Forgot your password?
typodupeerror
Security Transportation

Hacking Automotive Systems 360

Posted by kdawson
from the one-hundred-twenty-while-in-park dept.
alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.
This discussion has been archived. No new comments can be posted.

Hacking Automotive Systems

Comments Filter:
  • by noidentity (188756) on Friday May 14, 2010 @08:59AM (#32206058)
    Someone with access to your unlocked car can cause it to malfunction by messing with its systems, story at 11!
  • So what? (Score:4, Insightful)

    by franz (35176) on Friday May 14, 2010 @08:59AM (#32206060)

    Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.

  • by wiredog (43288) on Friday May 14, 2010 @09:01AM (#32206084) Journal

    We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

  • by llZENll (545605) on Friday May 14, 2010 @09:03AM (#32206104)

    It would seem to me we have a lot more to lose by auto manufacturers implement software security than to gain. Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive. With almost nothing to gain, if someone wants to disable your brakes they can (gasp) damage your brake line without even opening your car door! Mess with your tires, exhaust, gas, etc. There are many more ways to mess with your car externally than via the software port. And yet somehow the earth keeps rotating.

  • by Anonymous Coward on Friday May 14, 2010 @09:03AM (#32206108)

    I'd rather leave my port accessible- someday I may want to write some software. If someone has physically broken into my car and put something on my port, then that's my problem. Don't force DRM on us.

    I love how we as geeks sometimes want it both ways. "Keep it secure! Add encryption". "Wait wait! That's DRM, I want it gone!"

  • by acoustix (123925) on Friday May 14, 2010 @09:03AM (#32206110) Homepage

    I want to be able to connect diagnostic equipment to my car so that I know what's going on. I don't trust a mechanic to tell me what's wrong and how much it will cost. I like being able to do most of the work myself when possible.

  • Manual Override (Score:5, Insightful)

    by happy_place (632005) on Friday May 14, 2010 @09:04AM (#32206112) Homepage
    Why not provide manual overrides for things like door locks and windows. Even CD drives have that little pinhole reset so you can manually pop the sucker open. It just seems ridiculous to automate everything in a device that is always going to be mechanical in nature.
  • by zmaragdus (1686342) on Friday May 14, 2010 @09:13AM (#32206194)

    OnStar themselves can do several things like disable your engine, track your car, open the doors, etc. I would expect that it's theoretically possible (though unlikely) that a person could hack into your car via that method. It would certainly be quite a feat of hacking, but I believe it is possible.

  • Re:So what? (Score:5, Insightful)

    by thijsh (910751) on Friday May 14, 2010 @09:21AM (#32206306) Journal
    There are some real-world scenario's where this can be used... A cut break-line will be detected by professionals, just like explosives, and every car is inspected prior to leaving with a VIP. So cutting the break line on the presidents limo probably won't get an attacker anywhere. But if the attacker could load software that stalls the engine or cuts the brakes at a predefined time (and place) the attackers can kidnap or kill the VIP without any advance indication that the car has been compromised.

    FTA: "In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown."

    Remove the clicking and countdown and no-one will know the car is sabotaged until it's too late. When I would be in charge of securing the president or other VIPs during transport I would want to be able to know if the vehicle has undetectable security flaws like this... The problem is that you don't even know if the software might have been compromised in the months/years that the car has been in service.

  • by ledow (319597) on Friday May 14, 2010 @09:24AM (#32206342) Homepage

    People have physical access to the outside of my car, it doesn't mean they can change my speedo, mileometer, fuel mixture, etc. quickly and without me realising that something has happened. They certainly can't do it just by plugging a box into the port even if they *do* break into my car... because my car is mechanical and doesn't run with this sort of shit (Note: I can and have removed the entire ECU box from a car in the past - it runs, but slowly and less efficiently and may not pass an emissions test, but it still works in a driveable condition - very modern cars literally do not work without them so they are "essential" and thus should work as bloody advertised).

    All of these things were done over an ODB cable to a standardised port on every car. On every decent model of car, they should be read-only information about the car's engine. The port is standardised, commonplace, accessible from the driver's seat (by law in the EU), hidden, and (with these models) accepts almost any device / commands without question. It's standard practice to connect an OBD box to modern cars if they have an indicator light up (in fact, it's usually the ONLY way to clear such a light). My car has one. I'm pretty damn sure that you can't modify my mileage or speedo via that route, though, or my fuel mixture, or stop my brakes working. About the worst you might be able to do is clear a warning light. This is because the OBD is designed properly, doesn't allow things it doesn't and it helped by the fact that my speedo is a needle connected to a magnetic induction coil produce by a spinning cable spun at a ratio of the speed of the wheels, and my mileometer is a tick-over-style mechanical one. The Prius-scare should have shown people what happens when you take away control of a vehicle from a driver and put it in the hand of a computer - it was discussed that virtual-ignition-systems, virtual-gearing-systems, etc. are just dangerous and provide no advantage to anyone.

    Nobody is saying these things are not do-able on any car with physical work, we're asking why the hell they are modifiable over such a cable in such a "simple" way that someone could literally sell a box on eBay that, when connected to a car, can fraudulently adjust mileage, turn on hot air vents, TURN OFF THE BRAKES (FFS!), and basically cause it to crash and explode whenever you want. That's *NOT* what the OBD standard is for - it's for diagnostics and diagnostic indicators. Why the hell can I adjust the hot air vent through that cable?

    The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter. The only "writable" things should be to clear diagnostic lights, which will inevitably pop up again if the problem is "real". So you can't just switch off the ABS light on a car and then sell it as having working ABS... OBD logs and records such actions in the car itself and will redisplay those indicators if there is a real problem still.

    Why the hell would you *ever* want to be able to modify information like that? Why should a mechanic ever be able to adjust the mileage on the car? It's stupid, not-thought-through and terrible design. Next up is being able to open the doors of any car that has Bluetooth OBD, or changing the VIN numbers or whatever. It's just ridiculous. Even if the car is computer controlled, there are some places where access control of sorts should prevent certain actions.

  • by halfdan the black (638018) on Friday May 14, 2010 @09:26AM (#32206368)
    I want to be able to access the computer that I OWN in the CAR THAT I OWN to be able to modify it, reprogram the fuel maps, so forth. Its hard enough right now to be able to access modern engine control systems, just what I need, a bunch of chicken little, fscking "security experts" claiming that cars are "insecure", raising all kinds of alarm, then the car makers react, start putting all kinds of deliberate DRM on the computer systems, and it becomes absolutely fscking impossible to modify your own car.

    If I want to modify the computer on MY CAR, THAT IS MY RIGHT, NOT A SECURITY ISSUE!!!!!
  • by Anonymous Coward on Friday May 14, 2010 @09:36AM (#32206446)

    What's the problem with having it both secure and extensible? DRM is a problem because the authority over the system is held by someone else, not the owner. Give the owner the smart card which signs the code and everything's peachy.

  • Dear researchers (Score:5, Insightful)

    by BitZtream (692029) on Friday May 14, 2010 @09:39AM (#32206468)

    Please to be shutting the fuck up and panicing people.

    I WANT my car to allow me to do those things. Thats why I have an ODB-II dongle hooked up between my car and the PC thats in it ... so I can control my cars features the way I want.

    Being that the ODB port is generally directly under the drivers side dash, its rather hard for someone to plug into it without it being noticed. If they've plugged into it, they've got physical access to your car, which means they can do a lot more damage than fucking up your heater and blasting you with hot air.

    You said you didn't want to spread fear and panic, and you're lying, thats exactly your goal, and to use that to get attention for yourself.

    This isn't anything new, its been this way for at least 10 years if not longer (I haven't tried anything on older models) maybe all the way back into the ODB-I days and probably well before that when some cars had interfaces of their own standard.

  • by Dr_Marvin_Monroe (550052) on Friday May 14, 2010 @09:42AM (#32206502)

    Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.

  • Re:Manual Override (Score:4, Insightful)

    by Thelasko (1196535) on Friday May 14, 2010 @10:19AM (#32206896) Journal

    Why not provide manual overrides for things like door locks and windows.

    Jaguar has such an override for their electronic transmission. [jalopnik.com]

  • Re:So what? (Score:2, Insightful)

    by thijsh (910751) on Friday May 14, 2010 @10:21AM (#32206926) Journal
    Way to miss the point indeed. If an issue such as this is not taken seriously no-one in charge of automobile security will ever know to get the source.
    And besides; if you have exactly one minute would you be able to screw with the car without any professional finding a trace of it on a thorough inspection? The point is that most physical flaws (and attack vectors) are known and will be found, but this software flaw is new so no-one expects it or checks for it... Messing with a car only has a point from an attackers point of view if it is not detected until it's too late.
  • by couchslug (175151) on Friday May 14, 2010 @10:25AM (#32206976)

    IAAM (I Am A Mechanic) too.

    Current OBD systems aren't guaranteed to be the future standard, and if the makers can use the excuse of "security" to restrict access to an increasing number of functions (including "functions yet unborn" they can ensure a revenue stream.

    Trusting auto makers to ensure easy system access is like trusting Sony to look after your PlayStation.

  • Re:So what? (Score:4, Insightful)

    by thijsh (910751) on Friday May 14, 2010 @10:35AM (#32207096) Journal

    Getting the brakes to fail at any time after the car is in motion would be impressive.

    Using this hack an attacker could probably let the brakes fail the moment you go over 100mph, as well as disabling steering-assist and traction control, and maybe even floor the gas pedal...
    This is the ultimate 'digital brake line cut' turning the vehicle into a crippled metal cage of death hurling to whatever is in front of it with (most likely) lethal consequence.

  • by Anonymous Coward on Friday May 14, 2010 @10:42AM (#32207184)

    With all due disrespect, fuck you. You're exactly the kind of person that nobody wants to deal with when they go to a car shop. You're there to provide a service for a reasonable cost. It takes you all of what, 5 minutes to pull codes? How is that worth $85? It isn't, simple as that. You admit to gouging people because you're unhappy they won't spend hundreds dollars more to do more simple, overpriced work.

  • Re:So what? (Score:3, Insightful)

    by Mister Whirly (964219) on Friday May 14, 2010 @10:49AM (#32207272) Homepage
    If the security people can find cut break lines, what make you think they would miss the computer plugged into the diagnostic port? The one sending and reviving radio waves all over the place that are very detectable? Something tells me that VIPs already knew about the possibility of this vector of atttack and either check the diagnostics port already as part of their security sweep of the car, or have the diagnostic port armored or even removed to prevent tampering. The point being made was that physical access - to a car or computer - quickly can be game over. But with a car they physical evidence would probably be easier to detect.
  • Re:So what? (Score:4, Insightful)

    by jackbird (721605) on Friday May 14, 2010 @10:55AM (#32207334)
    Think 'open hood,' 'attach doohickey,' 'wait 30 sec. while it flashes the new firmware,' 'remove doohickey'. Bonus points if you can compromise the motor pool's code reader while the VIP limo is nowhere nearby, and the trustworthy mechanic is the one inadvertently doing the flashing during routine scheduled maintenance.
  • Re:So what? (Score:3, Insightful)

    by thijsh (910751) on Friday May 14, 2010 @11:16AM (#32207592) Journal
    When they know how to use the hardware it should be trivial to flash the internal software... But there are enough posts describing this already.
  • by AndersOSU (873247) on Friday May 14, 2010 @11:50AM (#32207984)

    Why, why, why on earth would anyone *EVER* want to legitimately activate a mode on their car where the brake function no longer corresponds to the brake pedal position?

    ABS.

    Modern car's know when they're skidding, and pulse the brakes to regain traction. There may be ways to be clever with "I'm skidding" signal to effectively disable the brakes.

    Want another one? Regenerative braking.

    This was the problem the Prius was having. If you brake with the throttle open you can ruin the car. The system was designed to cut throttle power before engaging the brake, and IIRC the flaw was the brakes wouldn't engage if, for some reason, the computer couldn't close the throttle. This was obviously a design flaw, but it is a legitimate reason you might want to run the brake signal through a computer.

  • by ledow (319597) on Friday May 14, 2010 @12:09PM (#32208220) Homepage

    ABS is a function that I covered in my original rant. If the computer goes bang, the worst that happens on my car, most cars and ideally *all* cars with ABS is that a warning light comes on and it takes slightly longer to brake (no worse than *not* having ABS at all). There is *no* need to be able to disable and/or enable that feature, or any feature of the braking, through any interface at all. If ABS messes up, you can still brake and warning lights appear to let you know you should get it fixed. That's all that's required. And all the mechanic needs is a way to put out that warning light when they've fixed the problem (but the car is welcome to engage it again if it detects a problem, even immediately after it's been "fixed"). Why on Earth do you need a "disable brakes" function to even EXIST, no matter what the emergency? We're not talking about turning off ABS, the researchers were able to turn off THE BRAKES.

    Regenerative braking systems that "ruin the car" if you brake while throttling need a complete redesign. How stupid to have to have a device that cuts one in order to allow the other? Of course, they are mutually-exclusive functions but, as with the Prius, the failure mode is inherently dangerous because it will fail to counteract if one "sticks open" because it's trying to enforce mutual-exclusion. And when your pedal jams down, you can't brake, which is the only vital function of a car. The opposite isn't true that if the brake jams down, you need to be able to accelerate away.

    So where in that mess is it necessary to have any sort of enable/disable function of any of the braking system at all or be able to play with any of its parameters? And where is it necessary for that to be accessible over a cable AT ALL or be modifiable at all by the user, or even a third-party garage? It's crap. And the braking signal can run through whatever computers it wants - I damn well want flashy lights and warnings when something is wrong and, like ABS, a computer can check things a lot faster and more accurately than I can. But when that braking signal CONTROLS the brakes, rather than assists them, you have to go find the designer and shoot them.

  • by phantomcircuit (938963) on Friday May 14, 2010 @12:43PM (#32208690) Homepage

    It's a pretty safe bet that OnStar is vulnerable to some kind of attack.

There is no distinction between any AI program and some existent game.

Working...