the port and send it remote instructions...like once car hits 100 km/h (60 mph) disable brakes? That being said, they could always just cut a brake line as mentioned above.

Re:Meh... Give me access, I own your computer (1)

blackraven14250 (902843) | about a year ago | (#44385081)

The other possibility is finding a vulnerability in other wireless equipment already hooked up to the bus. Obvious candidates are the radio and remote entry.

Re:Meh... Give me access, I own your computer (1)

Anonymous Coward | about a year ago | (#44385319)

Link from the article...
http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1&

So no, he/she doesn't necessarily have to be sitting in the car.

Hard hack? (1)

ERJ (600451) | about a year ago | (#44384889)

I appreciate that what they are doing is scary but the video doesn't seem to indicate what they had to do in order to get that level of power. It seems that they have wires hooked up between the laptop and dash so, for all we know, they could be feeding bad sensor data into the computers. Is there things that could be done to mitigate the risk....sure. But if that is really how they are messing with things (by tearing apart the dash and rewiring everything) it would seem cutting the break lines would be nearly as dangerous and a lot easier.

People and their computers. (0)

Anonymous Coward | about a year ago | (#44385167)

". . . it would seem cutting the break lines would be nearly as dangerous and a lot easier."

True. But haven't you noticed that people will do all kinds of malicious things with a computer when they would never do the equivalent by other means.

There are all kinds of thieves, but the type to rob a bank in person and the type to rob it via computer hacking tend to be very different, even though the crime is broadly the same.

Which is all to say that if a crime can be done a "smarter" way, especially a way that involves a much different skill-set, some marginal increase in the number of people committing the crime seems inevitable.

And the NTSB wants cars to talk to each other??? (1)

ak_hepcat (468765) | about a year ago | (#44384907)

Just wait until somebody reverse-engineers the communications between vehicles.

Then, you can just send a rogue car down the road "Hey, I'm a police car, please pull to the outside lane(s) and slow down to 10mph" and watch the road magically open up for you!

Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.

Or even worse than that.... every nth car you pass....

Re:And the NTSB wants cars to talk to each other?? (3, Interesting)

Obfuscant (592200) | about a year ago | (#44385331)

Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.

I had something kinda like that 20 years ago. A microwave transmitter from an automatic door opener sensor. $15. A battery. $1. A switch. $1.

Watching the tail lights light up on all the cars that have just zipped past you on the freeway as the radar detectors in those cars start squawking. Priceless. Passing them as they slow to well below the speed limit. Priceless. Watching them zip past again, slam on brakes again, get passed again. Priceless.

Re:And the NTSB wants cars to talk to each other?? (1)

Kielistic (1273232) | about a year ago | (#44385351)

Both of those things are already possible and with similar levels of detectability.

I could easily instal strobes into my lights to make my vehicle look like an unmarked cruiser.

I can lob paint balloons (or anything really) out the windows at other drivers.

Same outcome. These things have been possible for ever yet we don't see some epidemic of them happening.

Accura/Honda Door-lock Exploit (3, Interesting)

bradgoodman (964302) | about a year ago | (#44384915)

While they're at it - I don't think anyone has really discovered what the deal was with the Accura/Honda remote-control doorlock gadget that thieves were reportedly using to effortlessly break into cars. All the article said was "police are stumped" (duh).

Re:Accura/Honda Door-lock Exploit (0)

bobbied (2522392) | about a year ago | (#44385295)

Go back and watch the video... The guy with the "device" is just trying doors until he finds one unlocked... At least that's what it looks like to me. No magical device..

Well (0)

Anonymous Coward | about a year ago | (#44384941)

Them there are the breaks!

Rev Up Those Conspiracy Theories - (0)

Anonymous Coward | about a year ago | (#44384943)

Now we know how Hitchens was killed. Maybe.

In any case Toyota's opinion on the whole matter is incredibly naive. Just because a wireless attack can't be launched against a stock vehicle doesn't mean that a savvy attacker can't and won't attach a device capable of tampering with the vehicle's computers which responds to wireless signals. Considering how inconspicuous such a device could be, perhaps something the size of a thumb drive these days, the device in question would be for all intents and purposes an invisible car bomb. If a vehicle your company manufactures has any such vulnerabilities, making them as inaccessible as humanly possible isn't just prudent, it can and likely will save lives.

The hackers sum this up brilliantly: "If the only thing keeping you from crashing your car is that no one is talking about this, then you're not safe anyway."

Re:Rev Up Those Conspiracy Theories - (2)

robot256 (1635039) | about a year ago | (#44385121)

This is precisely the kind of attack I thought of when they started talking about auto computer security this week. These attack vectors will not be used by hax0rs to make a political statement or spam people's dashboards. They will be used by cartels and spy agencies for targeted assassinations and ransom.

Imagine getting a voice-scrambled message on your phone telling you transfer $50,000 to this account or your wife's car will go out of control on her way home with the kids this evening. Or a prominent diplomat dies in an unexplained crash, triggered by a chip installed months earlier when the car was in for maintenance. It's exactly the kind of thing they would do on the show Burn Notice, for example.

Re:Rev Up Those Conspiracy Theories - (5, Insightful)

Anonymous Coward | about a year ago | (#44385251)

Or a reporter (Michael Hastings) whose award winning work caused Stanley McChrystal's resignation mysteriously dying in a single car accident with a tree; without skid marks and the engine winding up 200 feet away...

Not News: They put it into brake service mode. (3, Interesting)

Anonymous Coward | about a year ago | (#44384957)

To enter the Pad Service Mode, perform the following with the vehicle stationary:

1. Place the vehicle in Park and turn the ignition to the ON position.
2. Apply the brake pedal.
3. Turn the ignition OFF, then ON three times and then release the brake pedal. The total time elapsed for the three ignition cycles and brake release must be less than 3 seconds.

That's how you replace the brake pads. If they figured out how to do it through the OBD connector, whooptie do.

I have one of these vehicles. Fly-by-wire regenerative brakes are a little creepy, but supposedly if something goes wrong and you mash the pedal all the way to the floor, there's a hydraulic backup down there somewhere. I haven't had to try it.

Oh, and all this is no different than your holier-than-thou Toyota Prius, so don't blame Ford.

No more automatics for me (0)

Anonymous Coward | about a year ago | (#44385011)

Seems like a good reason to drive a manual (even if clutch is some sort of clutch-by-wire contraption, you can always just yank the gear out with the stick) with a mechanical handbrake. Whatever happens you still retain the ability to stop the vehicle.

Nothing to see here...move along... (1)

Zalbik (308903) | about a year ago | (#44385013)

Sensationalist headline & summary tries to give the impression that the car was hacked remotely.

RTFA and it says:

"Okay, now your brakes work again,” Miller says, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake.

Likely they were hooking up to the OBD plug.

Seriously, is this really an issue? Once someone has physical access to the vehicle, they can do all sorts of nasty things...most of which require substantially less technology and computer know-how than a hacker using a MacBook.

I'm hoping the car industry spends the minimum effort fixing this problem, by applying the obvious solution:
a) Put a friggin' lock on the ODB plug.
b) Put the ODB plug under the hood.

Requiring the ODB plug to be within 2 feet of the steering column [wikipedia.org] was a stupid stupid decision.

Re:Nothing to see here...move along... (1)

james_shoemaker (12459) | about a year ago | (#44385113)

The problem is there are plenty of cars out there with OnStar, Toyotaâ(TM)s Safety Connect, SYNC, and other wireless systems and guess what bus the OnStar module is plugged into.

Re:Nothing to see here...move along... (3)

HornWumpus (783565) | about a year ago | (#44385177)

Can you imagine where the motherfuckers would have hidden the plug had they not been told more or less where it had to go?

And people wonder... (1)

CAIMLAS (41445) | about a year ago | (#44385045)

And people wonder why I drive a vehicle from the 1980s... let's see, no electronics hooked to the vehicle control systems making it externally vulnerable to attack, no expensive electronic failures, no overly complex electronic controls, no expensive electrical/computer modules to fail, simple isolated systems, and an overall lower count of possible parts which can fail.

Result: I can have my fancy gadgets on their own 12v relay, completely independent from anything else working.

Re:And people wonder... (0)

Anonymous Coward | about a year ago | (#44385147)

Soon those vehicles will be taken off the road under spurious premises linked to "carbon control".

What is the point (0)

Anonymous Coward | about a year ago | (#44385047)

So he learned how to plug into the can-bus and send messages. How is that a security hack??

finally (1)

slashmydots (2189826) | about a year ago | (#44385077)

I really, really, really sincerely hope they put the code EVERYWHERE so that we can have about a thousand cars go through their garages and up curbs and onto porches, etc. Then finally CNN would hop on it like Oprah on a cheese tray and the industry would actually have to do something about it. You know those out of control Priuses? Software glitch. You have an out of control car that's specifically caused by another person at will and it's like a circus Christmas to the media. Then finally the auto industry would get a clue and fix security permanently.

Re:finally (0)

Anonymous Coward | about a year ago | (#44385197)

Security will be "fixed" allright. Each component, be it a water pump, fuel pump, oil filter, etc... would have a chip in it, and only be available from the car maker. It will be great for them, since cars would have to go to the dealer to have any work done outside of adding gas. However, for the average person, it takes control of their vehicle away, and into the hands of a few.

We already have this. If the battery goes dead on a new BMW, you can't just drop a new one in, attach the terminals and drive off. You have to take the BMW to an authorized dealer so they can re-flash battery info in ($500 minimum), and then, the car computer might start. Or it might not, and you have to shell out another $750 for some upgrades.

Given the choice of the remote chance of being hacked through the OBD port versus having to take the vehicle to the dealer for any issues or maintaining, I'll take the "vulnerable" OBD port anyway. Cars are quite locked down as it is (look how long it took to get tunes for Ford's new EcoBoost), we really don't need additional lockdown.

Re:finally (0)

Anonymous Coward | about a year ago | (#44385401)

You mean that ONE SINGLE ISOLATED EVENT where the guy driver a Prius was standing on the accelerator and refused to push the damn GIANT POWER BUTTON to TURN HIS FUCKING CAR OFF and told a bunch of lies to while he ABUSED THE LEGAL SYSTEM WITH FRAUDULENT CLAIMS OF DEFECTIVE BRAKES?

not a hack (1)

klossner (733867) | about a year ago | (#44385095)

In order to disable the breaks, they gained access to the car's interior and plugged a computer into the system bus. It's easier and less intrusive to cut a brake line. Wake me up when they can hack the car from outside.

Re:not a hack (0)

Anonymous Coward | about a year ago | (#44385305)

Here: http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1& ... That's link for the article that describes wireless intrusion. The article even said that the techniques could be paired.

Wireless, quite easy. (0)

Anonymous Coward | about a year ago | (#44385101)

This is a real world exploit right now, all one has to do is hack together a wireless module that plugs right into the odb buss and it's a done deal.

Slash Dot has gotten so soft, no thinking out of the box anymore, just snarky comments on why it's not a valid hack.

Most of you are potential victims because you can't see how easy it is to accomplish.

I don't get it ... (3, Funny)

recrudescence (1383489) | about a year ago | (#44385109)

... can some one explain it to me with a car analogy?

Plane crashing to dispatch targets so 1990's (0)

Anonymous Coward | about a year ago | (#44385139)

Now there's a way to dispatch targets without diluting suspicion in tragedy by having to kill so many others just to get to the target.

Clutch... (0)

Anonymous Coward | about a year ago | (#44385389)

It's always a good idea to drive a car with an emergency disconnect-engine-from-transmission pedal. :-)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?