Forgot your password?
typodupeerror
Transportation Security

Hackers Reveal Nasty New Car Attacks 390

Posted by samzenpus
from the unsafe-at-any-speed dept.
schwit1 writes "Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat. Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day's experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn't so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.) The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers."

This discussion has been archived. No new comments can be posted.

Hackers Reveal Nasty New Car Attacks

Comments Filter:
  • High risk (Score:5, Insightful)

    by suso (153703) * on Thursday July 25, 2013 @04:00PM (#44384711) Homepage Journal

    "The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems"

    As a security researcher who believes in the spirit of the open release of vulnerabilities, I feel that this is irresponsible behavior on the part of these security researchers. We're not talking about releasing a vulnerability that will compromise someone's e-mail. We're talking about a high risk vulnerability that could cost some random person their life. These two gentleman should take a deep breath before releasing this information to the computer industry first rather than the auto industry. The auto industry may not have a tradition of attending these types of conferences and so by releasing the information at Def-con you're giving the wrong people a head start. Sure, the auto industry already knows about these problems, but you have to try to give them the benefit of the doubt when you confront them about the problems that they will try to fix it.

    • Re:High risk (Score:5, Interesting)

      by Xaedalus (1192463) <Xaedalys@[ ]oo.com ['yah' in gap]> on Thursday July 25, 2013 @04:11PM (#44384805)
      The mere fact that this has been announced has already started the wrong people working on it. At this point, releasing at Def-Con is the right thing to do, because not only will that patch get fixed, but others will come to similar conclusions and keep an eye out for peers who are going to exploit this. Black hats have family too.
    • Re:High risk (Score:5, Insightful)

      by Anonymous Coward on Thursday July 25, 2013 @04:12PM (#44384813)

      Right now they have to hook directly into the odb plug to do this, the same person with that kind of physical access can do any number of nasty things to your car.

      They are more warning about the lack of security when this stuff becomes accessible remotely (cellular or otherwise wireless) that there are going to be serious security issues as anyone breaking into that remote access path can do serious things.

      • Re:High risk (Score:5, Interesting)

        by Anonymous Coward on Thursday July 25, 2013 @04:21PM (#44384933)

        You mean like if there was some embedded computer plugged into the same CANbus as the OBD port, that had a cellular radio on it that was already shown to be vulnerable to attack? One sold on every new car from a certain major manufacturer?

        Yeah, in the future, when OnStar exists, there will be serious issues. Wait, was "future" the right word?

        The underlying problem is that CANbus was designed by automotive engineers and not network security people.

        • Re:High risk (Score:5, Interesting)

          by HornWumpus (783565) on Thursday July 25, 2013 @04:32PM (#44385073)

          Honda and Accura nav systems are also apparently hooking into the OBD port. They report codes on the nav screen, can't (or won't) clear them.

        • Re:High risk (Score:5, Insightful)

          by lennier (44736) on Thursday July 25, 2013 @06:43PM (#44386341) Homepage

          The underlying problem is that CANbus was designed by automotive engineers and not network security people.

          A good point. Another way of phrasing the problem I think is:

          Systems are too often specified, designed and tested entirely in terms of their positive capabilities, rather than their negative capabilities. In the networked remote security environment, we need a design process that guarantees both.

          In other words, most of our design process up to now has been all about "what a system CAN DO". But securing a system from to intelligent attackers is about what that system CAN'T do, even in the worst case. And since the number of things a Turing-complete computer with an always-on connection to the Internet CAN buut SHOULDN'T do is potentially infinite, that can be really difficult.

          Tests generally only cover the positive features. It's hard to achieve complete test coverage by trying every possible combination of bad input (though fuzzers seem to be doing quite well at finding vulnerabilities, and it's embarrassing that amateurs keep finding bugs that the professional developers didn't.) Typing seems to be more useful in limiting capability, but our current type systems are very limited - for example, in most OO languages, the type system only guarantees that the call signature of a method is correct; it doesn't give any way of describing any other invariants that should be preserved during the computation; and the entire architecture of OOP is based on methods with side-effects which scales really badly to concurrent processing.

          I think we've reached the limit of what can be safely achieved with loosely-typed imperative side-effectful OO languages like C++. These languages give us enormous power to create positive capability, but very little in the way of assuring negative capability. I'd like to think that Haskell or Erlang might be a way forward, but I've yet to wrap my head around either of them. I'm hoping we can eventually get something simpler, that allows creativity where it's needed but also lets us place hard limits on what unexpected interactions can arise.

          • Re:High risk (Score:4, Interesting)

            by AmiMoJo (196126) * <mojo@@@world3...net> on Friday July 26, 2013 @05:29AM (#44389333) Homepage

            CANbus is quite old, originally specified back in 1986. It is designed primarily for robustness in a noisy automotive environment. Back then there was no OBD, no internet, no mobile phone network. It's hard to see how the designers could have predicted all that and designed in security based on algorithms that had not been invented at the time.

            Security could be added now but it would push up costs a lot. Most CANbus devices are very simple embedded systems, and there are hundreds of them in a modern car.

            The problem is that the CANbus and everything attached to it should never have been made externally accessible. Forget physical access, once you have that there is nothing you can really do, it's the systems like OnStar that allow remote access which are the problem.

      • Re:High risk (Score:4, Insightful)

        by WaffleMonster (969671) on Thursday July 25, 2013 @05:28PM (#44385643)

        Right now they have to hook directly into the odb plug to do this, the same person with that kind of physical access can do any number of nasty things to your car.

        TFA asserts otherwise. Apparently onstar and integrated infotainment systems can obtain same access to CAN bus access as the OBD port.

        They are more warning about the lack of security when this stuff becomes accessible remotely (cellular or otherwise wireless) that there are going to be serious security issues as anyone breaking into that remote access path can do serious things

        "When this stuff" ??? This is 2013.

        • Re:High risk (Score:5, Informative)

          by Ol Olsoc (1175323) on Thursday July 25, 2013 @09:38PM (#44387553)

          TFA asserts otherwise. Apparently onstar and integrated infotainment systems can obtain same access to CAN bus access as the OBD port.

          Onstar can do many things to your car outside your control. Remember when they were bragging about how they could disable your car if someone stole it? It worked by disabling the throttle, forcing the vehicle to idle, so the perp would pull over to the side of the road. My guess is that if they can do that, they can controll a whole lot more. They can remote diagnose car issues, so that means they access things like timing, engine temps, vacuum lines, no doubt much more. And if they can read them? Who knows?

          And you don't even need to subscribe! http://www.consumeraffairs.com/news/gm-includes-free-remote-start-on-2014-models-060713.html [consumeraffairs.com]

          How about that? They can start your car remotely. Umm, that means they can stop it remotely.

          How about this? They track you for free, and sell the data. Of course you are anonymized. Until you aren't.

          http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/ [wired.com]

      • Re:High risk (Score:5, Informative)

        by adolf (21054) <flodadolf@gmail.com> on Thursday July 25, 2013 @07:38PM (#44386805) Journal

        It's already a risk. And it's cheap.

        Plug a GSM modem [ebay.com] into an RS-232 ODB2 interface [ebay.com].

        Programming it is really hard, and stuff: ATS0=1&W

        Power is even harder: Ignition-switched power is supplied by the ODB port.

        Using it is perhaps the most difficult part: Call the modem, it answers and connects, and...done.

        Yeah, sure: I can do all kinds of obvious and nefarious things to a car if I have physical access to it.

        But this way, I can have the car work perfectly normally for a week or a month or whatever.

        And then, long after they forget about having their window smashed and the change holder looted in the middle of the night, I can have it misbehave at exactly the moment that it is perhaps most dangerous.

        Just sayin'.

    • I feel that this is irresponsible behavior on the part of these security researchers.

      Because we all know that if the researchers quietly tell the auto manufacturers they will fix the issues and make sure everything gets updated. Our upstanding auto manufacturers would certainly not try to bury issue and sue the reporters out of existence!

      As a security researcher you should be used to companies trying to deny, bury and ignore reports instead of correct them.

      Seriously, the only way to get a company to fix a flaw is when the pr nightmare becomes so great that it is cheaper to fix the problem than deny it.

      • Re:High risk (Score:4, Insightful)

        by radiumsoup (741987) on Thursday July 25, 2013 @04:23PM (#44384963)

        You speak as if all companies are equally bad. Somehow, I think you're either young or more sheltered than you believe you are.

        • by golodh (893453) on Thursday July 25, 2013 @05:05PM (#44385409)
          apart from the banks, the tobacco industry, the arms industry, big pharma, big oil, marketing firms and so forth.

          If only because their helmsmen are required, by law, to maximise shareholder value. Nothing else. In fact: senior management can be sued if they don't set policy to that effect.

          The upshot is that no publicly traded company can really afford a moral or ethical compass. What passes for ethics in companies is usually nothing but well-understood self-interest (as in: avoidance of PR damage and a resulting slump in sales through bad publicity).

          Whilst I'm against releasing any kind of software vulnerabilities before the responsible parties have had a decent chance to fix it, I'm just as skeptical as most regarding the inclination of e.g. car manufacturers to improve security unless there is a massive PR debacle. For massive PR debacle read: a nasty and widely covered crash involving a photogenic celebrity (ugly celebrities won't cut it) and his/her children, that can be traced unequivocally to the lax security of a car's on-board datacommunication infrastructure.

          That's the main thing I can see as getting their attention and lending the issue any kind or urgency. If only because of CYA considerations on part of top management. The only alternative would (in my view) be compulsory network safety standards for cars.

          • by SleazyRidr (1563649) on Thursday July 25, 2013 @05:19PM (#44385561)

            The board of directors do not have a requirement to "maximise shareholder value." Most companies could acheive this by liquidating their assets and investing a another company which is doing better.

            The board of directors do have a requirement to uphold the company charter. Many charters include wording like "maximise shareholder value" but it is also clear that they intend to do this by providing goods and/or services to people, not by kidnapping college students and selling their kidneys.

            • by lennier (44736) on Thursday July 25, 2013 @06:55PM (#44386439) Homepage

              The board of directors do not have a requirement to "maximise shareholder value." Most companies could acheive this by liquidating their assets and investing a another company which is doing better.

              And isn't that exactly what the tidal wave of mergers, acquisitions and restructurings from the 1980s on have all been about? Buying and selling shells of companies, liquidating their assets, closing the factories, selling the brand to someone else, and then outsourcing the production to China and Mexico while centralising the banking in London, the paperwork in the Cayman Islands and the corporate headquarters in New York.

              Doing this kind of shell game creates a reputation for a CEO as a "miracle worker" and "turnaround artist" and billions of dollars in share value. But if you look behind the scenes you see an increasingly hollow stack of cards that's propped up by debt and gambling rather than production.

          • by sjames (1099)

            The old shareholder value thing is their favorite excuse, but it's just that. They are in no way required to act in an immoral, unethical, or illegal manner. In theory, their charter can be yanked for any of those since a condition of incorporation is that it be at least marginally in the public interest.

            In fact, they freely choose to act in the manner they do secure in the knowledge that the corporate death penalty practically never happens and personal liability for their acts is nearly as unlikely.

        • by kasperd (592156)

          You speak as if all companies are equally bad. Somehow, I think you're either young or more sheltered than you believe you are.

          When I was young and naive, I thought if I discretely told companies about security problems in their products, they would thank me and fix it. In reality that has never happened in any of the cases, where I have reported a security problem to a company.

          In the real world the majority of companies will do nothing about a security bug unless they face an immediate threat of the inf

      • Re:High risk (Score:5, Insightful)

        by suso (153703) * on Thursday July 25, 2013 @04:49PM (#44385259) Homepage Journal

        Because we all know that if the researchers quietly tell the auto manufacturers they will fix the issues and make sure everything gets updated. Our upstanding auto manufacturers would certainly not try to bury issue and sue the reporters out of existence!

        As a security researcher you should be used to companies trying to deny, bury and ignore reports instead of correct them.

        Seriously, the only way to get a company to fix a flaw is when the pr nightmare becomes so great that it is cheaper to fix the problem than deny it.

        Yes and I also know about technically minded people denying that problems are real issues too (See libvte vulnerability [climagic.org]). DARPA has known about these issues [youtube.com] for a while now and apparently the issues are a lot more real and scary than most people realize. We're talking about the ability for a hacker to do something to your car simply by playing a song over your iPod or on a CD. Or a program being injected the next time you get an oil change because the service center's computer had been hacked remotely.

        And we're not talking about ego maniac hackers sitting in their basements causing a few cars to honk their horn because they think it will be funny, we're talking about terrorists and countries writing a song that one day everyone plays one day and we have 1 million 60mph 2 ton missles with families in them flying up the road all the same time. That will be a very bad day. But that's ok, because we tried to tell the auto manufacturers and they just didn't listen, so its their fault right?

        What these researchers are doing here is treating this vulnerability as if its any other vulnerability, which its not. Human life is at stake, not your email or bank account password. Yes, they do recognize the dangers, but they don't seem to realize that they should be changing their approach accordingly. For instance, they do their tests out in the open on public roads and put someone behind the wheel who doesn't know what is going to happen. You don't really need to do that to demonstrate that there is a problem.

    • While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.
      • by gr8_phk (621180)

        While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.

        That has always been my thought. However, the manufacturers are starting want the ability to remote update your engine control software. So the On-Star or equivalent system gets a CAN connection so it can talk to the modules. But the engine controller is going to have some form of authentication required and the hacke

        • Re:High risk (Score:5, Insightful)

          by Anonymous Coward on Thursday July 25, 2013 @04:45PM (#44385217)

          But the engine controller is going to have some form of authentication required and the hackers are going to be stopped right there.

          Yes, I too had noticed that authentication systems were 100% proof against hackers, especially those implemented by companies that obviously have no prior interest in security.

        • by h4rr4r (612664)

          They should not be on the same network. Have the CAN bus logout to a device that every X seconds is copied to another device on a bus OnStar can read from. Data must never flow the other way.

          That form of authentication very likely has a default password of some type. Hackers will find that very quickly.

      • Then you've never heard of the CAN bus, which is in use on every car produced since 1996. You'd have to avoid anything with obvious wireless access, which means no lock/unlock/panic/remote start systems, and likely not even a car radio since many are on the bus as well.
        • by h4rr4r (612664)

          If that is true the people who designed those should be hit by a clue by four. You do not put the doors unlock mechanism on the same bus as engine control. You sure as hell don't use it for the radio too.

        • Re:High risk (Score:4, Interesting)

          by iamgnat (1015755) on Thursday July 25, 2013 @05:25PM (#44385619)

          Then you've never heard of the CAN bus, which is in use on every car produced since 1996. You'd have to avoid anything with obvious wireless access, which means no lock/unlock/panic/remote start systems, and likely not even a car radio since many are on the bus as well.

          No, ODB-II was mandated on every new car sold in the US starting in 1996. CAN didn't gain mass adoption for quite a while yet (I have a 2001 with out it and just replaced a 2004 not too long ago that didn't have it).

          All of the things you listed as not being possible without CAN were also around long before CAN (and well before ODB-II (though entirely unrelated) was mandated).

          Even for the cars that are built today, there are still a fair number that do not have any wireless access to the bus (e.g. cars without OnSTAR or the like). I just bought one in fact. The wireless access was his concern and he still has plenty of options to avoid that while still having all the other benefits of a CAN based car.

      • by Holi (250190)

        And what cars are those?

        Me, I stay safe and only drive cars with carburetors.

      • Re:High risk (Score:5, Interesting)

        by dgatwood (11270) on Thursday July 25, 2013 @04:59PM (#44385363) Journal

        While your argument has merit, I'm going to simply stick to the strategy of buying cars that do not attach a wireless communication device to the same bus that the engine control unit sits on.

        As for me, I'm going to stick to buying cars in which the brake master cylinder is physically depressed by the pedal, and in which the emergency brake lever is physically connected with a mechanical cable....

        I drove a rental car the other day with an electronic emergency brake. I've never been more uncomfortable driving a vehicle. Besides having "safety" features that made it really clumsy to drive (you can't release the emergency brake unless your foot is on the brake pedal, for example, which doesn't make any real sense if the vehicle is in a flat parking space, with the transmission in Park), I just can't see myself ever trusting a car in which a computer failure could kill the emergency brake entirely, and in which there's no way to apply more force on the emergency brake in the event of an actual emergency. That design pretty much defeats the whole purpose of having an emergency brake.

        Ugh.

        • That design pretty much defeats the whole purpose of having an emergency brake.

          Ugh.

          You might be shocked to learn that cars don't actually have emergency brakes.
          This mechanical lever thingy was never intended to be one, and you won't find
          the word "emergency brake" in a (modern) car's manual.

          It's one o those self-perpetuating myths.

          It's a parking brake [cartalk.com].

    • Re:High risk (Score:4, Insightful)

      by dyingtolive (1393037) <brad,arnett&notforhire,org> on Thursday July 25, 2013 @04:13PM (#44384833)
      Or the attacker just cut your brake lines.

      That's not a hack though, more of a snip.
      • by Anonymous Coward

        I thought of the same thing. The one significant difference is, cut the brake line and it will be noticed at 5MPH pulling out of the driveway. This would allow the hacker to only make the brakes fail at 65 MPH.

    • Re:High risk (Score:4, Insightful)

      by viperidaenz (2515578) on Thursday July 25, 2013 @04:14PM (#44384849)

      Once someone has physical access to a vehicle, there are worse things they can do than mess with the traction control and abs systems.

    • by mrex (25183)

      As a security researcher who believes in the spirit of the open release of vulnerabilities, I feel that this is irresponsible behavior on the part of these security researchers.

      Then you don't believe in the spirit of full disclosure at all. What drivers have now is security through obscurity, which as we all know is no security at all. Significant public awareness of the problem will create the kind of pressure on auto makers to issue recall notices and fixes for life-endangering safety issues. Full disclos

      • Re:High risk (Score:4, Insightful)

        by Joining Yet Again (2992179) on Thursday July 25, 2013 @04:31PM (#44385061)

        Argh, sophomores everywhere.

        Security through obscurity isn't "no security at all". It's just inadequate. There's still the hurdle of overcoming obscurity.

        Just like strong cryptography is great but not perfect because 1) implementation is often flawed; 2) rubber hose.

        • by khasim (1285)

          Security through obscurity isn't "no security at all". It's just inadequate. There's still the hurdle of overcoming obscurity.

          No.

          Security is not about becoming invulnerable. That is impossible. Security is about reducing the number of people who can EFFECTIVELY attack you.

          Security-Through-Obscurity does NOTHING to improve the existing security model of the system BUT IT DOES PROVIDE A WAY TO BYPASS THE EXISTING SECURITY MODEL.

    • by Daas (620469)

      Plus, patching the software of a million cars isn't the same as using auto-update on Windows. My biggest concern would be an attacker getting in the car, installing a wireless device in the OBD port and controlling it from a distance, especially since you can buy an OBD II Wifi adapter for under 100$ these days.

      You could do some really bad things to someone you don't like on the highway...

      • by h4rr4r (612664)

        ODB to wireless is normally bluetooth, they are closer to $10 than $100. Are there any that do wifi?

        Patching a million cars should be easier, you have the VINs and can call the owners. Lots of windows machines never get any updates.

    • by sl4shd0rk (755837)

      We're talking about a high risk vulnerability that could cost some random person their life.

      Exactly. So, don't blame the customer when they find out your crappy design isn't up to real-world safety tests.

    • by Solandri (704621)
      It shouldn't really be considered high risk. Brakes are important enough that engineers designed in a second redundant braking system [howstuffworks.com]. The parking brake is still connected to the brakes by a steel cable. It will work even if the electronics or hydraulics on the brake pedal fails.

      The problem is most drivers don't know that it's a redundant system, and never think of trying the parking brake if the brake pedal fails. This is one area where linguistic drift has hurt us. They were originally called the
      • Re:High risk (Score:4, Insightful)

        by LinuxIsGarbage (1658307) on Thursday July 25, 2013 @06:24PM (#44386135)

        The problem is most drivers don't know that it's a redundant system, and never think of trying the parking brake if the brake pedal fails. This is one area where linguistic drift has hurt us. They were originally called the emergency brake, whose name clearly implies they're to be used in an emergency if the regular brakes fail. But since they were also used to keep manual transmission cars from rolling when parked, they've colloquially been called parking brakes. To the point where most people refer to them as parking brakes now and don't know about their emergency braking function.

        It's also referred to as a hand-brake (especially outside of North America where front bench seats with foot operated e-brakes where not near as popular). I've heard of people trying to use it in an emergency, a panic stop situation. In which case it's far worse than the service brakes, unless the service brakes have failed.

        The truth is a frightening number of people don't understand how the cars they're driving work, and it's not just limited to e-brake / p-brake / h-brake, and it's not due to the name. Many don't understand basic concepts of gears, how and when to use manual modes of an automatic, how to shift into neutral or kill the ignition in the case of a stuck throttle. A shocking number of people don't understand that an oil light means a loss of oil pressure and the car should be pulled over and shut off immediately. A shocking number of people don't know how to jump-start a car, or change a flat, or check / adjust their tire pressure, or oil / tranny / brake / power steering fluid. A shocking number don't know that a quick blinking turn signal means you have a turn signal bulb out.

    • "We're not talking about releasing a vulnerability that will compromise someone's e-mail. We're talking about a high risk vulnerability that could cost some random person their life."

      And? You suggest instead leaving it up to the auto industry? Which has obviously been incompetent at making things safe?

      I've said it before, and I'll say it again: they have designed these systems while sitting at their consoles with their heads firmly up their asses. YOU DON'T PUT AN ENTERTAINMENT SYSTEM IN THE SAME CONTROL SYSTEM THAT RUNS THE CAR!!! Yet they have continued to insist on doing that. It's just plain shitty design.

      The vehicle control systems need to be completely SEPARATE from any oth

  • One of my cars has no electronics. The other has two systems, one logs data and the other controls how much fuel the engine gets (and soon when the spark plugs fire as well).

    To access either you must plug a cable into it. Good luck.

    • by pegr (46683)

      OF COURSE if you give real-time access to the OBD-II port, you can have all kinds of shenanigans. So don't do that!

      How many people would notice an ODB-II Bluetooth adapter plugged into the port? http://www.amazon.com/Soliport-Bluetooth-OBDII-Diagnostic-Scanner/dp/B004KL0I9I [amazon.com]

    • My car has a dozen computers in it. Still no more vulnerable than your two system car. It even has bluetooth. The worst someone can do wirelessly would be take control of my stereo, which isn't connected to anything else.

      • Are you sure about that? Many head units are hooked into the CAN bus.
      • by EvanED (569694)

        The worst someone can do wirelessly would be take control of my stereo, which isn't connected to anything else.

        So you think. Stock stereo on a recent car? Very possibly untrue [autosec.org].

        "We systematically synthesize a set of possible external attack vectors as a function of the attackerâ(TM)s ability to deliver malicious input via particular modalities: indirect physical access, short-range wireless access, and long-range wireless access. .. In each case we find the existence of practically exploitable vulnerabi

    • Like you I'll not worry about it until I get a car with some silicon in it. It does have two germanium transistors in the tachometer though, maybe I should be worried :-P
    • by Trepidity (597)

      Out of curiosity: How far back do you have to go to find a car with no electronics in it? Early-'90s? Or is there more recent stuff still manufactured without onboard computers?

    • by aitikin (909209)

      How old are your cars, 30-40 years? I'm not a mechanical historian, but I believe that would be the last time that there were cars mass produced with no electronics in them. The "purely mechanical" car hasn't been around in forever, although, admittedly, some good ole dummy diesel cars through the early 90's were produced, but had electronics that you would have to have removed yourself.

      Now, if you meant that the car has no computers, than we're talking a different scenario, but only slightly. US cars ha

  • by IndustrialComplex (975015) on Thursday July 25, 2013 @04:05PM (#44384769)

    I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.

    • by jittles (1613415)

      I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.

      That would be illegal as the Federal Legislature has mandated that all cars must have certain info publicly available via the ODB-II port (1995 and above). So unless that law were repealed or amended, they cannot restrict access to the functionality dictated by that law.

  • by Mr Krinkle (112489) on Thursday July 25, 2013 @04:17PM (#44384883) Homepage

    So

    if I'm sitting in your car, plugged in to the canbus, I can control things on the canbus....

    Yeppers....

    Just like if I have access to your laptop for long enough, I can get whatever is on it. (encryption will slow it down, but like I said, given time and access?)

    But you'll probably notice me sitting in your car, plugging a cord into the port before I take the time to crash your car, with me riding in it.....
    While this is amusing, I'm not that nervous about "security through not having some donkey plug his laptop in your car with a death wish while you are hurtling down the highway"

    Having them use the "open" canbus specs, you can add aftermarket devices, and not have to take your car to the dealer for any service.

    If they fully lock it down, the dealer will be the ONLY place that could work on it. And the ONLY parts you could add to your car.

    • Couldn't they just attach some kind of reciever to the port and send it remote instructions...like once car hits 100 km/h (60 mph) disable brakes? That being said, they could always just cut a brake line as mentioned above.

  • I appreciate that what they are doing is scary but the video doesn't seem to indicate what they had to do in order to get that level of power. It seems that they have wires hooked up between the laptop and dash so, for all we know, they could be feeding bad sensor data into the computers. Is there things that could be done to mitigate the risk....sure. But if that is really how they are messing with things (by tearing apart the dash and rewiring everything) it would seem cutting the break lines would be
  • Just wait until somebody reverse-engineers the communications between vehicles.

    Then, you can just send a rogue car down the road "Hey, I'm a police car, please pull to the outside lane(s) and slow down to 10mph" and watch the road magically open up for you!

    Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.

    Or even worse than that.... every nth car you pass....

    • by Obfuscant (592200) on Thursday July 25, 2013 @04:56PM (#44385331)

      Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.

      I had something kinda like that 20 years ago. A microwave transmitter from an automatic door opener sensor. $15. A battery. $1. A switch. $1.

      Watching the tail lights light up on all the cars that have just zipped past you on the freeway as the radar detectors in those cars start squawking. Priceless. Passing them as they slow to well below the speed limit. Priceless. Watching them zip past again, slam on brakes again, get passed again. Priceless.

    • Both of those things are already possible and with similar levels of detectability.

      I could easily instal strobes into my lights to make my vehicle look like an unmarked cruiser.

      I can lob paint balloons (or anything really) out the windows at other drivers.

      Same outcome. These things have been possible for ever yet we don't see some epidemic of them happening.

  • by bradgoodman (964302) on Thursday July 25, 2013 @04:20PM (#44384915) Homepage
    While they're at it - I don't think anyone has really discovered what the deal was with the Accura/Honda remote-control doorlock gadget that thieves were reportedly using to effortlessly break into cars. All the article said was "police are stumped" (duh).
    • by arf_barf (639612)

      I don't know how it is now, but back in the early nineties a friend of mine worked in the German fire department and they had toolkits to unlock and start virtually every make and model of car (regardless if it had a factory alarm or not). From MB S-class to regular VW's nothing was 'safe'. Obviously it was a government only toolkit but if they had it then then it's a good bet that they have updated versions now that can do much more.

    • by PPH (736903)

      Phony unlock gadgets will be offered on the black market for big bux to wanna-be car thieves. In reality, the guy in the video has the car's original RF key fob in his pocket. Or his buddy has it just off screen. The magic box unlocks the luxury car on YouTube and orders roll in.

      Who are you going to call when that $500 gizmo turns out to be a battery, pushbutton and red LED? The consumer protection agency?

  • by Anonymous Coward on Thursday July 25, 2013 @04:23PM (#44384957)

    To enter the Pad Service Mode, perform the following with the vehicle stationary:

    1. Place the vehicle in Park and turn the ignition to the ON position.
    2. Apply the brake pedal.
    3. Turn the ignition OFF, then ON three times and then release the brake pedal. The total time elapsed for the three ignition cycles and brake release must be less than 3 seconds.

    That's how you replace the brake pads. If they figured out how to do it through the OBD connector, whooptie do.

    I have one of these vehicles. Fly-by-wire regenerative brakes are a little creepy, but supposedly if something goes wrong and you mash the pedal all the way to the floor, there's a hydraulic backup down there somewhere. I haven't had to try it.

    Oh, and all this is no different than your holier-than-thou Toyota Prius, so don't blame Ford.

    • by ChumpusRex2003 (726306) on Thursday July 25, 2013 @06:32PM (#44386241)

      Correct. On this type of hybrid vehicle, there is a regenerative braking system.

      Under normal driving conditions, while the vehicle is in motion, the motor/generator will be used to retard the vehicle. The brake pedal is connected to a electronic pressure sensor, and also mechanically to a hydraulic master cylinder.

      Unlike on conventional vehicles, there is no vacuum powered booster, instead the master cylinder hydraulics are used to operate an electro-hydraulic servo, with electronic override. This way, under emergency braking, you get full hydraulic force applied to the wheel cylinders with minimal pedal effort. The electronic hydraulic control will also apply hydraulic pressure when the vehicle is stationary and the brake pedal depressed, and also periodically applies hydraulic pressure when the vehicle is stopped and the transmission in P (for self-test purposes) and when the vehicle is powered on.

      The hydraulic servo mechanism can be disabled in order to permit brake maintenance (this releases hydraulic pressure in the booster and prevents automatic application of pressure to the wheel cylinders), permitting access to maintain the friction surfaces. It appears that this hack, merely consisted of transmitting the CAN bus command to put the hydraulic servo system into maintenance mode.

      At low speeds, when the electrical regen isn't operative, this will result in the brake pedal travelling further than expected and loss of power assistance. However, with sufficient pedal pressure, it should be possible to slow the car using unboosted pressure.

  • Sensationalist headline & summary tries to give the impression that the car was hacked remotely.

    RTFA and it says:

    "Okay, now your brakes work again,” Miller says, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake.

    Likely they were hooking up to the OBD plug.

    Seriously, is this really an issue? Once someone has physical access to the vehicle, they can do all sorts of nasty things...most of which require substantially less technology and computer k

    • The problem is there are plenty of cars out there with OnStar, Toyotaâ(TM)s Safety Connect, SYNC, and other wireless systems and guess what bus the OnStar module is plugged into.

    • by HornWumpus (783565) on Thursday July 25, 2013 @04:41PM (#44385177)

      Can you imagine where the motherfuckers would have hidden the plug had they not been told more or less where it had to go?

      • by rahvin112 (446269) on Thursday July 25, 2013 @05:27PM (#44385637)

        Yes I can, it would be on the back of the engine and would require a special tool only sold by the dealer to open the door and would likely require the removal of the starter motor and timing belt/chain to access and for bonus points someone like Porsche would require removal of the head gasket to reach the port.

        Putting it within 2 feet of the driver was smart, it should have had the additional requirement to be within 6 inches of both the radio and climate controls because if they had everyone would notice some strange object plugged into the port.

  • And people wonder why I drive a vehicle from the 1980s... let's see, no electronics hooked to the vehicle control systems making it externally vulnerable to attack, no expensive electronic failures, no overly complex electronic controls, no expensive electrical/computer modules to fail, simple isolated systems, and an overall lower count of possible parts which can fail.

    Result: I can have my fancy gadgets on their own 12v relay, completely independent from anything else working.

  • I really, really, really sincerely hope they put the code EVERYWHERE so that we can have about a thousand cars go through their garages and up curbs and onto porches, etc. Then finally CNN would hop on it like Oprah on a cheese tray and the industry would actually have to do something about it. You know those out of control Priuses? Software glitch. You have an out of control car that's specifically caused by another person at will and it's like a circus Christmas to the media. Then finally the auto in
  • In order to disable the breaks, they gained access to the car's interior and plugged a computer into the system bus. It's easier and less intrusive to cut a brake line. Wake me up when they can hack the car from outside.
  • by recrudescence (1383489) on Thursday July 25, 2013 @04:34PM (#44385109)
    ... can some one explain it to me with a car analogy?
  • by ridgecritter (934252) on Friday July 26, 2013 @12:09AM (#44388253)

    I have not read TFA yet, will do so later, so my apology if I'm in error, but....

    Why the hell are engineers designing, or being allowed to design, a life-critical system like brakes on a car so that the system lacks a direct, non interruptible physical connection between the driver and the brakes? Any mechanism can fail. Putting electronics between the driver and the brakes increases the number of failure modes as well as the probability of failure. State monitoring, fine. Computed intervention that applies the brakes when the car's AI thinks it's necessary, OK. But selling a car that cannot be stopped when the driver mashes the brake pedal? NFW.

    This is simply incompetent engineering. Product liability will attach, as it should.

    Meanwhile, I know what to investigate and what not to buy for my next car.

    • by Rogue974 (657982)

      There is a side you may be missing with instrumentation and controls systems. I don't work on automotive, but I work on industrial controls systems and converting a system from pneumatic (like an old braking system) to electronic (new braking system) in my world dramatically increases equipment reliability. While you do have the extra failure mode of the cars computer, the components of the new system are orders of magnitudes more reliable then the components of the old system. My industrial controls ele

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990

Working...