Car Hackers Mess With Speedometers, Odometers, Alarms and Locks 159
mask.of.sanity writes "Researchers have demonstrated how controller area networks in cars can make vehicles appear to drive slower than their actual speed, manipulate brakes, wind back odometers and set off all kinds of alarms and lights from random fuzzing (video). The network weaknesses stem from a lack of authentication which they say is absent to improve performance. The researchers have also built a $25 open-source fuzzing tool to help others enter the field."
Re:Hmmm... (Score:5, Informative)
Just to clarify how the law works on this one, in most states (probably all, but there are 50 of them so you never know if there are variations) when you hop behind the wheel and start driving any car (whether you own it or not) you are responsible for the operation of that car, including if anything is wrong with it that causes an accident or any sort of moving violation, such as a malfunctioning safety device (and the speedometer is a safety device.)
Now that doesn't stop you from suing a manufacturer, mechanic, or other responsible party if something has gone wrong with the car that wasn't your fault and caused any damages. But, any damages (even just a ticket) are your responsibility first, and if the cause was from a manufacturer or mechanic, it's then on you to recover your losses from them. In other words, if your brakes fail due to manufacturer defect, you can't just tell the guy you rear ended to go collect from your car manufacturer. He goes after you, and whatever he collects from you, you then have to collect from the manufacturer.
You also still end up with a ticket and a mark on your driving record, because again you assumed responsibility for anything wrong with the car by driving it.
Re:nothing ot see, move on (Score:4, Informative)
Not really. ABS for example modulates the braking power. In one test, researchers were able to put the brakes into 'maintenance mode" normally used when changing the pads. In that mode, the brakes don't work. If I understand correctly, that mode is used instead of the old trick of compressing the wheel cylinder with a c clamp.
To complete the lunacy, in some cars, the parking/emergency brake is electrically activated now.
Re:Surprising to me (Score:5, Informative)
This is the only comment here so far of any consequence. Hacking a car by plugging into the CAN bus is hardly rocket science, but remotely gaining access to the car's ECU's via bluetooth is a very different matter indeed. Securing CAN is pretty much a non-starter, but securing those wider area wireless networks that cars are increasingly supporting is something that should be taken very seriously indeed. And if Toyota's recent drubbing in the source code courts shows anything, it shows that car manufacturers don't make very good software houses.
Re:Hmmm... (Score:2, Informative)
Your WSJ link was written by someone that doesn't know a great deal about commodity GPS navigators. Yes, on straight and level ground a GPS navigator will tend to be more accurate than a speedometer, but by far the majority of them lose accuracy when driving up and down inclines. You can see this for yourself by keeping a constant speed on your speedo and monitoring the GPS speed drop as you climb or descend a hill.
Why? Because the majority of GPS navigation software calculates speed based on delta-lattitude and delta-longitude only (well, with lattitude correction), completely ignoring delta-altitude. Apparently 3D velocity vectors are too hard for the average software engineer to calculate.