Hacking Automotive Systems 360
alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.
Cccess to unlocked car = can damage it, duh (Score:4, Insightful)
Re:Cccess to unlocked car = can damage it, duh (Score:5, Informative)
Then it’s a good thing that they’ve already thought of that, I guess.
He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.
Re:Cccess to unlocked car = can damage it, duh (Score:4, Funny)
An attacker would have to ... be able to physically mount some sort of computer on the victim's car
Yeah, and if I could physically mount your wife, I could inject her with all sorts of viruses, maybe even spawn a child process!
So, is "security hole" the next euphemism for vagina?
Copy of the paper (Score:3, Informative)
The paper [autosec.org]
That link really should have been in the summary....
Re: (Score:3, Informative)
I would guess it's related to the Anti-lock Brake System, which needs to calculate how much force should be applied and how rapidly.
Re: (Score:3)
So what? (Score:4, Insightful)
Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.
Re:So what? (Score:5, Insightful)
FTA: "In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown."
Remove the clicking and countdown and no-one will know the car is sabotaged until it's too late. When I would be in charge of securing the president or other VIPs during transport I would want to be able to know if the vehicle has undetectable security flaws like this... The problem is that you don't even know if the software might have been compromised in the months/years that the car has been in service.
Re: (Score:3)
Good point.
Everyone says "cut the brakes", but that's too easy, and detectable.
A pound of C4 in the gas tank, with a remote detonator would cause more damage, and it would be completely undetectable. Of course, the time required to slide a boxcutter across the brake line is significantly less than it would take to remove and reinstall the fuel pump (the only place to access the inside of the fuel tank).
It's not actually necessary to cut a brake li
Re: (Score:3, Insightful)
Re:So what? (Score:4, Insightful)
Re: (Score:3, Funny)
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Re: (Score:3)
Actually, that's frequently done for lower class circle track racing. You simply crimp the right side brakes, and no, you don't leave the vice grips on. Once the steel lines are crimped, they stay that way.
Circle track drivers adjust their cars significantly to turn left. They use larger tires on the right side, lower the suspension on the left, and significantly adjust the alignment. Everything is done so it handles better on left hand turns. It's funny watching them driv
Re: (Score:2)
Computer or no computer, if I climbed under your car in the parking lot, I could cut the brake lines.
But can you make it so that the brake lines is cut sometime later *WHEN* you want it to?
Stick a phone/PDA/etc into the port, and you can cut the brake lines when you see the target car just as it approaches a red light or intersection.
This is /.! Can't you guys imagine the possible ways to exploit a digital interface vs a mechanical one?
Re:So what? (Score:4, Informative)
This is true, however your target would notice their brakes didn't work before pulling out of the parking space, when they pressed them to put the car into gear. Even if the car had a standard transmission, your target wouldn't get far in the parking lot before realizing something was wrong.
Getting the brakes to fail at any time after the car is in motion would be impressive.
Re:So what? (Score:4, Funny)
Fine, A tine explosive the sets after the vehicle hits 55 mph.
Re:So what? (Score:4, Insightful)
Getting the brakes to fail at any time after the car is in motion would be impressive.
Using this hack an attacker could probably let the brakes fail the moment you go over 100mph, as well as disabling steering-assist and traction control, and maybe even floor the gas pedal...
This is the ultimate 'digital brake line cut' turning the vehicle into a crippled metal cage of death hurling to whatever is in front of it with (most likely) lethal consequence.
Re: (Score:3, Funny)
Because it makes this [theregister.co.uk] scenario much more likely?
Yeah... (Score:5, Funny)
...no matter how insecure they are, until hackers find a way to wirelessly connect to my car that doesn't have a wireless connection, I'm not going to worry.
Now if you'll excuse me, I have to make sure some crazy ex-girlfriend doesn't have something stuffed in my OBDII port. "Your mom's OBDII port is stuffed!" Dammit! Almost made it without the mom joke...
Re: (Score:3, Funny)
That's what she said.
Re: (Score:2)
That's what she said.
She says a lot of things...that ungrateful biznatch...
OBDII via wireless? Here ya go! (Score:3, Interesting)
http://www.carpartslights.com/elm327-bluetooth-obdii-obd2-scanner-vagcom-can-elm-327-p-28.html [carpartslights.com]
(Now you know what to look for at least, when checking to see what the crazy ex-g/f might have put in there....)
I'm not worried about those hacks (Score:4, Insightful)
We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?
Re: (Score:3, Funny)
We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?
If they can, I'm rushing out to get OnStar - that'd be a lawsuit waiting to happen!
Re: (Score:2)
Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.
Re: (Score:2)
Granted that statement is WILDLY far fetched but in theory, badly designed system could leak access through it.
It's actually not that farfetched; these days, a car stereo is a little computer. I mean, that's been true at least since the development of the digital FM radio, but now they have to speak complex protocols, and that means complex software. If your stereo is hooked up to a complex bus in your car, then likely there is a path to your ECU.
Of course, it's generally trivial to disable car alarms, and it's also trivial to attach a small wireless module to the OBD-II port, so the possibility of such attacks is a
Re:I'm not worried about those hacks (Score:4, Insightful)
OnStar themselves can do several things like disable your engine, track your car, open the doors, etc. I would expect that it's theoretically possible (though unlikely) that a person could hack into your car via that method. It would certainly be quite a feat of hacking, but I believe it is possible.
Re: (Score:3, Insightful)
It's a pretty safe bet that OnStar is vulnerable to some kind of attack.
Re: (Score:2)
Re: (Score:2)
We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?
How hard would it be to stick and hide a remote controlled smartphone/PDA/custom receiver under the car that connects to the port on the car? Instant remote control to everything that can be controlled from the port.
Re:I'm not worried about those hacks (Score:5, Insightful)
People have physical access to the outside of my car, it doesn't mean they can change my speedo, mileometer, fuel mixture, etc. quickly and without me realising that something has happened. They certainly can't do it just by plugging a box into the port even if they *do* break into my car... because my car is mechanical and doesn't run with this sort of shit (Note: I can and have removed the entire ECU box from a car in the past - it runs, but slowly and less efficiently and may not pass an emissions test, but it still works in a driveable condition - very modern cars literally do not work without them so they are "essential" and thus should work as bloody advertised).
All of these things were done over an ODB cable to a standardised port on every car. On every decent model of car, they should be read-only information about the car's engine. The port is standardised, commonplace, accessible from the driver's seat (by law in the EU), hidden, and (with these models) accepts almost any device / commands without question. It's standard practice to connect an OBD box to modern cars if they have an indicator light up (in fact, it's usually the ONLY way to clear such a light). My car has one. I'm pretty damn sure that you can't modify my mileage or speedo via that route, though, or my fuel mixture, or stop my brakes working. About the worst you might be able to do is clear a warning light. This is because the OBD is designed properly, doesn't allow things it doesn't and it helped by the fact that my speedo is a needle connected to a magnetic induction coil produce by a spinning cable spun at a ratio of the speed of the wheels, and my mileometer is a tick-over-style mechanical one. The Prius-scare should have shown people what happens when you take away control of a vehicle from a driver and put it in the hand of a computer - it was discussed that virtual-ignition-systems, virtual-gearing-systems, etc. are just dangerous and provide no advantage to anyone.
Nobody is saying these things are not do-able on any car with physical work, we're asking why the hell they are modifiable over such a cable in such a "simple" way that someone could literally sell a box on eBay that, when connected to a car, can fraudulently adjust mileage, turn on hot air vents, TURN OFF THE BRAKES (FFS!), and basically cause it to crash and explode whenever you want. That's *NOT* what the OBD standard is for - it's for diagnostics and diagnostic indicators. Why the hell can I adjust the hot air vent through that cable?
The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable, or anything else for that matter. The only "writable" things should be to clear diagnostic lights, which will inevitably pop up again if the problem is "real". So you can't just switch off the ABS light on a car and then sell it as having working ABS... OBD logs and records such actions in the car itself and will redisplay those indicators if there is a real problem still.
Why the hell would you *ever* want to be able to modify information like that? Why should a mechanic ever be able to adjust the mileage on the car? It's stupid, not-thought-through and terrible design. Next up is being able to open the doors of any car that has Bluetooth OBD, or changing the VIN numbers or whatever. It's just ridiculous. Even if the car is computer controlled, there are some places where access control of sorts should prevent certain actions.
Re: (Score:3, Informative)
or changing the VIN numbers or whatever
NOOO!!!! You were doing so well, with such an awesome post...and you had to pull the ol' Vehicle Identification Number Number bit, didn't you? DIDN'T YOU?!?!?!?!
p.s. Cars only have one VIN. It isn't just in the ECU, it's also stamped on the original engine, the transmission, the frame, and on a plate on the dashboard (at least in the US)
Re: (Score:2)
Duh - and all the storage locations for that particular piece of information are destroyable. None, however, are *changeable* without trace except for possibly, in the future, some stupid ECU that allows write access to places it shouldn't. Like the devices mentioned in the article, which let you do stupid crap that you shouldn't be allowed to. The article doesn't mention VIN's at all, I was just providing another example of an inflated, possible, future direction that idiotic car manufacturers might mak
Re: (Score:2, Informative)
The problem is that there is absolutely no NEED for the speedo to be "writable" over a diagnostics cable
What if you change your tire size?
Shenanigans. (Score:4, Informative)
I'm going to call shenanigans on this post. There has never been a vehicle where you could remove the ECU and expect it to run.
A little history... The introduction of computers to vehicles has happened in many stages.
The first stage was the introduction of electronic ignition computers in the late 70s. These systems replaced the vacuum ignition advance on older cars. The signal from the distributor literally ran through the ignition computer. Removing the computer means that there is no connection between engine timing and plug coil. With the ignition computer removed, you have no spark, and the engine cannot start.
The next major step forward was the introduction of electronic fuel injection. This computer was responsible for controlling the fuel injectors. No ECU, means no fuel in the cylinders, which means no running vehicle. Power for the injectors literally comes via the ECU. Without the ECU, the injectors are literally unplugged.
Later vehicles used more computers in more components of the vehicle, to the point that a computer controls the brakes on my motorcycle.
But, there was no time where you could remove an ECU and expect the vehicle to still run.*
* Yes, it is possible to disconnect a lot of the sensors on an electronically fuel injected vehicle, and it will still run. But the ECU must still be in place.
Seriously Slashdot... You call yourself geeks, and you fall for this kind of stuff? Shame.
Re: (Score:3, Interesting)
This "hack" really isn't surprising at all. There are plenty of vehicles you can flash or change settings via the OBD port (such as Subarus). Scan tools only use read co
More to lose than to gain (Score:5, Insightful)
It would seem to me we have a lot more to lose by auto manufacturers implement software security than to gain. Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive. With almost nothing to gain, if someone wants to disable your brakes they can (gasp) damage your brake line without even opening your car door! Mess with your tires, exhaust, gas, etc. There are many more ways to mess with your car externally than via the software port. And yet somehow the earth keeps rotating.
Re: (Score:2, Informative)
Its hard enough as it is for repair shops to work on engines and electronics without adding security, which would make repairs even more proprietary and expensive.
No offense intended, so please don't take this as such. Mods, please mod offtopic:
You haven't worked in a shop before, have you? Whether you have a cheap OBDII scanner [amazon.com] or a full-blown diagnostic tool [snapon.com], so long as the car uses OBDII, you can pull codes from it and subsequently replace the fouled O2 sensor, know which cylinder had a misfire, etc. The full-blown diagnostic tools are useful for crazy-hard problems to solve, but your average scanner bought at Autozone is sufficient enough for the vast majority
Re: (Score:2)
Re:More to lose than to gain (Score:4, Insightful)
IAAM (I Am A Mechanic) too.
Current OBD systems aren't guaranteed to be the future standard, and if the makers can use the excuse of "security" to restrict access to an increasing number of functions (including "functions yet unborn" they can ensure a revenue stream.
Trusting auto makers to ensure easy system access is like trusting Sony to look after your PlayStation.
You missed another point - aftermarket installers (Score:5, Interesting)
OBD II is all well and good for basic emissions/driveability/MIL diagnostics, but adding security to the other functions, such as the door locks, windows, etc. could basically kill the aftermarket alarm/remote start business.
On many (if not most) cars these days, many of the basic functions such as door locks are controlled via a CAN bus (a 2-wire twisted pair network) and more and more functions are migrating to network control rather than having dedicated wiring. In my car, everything other than the lights and the radio is run over CAN (even the seat adjustments and the rear window defogger).
Take, for example, installing an aftermarket stereo: Many new cars don't have a wire that supplies 12V when you turn the key on to turn on the radio, the radio is always powered and listens to the CAN bus for the command from the car's BCM (body control module) to turn itself on. On these cars, a separate aftermarket module has to be installed to turn the radio on (or the installer has to dig around in the car to find something else that only turns on with the key, like a power outlet). There are also aftermarket modules that can translate the CAN bus commands from the car's factory steering wheel controls to control an aftermarket stereo.
Adding a layer of security (presumably encryption or authentication) could cripple these abilities with aftermarket equipment.
Don't believe me, well take the example of remote start on my current car a 1999 (yes, 12 model years old now) Mercedes Benz. I have installed 3 remote start systems on various cars (a Subaru, a Honda, and a Mazda) which were what I'd call conventionally-wired cars, having accessible wires to turn the ignition and engine computer on and start the car. Easy. Cost, under $100 for all the parts including extra relays to turn on accessories and such.
On my '99 M-B, the engine computer will not allow the engine to run unless it can maintain a constant 2-way conversation over a separate CAN bus between itself and the EIS. What's the EIS? It's the Electronic Ignition Switch. Here's where things get complicated. M-B cars don't use conventional keys any more, the use a "SmartKey", which is an electronic key fob thing that inserts like a key, but has an infrared emitter-receiver in the end. The EIS supplies power to the SmartKey via an inductive coil around the key opening. The EIS and the SmartKey then engage via infrared in a continuous encrypted conversation which authorized the EIS to tell the engine computer to let the engine run. Because you need to have the SmartKey in place, it has been impossible to install a remote start system.
Recently, a remote start system became available for my car (sold new 12 model years ago, remember), which will simulate the EIS' conversation with the SmartKey and allow the factory remote's Panic alarm button to be repurposed to start the car (the SmartKey is also the remote, but don't worry about that, it's actually two devices in one package). Cost: $1000. That's over ten times the cost of a remote start system for a regular car. And it took 12 years to develop.
All because of a single encrypted function. Admittedly, a really well designed one that makes the car impossible to hotwire, but you can see what problems might face the aftermarket if things like door lock controls became encrypted.
All in all, this research exercise is just stupid. Of course you can make a complicated system do silly things if you have physical access to it. I don't see the point of adding encryption to it when the aftermarket will have to figure out how to bypass it eventually anyway.
Off topic, but in case anyone's interested, you can have up to 24 SmartKeys issued for an M-B vehicle, but I think only eight can be active at one time. The service information talks about having three ranks of eight keys. Once you need to replace the key for the 24th time, you need to replace the EIS, the engine computer and a couple of other items. SmartKeys can only be ordered at a dealer and you h
Re: (Score:2)
I'm willing to bet that you've never worked in a shop either, or at least not one that needs to deal with European vehicles. Proprietary ECU lock-up is a very real problem for non-dealer mechanics, hobbyists, and owners in general.
Actually, I did, for nearly four years before I had to quit due to injury...and I had all of the tools necessary to read those codes. The equipment is out there...you just have to be willing to put out the cash for it.
Unless something huge has changed in the five years since I stopped working in a shop, we were able to pull codes from European cars with no problem.
Re:More to lose than to gain (Score:5, Informative)
www.obd-codes.com [obd-codes.com] is your friend.
So they're asking for DRM? (Score:5, Insightful)
I'd rather leave my port accessible- someday I may want to write some software. If someone has physically broken into my car and put something on my port, then that's my problem. Don't force DRM on us.
I love how we as geeks sometimes want it both ways. "Keep it secure! Add encryption". "Wait wait! That's DRM, I want it gone!"
This isn't a bad thing (Score:5, Insightful)
I want to be able to connect diagnostic equipment to my car so that I know what's going on. I don't trust a mechanic to tell me what's wrong and how much it will cost. I like being able to do most of the work myself when possible.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
There are a bunch of different devices you can use to check OBD II codes. I generally point hobby mechanics and people that do their own maintenance to use something like this [amazon.com]. An OBD II code is an OBD II code is an OBD II code...if you are just trying to pull the code and then clear the light without doing any other on-board diagnostics, you shouldn't spend more than $50 on a scanner. If you do, you just bought something that does more than you need.
As has been the case for a while, Snap-On still sells
Re: (Score:2)
Re: (Score:2)
but in this thread the person says the dealer is charging them $100 just to read the codes. Wow, expensive.
When I worked in a shop, we did the same thing...we would charge people $85 to read the code. However, if the person decided to have their car fixed according to what had caused the code to trip in the first place, we would take that $85 off the cost of their final bill, effectively giving them the code scan for free. If they didn't want to get the work done because they were a tight-ass, you bet we charged them to do it (we would sometimes waive the fee if it was obvious the person just didn't have the m
Exactly: I *WANT* to hack my car! (Score:2)
These sorts of security "flaws" also allow people to change the fuel injection mappings to increase horsepower, or enable extra electrical features not included from the factory, or do any number of other neat things. I want my car's computer to be more accessible, not less!
Manual Override (Score:5, Insightful)
Re: (Score:3, Interesting)
Re: (Score:2)
Why not provide manual overrides for things like door locks and windows.
Simple - cost and liability.
I doubt a mechanical override for the window can be as simple/lightweight as the CD pinhole. An additional manual overrides (i.e. == mechanical) means
1. more parts (== more cost)
2. a heavier car (== use more gas)
3. more chance of failure (== more liability)
4. more control mechanism (e.g. child locking for the windows for the mechanical switch also!), ==> even more parts and more failure modes (== even more liability)
5. door lock override = 1 more pathway for car thief to open
Re: (Score:2)
Re: (Score:2)
Don't leave home without one, kids.
Re: (Score:2, Informative)
Far superior to a hammer: http://www.copsplus.com/prodnum4497.php [copsplus.com]
Also, more handy if you catch someone tampering with your onboard computer... base of the skull punch-through carries more fatality points than hammer to temple.
Re:Manual Override (Score:4, Insightful)
Why not provide manual overrides for things like door locks and windows.
Jaguar has such an override for their electronic transmission. [jalopnik.com]
They were able to (Score:2)
blast hot air out of the radio? That's one wicked hack!
Re:They were able to (Score:5, Funny)
Ah. Rush Limbaugh. That would be the parsimonious explanation.
Re: (Score:2)
That Fred Savage, He is one versatile actor.
The only concern... (Score:2)
While corporatist DRM apologists might disagree, the ability to do all sorts of crazy stuff by connecting to your local diagnostics port is what we call a "feature". If anything, we don't have enough control here, and much of the control we do have is inadequately documented "Oh, sure, it's ODBC, in that it is more or less electrically comp
Re: (Score:2)
There are some performance flashes that can be done in a demo mode that go back to normal performance after XX hours of driving but other than that I've never heard of a timed or triggered kind of thing being done. That would take extra ordinary access to the code and most flashes just modify tables for lookups. Even that is tough since the damned firmware is encrypted by most every automaker! Making this worse would really piss me off, these guys are not understanding what they are talking about IMO. Yes,
Re:The only concern... (Score:5, Interesting)
You'd have to reflash the PCM (ECU is an OBD-I term; this kind of stuff is only possible with OBD-II, which actually mandates the term "PCM" — if you want to be accurate, stop calling it an ECU in this context) entirely. I imagine that this sort of functionality is available on all modern cars; possibly not all OBD-II cars, but probably anything new enough to have CAN. Most OBD-II cars on the road do not use CAN anywhere, though today a car might have three or four CAN buses; PCM to OBD-II DLC (diagnostic link connector), PCM to transmission computer, PCM to BCM (body control module) and possibly even BCM to stereo. And other models exist but I personally think buying a car with a CAN bus shared between more than two components is asking for a foot in your ass.
I happen to like my mechanical diesels, which achieve efficiencies very near to modern systems. It's only too bad International-Navistar lacked the foresight to implement the engine as a full-mechanical design, as Mercedes did; your battery can explode and the engine keeps running until you shut it off, because the shutoff is a vacuum switch on the back of the ignition lock. I've had my alternator fail completely and my battery down to about 4V in my 300SD, still made it to work. Nobody will be tampering with my DLC :D
Re: (Score:3, Interesting)
The only problem is that the mechanical diesels don't achieve emissions very near to modern systems.
Of course, I have the same attitude you do (that the older cars are better), except I complain about failure-prone and biodiesel-incompatible diesel particulate filters while praising my rotary-injection TDI.
radio (Score:4, Funny)
I want to know how they made the radio blow hot air.
Re:radio (Score:5, Funny)
I want to know how they made the radio blow hot air.
Simple!
Just tune it to the local talk radio channel covering politics/religion/sport**...
** select / delete according to your views
There's a CSI episode in this (Score:2)
The bad guy thought he'd committed the perfect crime, little did he know that someone on the CSI team would have hunch to check the firmware in the car and find the nefarious code snippet.
This just reaffirms... (Score:5, Funny)
...my decision to make my next vehicle a 1968 VW Beetle.
Re: (Score:2)
Re:This just reaffirms... (Score:4, Informative)
G-dammit! (Score:3, Interesting)
The auto industry ALREADY encrypts the daylights out of most of their code! Which makes modifying it for performance reasons a PITA. I have to pay some guy a pile of cash to "flash" my current ECU because only a few guys have managed to figure out the code for it unlike with other cars. Duh, it's a computer and it controls things so yes it can be messed with.But the auto industry already encrypts it and makes this difficult. So long as the auto dealers are able to modify things like speedometers and other things this will always be a "threat" so stop running around like Chicken Little. Sheesh! What they should turn off the OBD-II standard codes so no one but a dealer can diagnose and make minor changes to cars? See how SEMA will like that and all of the independent garages and shade tree mechanics. then they will bitch that it's too locked down. Make up your minds and stop being so short sighted...
Ah, the Rootbacca defence (Score:4, Funny)
Appearing in a celebrity traffic trial near you in 3... 2...
I DONT WANT FSCKING DRM ON MY CAR!!!! (Score:2, Insightful)
Re: (Score:3, Interesting)
Sorry, but I think we'd all much rather have a car where the ABS (or, indeed, the brake-pedal) can't be disabled entirely, where brakes can't be activate entirely by software, where you can't play with mileometer just by sticking a box on the OBD port, or where the car cannot lock everybody inside if it crashes (the software, not the car!).
It's not a question of software freedom - it's a question of not having that capability automated in the first damn place. In every car I've ever owned, when I press the
Re:I DONT WANT FSCKING DRM ON MY CAR!!!! (Score:4, Insightful)
ABS.
Modern car's know when they're skidding, and pulse the brakes to regain traction. There may be ways to be clever with "I'm skidding" signal to effectively disable the brakes.
Want another one? Regenerative braking.
This was the problem the Prius was having. If you brake with the throttle open you can ruin the car. The system was designed to cut throttle power before engaging the brake, and IIRC the flaw was the brakes wouldn't engage if, for some reason, the computer couldn't close the throttle. This was obviously a design flaw, but it is a legitimate reason you might want to run the brake signal through a computer.
Re: (Score:3, Insightful)
ABS is a function that I covered in my original rant. If the computer goes bang, the worst that happens on my car, most cars and ideally *all* cars with ABS is that a warning light comes on and it takes slightly longer to brake (no worse than *not* having ABS at all). There is *no* need to be able to disable and/or enable that feature, or any feature of the braking, through any interface at all. If ABS messes up, you can still brake and warning lights appear to let you know you should get it fixed. That
The only electronic thing in my car... (Score:2)
... is the clock. I already know that doesn't work.
I did have a problem with the throttle sticking, but that was because the little spring that pulls it shut had stretched and fallen off.
Dear researchers (Score:5, Insightful)
Please to be shutting the fuck up and panicing people.
I WANT my car to allow me to do those things. Thats why I have an ODB-II dongle hooked up between my car and the PC thats in it ... so I can control my cars features the way I want.
Being that the ODB port is generally directly under the drivers side dash, its rather hard for someone to plug into it without it being noticed. If they've plugged into it, they've got physical access to your car, which means they can do a lot more damage than fucking up your heater and blasting you with hot air.
You said you didn't want to spread fear and panic, and you're lying, thats exactly your goal, and to use that to get attention for yourself.
This isn't anything new, its been this way for at least 10 years if not longer (I haven't tried anything on older models) maybe all the way back into the ODB-I days and probably well before that when some cars had interfaces of their own standard.
Alarmist talk will get you locked out (Score:3, Insightful)
Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.
Re: (Score:3, Interesting)
ODB-II (And I to a lesser extent before it was superceded) exists for that exact reason.
Every manufacture used to do their own random proprietary crap. Governments who wanted to access the computer for emmisions controls started requiring them to standardize so they didn't have to buy new crap and codes every time the manfucature decided to change things just to make it so you have to buy stuff from them.
The government basically stepped in and stopped the DRM up front, which is why these ports are actually
Sensationalism at it's finest. (Score:5, Interesting)
I've been "HACKING" car computers for a decade now. and a lot of other people have as well. Most hot-rodders from import tuners to vette performance guys have been hacking ECM's. Many of the honda hackers even go as far as opening up the ECM and desoldering chips to hack them. Changing the ignition timing table, fuel tables, Disable the Rev limiter, Disable Passkey for engine swaps (I do this with the GM 3800sc and it's ecm from the Buicks) add features, change a Standard ECM program to a program that understand boost for a turbo install... etc.....
Heck a friend of mine is hacking the computer that controls the new power steering system in cars so we can retrofit power steering to vehicles that dont have it.
I guess us car ECM hackers are the new "EVIL DOERS"
Re: (Score:3, Funny)
That was a long way to go to attempt to look like the cool kids at the auto show.
re: ECM hacking (Score:3, Interesting)
Actually, a whole bunch of us REALLY wish one of you experts at ECM hacking would figure out the Delphi branded ECU found in the Hyundai Genesis Coupe 3.8 V6!
It's a great little sports car at a reasonable price-point, but so far, it seems like its engine is held back from its full potential because the ECU can't be directly reprogrammed. ... but here in the USA, we c
(Apparently, some folks in Korea have already cracked its ECU and done some custom tuning so they could add things like superchargers or turbos
Re: (Score:3, Interesting)
It's still doable. Most of the information is available on websites OUTSIDE the USA to protect the authors from being sent to jail for 60 years. I've got the info on decoding the GM canbus communications so I can actually change the shift points on the Transmission in the new 6 speed automatics. Tweaking the performance mode and being able to add an economy mode has made a difference.
All that has happened is that all the people that are the best and brightest in automotive are fleeing the country, or hi
Automotive computer hacking... (Score:3, Informative)
...has been around since OBD-1 [tunercat.com] days, as far back as 1984 [tunerpro.net]. OBD-2 programming systems are available for anything from 1994 [eidnet.org] through 2010 [hptuners.com]. There are even scanners that allow you to enter the PIDs of your choice [scangauge.com] (obtained from monitoring the data line while performing operations with a scantool).
Since newer vehicles control nearly everything via CANbus, it's no surprise that someone has taken the time to monitor the bus and inject various commands. This sort of hacking has been around for over 20 years (despite auto manufacturers' attempts to protect their hardware with security keys and seeds). I don't see them "solving" this "problem" anytime soon...unless they come up with a way to make a "secure" bus (perhaps using fiber optics).
Benefits of hacking (Score:2)
shift in mentality (Score:2)
Now imagine that a car is shipped with a virus in the firmware. And at the same moment of time millions of cars on highways suddenly become unmanageable.
This article reminds again that computers more and more run our civilization. We are to begin to regard an unlawful interference into computer systems as a very serious life-threatening crime.
A certain shift in mentality is required. We shall not be amused by "black hat", "white hat", or other "hacking" subculture phenomena, but view malicious code writers
And they -soak you- for the hardware, too (Score:2)
ABS warning light came on in my 2000 Nissan Frontier. They traced the fault to the ABS control module, and the replacement part is $1000!!! That's an appalling amount of money for a couple bucks worth of silicon!
I'm coming to the conclusion that there needs to be industrial or even government standards for computer security, and there ought to be an investigation on the price of (safety related) repair parts.
I guess "researchers" have not met any modders? (Score:5, Interesting)
Just an example: When my throttle position is above 90% depressed, my A/C compressor disengages(or rather the A/C Clutch engages), giving me that little bit of horsepower and theoretically saving my compressor from 7500 RPM (engine speed, not compressor speed) redline. I did this in an afternoon using only software.
The ECU has a lot of control over the car, especially in drive by wire cars... My car happens to have a cable accelerator, and I vastly prefer that because of throttle response time (a physical link is better most of the time than a software one, assuming both are properly maintained).
If they were really trying to be malicious without being deadly, you could change the air/fuel ratio to be really lean and burn up the valve train the first time they hit the gas pedal, there is no physical override for that, not like brake pedals (which if you turn it off it merely removes the power assist and only prevents you from stopping the car if you aren't strong enough to push the pedal down.)
How can I ... (Score:2)
True story about crashing an automotive computer (Score:2)
I ended up catching a little too much air, and bottomed-out the car pretty hard. Upon landing with a loud crunchy thud, all the dash lights went out, the power steering died, and I had to wrestle the car off the road in quite a hurry.
Sitting there
Want your cake and eat it too! (Score:3, Informative)
Didn't we just blast Toyota for having a completely closed system, that only 1 laptop in the US could access.... but now we blast everyone else for having an open system because it can be hacked?
Given physical access to any system it can be hacked.
We've done it on race cars for years (Score:3, Interesting)
Um, how about firing the airbags? (Score:3, Interesting)
My Jetta's VCDS software and port (as well as the printed Bentley shop manual) come with big fat user warnings about taking precautions against accidentally setting off the airbags. In fact, with multi-stage systems, if you're sitting in the front-seat, not buckled, maybe with a laptop on your lap, maybe scooted forward a tad, not resting back, you could probably end up with some serious ow-age.
(I know this, because my controller module has failed; and I'm debating whether to just remove it and live without airbags, or if I should have it re-flashed and deal with the risk of accidental discharge in the reinstallation process.)
Re: (Score:2)
No it's a bad design. like the toyota prius. if it freaks out it will only use the regren function. Its why many will have melted rotors and brake pads because the computer will not allow full brake pressure when standing on the pedal because it wants ot be eco friendly.
Mostly because the engineers are stupid. Leave the mechanical connection to the brakes. put in a wider close gap and add in regenerative as the first 1/3rd of the pedal is pushed before the pads touch. It's engineering 101. and an
Re: (Score:2)
Can't find it [quepublishing.com]. Do you have the ISBN?