Least Secure Cars Revealed At Black Hat 140
Lucas123 (935744) writes Research by two security experts presenting at Black Hat this week has labeled the 2014 Jeep Cherokee, the 2015 Cadillac Escalade and the 2014 Toyota Prius as among the vehicles most vulnerable to hacking because of security holes that can be accessed through a car's Bluetooth, telematics, or on-board phone applications. The most secure cars include the Dodge Viper, the Audi A8, and the Honda Accord, according to Researchers Charlie Miller and Chris Valasek. Millar and Valasek will reveal the full report on Wednesday, but spoke to Dark Reading today with some preliminary data. The two security experts didn't physically test the vehicles in question, but instead used information about the vehicles' automated capabilities and internal network. "We can't say for sure we can hack the Jeep and not the Audi," Valasek told Dark Reading. "But... the radio can always talk to the brakes" because both are on the same network. According to the "Connected Car Cybersecurity" report from ABI Research, there have been "quite a few proof of concepts" demonstrating interception of wireless signals of tire pressure monitoring systems, impairing anti-theft systems, and taking control of self-driving and remote control features through a vehicle's internal bus, known as controller area network (CAN).
They did not hack it (Score:5, Interesting)
Opinion from industry insider (Score:5, Interesting)
I work in the automotive after market (ECU tuning). I can actually back up what they're saying. Even if they did come by it via speculation, they're actually pretty much dead on.
That is primarily because the german cars use what we call a "Can Gateway" but is better of though as a firewall. Every different system in the car has it's own private canbus. Anything that needs to travel between the busses has to go through the gateway. In the case of VW/Audi vehicles, it's locked down quite well. It knows what packets belong on what bus and only allows a very limited subset of properly formatted and required packets to pass between those busses.
Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).
Doing those things requires access to the can wires, but the bus is used for so much now-a-days, there's always plenty of places to access it. Many of them without requiring keys or an open hood.
Re:Bullshit. (Score:5, Interesting)
Yup. Are the brakes actually controllable via CAN though? If the pedal just operates a transducer which relays instructions via CAN, that seems a bit risky to me. I wouldn't want even a single PHYSICAL linkage as a point of failure for the brakes, let alone an electronic one.
Granted, even if they have a cable backup, having a trojan apply full brakes without warning at highway speed would not be a fun experience (especially if it could disable ABS - which might or might not be possible but since ABS has self-diagnostics that need to report back to the dash it seems plausible that it could be tampered with). A cable backup would only prevent software from disabling your brakes - not prevent it from applying brakes.
Really, something like a radio should not be on the same network as safety-critical devices. Heck, do you really want to even do the necessary rigor to ensure that a faulty radio design doesn't cause a safety issue? Nothing should be plugged into a safety-critical bus without serious testing and design controls.
Re:Opinion from industry insider (Score:5, Interesting)
I don't work with Fords, so I can't answer your question specifically. In general, the trend in cars is to have fewer controllers and devices on the bus controlling more and more things. In the VW/Audi world, all of the "body control" stuff is handled by a single module under the dash.
At the same time, many of those modules and the wires between them are accessible easily under the hood. I can reach under a VW, remove a plastic underbody panel and get to the powertrain (most important) canbus without opening the hood. I'd come up greasy, but I could certainly do it from under the car. With a little practice, I could probably do it in under a minute.
In the VW case though, that wouldn't do any good. I couldn't start the car or unlock the doors (door locks aren't on the powertrain can and the gateway won't pass through a door unlock message originating on powertrain). I could monitor their engine/transmission/ABS though and could turn off the car, change the gears or set/adjust the cruise control once the engine was running. I might even be able to trick the ABS into thinking the car is skidding and get it to lock up the brakes (I haven't played with ABS controllers much, so I'm not 100% certain of this one),
Too much bullshit (Score:4, Interesting)
I bought a 99 Volvo S80 and it has the fancy auto dimming rear view mirror. The car was used so of course expensive mirror no longer dims. You can't even swap out a junked mirror because of the address bullshit. You have to keep the circuitry from your mirror and swap only the mirror itself. Otherwise you need the dealer software to reprogram the main computer.
Re:Bullshit. (Score:5, Interesting)
Everything was fine until OnStar...
Well, yeah, now that I think about it, I'd have to agree....
There's absolutely nothing wrong with these systems in your vehicle being able to communicate with each other. I think most of us can agree that there are many benefits to it.
The problems only arise when the systems gain the ability to communicate to systems outside of your car. And especially when they can do it without your consent, or even knowledge. And OnStar was the first and most obvious example of that ability.
The first time I ever really noticed OnStar was back when it first came out. A buddy of mine was driving, and we made a stop and he locked his keys in. This was "back in the day" so I immediately started trying to figure out where I could get my hands on a wire coat hanger. He pulled a card out of his wallet, called an 800 number, and a few seconds later all 4 doors unlocked. My initial reaction was "Damn! That's fuckin' cool!"
About 10 seconds later I thought "Damn! That's fuckin' creepy!"
And now it's not just OnStar that can do that. Now cars have bluetooth and WiFi, so if it's not secure (and they don't build them with security in mind"), any smart guy with a cell phone and access to Google can do similarly creepy things....
SIDE NOTE: There's an alley at work where we all go to smoke (yes, I'm a smoker, get over it). On the other side of the alley is another company's parking lot. There are two nearly identical GM SUV's that park in that lot. One has a broken off OnStar antenna, the other has an intact OnStar antenna. All of us refer to the two vehicles as "the smart one" and "the dumb one".
OEM (Score:3, Interesting)
I work at an OEM... I know for a fact The Dodge Viper and the Jeep Cherokee share the same line-up of head units and the CAN architecture is identical.
How are they both the most and least secure?
(Also, the Radio can't talk to the brakes, as much as they'd like you to think - I'd know, because I wrote the code for the interface that talks on the CAN network.)