Forgot your password?
typodupeerror
Security Transportation

Hacking Automotive Systems 360

Posted by kdawson
from the one-hundred-twenty-while-in-park dept.
alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.
This discussion has been archived. No new comments can be posted.

Hacking Automotive Systems

Comments Filter:
  • by noidentity (188756) on Friday May 14, 2010 @08:59AM (#32206058)
    Someone with access to your unlocked car can cause it to malfunction by messing with its systems, story at 11!
    • by clone53421 (1310749) on Friday May 14, 2010 @10:09AM (#32206788) Journal

      Then it’s a good thing that they’ve already thought of that, I guess.

      He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.

    • Copy of the paper (Score:3, Informative)

      by chrb (1083577)

      The paper [autosec.org]

      That link really should have been in the summary....

  • So what? (Score:4, Insightful)

    by franz (35176) on Friday May 14, 2010 @08:59AM (#32206060)

    Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.

    • Re:So what? (Score:5, Insightful)

      by thijsh (910751) on Friday May 14, 2010 @09:21AM (#32206306) Journal
      There are some real-world scenario's where this can be used... A cut break-line will be detected by professionals, just like explosives, and every car is inspected prior to leaving with a VIP. So cutting the break line on the presidents limo probably won't get an attacker anywhere. But if the attacker could load software that stalls the engine or cuts the brakes at a predefined time (and place) the attackers can kidnap or kill the VIP without any advance indication that the car has been compromised.

      FTA: "In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown."

      Remove the clicking and countdown and no-one will know the car is sabotaged until it's too late. When I would be in charge of securing the president or other VIPs during transport I would want to be able to know if the vehicle has undetectable security flaws like this... The problem is that you don't even know if the software might have been compromised in the months/years that the car has been in service.

    • Re: (Score:3, Interesting)

      by germansausage (682057)
      Wrong method, it leaves obvious evidence. Clip some vicegrips on the flex hoses going to the front wheel cylinders. You've just eliminated 60% of the cars braking power. The pedal feels normal, or even a bit firmer than usual. Do it right and the vicegrips will come off when the car hits whatever it hits when the brakes (mostly) fail.
    • by khchung (462899)

      Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.

      But can you make it so that the brake lines is cut sometime later *WHEN* you want it to?

      Stick a phone/PDA/etc into the port, and you can cut the brake lines when you see the target car just as it approaches a red light or intersection.

      This is /.! Can't you guys imagine the possible ways to exploit a digital interface vs a mechanical one?

    • Re:So what? (Score:4, Informative)

      by fl!ptop (902193) on Friday May 14, 2010 @09:42AM (#32206504) Journal

      if I climbed under your car in the parking lot, I could cut the brake lines

      This is true, however your target would notice their brakes didn't work before pulling out of the parking space, when they pressed them to put the car into gear. Even if the car had a standard transmission, your target wouldn't get far in the parking lot before realizing something was wrong.

      Getting the brakes to fail at any time after the car is in motion would be impressive.

    • Re: (Score:3, Funny)

      by dkleinsc (563838)

      Because it makes this [theregister.co.uk] scenario much more likely?

  • Yeah... (Score:5, Funny)

    by Pojut (1027544) on Friday May 14, 2010 @08:59AM (#32206066) Homepage

    ...no matter how insecure they are, until hackers find a way to wirelessly connect to my car that doesn't have a wireless connection, I'm not going to worry.

    Now if you'll excuse me, I have to make sure some crazy ex-girlfriend doesn't have something stuffed in my OBDII port. "Your mom's OBDII port is stuffed!" Dammit! Almost made it without the mom joke...

  • by wiredog (43288) on Friday May 14, 2010 @09:01AM (#32206084) Journal

    We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

    • Re: (Score:3, Funny)

      by BarryJacobsen (526926)

      We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

      If they can, I'm rushing out to get OnStar - that'd be a lawsuit waiting to happen!

    • by Keruo (771880)
      Most car stereos have bluetooth. The stereo system is connected to other systems in car.
      Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.
      • by drinkypoo (153816)

        Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.

        It's actually not that farfetched; these days, a car stereo is a little computer. I mean, that's been true at least since the development of the digital FM radio, but now they have to speak complex protocols, and that means complex software. If your stereo is hooked up to a complex bus in your car, then likely there is a path to your ECU.

        Of course, it's generally trivial to disable car alarms, and it's also trivial to attach a small wireless module to the OBD-II port, so the possibility of such attacks is a

    • by zmaragdus (1686342) on Friday May 14, 2010 @09:13AM (#32206194)

      OnStar themselves can do several things like disable your engine, track your car, open the doors, etc. I would expect that it's theoretically possible (though unlikely) that a person could hack into your car via that method. It would certainly be quite a feat of hacking, but I believe it is possible.

    • I don't know if they can access the full functionality of the OBDII port, but they can stop your car. That is enough for me to never buy one of their cars.
    • by khchung (462899)

      We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

      How hard would it be to stick and hide a remote controlled smartphone/PDA/custom receiver under the car that connects to the port on the car? Instant remote control to everything that can be controlled from the port.

    • by ledow (319597) on Friday May 14, 2010 @09:24AM (#32206342) Homepage

      People have physical access to the outside of my car, it doesn't mean they can change my speedo, mileometer, fuel mixture, etc. quickly and without me realising that something has happened. They certainly can't do it just by plugging a box into the port even if they *do* break into my car... because my car is mechanical and doesn't run with this sort of shit (Note: I can and have removed the entire ECU box from a car in the past - it runs, but slowly and less efficiently and may not pass an emissions test, but it still works in a driveable condition - very modern cars literally do not work without them so they are "essential" and thus should work as bloody advertised).

      All of these things were done over an ODB cable to a standardised port on every car. On every decent model of car, they should be read-only information about the car's engine. The port is standardised, commonplace, accessible from the driver's seat (by law in the EU), hidden, and (with these models) accepts almost any device / commands without question. It's standard practice to connect an OBD box to modern cars if they have an indicator light up (in fact, it's usually the ONLY way to clear such a light). My car has one. I'm pretty damn sure that you can't modify my mileage or speedo via that route, though, or my fuel mixture, or stop my brakes working. About the worst you might be able to do is clear a warning light. This is because the OBD is designed properly, doesn't allow things it doesn't and it helped by the fact that my speedo is a needle connected to a magnetic induction coil produce by a spinning cable spun at a ratio of the speed of the wheels, and my mileometer is a tick-over-style mechanical one. The Prius-scare should have shown people what happens when you take away control of a vehicle from a driver and put it in the hand of a computer - it was discussed that virtual-ignition-systems, virtual-gearing-systems, etc. are just dangerous and provide no advantage to anyone.

      Nobody is saying these things are not do-able on any car with physical work, we're asking why the hell they are modifiable over such a cable in such a "simple" way that someone could literally sell a box on eBay that, when connected to a car, can fraudulently adjust mileage, turn on hot air vents, TURN OFF THE BRAKES (FFS!), and basically cause it to crash and explode whenever you want. That's *NOT* what the OBD standard is for - it's for diagnostics and diagnostic indicators. Why the hell can I adjust the hot air vent through that cable?

      The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter. The only "writable" things should be to clear diagnostic lights, which will inevitably pop up again if the problem is "real". So you can't just switch off the ABS light on a car and then sell it as having working ABS... OBD logs and records such actions in the car itself and will redisplay those indicators if there is a real problem still.

      Why the hell would you *ever* want to be able to modify information like that? Why should a mechanic ever be able to adjust the mileage on the car? It's stupid, not-thought-through and terrible design. Next up is being able to open the doors of any car that has Bluetooth OBD, or changing the VIN numbers or whatever. It's just ridiculous. Even if the car is computer controlled, there are some places where access control of sorts should prevent certain actions.

      • Re: (Score:3, Informative)

        by Pojut (1027544)

        or changing the VIN numbers or whatever

        NOOO!!!! You were doing so well, with such an awesome post...and you had to pull the ol' Vehicle Identification Number Number bit, didn't you? DIDN'T YOU?!?!?!?!

        p.s. Cars only have one VIN. It isn't just in the ECU, it's also stamped on the original engine, the transmission, the frame, and on a plate on the dashboard (at least in the US)

        • by ledow (319597)

          Duh - and all the storage locations for that particular piece of information are destroyable. None, however, are *changeable* without trace except for possibly, in the future, some stupid ECU that allows write access to places it shouldn't. Like the devices mentioned in the article, which let you do stupid crap that you shouldn't be allowed to. The article doesn't mention VIN's at all, I was just providing another example of an inflated, possible, future direction that idiotic car manufacturers might mak

      • Re: (Score:2, Informative)

        by Anonymous Coward

        The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable

        What if you change your tire size?

      • Shenanigans. (Score:4, Informative)

        by Burning1 (204959) on Friday May 14, 2010 @01:47PM (#32209818) Homepage

        I'm going to call shenanigans on this post. There has never been a vehicle where you could remove the ECU and expect it to run.

        A little history... The introduction of computers to vehicles has happened in many stages.

        The first stage was the introduction of electronic ignition computers in the late 70s. These systems replaced the vacuum ignition advance on older cars. The signal from the distributor literally ran through the ignition computer. Removing the computer means that there is no connection between engine timing and plug coil. With the ignition computer removed, you have no spark, and the engine cannot start.

        The next major step forward was the introduction of electronic fuel injection. This computer was responsible for controlling the fuel injectors. No ECU, means no fuel in the cylinders, which means no running vehicle. Power for the injectors literally comes via the ECU. Without the ECU, the injectors are literally unplugged.

        Later vehicles used more computers in more components of the vehicle, to the point that a computer controls the brakes on my motorcycle.

        But, there was no time where you could remove an ECU and expect the vehicle to still run.*

        * Yes, it is possible to disconnect a lot of the sensors on an electronically fuel injected vehicle, and it will still run. But the ECU must still be in place.

        Seriously Slashdot... You call yourself geeks, and you fall for this kind of stuff? Shame.

    • Re: (Score:3, Interesting)

      by dubbreak (623656)
      In this case they are talking about the OBD-II port, a physical port inside the vehicle (often in the driver's foot well). You can get a OBD-II connectors that are bluetooth (thought that would be short range) and wifi connectors (such as the OT-2 [ot-2.com]). So as far as you can connect via wifi you could send commands onto the shared command bus.

      This "hack" really isn't surprising at all. There are plenty of vehicles you can flash or change settings via the OBD port (such as Subarus). Scan tools only use read co
  • by llZENll (545605) on Friday May 14, 2010 @09:03AM (#32206104)

    It would seem to me we have a lot more to lose by auto manufacturers implement software security than to gain. Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive. With almost nothing to gain, if someone wants to disable your brakes they can (gasp) damage your brake line without even opening your car door! Mess with your tires, exhaust, gas, etc. There are many more ways to mess with your car externally than via the software port. And yet somehow the earth keeps rotating.

    • Re: (Score:2, Informative)

      by Pojut (1027544)

      Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive.

      No offense intended, so please don't take this as such. Mods, please mod offtopic:

      You haven't worked in a shop before, have you? Whether you have a cheap OBDII scanner [amazon.com] or a full-blown diagnostic tool [snapon.com], so long as the car uses OBDII, you can pull codes from it and subsequently replace the fouled O2 sensor, know which cylinder had a misfire, etc. The full-blown diagnostic tools are useful for crazy-hard problems to solve, but your average scanner bought at Autozone is sufficient enough for the vast majority

      • There are a significant number of OBD codes that are undefined in the standard. Auto manufacturers use these codes for things that are not covered under the standard and only release the meaning of those codes to mechanics working for one oftheir dealers. If an auto manufacturer were to add security, you can be sure they would only release the access information to their own dealers (unless the government intervened to prevent them from doing so).
      • by couchslug (175151) on Friday May 14, 2010 @10:25AM (#32206976)

        IAAM (I Am A Mechanic) too.

        Current OBD systems aren't guaranteed to be the future standard, and if the makers can use the excuse of "security" to restrict access to an increasing number of functions (including "functions yet unborn" they can ensure a revenue stream.

        Trusting auto makers to ensure easy system access is like trusting Sony to look after your PlayStation.

      • by name_already_taken (540581) on Friday May 14, 2010 @10:38AM (#32207140)

        OBD II is all well and good for basic emissions/driveability/MIL diagnostics, but adding security to the other functions, such as the door locks, windows, etc. could basically kill the aftermarket alarm/remote start business.

        On many (if not most) cars these days, many of the basic functions such as door locks are controlled via a CAN bus (a 2-wire twisted pair network) and more and more functions are migrating to network control rather than having dedicated wiring. In my car, everything other than the lights and the radio is run over CAN (even the seat adjustments and the rear window defogger).

        Take, for example, installing an aftermarket stereo: Many new cars don't have a wire that supplies 12V when you turn the key on to turn on the radio, the radio is always powered and listens to the CAN bus for the command from the car's BCM (body control module) to turn itself on. On these cars, a separate aftermarket module has to be installed to turn the radio on (or the installer has to dig around in the car to find something else that only turns on with the key, like a power outlet). There are also aftermarket modules that can translate the CAN bus commands from the car's factory steering wheel controls to control an aftermarket stereo.

        Adding a layer of security (presumably encryption or authentication) could cripple these abilities with aftermarket equipment.

        Don't believe me, well take the example of remote start on my current car a 1999 (yes, 12 model years old now) Mercedes Benz. I have installed 3 remote start systems on various cars (a Subaru, a Honda, and a Mazda) which were what I'd call conventionally-wired cars, having accessible wires to turn the ignition and engine computer on and start the car. Easy. Cost, under $100 for all the parts including extra relays to turn on accessories and such.

        On my '99 M-B, the engine computer will not allow the engine to run unless it can maintain a constant 2-way conversation over a separate CAN bus between itself and the EIS. What's the EIS? It's the Electronic Ignition Switch. Here's where things get complicated. M-B cars don't use conventional keys any more, the use a "SmartKey", which is an electronic key fob thing that inserts like a key, but has an infrared emitter-receiver in the end. The EIS supplies power to the SmartKey via an inductive coil around the key opening. The EIS and the SmartKey then engage via infrared in a continuous encrypted conversation which authorized the EIS to tell the engine computer to let the engine run. Because you need to have the SmartKey in place, it has been impossible to install a remote start system.

        Recently, a remote start system became available for my car (sold new 12 model years ago, remember), which will simulate the EIS' conversation with the SmartKey and allow the factory remote's Panic alarm button to be repurposed to start the car (the SmartKey is also the remote, but don't worry about that, it's actually two devices in one package). Cost: $1000. That's over ten times the cost of a remote start system for a regular car. And it took 12 years to develop.

        All because of a single encrypted function. Admittedly, a really well designed one that makes the car impossible to hotwire, but you can see what problems might face the aftermarket if things like door lock controls became encrypted.

        All in all, this research exercise is just stupid. Of course you can make a complicated system do silly things if you have physical access to it. I don't see the point of adding encryption to it when the aftermarket will have to figure out how to bypass it eventually anyway.

        Off topic, but in case anyone's interested, you can have up to 24 SmartKeys issued for an M-B vehicle, but I think only eight can be active at one time. The service information talks about having three ranks of eight keys. Once you need to replace the key for the 24th time, you need to replace the EIS, the engine computer and a couple of other items. SmartKeys can only be ordered at a dealer and you h

  • by Anonymous Coward on Friday May 14, 2010 @09:03AM (#32206108)

    I'd rather leave my port accessible- someday I may want to write some software. If someone has physically broken into my car and put something on my port, then that's my problem. Don't force DRM on us.

    I love how we as geeks sometimes want it both ways. "Keep it secure! Add encryption". "Wait wait! That's DRM, I want it gone!"

  • by acoustix (123925) on Friday May 14, 2010 @09:03AM (#32206110) Homepage

    I want to be able to connect diagnostic equipment to my car so that I know what's going on. I don't trust a mechanic to tell me what's wrong and how much it will cost. I like being able to do most of the work myself when possible.

    • Precisely. This is the most important thing that could come out of this work. Currently, it's the law that some of the diagnostic codes that are necessary to identify problems with a vehicle are publicly known. However, automobile manufacturers have more precise codes that you can only learn from the dealer's machine. Bringing it to the dealer of course means you pay out the nose. My Dad just went through this, the check engine light came on on his wife's car, so he days trying to figure out what the p
    • These sorts of security "flaws" also allow people to change the fuel injection mappings to increase horsepower, or enable extra electrical features not included from the factory, or do any number of other neat things. I want my car's computer to be more accessible, not less!

  • Manual Override (Score:5, Insightful)

    by happy_place (632005) on Friday May 14, 2010 @09:04AM (#32206112) Homepage
    Why not provide manual overrides for things like door locks and windows. Even CD drives have that little pinhole reset so you can manually pop the sucker open. It just seems ridiculous to automate everything in a device that is always going to be mechanical in nature.
    • Re: (Score:3, Interesting)

      by ickleberry (864871)
      Or just get one of the few modern cars still left that doesn't come with all these unnecessary automated sales gimmicks like the Ariel Atom
    • by khchung (462899)

      Why not provide manual overrides for things like door locks and windows.

      Simple - cost and liability.

      I doubt a mechanical override for the window can be as simple/lightweight as the CD pinhole. An additional manual overrides (i.e. == mechanical) means

      1. more parts (== more cost)
      2. a heavier car (== use more gas)
      3. more chance of failure (== more liability)
      4. more control mechanism (e.g. child locking for the windows for the mechanical switch also!), ==> even more parts and more failure modes (== even more liability)
      5. door lock override = 1 more pathway for car thief to open

      • Were this simply a matter of trust, then no big deal, but this is about weird hacker exploits. When you attach a computer to a simple device, you enable an assortment of unforseen additional functionality... stuff the designers never intended.
    • There is no vehicular emergency which can't be escaped from by properly applying a hammer to a window.

      Don't leave home without one, kids.
    • Re:Manual Override (Score:4, Insightful)

      by Thelasko (1196535) on Friday May 14, 2010 @10:19AM (#32206896) Journal

      Why not provide manual overrides for things like door locks and windows.

      Jaguar has such an override for their electronic transmission. [jalopnik.com]

  • blast hot air out of the radio? That's one wicked hack!

  • Is if any of these attacks are persistent/capable of lurking onboard waiting for some predefined trigger, without a device remaining connected to the diagnostics port.

    While corporatist DRM apologists might disagree, the ability to do all sorts of crazy stuff by connecting to your local diagnostics port is what we call a "feature". If anything, we don't have enough control here, and much of the control we do have is inadequately documented "Oh, sure, it's ODBC, in that it is more or less electrically comp
    • by BLKMGK (34057)

      There are some performance flashes that can be done in a demo mode that go back to normal performance after XX hours of driving but other than that I've never heard of a timed or triggered kind of thing being done. That would take extra ordinary access to the code and most flashes just modify tables for lookups. Even that is tough since the damned firmware is encrypted by most every automaker! Making this worse would really piss me off, these guys are not understanding what they are talking about IMO. Yes,

    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Friday May 14, 2010 @09:23AM (#32206338) Homepage Journal

      You'd have to reflash the PCM (ECU is an OBD-I term; this kind of stuff is only possible with OBD-II, which actually mandates the term "PCM" — if you want to be accurate, stop calling it an ECU in this context) entirely. I imagine that this sort of functionality is available on all modern cars; possibly not all OBD-II cars, but probably anything new enough to have CAN. Most OBD-II cars on the road do not use CAN anywhere, though today a car might have three or four CAN buses; PCM to OBD-II DLC (diagnostic link connector), PCM to transmission computer, PCM to BCM (body control module) and possibly even BCM to stereo. And other models exist but I personally think buying a car with a CAN bus shared between more than two components is asking for a foot in your ass.

      I happen to like my mechanical diesels, which achieve efficiencies very near to modern systems. It's only too bad International-Navistar lacked the foresight to implement the engine as a full-mechanical design, as Mercedes did; your battery can explode and the engine keeps running until you shut it off, because the shutoff is a vacuum switch on the back of the ignition lock. I've had my alternator fail completely and my battery down to about 4V in my 300SD, still made it to work. Nobody will be tampering with my DLC :D

      • Re: (Score:3, Interesting)

        by mrchaotica (681592) *

        I happen to like my mechanical diesels, which achieve efficiencies very near to modern systems.

        The only problem is that the mechanical diesels don't achieve emissions very near to modern systems.

        Of course, I have the same attitude you do (that the older cars are better), except I complain about failure-prone and biodiesel-incompatible diesel particulate filters while praising my rotary-injection TDI.

  • radio (Score:4, Funny)

    by dxkelly (11295) on Friday May 14, 2010 @09:09AM (#32206166) Homepage

    I want to know how they made the radio blow hot air.

  • The bad guy thought he'd committed the perfect crime, little did he know that someone on the CSI team would have hunch to check the firmware in the car and find the nefarious code snippet.

  • ...my decision to make my next vehicle a 1968 VW Beetle.

    • bugapaluza! [bugapaluza.com]
    • by netsavior (627338) on Friday May 14, 2010 @10:16AM (#32206862)
      68 was an ok year, but I would go with a 69, unless you can find a late 68. In late 68 and 69 on the independent rear suspension transaxle was added. The swing axle was dangerous, as it causes camber changes when you go over a bump, and it was less fun to drive in my opinion. Of course if you get a much earlier model it will be swing, and I would keep it that way, but if you want a 68, be sure to get the *right* 68.
  • G-dammit! (Score:3, Interesting)

    by BLKMGK (34057) <(morejunk4me) (at) (hotmail.com)> on Friday May 14, 2010 @09:20AM (#32206286) Homepage Journal

    The auto industry ALREADY encrypts the daylights out of most of their code! Which makes modifying it for performance reasons a PITA. I have to pay some guy a pile of cash to "flash" my current ECU because only a few guys have managed to figure out the code for it unlike with other cars. Duh, it's a computer and it controls things so yes it can be messed with.But the auto industry already encrypts it and makes this difficult. So long as the auto dealers are able to modify things like speedometers and other things this will always be a "threat" so stop running around like Chicken Little. Sheesh! What they should turn off the OBD-II standard codes so no one but a dealer can diagnose and make minor changes to cars? See how SEMA will like that and all of the independent garages and shade tree mechanics. then they will bitch that it's too locked down. Make up your minds and stop being so short sighted...

  • by Rogerborg (306625) on Friday May 14, 2010 @09:21AM (#32206314) Homepage
    Why did my client accelerate to 90mph? I put it to you, ladies and gentlemen of this supposed jury, that he did not. No, it was Evil Hackzorz, doubtless acting on the orders of the Saucer People, or perhaps the Mole Men. This is technically possible - for all you know - so you must have a reasonable doubt that my client was responsible.

    Appearing in a celebrity traffic trial near you in 3... 2...

  • I want to be able to access the computer that I OWN in the CAR THAT I OWN to be able to modify it, reprogram the fuel maps, so forth. Its hard enough right now to be able to access modern engine control systems, just what I need, a bunch of chicken little, fscking "security experts" claiming that cars are "insecure", raising all kinds of alarm, then the car makers react, start putting all kinds of deliberate DRM on the computer systems, and it becomes absolutely fscking impossible to modify your own car.
    • Re: (Score:3, Interesting)

      by ledow (319597)

      Sorry, but I think we'd all much rather have a car where the ABS (or, indeed, the brake-pedal) can't be disabled entirely, where brakes can't be activate entirely by software, where you can't play with mileometer just by sticking a box on the OBD port, or where the car cannot lock everybody inside if it crashes (the software, not the car!).

      It's not a question of software freedom - it's a question of not having that capability automated in the first damn place. In every car I've ever owned, when I press the

      • by AndersOSU (873247) on Friday May 14, 2010 @11:50AM (#32207984)

        Why, why, why on earth would anyone *EVER* want to legitimately activate a mode on their car where the brake function no longer corresponds to the brake pedal position?

        ABS.

        Modern car's know when they're skidding, and pulse the brakes to regain traction. There may be ways to be clever with "I'm skidding" signal to effectively disable the brakes.

        Want another one? Regenerative braking.

        This was the problem the Prius was having. If you brake with the throttle open you can ruin the car. The system was designed to cut throttle power before engaging the brake, and IIRC the flaw was the brakes wouldn't engage if, for some reason, the computer couldn't close the throttle. This was obviously a design flaw, but it is a legitimate reason you might want to run the brake signal through a computer.

        • Re: (Score:3, Insightful)

          by ledow (319597)

          ABS is a function that I covered in my original rant. If the computer goes bang, the worst that happens on my car, most cars and ideally *all* cars with ABS is that a warning light comes on and it takes slightly longer to brake (no worse than *not* having ABS at all). There is *no* need to be able to disable and/or enable that feature, or any feature of the braking, through any interface at all. If ABS messes up, you can still brake and warning lights appear to let you know you should get it fixed. That

  • ... is the clock. I already know that doesn't work.

    I did have a problem with the throttle sticking, but that was because the little spring that pulls it shut had stretched and fallen off.

  • Dear researchers (Score:5, Insightful)

    by BitZtream (692029) on Friday May 14, 2010 @09:39AM (#32206468)

    Please to be shutting the fuck up and panicing people.

    I WANT my car to allow me to do those things. Thats why I have an ODB-II dongle hooked up between my car and the PC thats in it ... so I can control my cars features the way I want.

    Being that the ODB port is generally directly under the drivers side dash, its rather hard for someone to plug into it without it being noticed. If they've plugged into it, they've got physical access to your car, which means they can do a lot more damage than fucking up your heater and blasting you with hot air.

    You said you didn't want to spread fear and panic, and you're lying, thats exactly your goal, and to use that to get attention for yourself.

    This isn't anything new, its been this way for at least 10 years if not longer (I haven't tried anything on older models) maybe all the way back into the ODB-I days and probably well before that when some cars had interfaces of their own standard.

  • by Dr_Marvin_Monroe (550052) on Friday May 14, 2010 @09:42AM (#32206502)

    Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.

    • Re: (Score:3, Interesting)

      by BitZtream (692029)

      ODB-II (And I to a lesser extent before it was superceded) exists for that exact reason.

      Every manufacture used to do their own random proprietary crap. Governments who wanted to access the computer for emmisions controls started requiring them to standardize so they didn't have to buy new crap and codes every time the manfucature decided to change things just to make it so you have to buy stuff from them.

      The government basically stepped in and stopped the DRM up front, which is why these ports are actually

  • by Lumpy (12016) on Friday May 14, 2010 @09:43AM (#32206530) Homepage

    I've been "HACKING" car computers for a decade now. and a lot of other people have as well. Most hot-rodders from import tuners to vette performance guys have been hacking ECM's. Many of the honda hackers even go as far as opening up the ECM and desoldering chips to hack them. Changing the ignition timing table, fuel tables, Disable the Rev limiter, Disable Passkey for engine swaps (I do this with the GM 3800sc and it's ecm from the Buicks) add features, change a Standard ECM program to a program that understand boost for a turbo install... etc.....

    Heck a friend of mine is hacking the computer that controls the new power steering system in cars so we can retrofit power steering to vehicles that dont have it.

    I guess us car ECM hackers are the new "EVIL DOERS"

    • Re: (Score:3, Funny)

      by geekoid (135745)

      That was a long way to go to attempt to look like the cool kids at the auto show.

    • re: ECM hacking (Score:3, Interesting)

      by King_TJ (85913)

      Actually, a whole bunch of us REALLY wish one of you experts at ECM hacking would figure out the Delphi branded ECU found in the Hyundai Genesis Coupe 3.8 V6!

      It's a great little sports car at a reasonable price-point, but so far, it seems like its engine is held back from its full potential because the ECU can't be directly reprogrammed.
      (Apparently, some folks in Korea have already cracked its ECU and done some custom tuning so they could add things like superchargers or turbos ... but here in the USA, we c

  • by pongo000 (97357) on Friday May 14, 2010 @09:44AM (#32206536)

    ...has been around since OBD-1 [tunercat.com] days, as far back as 1984 [tunerpro.net]. OBD-2 programming systems are available for anything from 1994 [eidnet.org] through 2010 [hptuners.com]. There are even scanners that allow you to enter the PIDs of your choice [scangauge.com] (obtained from monitoring the data line while performing operations with a scantool).

    Since newer vehicles control nearly everything via CANbus, it's no surprise that someone has taken the time to monitor the bus and inject various commands. This sort of hacking has been around for over 20 years (despite auto manufacturers' attempts to protect their hardware with security keys and seeds). I don't see them "solving" this "problem" anytime soon...unless they come up with a way to make a "secure" bus (perhaps using fiber optics).

  • As a VW owner, I can attest to the benefits of "hacking". How about adding 50 HP (and lots of torque) with a software upgrade.
  • Now imagine that a car is shipped with a virus in the firmware. And at the same moment of time millions of cars on highways suddenly become unmanageable.

    This article reminds again that computers more and more run our civilization. We are to begin to regard an unlawful interference into computer systems as a very serious life-threatening crime.

    A certain shift in mentality is required. We shall not be amused by "black hat", "white hat", or other "hacking" subculture phenomena, but view malicious code writers

  • ABS warning light came on in my 2000 Nissan Frontier. They traced the fault to the ABS control module, and the replacement part is $1000!!! That's an appalling amount of money for a couple bucks worth of silicon!

    I'm coming to the conclusion that there needs to be industrial or even government standards for computer security, and there ought to be an investigation on the price of (safety related) repair parts.

  • by netsavior (627338) on Friday May 14, 2010 @10:03AM (#32206706)
    As a car modder, who has been doing this kind of stuff (not malicious) since the early 1990s, wow welcome to the future guys.

    Just an example: When my throttle position is above 90% depressed, my A/C compressor disengages(or rather the A/C Clutch engages), giving me that little bit of horsepower and theoretically saving my compressor from 7500 RPM (engine speed, not compressor speed) redline. I did this in an afternoon using only software.

    The ECU has a lot of control over the car, especially in drive by wire cars... My car happens to have a cable accelerator, and I vastly prefer that because of throttle response time (a physical link is better most of the time than a software one, assuming both are properly maintained).

    If they were really trying to be malicious without being deadly, you could change the air/fuel ratio to be really lean and burn up the valve train the first time they hit the gas pedal, there is no physical override for that, not like brake pedals (which if you turn it off it merely removes the power assist and only prevents you from stopping the car if you aren't strong enough to push the pedal down.)
  • ... hack the dashboard display to tell all the LLBs to get the f**k out of the left lane?
  • I once had the occasion to rent a car and drive it around on a fine Sunday afternoon. The afternoon was so fine, so inspiring to my pedal-mashing sensibilities, that on a whim I decided to take the car as close to airborne as I could over a rather steep hill.

    I ended up catching a little too much air, and bottomed-out the car pretty hard. Upon landing with a loud crunchy thud, all the dash lights went out, the power steering died, and I had to wrestle the car off the road in quite a hurry.

    Sitting there
  • by UnifiedTechs (100743) on Friday May 14, 2010 @10:45AM (#32207236) Homepage

    Didn't we just blast Toyota for having a completely closed system, that only 1 laptop in the US could access.... but now we blast everyone else for having an open system because it can be hacked?

    Given physical access to any system it can be hacked.

  • by slacklinejoe (1784298) on Friday May 14, 2010 @12:46PM (#32208738)
    A lot of us car nuts have been hacking our car computers for years. There's systems that go light years beyond the factory systems. 10 years ago, I was able to use my Palm Pilot II to modify my fuel trims while driving, monitor horsepower and adjust an electronically controlled boost controller for my turbo. That was all on a 1990 Talon AWD so it didn't even had ODBII yet. My new model actually fully replaced the EEPROM chips in the ECU and has bluetooth capabilities to be controlled from my smartphone, controls the doorlocks, radio, moonroof etc. In theory, it would be a trival bluetooth hack to not only cause the engine to stop but to detonate the engine (destroy - not actually cause an explosion) by pulling the fuel trims too lean. The bluetooth module was a snap on vampire chip with a tiny lead to a receiver. The whole system looked 100% factory and was tiny. It would be a trival system to integrate a remote kill and unless they were specifically looking for a technology related problem, investigators would likely never realize that it had been installed.
  • by jafac (1449) on Friday May 14, 2010 @01:38PM (#32209630) Homepage

    My Jetta's VCDS software and port (as well as the printed Bentley shop manual) come with big fat user warnings about taking precautions against accidentally setting off the airbags. In fact, with multi-stage systems, if you're sitting in the front-seat, not buckled, maybe with a laptop on your lap, maybe scooted forward a tad, not resting back, you could probably end up with some serious ow-age.

    (I know this, because my controller module has failed; and I'm debating whether to just remove it and live without airbags, or if I should have it re-flashed and deal with the risk of accidental discharge in the reinstallation process.)

What this country needs is a good five cent microcomputer.

Working...