The Shoddy State of Automotive Wireless Security 260
angry tapir writes "Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged. While the potential for misuse may be minimal, this vulnerability points to a troubling lack of rigor with secure software development for new automobiles, said Wenyuan Xu, a computer science assistant professor at the University of South Carolina, who was a co-lead on the study. The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington DC."
Disconnected from reality... (Score:4, Interesting)
Oh yeah, good thing RFID detectors are so freaking expensive. Plus, someone covertly tracking you is going to be really upset if they can't read your tyre pressure.
If you've got a toll tag... (Score:4, Interesting)
...the government is tracking you already (where I live, toll tag transponders can be seen on telephone poles miles from the toll roads). If you have OnStar (even if it's "disabled"), GM can still locate your vehicle. I suspect it's even possible to monitor a vehicle's CANBUS for unique signatures that would identify a specific vehicle. Hell, your cell phone will give you up.
For some reason, I'm not too worried about the RFID tags on my tire valve stems.
Turn off the brakes (Score:2, Interesting)
Re:Disconnected from reality... (Score:3, Interesting)
"Plus, someone covertly tracking you is going to be really upset if they can't read your tyre pressure."
I think you fail to recognize the seriousness of the capabilities of a simple RFID system.
Most people do not think much about the RFID chips in their tires until they realize (are told) that EVERY stoplight out there has multiple sensor grids built right into the roadbed (to sense the presence of cars and be able to control the lights accordingly). The looks on their faces usually change the moment comprehension dawns on them.
Those very same grids can be used to detect the RFID chips in your tires. In short, any car with tires made since 2000 can be tracked by the very roadbeds they ride upon.
Seriously. All this technology to check your TIRE PRESSURE? Who the fuck is kidding who?
Go try and buy new tires and see how far you get when you refuse to tell the dealer your name. He (or rather, the government) wants a name associated with the tires RFID chips, and usually ask for all sorts of additional info--for "warranty reasons". Even paying with cash, they will argue with you about not giving them a name (but usually crumble when you say you'll just shop elsewhere). Why is it SO important they have a name? So they can help you join the next class-action against a tire manufacturer?
Media jumped all over the Firestone story, fear-mongered it into something bigger and we end up with this. Tracking tags in our cars. More security theater. Yay.
Re:Probably the right design choice (Score:1, Interesting)
This is a suprise.... How? (Score:5, Interesting)
Re:Lets skip to the heart of the matter (Score:5, Interesting)
You can use the ABS sensors to detect a soft tyre. Some Volkswagens can actually have a soft tyre warning added, by a firmware update!
Basically what you do is you measure the output of all four wheel sensors (as the ABS unit does anyway), and see if one is consistently a higher speed than the others. Soft tyre == smaller rolling radius == faster rotation for the same road speed. It won't catch if all your tyres are equally flat.
Re:Disconnected from reality... (Score:3, Interesting)
Relevant experience (Score:3, Interesting)
A colleague recently got a call from his wife: her car dash had lit up with warning lights. After about half an hour he traced it to a single fault: an under-inflated tire, presumably reported (correctly) by one of the sensors described in TFO. One tire warning light - OK so far.But the tire warning system had talked to the ABS system, which had decided for inscrutable reasons that it wouldn't work with an underinflated tire. And that had talked to the central monitoring system, which had turned on the "Safety Critical Fault" light. And maybe a few other things. The result was, like Three Mile Island, a single underlying fault had turned into a christmas tree of warnings that an unskilled interpreter (the wife) was terrified of and a skilled engineer (my colleague, a very good hardware engineer) took half an hour to troubleshoot.
The point being that there is a possibility for a dangerous prank here. By fooling cars into thinking their tires are dangerously underinflated, you can give the driver a serious fright - with possibilities comic to the simple minded, but potentially dangerous if the driver is distracted or does something unexpected like braking to a sudden halt.
Re:Turn off the brakes (Score:2, Interesting)
That used to be true. While some hacks still require physical access [smartplanet.com], others can be executed remotely [wired.com]. Cars are getting online and the security problems go with it.
It's all FUD by a researcher trying to get noticed (Score:4, Interesting)
Sorry but you will not figure out how to bomb a embassy by reading the tire pressure in my front left tire. All this is nothing but FUD and fear-mongering by a researcher that is late on the scene to automotive hacking. Many of us in the automotive hacking circles have done this stuff for well over 30 years. Now suddenly just because one guy who decided to make a lot of noise about it it's a problem?
it is not a problem, ignore this attention whore.
You cant send a virus down the tire pressure comms channel to the ECM and cause the car to explode or disable the brakes. (Except for toyota cars... JOKING!) and his demos with wirelessly changing the dashboard and other "hacks" are via a 3rd party wireless device he installed in the car.
If I buy a new windows server and install VNC without a password can I demonstrate to the world how horribly insecure the newest windows server release is? It's the same thing. Everyone glosses over the fact that none of his hacks are possible without having the target's car for a few days and installing a lot of gear in it.
The ONLY wireless OEM hack I have ever seen is the one where you blast mp3 files to bluetooth devices with the codes set to 0000 or 1234.. and that was to a BMW. Unfortunately it did not allow me to take control and steer the car or control the brakes. It did allow us to play audi adverts to the guy.
The A380 Runs on WEP (Score:2, Interesting)
Well the entire A380 doesn't run on WEP, but the entire cabin entertainment system does.
And having been involved in other parts of the A380 design, I can tell you that data security problems were not even on the product development radar. Non-IT engineering companies view IT the same way that the rest of the world does and generally doesn't design against malicious uses, only accidental failures.
Re:This is a suprise.... How? (Score:3, Interesting)
That's the real problem. Until they started adding wireless, the cars were perfectly secured by simple physical means. Security on the wire was irrelevant since the wire was entirely within the car. If you could access the wire, you could just add a tracking device or cut the brake line.
Now that they're going wireless, security in the communication is starting to actually matter but they have no experience there.