The Shoddy State of Automotive Wireless Security 260
angry tapir writes "Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged. While the potential for misuse may be minimal, this vulnerability points to a troubling lack of rigor with secure software development for new automobiles, said Wenyuan Xu, a computer science assistant professor at the University of South Carolina, who was a co-lead on the study. The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington DC."
Probably the right design choice (Score:5, Insightful)
If the potential for misuse is minimal, then it's only common sense to make the tire communications simple and easy to troubleshoot, and to assign the security people to work on something that matters.
Re:Probably the right design choice (Score:5, Informative)
Re:Probably the right design choice (Score:4, Insightful)
Re: (Score:2)
I can understand the need for this system for run flat tires, especially since you carry NO spare with you, but I can't imagine that many 'normal' cars out there today are going with run flats. If not...why are newer cars bothering with wireless from the tires??
Are there actually that many non-performance new car
Re: (Score:2)
Re: (Score:3, Funny)
Any vehicle sold in the US after September 1, 2007 is supposed to have a TPMS (tire pressure monitoring system) as mandated by the TREAD act.
Why? Because no one knows how to check the air pressure in their tires anymore.
That and the whole Firestone fiasco.
Re: (Score:3, Insightful)
Certainly resources need to be allocated wisely however when the device crashes due to invalid inputs, that is at best annoying, at worst very expensive to repair.
Never attribute to incompetence that which can be explained by greedy self-interest. The auto manufacturers and dealeer make money off these defective devices. I call foul.
Lets skip to the heart of the matter (Score:5, Informative)
Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS.
Re: (Score:2)
New cars have a lot more sound insulation, and louder stereos so it's a lot harder to know when a tire is getting low based on the sound. I've been on plenty of crappy roads where I've pulled over cause it felt like the tire was shot, It's kind of nice to have a little light save be a few min.
Re:Lets skip to the heart of the matter (Score:5, Interesting)
You can use the ABS sensors to detect a soft tyre. Some Volkswagens can actually have a soft tyre warning added, by a firmware update!
Basically what you do is you measure the output of all four wheel sensors (as the ABS unit does anyway), and see if one is consistently a higher speed than the others. Soft tyre == smaller rolling radius == faster rotation for the same road speed. It won't catch if all your tyres are equally flat.
Re:Lets skip to the heart of the matter (Score:4, Informative)
Re: (Score:3, Informative)
So why isn't it showing up?
In order to deal with the massive volume of readers, Slashdot periodically builds a static page. This is what gets served to you when you read Slashdot, not an on-the-fly dynamic page built from the comments database. It takes a few minutes for your comments to become part of the static pages. I think it even says that when you hit submit.
Re:Lets skip to the heart of the matter (Score:5, Informative)
Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS.
I'd rather have airbags than a decent stereo.
However, before even thinking about airbags, I'd really enjoy to have lights, windshield, mirrors, ...
Brakes are nice too. unless you're planning to go slow enough to brake with your foot.
Re:Lets skip to the heart of the matter (Score:5, Funny)
Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS.
I'd rather have airbags than a decent stereo.
However, before even thinking about airbags, I'd really enjoy to have lights, windshield, mirrors, ...
Brakes are nice too. unless you're planning to go slow enough to brake with your foot.
Wheels are a nice feature too.
Re: (Score:3, Funny)
Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS.
I'd rather have airbags than a decent stereo.
However, before even thinking about airbags, I'd really enjoy to have lights, windshield, mirrors, ...
Brakes are nice too. unless you're planning to go slow enough to brake with your foot.
Wheels are a nice feature too.
Nah, they're just a fad.
Re: (Score:2)
I'd add a decent steering wheel to that too.
Re: (Score:2)
how about we remove the air bags, and move to anchored 5 point harnesses, and helmets with HANS devices. I'll keep the wheels, and the steering wheel ideas though. Airbags are dumb, an attempt to keep the squishy meat bag from hitting something hard when they are being tossed around the car. It's much simpler to simply stop the meat bag flying around in the first place. My kids are in 5 point harnesses attached to the seat frames, why not me too?
Re: (Score:2)
He forgot a transmission too.
Re: (Score:2)
Re: (Score:2)
Re:Lets skip to the heart of the matter (Score:5, Funny)
Brakes are nice too. unless you're planning to go slow enough to brake with your foot.
His ideal car doesn't have a transmission or wheels, so unless he's on a steep enough hill that his lightweight but strong aluminum body can skid down it, he'll just be sitting in his driveway going 'vroom vroom' anyway. If his ideal house has a driveway, that is. As his ideal car also doesn't have a floor pan, he'll have no trouble using his feet to pretend to brake.
Re: (Score:3, Funny)
I'm still with the GP on one thing...I just HATE ABS. I just never feel in control with those damned things...you
Re:Lets skip to the heart of the matter (Score:5, Insightful)
If you had regular brakes, the wheels would have locked and you would not be able to steer at all. You would have slid into the other car. You only have control when the tire is gripping the road.
Re: (Score:2)
which is not how ABS works, maybe if it applied the brakes little enough to keep the wheels rolling, but nope, it's full on then full off, then full on again. Thats the real problem, also a good driver can get the wheels unlocked and the car corrected faster than ABS works.
Personally i've slid 5-10 feet into intersections because of ABS when it is slick out. The ABS sensors in my older car do not work well at 5 MPH (this is by design it looks like, they can only detect movements of s certain angular distanc
Re: (Score:3, Insightful)
A good driver cannot ever hope to lock and unlock the brakes with full force faster than the ABS computer.
Claiming to be able to do otherwise would win the "hubris of the millenium" prize.
A proper ABS computer and system can not only lock and unlock the wheels within milliseconds (which would be suboptimal anyway) but keep the whole car at THE maximum brake power that is physically possible while keeping the vehicle able to steer - during the whole process, on all surfaces, at 4am, after a 10-hour work shif
Re: (Score:2)
Cars don't need wireless sensors. In fact they don't need most of the electronics that gets built in at all. This may seem old-fashioned but for nearly a century a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately when a deflating tyre is detected.
I'm not arguing if favour of sensors, be them wireless or not. Just pointing why we are in the situation of discussing over "tyre sensor hijacking" now, maybe there's something to learn.
From TFA:
The U.S. has required such systems in new automobiles since 2008, thanks to legislation passed after controversy erupted over possible defective Firestone tires in 2000.
A bit of google-ing around resulted into this [wikipedia.org], with the relevant section being:
Many outside observers tend towards blaming both parties; Firestone's tires being prone to tread separation and failure, and the SUVs being especially prone to rolling over if a tire fails at speed compared to other vehicles.
To summarize:
Re:Lets skip to the heart of the matter (Score:4, Insightful)
"a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately "
Is that the system that is unable to differentiate between gas and breaks in a Toyota?
Re:Lets skip to the heart of the matter (Score:5, Funny)
"a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately "
Is that the system that is unable to differentiate between gas and breaks in a Toyota?
In some cases, this non-electronic system called "THE DRIVER" is unable to distinguish between brakes and breaks.
Re: (Score:2, Insightful)
Over past decades there has been a continuous fall in fatalities per mile driven. This is, to a large extent, due to continuous small improvements, of which this is one. Of course you may be savvy enough to keep your tires properly inflated - but the average Joe Public isn't - or at least 10% of Joe Public. And properly inflated tires reduce the risk of accidents, in which Joe Public can kill not only himself but also you. You may, indeed, be an above average driver (like 90% of the population, in their opi
Re:Lets skip to the heart of the matter (Score:5, Insightful)
You might think you don't need ABS, but as another driver on the road, I'd prefer you had it. I'd prefer it a lot.
I don't care if you think you can pump the brakes well. ABS can pump them a lot faster, and it can do something you can't ever do without drastically changing the controls design: it can pump the brakes individually by wheel.
If the only danger was you sliding off a curve into a a tree or ravine after losing your steering, I'd say, "Go for it, we can always use less people." But it's not. There's also the danger of you not being able to avoid an accident with me, and I like being alive!.
Please be considerate of your other drivers.
Re:Lets skip to the heart of the matter (Score:4, Informative)
I don't care if you think you can pump the brakes well. ABS can pump them a lot faster, and it can do something you can't ever do without drastically changing the controls design: it can pump the brakes individually by wheel.
Not sure why parent is a troll, since he is correct modern ABS can brake each wheel individually allowing for maximum control under braking. So unless you're driving the McLaren MP4/12, ABS can do a better job braking each wheel then you can.
Re: (Score:2, Funny)
Re: (Score:2)
modern ABS... hmm so all of those late 90's early 2000's cars are probably not equipped to that. Also if the diver is driving correctly he/she shouldn't be close enough to another car to need ABS. Well maybe if another driver cuts them off, and then breaks hard, but if you are doing that you caused the accident and ABS won't help much. To this day I have yet to have ABS come on in dry conditions, but i find it sucks for slowly stopping at a stop sign in the snow/ice. in my '95 it fails to detect wheel movem
Re: (Score:2)
ABS has been shown not to reduce accidents. Therefore you don't really need to care if other drivers have ABS. However, it can still help YOU if YOU have it, IF you can exercise the restraint required to drive as if you don't have ABS.
ABS doesn't, but traction control does (Score:2)
While it's true that ABS doesn't help, electronic traction control does indeed help significantly. It's also more expensive of course...
Re: (Score:2)
ABS makes all of this accessible to grandma who doesn't have a clue how to pump the breaks for fast breaking.
My Grandma is probably a lot more experienced with pumping the brakes to prevent a lockup than I am. Most of her driving was done without ABS, but every vehicle I've owned has had ABS (though my dad's pickup that I learned on did not). That is not to say that I disagree with your point, ABS is wonderfully convenient because in an emergency situation it reduces the number of things I need to think about.
Aside from the slippery surface type accidents, I have a hard time seeing how ABS would help prevent a
Re: (Score:2)
Wow, that many people don't know what ABS is for?
Why do you pump brakes in non-ABS cars in an emergency? It's not just because you stop shorter because the tires aren't slipping on the road (remember in physics? Coefficient of static friction is higher than d
some clarifications (Score:2)
Actually, ABS doesn't always stop in a shorter distance. In gravel, sand, deep snow, and ice, ABS tends to increase stopping distance because locked wheels dig in and stop more quickly.
Studies were done in Munich comparing ABS and non-ABS taxicabs, and they found that accident rates were similar. It appears that the drivers with ABS took more risks. (http://psyc.queensu.ca/target/chapter07.html)
In 1996 the IIHS found that vehicles with ABS were less likely to be in accidents causing fatalities in other c
Re: (Score:2)
Cars don't need wireless sensors. In fact they don't need most of the electronics that gets built in at all. This may seem old-fashioned but for nearly a century a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately when a deflating tyre is detected. I believe this system is moderately effective and not subject to radio spoofing.
This may come as a surprise to you, but there are an awful lot of idiots driving around out there.
Folks who don't even respond when the car clearly informs them that their tires are low.
And you want to rely on these idiots to accurately sense and diagnose everything that can go wrong with their vehicles?
If they were all driving on some closed course somewhere and their assorted issues only affected them, it would be one thing. But that isn't the case. I'm sharing the road with them. And when one of them
Re: (Score:2)
Re: (Score:3, Insightful)
This may seem old-fashioned but for nearly a century a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately when a deflating tyre is detected.
Your strategy is fine for racing vehicles, but ABS provides additional safety to those who do not believe it to be magical and disable switches are very easy to implement since all ABS fails to simple brakes. Meanwhile, we have run-flat tires that can go flat so graciously that you don't even notice until you try to make a 90 mph curve on one, and they CERTAINLY enhance vehicle safety (being less vulnerable to blowouts, let alone leaving you stranded on the uphill of the Bay Bridge in the left lane or somet
Re: (Score:2)
If we took the airbags out of every new car and replaced them with a hardened steel spike you'd see an immediate reduction in traffic accidents. Technology makes people cocky. Skill and a direct relationship with the car is the cure.
Re: (Score:2)
Re:Lets skip to the heart of the matter (Score:5, Insightful)
I hate this neo-luddite position people take when any little thing goes wrong. Your dream car is my nightmare death-trap car. I want airbags, ABS, wireless tire gauges, proximity sensors, ability to pull codes from computer, etc. I suspect most people do. If you want a specialized custom car, then built it yourself, but don't pretend your simplistic car needs speak for anyone else but yourself.
Not to mention its foolish to throw the baby out with the bathwater. I remember people like you when the web started to become popular. "Oh who needs this crap, I already have TV and the newspaper!"
I'm probably older than you and I certainly remember the PITA carburetors were compared to fuel injectors. Heck, my dad had to deal with vapor lock. When was the last time you needed to rebuild a carburetor or wait out vapor lock? I think you're just spoiled by the technology you decry.
Re: (Score:2)
Re: (Score:2)
Cars don't need wireless sensors.
Before there were sensors in the tire to warn of low pressure, most people even then didn't check the pressure unless the tire looked low. Having an idiot light come on when your pressure is low is a GOOD thing. They've had oil pressure guages and idiot lights for probably almost as long as there have been engines, why not a tire pressure sensor as well?
I don't even need ABS.
ABS will get a car stopped faster than an identical car without ABS, even with a driver trained in em
Re: (Score:2)
Provably not true
Re: (Score:3, Informative)
But then they let women drive... /obligatory mysogyny.
Re: (Score:2)
"Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS."
1969 Land Rover Diesel, aftermarket stereo, you may not find the seats adequate.
You didn't specify sufficient climate control, sound deadening, rollover characteristics, or 5-mph bumpers. Nor did you specify windshield wipers, functional defrosters, or any number of other useful safety features. But
Re:Probably the right design choice (Score:5, Informative)
Disconnected from reality... (Score:4, Interesting)
Oh yeah, good thing RFID detectors are so freaking expensive. Plus, someone covertly tracking you is going to be really upset if they can't read your tyre pressure.
Re:Disconnected from reality... (Score:5, Insightful)
I wonder however if a bad pressure signal could be forged, forcing the car to stop ?
Re: (Score:2)
Dunno where you live, but I only have to have 1 license plate on my car...on the rear.
I'm currently working to surround it with infared LED's, to try to deter simple cameras from easily reading that too.
Re: (Score:2)
Actually, that could be very useful for cops...and stalkers.
Re: (Score:3, Interesting)
"Plus, someone covertly tracking you is going to be really upset if they can't read your tyre pressure."
I think you fail to recognize the seriousness of the capabilities of a simple RFID system.
Most people do not think much about the RFID chips in their tires until they realize (are told) that EVERY stoplight out there has multiple sensor grids built right into the roadbed (to sense the presence of cars and be able to control the lights accordingly). The looks on their faces usually change the moment compre
Re: (Score:2)
A secondary coil or dual resonant tuning would be required. The frequency for vehicle detection and RFID are several orders of magnatude different in frequency. Induction loop vehicle sensors are most often 10-50 KHZ.
RFID tags use either LF: 125-134.2 kHz and 140-148.5 kHz, 13.56 Mhz, or UHF 868-928 MHz frequencies.
Re: (Score:2)
A secondary coil or dual resonant tuning would be required. The frequency for vehicle detection and RFID are several orders of magnatude different in frequency. Induction loop vehicle sensors are most often 10-50 KHZ.
If they use a frequency in the proper range that is a multiple of the vehicle detection frequency, can't they use the existing antenna? It's a lot bigger than it needs to be...
Re: (Score:3, Interesting)
Re: (Score:2)
Re:Disconnected from reality... (Score:5, Informative)
Go try and buy new tires and see how far you get when you refuse to tell the dealer your name. He (or rather, the government) wants a name associated with the tires RFID chips
As someone who sold tires for years, I can tell you that there's a foolproof way to get tires without giving out your name. I realize it's crafty and devious, which is why you may not have thought of it. Here it is: Make something up. Wild, I know, but there's about a 99% chance it will work because nobody gives a shit. Seriously, take off the tinfoil hat.
When I was working for a major chain selling tires, I asked for a name for one and only one reason. Our software wouldn't let me make an invoice without a name. It also required a few other things, but it's just as easy to make up a phone number too. If you lied to me at any point, how the hell would I know? It's not like I asked people to present ID to get tires.
The looks on their faces ... (Score:2)
Do they also drop when you point out the 3" tall sequence of number on the front/back of their car is unique to that car and easily readable by roadside cameras, the police or passers-by using built-in organic sensors?
Re: (Score:2)
Re: (Score:2)
"Why is it SO important they have a name? "
In order to direct snail mail spam.
Re: (Score:2)
Go try and buy new tires and see how far you get when you refuse to tell the dealer your name. He (or rather, the government) wants a name associated with the tires RFID chips, and usually ask for all sorts of additional info--for "warranty reasons". Even paying with cash, they will argue with you about not giving them a name (but usually crumble when you say you'll just shop elsewhere). Why is it SO important they have a name? So they can help you join the next class-action against a tire manufacturer?
Sorry, not buying it. If Discount Tires is working for "the government", they don't need your name, the need details on your car, like, oh..., the license number.
Re: (Score:2)
Correlation is not your friend. You can expend a lot of energy trying to avoid giving the tire seller your name, but the first camera+RFID Reader combo you encounter will associate your tires with your license plate. This could happen at a gas station, or county courthouse, or parking garage.
If you're that concerned, you need to kill the RFID tags. I'm not sure how you'd do that, as a tire in the microwave is not exactly feasible.
This is onstar! (Score:3, Funny)
We currently show you driving 95 miles an hour with four flat tires. Would you like to be routed to a service station?
If you've got a toll tag... (Score:4, Interesting)
...the government is tracking you already (where I live, toll tag transponders can be seen on telephone poles miles from the toll roads). If you have OnStar (even if it's "disabled"), GM can still locate your vehicle. I suspect it's even possible to monitor a vehicle's CANBUS for unique signatures that would identify a specific vehicle. Hell, your cell phone will give you up.
For some reason, I'm not too worried about the RFID tags on my tire valve stems.
Re:If you've got a toll tag... (Score:5, Funny)
Hell, your cell phone will give you up.
At least Rick Astley won't give you up, nor will he let you down.
Re: (Score:3, Informative)
They can find out which towers your phone has been talking to and thus figure out where you've been.
Re: (Score:2)
I often move around on foot or by public transport; I'm often either not carrying a 'phone or have it switched off; I frequently don't carry ID; I pay in cash, where necessary. In short, I'm like the average human in Britain 30 years ago. One of the reasons I do this - on top of all the obvious arguments about good health, good tree-hugging, the ability to concentrate when I'm not always interruptible, etc. - is that I love knowing that I'm untrackable. What I'm doing on such a day won't be written down and
Re: (Score:2)
In America, most metropolitan buses have an array of CCTV cameras, continually recording on a locked-up storage device. Theoretically these deter criminals. But they record regardless of your non-criminal actions.
Re: (Score:2)
Yeah, as here, and same for newer rolling stock. Although it does take away some of the sense of freedom when I'm using public transport, such CCTV is the least intrusive record vs centrally linked cameras or tagging. I can just about cope with a grainy image, no more than someone sitting next to me on the bus would see, difficult to process, perhaps seen weeks later or never.
Re: (Score:2)
You're correct, off is not off for many 'phones. Taking your battery is out is sufficient. Which I often do, because it's a 2 second operation as I don't have an iPhone.
Re: (Score:2)
No. I don't keep my phone on. I'm pretty sure it's not doing anything sneaky while off, because I can leave it off for a month at a time and the battery is still in good shape, so it's not doing much, if anything when off.
Re: (Score:2)
Toll Tag == Nope!!
OnStar == Nope!!
Cell phone...ok, you got me now, but wanting to get one of those pouches that will block the signal when I want it to.
Funny, I thought about it the other day when looking at some cars...was looking at one of the newer Corvettes, and it seemed ALL of the
Re: (Score:2)
Hell, your cell phone will give you up.
Not necessarily. Phones like Net10 or Boost can be paid with cash. I'm on Boost, bought the phone and fees with cash (no name) and pay the $50 monthly bill with cash by buying a PIN at a gas station.
But I'm not worried about RFID in my ture valves either.
Turn off the brakes (Score:2, Interesting)
Re: (Score:2)
A lot of modern cars have or have had installed Bluetooth OBD. This means it's NOT required to have physical access - you can be several km's away with a good antenna. And it also means that such tricks would work in a virtually-evidence-free way (i.e. drive past your target of, say, a princess driving through a French tunnel - turn the car's brakes off remotely by breaking the dodgy "security" on such things, and carry on driving - in the opposite direction, a mile down the road, wherever there's a relat
Re: (Score:2, Interesting)
That used to be true. While some hacks still require physical access [smartplanet.com], others can be executed remotely [wired.com]. Cars are getting online and the security problems go with it.
Re: (Score:2)
I can put a whole in your brake line and get the same results
a whole what?
A whole hole, of course. A partial hole would do nothing.
This is a suprise.... How? (Score:5, Interesting)
Re: (Score:3, Interesting)
That's the real problem. Until they started adding wireless, the cars were perfectly secured by simple physical means. Security on the wire was irrelevant since the wire was entirely within the car. If you could access the wire, you could just add a tracking device or cut the brake line.
Now that they're going wireless, security in the communication is starting to actually matter but they have no experience there.
what about ELEVATORS? (Score:4, Funny)
Tracking is NOT an issue (Score:4, Insightful)
The issue described in the article is that you can identify the tires by their RFID tag. This means that you could track cars. The article completely fails to mention that you ALREADY HAVE A FUCKING LICENSE PLATE ATTACHED TO YOUR CAR! The license plate is a unique identifier required by law on all motor vehicles. Anyone who wants to prove you visited location XYZ is simply going to use a $20 camera and get a shot of your license plate. Yeah, getting readings with RFID is a little easier then setting up a camera and some plate scanning software, but neither one is very hard for someone who wants to track you.
As for "confounding" the control unit, that's not a problem with security, that's a problem with the fucking control unit. The article mentions that once they sent false data to it, they couldn't get the thing to work correctly even after rebooting it. Any device that can't handle junk data is worse than useless. Something being intolerant of noise is not a security problem, it's a stupid engineer problem. Sure, it might not function while you're jamming it with garbage, but if it fails to work after a reboot then you've done something seriously wrong.
Re: (Score:2)
antennae are cheap, cameras are expensive (Score:2)
It's a lot cheaper to embed RFID readers in the roads as they get repaved then to install cameras at the same number of locations.
Tire sensors must last years on battery (Score:4, Informative)
Tire sensors are built to run on battery for years. You can't easily get to them and change the battery, so these things are extreme low power devices. Each line of code for these controllers costs real world battery lifetime and shortens maintenance cycles. The same goes for extra crypto hardware: every transistor costs. So I'm not surprised that the protocol is not secured to oblivion. There simply isn't room for that unless battery storage capacities rise by an order of magnitude or two. So, a part of me wonders whether this researcher has had a look at the constraints of these systems and understood them before he tried to make the news.
Still, this is no excuse for being able to corrupt the receiving controller irreparably by some protocol error. These errors can occur normally as transmission errors, not just through deliberate attacks. This is where the sloppy engineering exists and the only part of the story that is actually newsworthy.
Relevant experience (Score:3, Interesting)
A colleague recently got a call from his wife: her car dash had lit up with warning lights. After about half an hour he traced it to a single fault: an under-inflated tire, presumably reported (correctly) by one of the sensors described in TFO. One tire warning light - OK so far.But the tire warning system had talked to the ABS system, which had decided for inscrutable reasons that it wouldn't work with an underinflated tire. And that had talked to the central monitoring system, which had turned on the "Safety Critical Fault" light. And maybe a few other things. The result was, like Three Mile Island, a single underlying fault had turned into a christmas tree of warnings that an unskilled interpreter (the wife) was terrified of and a skilled engineer (my colleague, a very good hardware engineer) took half an hour to troubleshoot.
The point being that there is a possibility for a dangerous prank here. By fooling cars into thinking their tires are dangerously underinflated, you can give the driver a serious fright - with possibilities comic to the simple minded, but potentially dangerous if the driver is distracted or does something unexpected like braking to a sudden halt.
Re: (Score:2)
So one tire pressure sensor causes a christmas tree of lights in the dash...
Before we had the one Check Engine light for anything and everything that failed, and now we have a bunch of lights when 1 thing fails. That's progress...
Re: (Score:2)
My wife's Mazda 5 sounded off like the Enterprise going code red the other day because of a low tire alert. Luckily, after all the klaxons stopped sounding, a single 'idiot light' was illuminated - a tire with a '!' over it. Pretty clear. Thank heavens it was that all of her tires were a little low and not just one of them.
we need to get rid of the dealer lock in and let a (Score:2)
we need to get rid of the dealer lock in and let any shop be able to fix the car.
Re: (Score:2)
Fool the sensor? Because tires are SO hard to partially deflate if you just want to trip the sensor.
It's all FUD by a researcher trying to get noticed (Score:4, Interesting)
Sorry but you will not figure out how to bomb a embassy by reading the tire pressure in my front left tire. All this is nothing but FUD and fear-mongering by a researcher that is late on the scene to automotive hacking. Many of us in the automotive hacking circles have done this stuff for well over 30 years. Now suddenly just because one guy who decided to make a lot of noise about it it's a problem?
it is not a problem, ignore this attention whore.
You cant send a virus down the tire pressure comms channel to the ECM and cause the car to explode or disable the brakes. (Except for toyota cars... JOKING!) and his demos with wirelessly changing the dashboard and other "hacks" are via a 3rd party wireless device he installed in the car.
If I buy a new windows server and install VNC without a password can I demonstrate to the world how horribly insecure the newest windows server release is? It's the same thing. Everyone glosses over the fact that none of his hacks are possible without having the target's car for a few days and installing a lot of gear in it.
The ONLY wireless OEM hack I have ever seen is the one where you blast mp3 files to bluetooth devices with the codes set to 0000 or 1234.. and that was to a BMW. Unfortunately it did not allow me to take control and steer the car or control the brakes. It did allow us to play audi adverts to the guy.
not FUD if I can halt your car (Score:2)
If I can shut your car off by sending it low-powered radio signals, that's a problem.
Re: (Score:2)
The ONLY wireless OEM hack I have ever seen is the one where you blast mp3 files to bluetooth devices with the codes set to 0000 or 1234.. and that was to a BMW. Unfortunately it did not allow me to take control and steer the car or control the brakes. It did allow us to play audi adverts to the guy.
Where'd you find a BMW with factory A2DP?
The A380 Runs on WEP (Score:2, Interesting)
Well the entire A380 doesn't run on WEP, but the entire cabin entertainment system does.
And having been involved in other parts of the A380 design, I can tell you that data security problems were not even on the product development radar. Non-IT engineering companies view IT the same way that the rest of the world does and generally doesn't design against malicious uses, only accidental failures.
Re:Sudo (Score:4, Funny)
Re: (Score:2)
if warning lights on your dash causes you to freak out and flip over your car or drive dangerously, then you should not be driving.
Re: (Score:2)
At first I read that as "Unisex Security Symposium" and wondered why they would have a technical symposium for only one gender.
I don't think unisex [thefreedictionary.com] means what you think it means:
adj.
1. Designed for or suitable to both sexes: unisex clothing; unisex hairstyles.
2. Not distinguished or distinguishable on the basis of sex; androgynous in appearance: cultivated a unisex look.
n.
Elimination or absence of sexual distinctions, especially in dress.
Re: (Score:2)
Usenix is a meeting of UNIX eunuchs. The anagram is fitting.