Forgot your password?
typodupeerror
Worms Communications Security IT

Testing Out Cell-Phone Viruses on a Prius 196

Posted by timothy
from the deep-underground-in-their-lair dept.
Mikko Hypponen writes "Couple of months ago there were rumours floating around that Bluetooth viruses could infect the on-board computers of some Lexus cars, or at least cause some visible effects on them. We took a Toyota Prius to an underground bunker and tested various Bluetooth mobile phone viruses and assorted Bluetooth attacks against the onboard computer. Results were somewhat surprising. It came as no surprise that we could not infect the car, but the Prius performed in the test even better than expected. No matter what we did the car did not react to the Bluetooth traffic at all. Cabir tried to send itself to the car and the car just did not allow the Bluetooth OBEX transfer to happen. Then, the whole car crashed (but not because of a virus)... Full story with pictures in our weblog."
This discussion has been archived. No new comments can be posted.

Testing Out Cell-Phone Viruses on a Prius

Comments Filter:
  • by Xeroc (877174) on Monday May 09, 2005 @08:01PM (#12483324)
    After all, the cell phones use Symbian OS, and the Prius (and Lexus) both do not use it, so it isn't very suprising that the virus wouldn't work. After all, you don't hear very often that a MS-Windows virus infects a Macintosh.

    Also, I liked the apparent security features in the car, that it didn't react to the bluetooth traffic, but then again, this is probably just due to an inconpatiblility - i.e. the car won't except any type of data but a specific type, like a valid VCARD phone book.
  • Re:Serious Question (Score:4, Interesting)

    by douglips (513461) on Monday May 09, 2005 @08:03PM (#12483344) Homepage Journal
    You do realize that these people (F-Secure) are virus fighters? They intentionally infect all kinds of things all day long, so they can figure out how to cure them.
  • Crazy (Score:5, Interesting)

    by XFilesFMDS1013 (830724) on Monday May 09, 2005 @08:06PM (#12483364)
    Reading the article, they're talking about going undergound in order to not effect any other cellphones in the area, and it stuck me as to how much is the same between a computer virus and a "physical" virus. I mean, scientists who work with e.g. bubonic plague, have to take the same cautions, i.e. not letting the virus out into the "wild", where it can spread. I suppose in a few years, many viruses will be tested like this, taking them into a underground bunker, putting them on a computer that has absolutly no connection to the outside world, and trying to find a cure for it. Then the geeks shall hold the true power.
  • Re:Still At Risk (Score:2, Interesting)

    by Fishstick (150821) on Monday May 09, 2005 @08:07PM (#12483371) Journal
    I've always preferred removing the valve stems with a pair of cutting pliers, myself.

    Yeah, it makes a nice whistling sound, but that is kinda the attraction too -- somewhere in the parking garage there are four whistles gradually becoming lower, quieter...

    The victim walks out, sees four flats with no apparent damage *WTF*

    Nothing as serious as having to buy 4x$120 tires, just aggravating to have to have someone come and repair the wheels onsite (esp in a parking garage where clearance will not permit a rollback trailer)
  • by krbvroc1 (725200) on Monday May 09, 2005 @08:15PM (#12483411)
    Firefox will do this too. I'll visit a site that says the security certificate is invalid, so I click 'deny'. The another certificate request pops up, ad-infinitum is seems. Since its a modal dialog you can't even close the web browser or close the 'tab' I'm browsing in. I end up either answering yes after examining the cert or kill via the task manager which closes not only that one site, but all all my open tabs.
  • Re:Still At Risk (Score:5, Interesting)

    by Samari711 (521187) on Monday May 09, 2005 @08:44PM (#12483552)
    a better way to do this is to buy a valve tool at the local auto parts store. rather than do any permenant damage just loosen every tire's stem. Even if the owner could figure out why their tires are flat, they most likely won't have the tool on hand to fix it. even if they have a pump, the tires won't inflate and they'll be very confused. Also note that some car (especially those abominations known as Hummers) have tires that automatically inflate themselves, so doing this to one of them would result in a car with 4 flats and a dead battery :)
  • by taniwha (70410) on Monday May 09, 2005 @08:53PM (#12483630) Homepage Journal
    well given that the Prius doesn't have a traditional key, just a key-fob that identofies you and an 'on' button it is a lot like rebooting a PC - to be fair they probably didn't push 'reset' (there isn't one) just turned it off then on again
  • by subStance (618153) on Monday May 09, 2005 @09:15PM (#12483751) Homepage
    I'm no professional scientist, but it was my understanding that in order to prove something was not true, you have to demonstrate why it can never happen, not that it doesn't happen on a single car that you test it on.

    There must be hundreds of different versions of the car's software that have varying levels of resilience to the virus.

    I can't wait to see the follow up ... "Why Windows never crashes: we tested and it didn't so it never crashes okay ?" No trouble getting funding for that study from Redmond.
  • Re:Still At Risk (Score:2, Interesting)

    by kamileon (35033) on Tuesday May 10, 2005 @01:11AM (#12485410)
    I've actually watched someone DOS a car... A car alarm was going off every few minutes as trucks drove by during the middle of wedding preparations in a San Francisco park. The sensitivity was cranked way up on the alarm. So the best man walked up to the car and tapped his class ring on the window to set the alarm off, and then kept tapping the window every time the alarm stopped. Drained the battery in about 15-20 minutes, in plenty of time for a peaceful wedding. :) Keep this in mind the next time your neighbor's car alarm goes off at 2 AM. Sure, it takes 20 minutes, but then you get a whole night of blissfully uninterrupted sleep. :)
  • Data stream capture (Score:2, Interesting)

    by rgcustodio (710987) on Tuesday May 10, 2005 @01:45AM (#12485559) Homepage Journal
    They should've at least used a Bluetooth packet analyzer and captured the data stream to and from the phone/car. It should be a good read. And a better disection could be performed.

If you had better tools, you could more effectively demonstrate your total incompetence.

Working...