Forgot your password?
typodupeerror
Worms Communications Security IT

Testing Out Cell-Phone Viruses on a Prius 196

Posted by timothy
from the deep-underground-in-their-lair dept.
Mikko Hypponen writes "Couple of months ago there were rumours floating around that Bluetooth viruses could infect the on-board computers of some Lexus cars, or at least cause some visible effects on them. We took a Toyota Prius to an underground bunker and tested various Bluetooth mobile phone viruses and assorted Bluetooth attacks against the onboard computer. Results were somewhat surprising. It came as no surprise that we could not infect the car, but the Prius performed in the test even better than expected. No matter what we did the car did not react to the Bluetooth traffic at all. Cabir tried to send itself to the car and the car just did not allow the Bluetooth OBEX transfer to happen. Then, the whole car crashed (but not because of a virus)... Full story with pictures in our weblog."
This discussion has been archived. No new comments can be posted.

Testing Out Cell-Phone Viruses on a Prius

Comments Filter:
  • by ackthpt (218170) * on Monday May 09, 2005 @07:49PM (#12483235) Homepage Journal
    Apart from the car crashing. Maybe a few less pints of Boddington's next time you head for the bunker, eh?
  • by fembots (753724) on Monday May 09, 2005 @07:50PM (#12483243) Homepage
    The article said "After intensive tests for all morning, the battery of the car was running low".

    Does that mean that a similar DOS attack can disable most cars in a car park?
    • Probably not, since the article says:

      "After intensive tests for all morning, the battery of the car was running low!"

      However, if a car was left with it's electronic equipment turned on (for a long period of time), it sounds like it could be possible. It's a very interesting idea to DOS a car...
      • Re:Still At Risk (Score:5, Insightful)

        by RevDobbs (313888) * on Monday May 09, 2005 @07:59PM (#12483310) Homepage
        It's a very interesting idea to DOS a car.

        A much easier to execute Denial-of-Service would be to slash the tires, doncha think? Only takes about 45 seconds to get to all four of 'em, it isn't terribly noisy, and I've never been caught doing it.

        I mean, it seems like that detection would be very unlikely.

        • It's all about the sophistication of your attack.

          Sure, we could have nukes Iraq, but isn't it more fun to drop smart bombs guided by freakin' laser beams!?!?
          • Sophistication? I have a post with the term "OMFG" modded +5 Insightful... what's this "sophistication" you speak of?
            • I guess the moderators are valley girls who shriek "Oh my gawd" while skipping together arm-in-arm wearing mini-skirts. Clearly, they find your OMFG comments insightful, but only after 90120 has gone on a commercial break.

              that's sophistication, my friend.
        • Re:Still At Risk (Score:2, Interesting)

          by Fishstick (150821)
          I've always preferred removing the valve stems with a pair of cutting pliers, myself.

          Yeah, it makes a nice whistling sound, but that is kinda the attraction too -- somewhere in the parking garage there are four whistles gradually becoming lower, quieter...

          The victim walks out, sees four flats with no apparent damage *WTF*

          Nothing as serious as having to buy 4x$120 tires, just aggravating to have to have someone come and repair the wheels onsite (esp in a parking garage where clearance will not permit a ro
          • Re:Still At Risk (Score:5, Interesting)

            by Samari711 (521187) on Monday May 09, 2005 @08:44PM (#12483552)
            a better way to do this is to buy a valve tool at the local auto parts store. rather than do any permenant damage just loosen every tire's stem. Even if the owner could figure out why their tires are flat, they most likely won't have the tool on hand to fix it. even if they have a pump, the tires won't inflate and they'll be very confused. Also note that some car (especially those abominations known as Hummers) have tires that automatically inflate themselves, so doing this to one of them would result in a car with 4 flats and a dead battery :)
        • "A much easier to execute Denial-of-Service would be to slash the tires, doncha think? Only takes about 45 seconds to get to all four of 'em,..."

          Well, yeah, except that one DOS unit in a parking garage that contained 10 bluetooth cars, could disable all 10, and is not detectable. :)
        • "A much easier to execute Denial-of-Service would be to slash the tires, doncha think?"

          A security camera will not catch you wirelessly interferring with a car.
        • and I've never been caught doing it.


          Please elaborate.. I've never been caught doing it either. I've not been caught simply because I've never done it.

          Are you implying you've done it?
          • Yeah, I don't get what's with all the big-shot vandals around here. Destroying hundreds of dollars of tires, and wasting at least a victim's, a tow-truck driver's, and a cop's time is a sick thing to do under almost any circumstance.
    • Re:Still At Risk (Score:2, Insightful)

      by RevDobbs (313888) *
      Yes. Most cars in park with the key, accessories, and god know what else on -- but the engine not running -- will drain the battery eventually. It's called the "I locked my keys in the car"-DOS.
    • by Vellmont (569020) on Monday May 09, 2005 @08:00PM (#12483315) Homepage
      Yes. This DOS attack has been known for quite a long time. It's only recently become known outside the hacker community. Some people even accidentally do it to themselves. Among laymen it's called "leaving your lights on".
      • Re:Still At Risk (Score:2, Interesting)

        by kamileon (35033)
        I've actually watched someone DOS a car... A car alarm was going off every few minutes as trucks drove by during the middle of wedding preparations in a San Francisco park. The sensitivity was cranked way up on the alarm. So the best man walked up to the car and tapped his class ring on the window to set the alarm off, and then kept tapping the window every time the alarm stopped. Drained the battery in about 15-20 minutes, in plenty of time for a peaceful wedding. :) Keep this in mind the next time yo
    • The article said "After intensive tests for all morning, the battery of the car was running low". Does that mean that a similar DOS attack can disable most cars in a car park?

      The car was underground, hence the engine would not have been running. All the car's electrical systems were in use all morning, with no alternator to keep the battery charged.

      Just leaving the ignition switch at ready keeps lots of electrical systems in the car running, such as solendoids within the engine, cabin lights and do

  • by WillAffleckUW (858324) on Monday May 09, 2005 @07:51PM (#12483252) Homepage Journal
    After all, cell phone virii only attack those who pay way too much for a car, without increased efficiency ...

    Hmmm, maybe the Matrix is happening ...

  • by RevDobbs (313888) * on Monday May 09, 2005 @07:52PM (#12483266) Homepage

    Granted, the transmission may not be working -- but there should be a diagnostic saying "OMFG Battery Voltage Low" first. If you lost your arms in an industrial accident you don't start by telling the doctor that you have a hard time holding pens...

    • by SagSaw (219314) <slashdot AT mmoss DOT org> on Monday May 09, 2005 @10:27PM (#12484319)
      Granted, the transmission may not be working -- but there should be a diagnostic saying "OMFG Battery Voltage Low" first.

      IAAAEE (I am an automotive electrical engieer)...

      From an automotive safety standpoint, a malfunctioning park interlock system is pretty close to the top of the list of bad things. The part interlock is the system that prevents the an automatic transmission from shifting out of park unless the vehicle key is in the ignition and there is a second input from the driver (typically by pressing the brake). If the park interlock malfunctions, a simple bump of the shifter (or possibly even the vehicle) might cause the car to shift out of park and begin to roll away. Typically, any failure that disables the function of the park interlock is given the highest severity (Severe injury or death occurs without warning) on any type of DFMEA analysis.

      By prominitly displaying a warning on the dashboard, this failure drops down a few notches in severity as there is clear warning that a failure has occured and instructions from how to minimize the risk.

      As a result, if the Prius is only capable of displaying one fault condition at a time, a fault with the park interlock system is much more important to display than a low battery voltage. That having been said, some sort of indication of a low battery condition would also be a good idea, perhaps via a trouble light on the dashboard or elsewhere.
      • by slacktide (796664) on Tuesday May 10, 2005 @01:33AM (#12485505)
        Oh my god! It's a Safety Nightmare! It's also the exactly how every manual transmission car on the road works, and we don't see endless parades of them rolling down the hill, do we?
        • It's also the exactly how every manual transmission car on the road works

          A manual car doesn't roll away when left in gear.

          • Err , but it will if put in neutral which is the equivalent of taking an auto out of park. Duh.
            • The interlocks aren't there to keep cars from rolling away, they're present to stop you from starting the car in gear or accidentally engaging a drive gear while the engine's running.

              It's very easy to slide an automatic car from park to reverse, esp if the gear selector lever is slightly misaligned. With a manual, you have to put the transmission in neutral *and* set the parking brake to leave a running vehicle - or park up against something. If the tranny does slip into gear, the brake or object you par
          • Sure a manual will roll while it is in gear. 5Th gear often does not have the ability to keep the car from moving. Particularly if your engine has 160,000 miles on it, and low compression on one cylinder, like mine does.

            Most manual drivers leave their transmission in reverse when they leave the car. Reverse has the highest gear ratio of any gear, so it is the hardest for gravity to work against. (Remember that the driving is happening from the other end of the transmission, so all the gear ratios ar

      • From an automotive safety standpoint, a malfunctioning park interlock system is pretty close to the top of the list of bad things.

        Agreed. So when it happens, it should probably be displayed, even if that means hiding other, less important error-messages.

        However, this also means it *shouldn't* be happening as a result of something common. A low battery-voltage is a pretty common error-scenario. To have something dangerous happen as a result thereof is simply bad design.

        If they do keep this bad desig

    • by Anonymous Coward
      I saw a brand new BMW 7 series, that had a stereo installed in it by a good friend of mine. somehow the serpentine belt went out on it, which made the alternator not work. which killed the battery. which then made it not start. which made it impossible to even do anything to, because it's ALL electronic, even the parking brake is a button on the dash.

      the guy took it to the BMW dealer, they hooked it up to the diagnostic, and said that my friend had fried all the electrical on the system, because it wasn't
  • by WankersRevenge (452399) on Monday May 09, 2005 @07:54PM (#12483284)
    It came as no surprise that we could not infect the car, but the Prius performed in the test even better than expected.

    We're all doomed! [imdb.com]
  • by Bifurcati (699683) on Monday May 09, 2005 @07:55PM (#12483294) Homepage
    Two bodies were found dead on the side of the road, apparently flung from a speeding vehicle. Satellite tracking followed the car as it drove itself, without driver, to a house in suburban San Diego. Police arrested 14 year old Neville Splink as he prepared to climb into the drivers seat with a modded Bluetooth enabled Playstation 2 running Linux and a copy of Gran Turismo 4. Neville could not be reached for comment, but sources say he couldn't believe how lucky he was that some idiots deliberately loaded his virus into their car. He had been expecting to have to take over their minds with their mobile phones first.

    Police have warned all families with nerdy children to be on the look out for unexplained cars turning up in their garage.

    • Two bodies were found dead on the side of the road, apparently flung from a speeding vehicle. Satellite tracking followed the car as it drove itself, without driver, to a house in suburban San Diego. Police arrested 14 year old Neville Splink as he prepared to climb into the drivers seat with a modded Bluetooth enabled Playstation 2 running Linux and a copy of Gran Turismo 4.

      Hackers don't kill people while playing GTA: Seattle, insecure OS on People Personality Pleasure Pods (aka Cars For Families) kill p
  • by G4from128k (686170) on Monday May 09, 2005 @08:00PM (#12483318)
    TFA, further down the page, describes the user experience of a Cabir infection. The recipient must click "yes" a number of times to accept the unknown transmission, install the unknown file, and bypass a security warning about installing something from an unverified supplier. Why do people click "yes" to all this? Because if you click "No" the virus keeps trying to install itself and pester you with the messages.

    Definitely reminds me of "Abort/Retry/Fail" error message of so long ago. The first time you ever see the message, you hit "retry" a few times hoping it will work. Eventually, the computer teaches you to never try "retry" because it only puts up the error message again.

    This virus is social engineering at its best, just like the whiny kid in the grocery store. Keep pestering until they say "yes."
    • Firefox will do this too. I'll visit a site that says the security certificate is invalid, so I click 'deny'. The another certificate request pops up, ad-infinitum is seems. Since its a modal dialog you can't even close the web browser or close the 'tab' I'm browsing in. I end up either answering yes after examining the cert or kill via the task manager which closes not only that one site, but all all my open tabs.
    • I used to think this as well, until the other day at school when we were imaging computers (ie. copying the entire contents of a HD to the rest of the lab).

      The computers are a few years old, and some of them have bad floppy drives. After a successful image, we needed to change each computers network id using a program called SID Changer off of a Floppy disk. On a few of the computers, the program would fail, giving the typical MS-DOS error (Abort/Retry/Fail). Frustrated, I hit r a bunch of times, and lo
    • Definitely reminds me of "Abort/Retry/Fail" error message of so long ago. The first time you ever see the message, you hit "retry" a few times hoping it will work. Eventually, the computer teaches you to never try "retry" because it only puts up the error message again.

      I often found that the retry option was often very useful. In particular if I had a disk that was on its way out I often found it could take a lot of attempts before the computer would be able to read all the data off of the disk. Now, I d
    • RTFA, only if you stay within the range of the infected phone. If you walk away it stops asking to install. So if you just walk by you'll get the message but then it stops. Just like the damn whiny kid, you leave him in the car and you don't have to worry about him pestering you to buy candy.
    • If you are dumb enough to install a virus on your phone after getting all those warnings shown in those screenshots you should immediately return the phone and buy one of those cheap $50 phones. If you don't understand the core features of your phone, you have no business owning one just because it's expensive and looks high tech.

      I can just imagine those antivirus companies love this. They'll be selling antivirus programs for your phone for a $30/year subscription.
    • This virus is social engineering at its best, just like the whiny kid in the grocery store. Keep pestering until they say "yes."

      Except that you can't take the virus to the frozen foods aisle and beat it with a loaf of frozen bread to get it to shut up. :)
    • For what it's worth, I think the yes/no question put forth is provided by the phone whenever an install request is broadcast to it - and it only asks once. What's happening here (again, I may be wrong) is that the virus broadcasts itself every few seconds. So the potential victim's phone is simply asking yes/no each time it receives the virus data. The virus doesn't run (if the virus asked yes/no three times, then the virus would be running already) - the phone was engineered correctly to not run the vir
    • MS-DOS Retry can work, sometimes. Try making a DOS boot disk, booting it, taking out the disk and running a commnad. Retry will bring back the error, until you put the disk back in, which is when Retry works. :)
  • by Xeroc (877174) on Monday May 09, 2005 @08:01PM (#12483324)
    After all, the cell phones use Symbian OS, and the Prius (and Lexus) both do not use it, so it isn't very suprising that the virus wouldn't work. After all, you don't hear very often that a MS-Windows virus infects a Macintosh.

    Also, I liked the apparent security features in the car, that it didn't react to the bluetooth traffic, but then again, this is probably just due to an inconpatiblility - i.e. the car won't except any type of data but a specific type, like a valid VCARD phone book.
    • After all, you don't hear very often that a MS-Windows virus infects a Macintosh.

      I actually hear that all the time, it's just not true.
      • and the layman who saw "Independence Day" might also think so. Somehow aliens use the same wireless network protocols and our viruses are binary compatible. I guess that damn i386 just never goes away.

        After a while, it becomes aggravating how many people see something having to do with any high "tech mumbo jumbo" and assume it really is just "random mumbo jumbo" that somehow works most of the time.
  • I wonder when someone will be able to install a trojan horse into a cars on board computer and disable important functions like, lets say braking remotely.
    • I work for a company that makes hardware and software to monitor vehicle networks, and one of my coworkers tells me one protocol (Onstar? I am NOT sure) has a message to disable the brakes.
  • Crazy (Score:5, Interesting)

    by XFilesFMDS1013 (830724) on Monday May 09, 2005 @08:06PM (#12483364)
    Reading the article, they're talking about going undergound in order to not effect any other cellphones in the area, and it stuck me as to how much is the same between a computer virus and a "physical" virus. I mean, scientists who work with e.g. bubonic plague, have to take the same cautions, i.e. not letting the virus out into the "wild", where it can spread. I suppose in a few years, many viruses will be tested like this, taking them into a underground bunker, putting them on a computer that has absolutly no connection to the outside world, and trying to find a cure for it. Then the geeks shall hold the true power.
    • No need to go underground, just build a Faraday cage. When I supported Cisco's wireless division we had several large test chambers which were copper sheet lined boxes used for testing high amplification gear without radiating everyone around. A similar setup would work for testing wireless virus transmission.
  • if I had cash, I'd get on the list for one now, frankly. they have done a lot of good things in a row with that machine, and toyota is very good about licensing their technology to other automakers. they did a techno-swap agreement with ford, and looks like the GM/DC combine is working on one now.

    however, I strongly encourage everybody else to hate the car with a purple-veined passion, so when I do get into a position to.... errr, no, I just want you all to hate it. not saying why ;) starting about a y
    • hehe.. In many dealerships, there are no waiting lists any more; nor do you have to pay extra. The trick is to hunt around, sometimes this means calling dealerships 200 miles away or more. But if you're persistent, you CAN get a Prius today, for MSRP. (There are even reports of people paying UNDER MSRP.)
      • (There are even reports of people paying UNDER MSRP.)


        Don't overlook buying used.

        I bought mine with 16K on it. As I was signing the paperwork, the finance officer came to the salesman and asked if the price was correct. There was an error. They sold it for the base price. I got the fully loaded model with the NAV system. It should have sold for about 3K more. It was too late. I got my original price. Sweet.. Know the value before you go to the dealer. Watch for a bargin. They are out there.
        • You paid the new car price for one with 16K on it? Man, what a deal! Can you come with me next time I buy a used car? :)
          • You paid the new car price for one with 16K on it? Man, what a deal! Can you come with me next time I buy a used car? :)


            I didn't think I had to explain the diference between new car MSRP and used car Blue Book.

            I got a fully loaded Prius with 16K for under $18K. I'll leave it up to you to figure if that's 3K under MSRP or Blue Book.
    • I love mine .... best part is the car computer has easter eggs - now you can pull the 'engine codes' yourself sitting in the driver's seat and call them in to the dealer ....
    • Try central or western PA as a place to find Priuses.

      Toyota sends out a set amount of cars to every dealership, even if one doesn't sell a single one and has to ship it to another dealership. Last march i could have driven 3 hours to pickup a fully loaded white prius in western PA if i wanted to, they had it sitting on the lot. The people who sign up for the car wont get called until their specific color comes in. If you take any color, you can get it fast (the toyota dealership around here had two white o
  • by gambit3 (463693) on Monday May 09, 2005 @08:11PM (#12483396) Homepage Journal

    Does anyone else feel disturbed by that statement?

    We waited hesistantly a moment, turned ignition off and rebooted the car...
    • Does anyone else feel disturbed by that statement?

      Well, since MSFT wants to provide the OS for onboard electronics, soon you'll get a Red Screen of Death ...

    • by taniwha (70410) on Monday May 09, 2005 @08:53PM (#12483630) Homepage Journal
      well given that the Prius doesn't have a traditional key, just a key-fob that identofies you and an 'on' button it is a lot like rebooting a PC - to be fair they probably didn't push 'reset' (there isn't one) just turned it off then on again
    • Sitting in an A320 at Stuttgart last summer, wondering why it isn't going anywhere. Eventually they tell us that one of the thrust reversers didn't deploy on landing, and they're trying to persuade the computer to open both of them at the same time.

      After an hour and a half of this, the captain tells us that they're "just going to try rebooting the aeroplane". You should have seen some of the passengers' faces, especially when all the cabin lights went off and the air conditioning fell silent... :)

      (In the

  • by ctl4u (12243) on Monday May 09, 2005 @08:19PM (#12483429) Homepage
    With my 1979 Toyota Camry no matter what bluetooth signals I sent there was no response. Needless to say, I was shocked!
  • KITT (Score:5, Funny)

    by thanjee (263266) on Monday May 09, 2005 @08:26PM (#12483460) Journal
    Did KITT ever get a virus?

    If he ever got sick it would have been that he was just sick of having David Hasselhoff hanging around all the time.
  • No matter what we did the car did not react to the Bluetooth traffic at all.
    Meh. My car doesn't respond to Bluetooth traffic either. :shrug:
  • into the cellphone industry.

    They have done the impossible: they created a bluetooth system that no virus in existant can infect.

    Microsoft, are you listening?

    God I think I will feel much safer knowing that my cellphone (and probably my comp's OS) is made by Toyota.
  • Non-M$ car (Score:2, Funny)

    by kihjin (866070)
    Obviously this test was not sponsored by Microsoft [slashdot.org].
  • Crashed? (Score:2, Insightful)

    Perhaps it's time to find a less ambiguous word to describe a system failure. I'm sure I wasn't the only one whose first glance at the article caught a much different meaning than was intended. Crash works fine in contexts where it doesn't already have a use, but when you refer to cars or planes, it does.
  • by jc42 (318812) on Monday May 09, 2005 @09:01PM (#12483669) Homepage Journal
    ... was the story from the guy whose cell phone caught the cabir virus, and his phone company's solution was to throw it away and buy a new phone.

    Now I'm going to be expecting to hear that Microsoft has adopted this approach (and PHBs are ordering their people to do it) ...

  • by subStance (618153) on Monday May 09, 2005 @09:15PM (#12483751) Homepage
    I'm no professional scientist, but it was my understanding that in order to prove something was not true, you have to demonstrate why it can never happen, not that it doesn't happen on a single car that you test it on.

    There must be hundreds of different versions of the car's software that have varying levels of resilience to the virus.

    I can't wait to see the follow up ... "Why Windows never crashes: we tested and it didn't so it never crashes okay ?" No trouble getting funding for that study from Redmond.
  • by ArrayIndexOutOfBound (694797) on Monday May 09, 2005 @09:15PM (#12483752)
    This is really good, you guys are killing me.

    Trying to infect Prius with a Symbian "virus" is like trying to infect a tree with a choc chip cookie . Hey I can come up with a better one - it's like trying to infect shampoo with a book on eating disorders (now go picture that in your head for a second).

    I won't go into debunking this as I have already done that (http://slashdot.org/comments.pl?sid=137390&cid=11 486620 [slashdot.org]).

    But this is so sweet - it takes one dumb kid with too much time on their hands and one even dumber kid to moderate at voila! you get slashdot "news".

    Don't you love it!
    • by thegrassyknowl (762218) on Monday May 09, 2005 @10:56PM (#12484519)

      Trying to infect Prius with a Symbian "virus" is like trying to infect a tree with a choc chip cookie . Hey I can come up with a better one - it's like trying to infect shampoo with a book on eating disorders (now go picture that in your head for a second).

      A lot of these embedded machines run Java-based software now. If it can run Java it doesn't matter what OS is underneath it. Sure, the JVM and the OS may have differing levels of protection depending on the device, but as I said... Java is the key.

      From what I understand (from my limited reading becuase I don't really give a flying fuck... nothing I own has Bluetooth for a very good reason) these cellphone virii rely on the Java compatibility to work.

      From the site:

      In February we published an official statement from Toyota that Lexus does not use Symbian OS, and thus cannot be infected by any of the Cabir variants.

      However a mobile worm infecting a car is a thought that one cannot let go easily, and even as we knew that the car cannot be infected, this was something that just had to be tested for real.

      So they already knew it isn't possible to infect the car. That much is clear. Now, Toyota could have lied about the OS it runs, and the car may have been vulnerable. You never know for sure until you try these things.

      It was still an interesting experiment because they discovered a few flaws in the Toyota Bluetooth system - the corrupted phone name that froze the display and the flat battery wasn't properly handled by the system.

      So, saying this was a stupid experiment is really stupid in itself.

      • A lot of these embedded machines run Java-based software now. If it can run Java it doesn't matter what OS is underneath it. Sure, the JVM and the OS may have differing levels of protection depending on the device, but as I said... Java is the key. From what I understand (from my limited reading becuase I don't really give a flying fuck... nothing I own has Bluetooth for a very good reason) these cellphone virii rely on the Java compatibility to work.

        No, Symian viruses (like Cabir) does not rely on the

    • The dumb kid is the director of research at FSecure. Feel silly now?
  • how about if they got a BSOD
    or an RSOD [slashdot.org]?
  • Data stream capture (Score:2, Interesting)

    by rgcustodio (710987)
    They should've at least used a Bluetooth packet analyzer and captured the data stream to and from the phone/car. It should be a good read. And a better disection could be performed.
  • There are three engineers in a car; an electrical engineer, a chemical engineer and a Microsoft engineer. Suddenly the car just stops by the side of the road, and the three engineers look at each other wondering what could be wrong. The electrical engineer suggests stripping down the electronics of the car and trying to trace where a fault might have occurred. The chemical engineer, not knowing much about cars, suggests that maybe the fuel is becoming emulsified and getting blocked somewhere. Then, the Micr
  • Then, the whole car crashed...

    Do you see what happens when you play with your cell phone instead of look at the road?!

After an instrument has been assembled, extra components will be found on the bench.

Working...