Hacking Automotive Systems 360
alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.
Cccess to unlocked car = can damage it, duh (Score:4, Insightful)
So what? (Score:4, Insightful)
Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.
I'm not worried about those hacks (Score:4, Insightful)
We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?
More to lose than to gain (Score:5, Insightful)
It would seem to me we have a lot more to lose by auto manufacturers implement software security than to gain. Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive. With almost nothing to gain, if someone wants to disable your brakes they can (gasp) damage your brake line without even opening your car door! Mess with your tires, exhaust, gas, etc. There are many more ways to mess with your car externally than via the software port. And yet somehow the earth keeps rotating.
So they're asking for DRM? (Score:5, Insightful)
I'd rather leave my port accessible- someday I may want to write some software. If someone has physically broken into my car and put something on my port, then that's my problem. Don't force DRM on us.
I love how we as geeks sometimes want it both ways. "Keep it secure! Add encryption". "Wait wait! That's DRM, I want it gone!"
This isn't a bad thing (Score:5, Insightful)
I want to be able to connect diagnostic equipment to my car so that I know what's going on. I don't trust a mechanic to tell me what's wrong and how much it will cost. I like being able to do most of the work myself when possible.
Manual Override (Score:5, Insightful)
Re:I'm not worried about those hacks (Score:4, Insightful)
OnStar themselves can do several things like disable your engine, track your car, open the doors, etc. I would expect that it's theoretically possible (though unlikely) that a person could hack into your car via that method. It would certainly be quite a feat of hacking, but I believe it is possible.
Re:So what? (Score:5, Insightful)
FTA: "In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown."
Remove the clicking and countdown and no-one will know the car is sabotaged until it's too late. When I would be in charge of securing the president or other VIPs during transport I would want to be able to know if the vehicle has undetectable security flaws like this... The problem is that you don't even know if the software might have been compromised in the months/years that the car has been in service.
Re:I'm not worried about those hacks (Score:5, Insightful)
People have physical access to the outside of my car, it doesn't mean they can change my speedo, mileometer, fuel mixture, etc. quickly and without me realising that something has happened. They certainly can't do it just by plugging a box into the port even if they *do* break into my car... because my car is mechanical and doesn't run with this sort of shit (Note: I can and have removed the entire ECU box from a car in the past - it runs, but slowly and less efficiently and may not pass an emissions test, but it still works in a driveable condition - very modern cars literally do not work without them so they are "essential" and thus should work as bloody advertised).
All of these things were done over an ODB cable to a standardised port on every car. On every decent model of car, they should be read-only information about the car's engine. The port is standardised, commonplace, accessible from the driver's seat (by law in the EU), hidden, and (with these models) accepts almost any device / commands without question. It's standard practice to connect an OBD box to modern cars if they have an indicator light up (in fact, it's usually the ONLY way to clear such a light). My car has one. I'm pretty damn sure that you can't modify my mileage or speedo via that route, though, or my fuel mixture, or stop my brakes working. About the worst you might be able to do is clear a warning light. This is because the OBD is designed properly, doesn't allow things it doesn't and it helped by the fact that my speedo is a needle connected to a magnetic induction coil produce by a spinning cable spun at a ratio of the speed of the wheels, and my mileometer is a tick-over-style mechanical one. The Prius-scare should have shown people what happens when you take away control of a vehicle from a driver and put it in the hand of a computer - it was discussed that virtual-ignition-systems, virtual-gearing-systems, etc. are just dangerous and provide no advantage to anyone.
Nobody is saying these things are not do-able on any car with physical work, we're asking why the hell they are modifiable over such a cable in such a "simple" way that someone could literally sell a box on eBay that, when connected to a car, can fraudulently adjust mileage, turn on hot air vents, TURN OFF THE BRAKES (FFS!), and basically cause it to crash and explode whenever you want. That's *NOT* what the OBD standard is for - it's for diagnostics and diagnostic indicators. Why the hell can I adjust the hot air vent through that cable?
The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter. The only "writable" things should be to clear diagnostic lights, which will inevitably pop up again if the problem is "real". So you can't just switch off the ABS light on a car and then sell it as having working ABS... OBD logs and records such actions in the car itself and will redisplay those indicators if there is a real problem still.
Why the hell would you *ever* want to be able to modify information like that? Why should a mechanic ever be able to adjust the mileage on the car? It's stupid, not-thought-through and terrible design. Next up is being able to open the doors of any car that has Bluetooth OBD, or changing the VIN numbers or whatever. It's just ridiculous. Even if the car is computer controlled, there are some places where access control of sorts should prevent certain actions.
I DONT WANT FSCKING DRM ON MY CAR!!!! (Score:2, Insightful)
If I want to modify the computer on MY CAR, THAT IS MY RIGHT, NOT A SECURITY ISSUE!!!!!
Re:So they're asking for DRM? (Score:1, Insightful)
What's the problem with having it both secure and extensible? DRM is a problem because the authority over the system is held by someone else, not the owner. Give the owner the smart card which signs the code and everything's peachy.
Dear researchers (Score:5, Insightful)
Please to be shutting the fuck up and panicing people.
I WANT my car to allow me to do those things. Thats why I have an ODB-II dongle hooked up between my car and the PC thats in it ... so I can control my cars features the way I want.
Being that the ODB port is generally directly under the drivers side dash, its rather hard for someone to plug into it without it being noticed. If they've plugged into it, they've got physical access to your car, which means they can do a lot more damage than fucking up your heater and blasting you with hot air.
You said you didn't want to spread fear and panic, and you're lying, thats exactly your goal, and to use that to get attention for yourself.
This isn't anything new, its been this way for at least 10 years if not longer (I haven't tried anything on older models) maybe all the way back into the ODB-I days and probably well before that when some cars had interfaces of their own standard.
Alarmist talk will get you locked out (Score:3, Insightful)
Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.
Re:Manual Override (Score:4, Insightful)
Why not provide manual overrides for things like door locks and windows.
Jaguar has such an override for their electronic transmission. [jalopnik.com]
Re:So what? (Score:2, Insightful)
And besides; if you have exactly one minute would you be able to screw with the car without any professional finding a trace of it on a thorough inspection? The point is that most physical flaws (and attack vectors) are known and will be found, but this software flaw is new so no-one expects it or checks for it... Messing with a car only has a point from an attackers point of view if it is not detected until it's too late.
Re:More to lose than to gain (Score:4, Insightful)
IAAM (I Am A Mechanic) too.
Current OBD systems aren't guaranteed to be the future standard, and if the makers can use the excuse of "security" to restrict access to an increasing number of functions (including "functions yet unborn" they can ensure a revenue stream.
Trusting auto makers to ensure easy system access is like trusting Sony to look after your PlayStation.
Re:So what? (Score:4, Insightful)
Getting the brakes to fail at any time after the car is in motion would be impressive.
Using this hack an attacker could probably let the brakes fail the moment you go over 100mph, as well as disabling steering-assist and traction control, and maybe even floor the gas pedal...
This is the ultimate 'digital brake line cut' turning the vehicle into a crippled metal cage of death hurling to whatever is in front of it with (most likely) lethal consequence.
Re:This isn't a bad thing (Score:1, Insightful)
With all due disrespect, fuck you. You're exactly the kind of person that nobody wants to deal with when they go to a car shop. You're there to provide a service for a reasonable cost. It takes you all of what, 5 minutes to pull codes? How is that worth $85? It isn't, simple as that. You admit to gouging people because you're unhappy they won't spend hundreds dollars more to do more simple, overpriced work.
Re:So what? (Score:3, Insightful)
Re:So what? (Score:4, Insightful)
Re:So what? (Score:3, Insightful)
Re:I DONT WANT FSCKING DRM ON MY CAR!!!! (Score:4, Insightful)
ABS.
Modern car's know when they're skidding, and pulse the brakes to regain traction. There may be ways to be clever with "I'm skidding" signal to effectively disable the brakes.
Want another one? Regenerative braking.
This was the problem the Prius was having. If you brake with the throttle open you can ruin the car. The system was designed to cut throttle power before engaging the brake, and IIRC the flaw was the brakes wouldn't engage if, for some reason, the computer couldn't close the throttle. This was obviously a design flaw, but it is a legitimate reason you might want to run the brake signal through a computer.
Re:I DONT WANT FSCKING DRM ON MY CAR!!!! (Score:3, Insightful)
ABS is a function that I covered in my original rant. If the computer goes bang, the worst that happens on my car, most cars and ideally *all* cars with ABS is that a warning light comes on and it takes slightly longer to brake (no worse than *not* having ABS at all). There is *no* need to be able to disable and/or enable that feature, or any feature of the braking, through any interface at all. If ABS messes up, you can still brake and warning lights appear to let you know you should get it fixed. That's all that's required. And all the mechanic needs is a way to put out that warning light when they've fixed the problem (but the car is welcome to engage it again if it detects a problem, even immediately after it's been "fixed"). Why on Earth do you need a "disable brakes" function to even EXIST, no matter what the emergency? We're not talking about turning off ABS, the researchers were able to turn off THE BRAKES.
Regenerative braking systems that "ruin the car" if you brake while throttling need a complete redesign. How stupid to have to have a device that cuts one in order to allow the other? Of course, they are mutually-exclusive functions but, as with the Prius, the failure mode is inherently dangerous because it will fail to counteract if one "sticks open" because it's trying to enforce mutual-exclusion. And when your pedal jams down, you can't brake, which is the only vital function of a car. The opposite isn't true that if the brake jams down, you need to be able to accelerate away.
So where in that mess is it necessary to have any sort of enable/disable function of any of the braking system at all or be able to play with any of its parameters? And where is it necessary for that to be accessible over a cable AT ALL or be modifiable at all by the user, or even a third-party garage? It's crap. And the braking signal can run through whatever computers it wants - I damn well want flashy lights and warnings when something is wrong and, like ABS, a computer can check things a lot faster and more accurately than I can. But when that braking signal CONTROLS the brakes, rather than assists them, you have to go find the designer and shoot them.
Re:I'm not worried about those hacks (Score:3, Insightful)
It's a pretty safe bet that OnStar is vulnerable to some kind of attack.