Car Hackers Mess With Speedometers, Odometers, Alarms and Locks 159
mask.of.sanity writes "Researchers have demonstrated how controller area networks in cars can make vehicles appear to drive slower than their actual speed, manipulate brakes, wind back odometers and set off all kinds of alarms and lights from random fuzzing (video). The network weaknesses stem from a lack of authentication which they say is absent to improve performance. The researchers have also built a $25 open-source fuzzing tool to help others enter the field."
Hmmm... (Score:3)
How many idiots will use this in the safe knowledge that they can't be busted for speeding anymore, I wonder...
Re:Hmmm... (Score:5, Informative)
Just to clarify how the law works on this one, in most states (probably all, but there are 50 of them so you never know if there are variations) when you hop behind the wheel and start driving any car (whether you own it or not) you are responsible for the operation of that car, including if anything is wrong with it that causes an accident or any sort of moving violation, such as a malfunctioning safety device (and the speedometer is a safety device.)
Now that doesn't stop you from suing a manufacturer, mechanic, or other responsible party if something has gone wrong with the car that wasn't your fault and caused any damages. But, any damages (even just a ticket) are your responsibility first, and if the cause was from a manufacturer or mechanic, it's then on you to recover your losses from them. In other words, if your brakes fail due to manufacturer defect, you can't just tell the guy you rear ended to go collect from your car manufacturer. He goes after you, and whatever he collects from you, you then have to collect from the manufacturer.
You also still end up with a ticket and a mark on your driving record, because again you assumed responsibility for anything wrong with the car by driving it.
Re: (Score:2)
At least where I live (Israel), most (but not all) criminal charges require a "criminal intent" component. You cannot be charged with murder if you did not intend anyone killed (but can be charged with man slauter, as that one doesn't require criminal intent).
As far as I know (IANAL), speeding requires criminal intent. If you show you had no reasonable way of knowing you were speeding, you cannot be charged. The reason that works is that certain types of negligence are enough to show criminal intent (so you
Re: (Score:2)
In the US, speeding is a strict liability offense; if you drive faster than the speed limit, you are liable, even if you acted with such reasonable care that you could not even be said to have acted negligently, much less recklessly, knowingly, or intentionally.
It's not a standard that gets used a lot, but it is also known in statutory rape and some copyright infringement.
Re: (Score:2)
Re: (Score:2)
When you get clocked doing 20 over and you tell the cop that your speedometer is broken let me know if their words aren't "Tell it to a judge."
By saying that to the cop you are showing that you are aware of the situation which makes you at fault since you are showing prior knowledge. That's different than getting your speedo calibrated after the ticket and finding it under reporting. Unless they can find evidence to the contrary the reasonable assumption of the later case is that you had no way to know it was broken.
Re: (Score:2)
When you get clocked doing 20 over and you tell the cop that your speedometer is broken let me know if their words aren't "Tell it to a judge."
I've been in court when I've seen judges reduce the fine based on speedometer calibration report from a mechanic.
Re: (Score:2)
At least where I live (Israel), most (but not all) criminal charges require a "criminal intent" component. You cannot be charged with murder if you did not intend anyone killed (but can be charged with man slauter, as that one doesn't require criminal intent).
US law used to recognize Mens Rae (guilty mind) as a necessary component for a criminal conviction. However, the War On Drugs has given rise to the predominance of strict liability [wikipedia.org] in criminal law (whereas it was formerly confined primarily to civil law).
Re: (Score:2)
The one comment thread I thought was safe from politics..... :-)
Shachar
Re: (Score:3)
IANAL and I've never even had a speeding ticket in 31 years of driving, but isn't there a reasonable expectation of general accuracy in a speedometers, and also a reasonable expectation of deviation from specific accuracy?
I don't think there is a specific requirement for me to check/verify my speedometer accuracy, there's a whole host of government regulations that require carmakers to produce vehicles to a specific standard. And as long as when I drive with the flow of traffic, I kind of have to believe
Re: (Score:2)
If you haven't had a single speeding ticket in 31 years, and you're a heterosexual male and drive more than *very* rarely, then you have issues and should see a doctor, possibly about testosterone boosting.
Re: (Score:2)
Re: (Score:3)
I am a heterosexual male, and while I do not have the experience of the GP, I have driven fast enough to make you shit your pants (one of the reasons I don't let you in my car.) I also have never received a ticket, because I go to magical places known as racetracks when I want to drive faster than the local constabulary allows.
Re: (Score:2)
Cruise control, baby. Makes public roads so much more fun. Like I say, racetracks let you actually go fast, instead of hitting 80 and having to slam on your brakes to avoid the truck who just pulled into your lane.
Re: (Score:2)
I just don't get caught.
I've broken 100 MPH in 3 cars and on my motorcycle. When the speed limit was 55, I did Duluth to Minneapolis on my motorcycle in in 2 hours flat. My math tells me that's at least 77 MPH average. That's nothing now that the speed limit is 70, but it was kind of an accomplishment when it was 55.
But all of that is largely behind me. I like to go fast where I can, but my interest in LEO contact is less than zero. I would rather set my distance-sensing cruise control at about 4 MPH
Re: (Score:2)
A couple of things to note...
* Tire size changes your speedo accuracy. When I went from stock to 32" all-terrain tires on my old Jeep, my speedo under-reported - the speedometer (at least in older cars) gets its input from the transmission output gearing, not the wheels. This means a larger tire diameter gives you faster speed than a smaller one at the same driveshaft RPM. Conversely, a smaller overall tire diameter will over-report your speed for the same reasons (for those who get into the whole low-profi
Re: (Score:2)
You also still end up with a ticket and a mark on your driving record, because again you assumed responsibility for anything wrong with the car by driving it.
I'm in VA and had a period in my younger days where I saw far too much of the inside of my local traffic courts. As such I can say that if you came to court with certified documentation that your speedometer was under reporting most judges would let you off (especially if you also brought receipts showing it was corrected). In a few cases the judge would do the math based on your calibration report and reduce the ticket to what you "thought" you were doing. I never saw such a case where the judge stuck them
Re: (Score:2)
Likely zero, if the laws are sane like ours. If you claim your speedo is inaccurate (+/-10% in my state) and they find you were right congratulations you were driving an unroadworthy vehicle. There's another fine on top of your speeding fine.
Re: (Score:2)
If your speedometer shows a higher speed than your real one, then whenever you are too fast, your speedometer will be showing a too high speed, and therefore you cannot claim not to have known that you have been too fast. However I'm not so sure what the ruling would be if the speedometer shows a too low speed (and it's not your fault for either negligence in getting the car serviced or proven active manipulation, and you weren't so much over speed limit that you should have noticed it even without reading
Re: (Score:2)
You, the driver, are responsible for the legal operation of your vehicle. If your vehicle's instruments are incorrect and you get a ticket then equipment malfunction is no defense. Otherwise no-one would ever pay any traffic related fine, because they could always blame their car. I didn't stop in time because my brakes are broken. I didn't indicate because my indicator is bust. I'm disturbing the peace because my muffler has a hole. I drove at 50 because my speedometer is wrong. Not my fault.
If it
Re: (Score:2)
But you're still getting the speeding ticket.
Often times, if you can bring proof to court that you had the malfunction repaired (generally a receipt from a reputable mechanic saying they adjusted/replaced/whatever the relevant part) the ticket will be dismissed. For example, my sister was cited for having her windows tinted too dark (she bought the car, used, in WV, which is less stringent than VA, where she actually lived). She had the films removed, came to court, and the citation was dismissed. Of course this probably only works about once per c
Re: (Score:3)
Re: (Score:3, Interesting)
Re: (Score:2, Insightful)
Re:Hmmm... (Score:5, Interesting)
Indeed. My speedometer has matched every roadside radar display I've encountered.
Re: (Score:3)
Source please?
http://www.caranddriver.com/features/speedometer-scandal [caranddriver.com]
http://online.wsj.com/news/articles/SB123119286106955181 [wsj.com]
http://www.theglobeandmail.com/globe-drive/car-tips/why-you-may-not-be-driving-as-fast-as-you-think/article11487709/ [theglobeandmail.com]
In general, German cars are known to exaggerate speed by up to 10% in order to guarantee compliance with European law (ECE-R39).
In the U.S., it's been historically common to "detune" speedometers in rental cars to exaggerate the speed, and therefore clock up additional miles which a
Re: (Score:2, Insightful)
The speedometer and the odometer are two different instruments. You can certainly make the speedometer show a higher speed without having the odometer show a higher distance. It's as easy as printing a narrower scale on the speedometer.
Re: (Score:2, Informative)
Your WSJ link was written by someone that doesn't know a great deal about commodity GPS navigators. Yes, on straight and level ground a GPS navigator will tend to be more accurate than a speedometer, but by far the majority of them lose accuracy when driving up and down inclines. You can see this for yourself by keeping a constant speed on your speedo and monitoring the GPS speed drop as you climb or descend a hill.
Why? Because the majority of GPS navigation software calculates speed based on delta-lattitud
Re: (Score:2)
Have you actually seen the altitude reading on a GPS unit? It's terrible. It's much less accurate than the long/lat as you need to see more satellites to get a proper 3d fix *and* even then it's pretty crap.
Re: (Score:2)
Except GPS altitude resolution is far worse than lat/long. Without SA, 2D positioning is roughly anywhere from 3-10 meters. Altitude positioning is at a minimum, +/- 100 meters or more.
Using 3D vectors would result in wildly inacc
In other Breaking News... (Score:3)
In other breaking news, cutting the brake lines of cars can prevent them from operating correctly. Somebody issue a recall, quick!
This is not news, a CAN bus is viewed by the industry in the same way as analog wiring in the car, physically vulnerable. It's an issue when the side view mirror actuators are on the CAN bus, and thieves can open the door and start the engine with this technique. However, this research is stating the obvious for anyone in the know. Next thing you know, one of these researchers will find a copy of the J1939 protocol standard used by the automotive industry and discover what the CAN messages mean without fuzzing the problem space.
If someone found an On Star exploit that allowed a hacker to remotely accomplish these things on the CAN bus, then it would be news, this is not.
Re: (Score:2)
Oops.
Re: In other Breaking News... (Score:2)
What article did you read? The article linked in the summary says physical access to the CAN network was required for this hack. They said other researchers had hacked the car over Bluetooth, but not the researchers in the article.
Re: (Score:2)
This is the quote from the article;
With physical access to the cars the men were able to make vehicles appear to drive slower than actual speed, manipulate brakes, alarms and unlock doors.
The article links to a paper [autosec.org] discussed in a previous article that also dealt with control through direct physical access.
Here is a quote from the paper
Figure 2 shows the experimental setup inside the car. For these experiments, we connected a laptop to the car’s standard On-Board Diagnostics II (OBD-II) port.
They have physical access to the diagnostics port not wireless access through a vehicle system.
Good! (Score:2)
Not every bloody thing need authentication. To gain access to the CAN bus you need physical access to the car. If you had that you could just cut a brake line, or simply plant a bomb. Not everything needs authentication / encryption. If it all does you end up with a form of lockout.
I saw another comment here saying that the entertainment system is also connected to the CAN bus and that offers wireless or bluetooth connections. Well why not take that leap and identify if you can somehow hack THAT entry vecto
Re: (Score:2)
No matter how badly the armchair hackers here want to sound like they know something, you cant hack the canbus via the bluetooth audio channel in the car stereo.
A lot of them learned all they know about hacking from TV shows and movies.
No, bad (Score:2)
Re: (Score:2)
Since the start of the OBDII Standard (which was a requirement starting for 1996 model years) There have been companies that have sold devices that let you plug into the computer and modify it's parameters, disabli
Re: (Score:2)
I'm quite certain that existing regulations regarding warranties, emissions, etc. already contain clauses that limit an automaker's liability in the event that the vehicle is tampered with. Otherwise, someone could cut out the catalytic converter from their car, sell it (for the precious metals), and have the automaker replace it under warranty. Computer-based modifications would fall under the same category.
Re: (Score:2)
I call BS. Car manufacturers are not liable for all the cars that fail emission testing. Manufacturers are liable up until the vehicle is initially sold. After that the liability shifts to the owner.
Re: (Score:2)
Re: (Score:2)
From the quoted article;
The test failure does not result from misuse of the vehicle or a failure to follow the manufacturers’ written maintenance instructions;
People hacking around the system could easilly be seen as "misuse".
Re: (Score:2)
Legally no different than cutting off your cat.
Re: (Score:2)
No it's not. A car manufacturer's responsibility ends when the vehicle is sold, or if the vehicle is serviced.
As pointed out to those who think they can game a speeding fine by messing with their speedo then pleading innocence, you were behind a vehicle that fails to meet [insert criteria] which makes it unroadworthy. Here have an additional fine.
It's no different to those putting downpipes where the exhaust pipe belongs. The manufacturer is not liable for a car that no longer meets the noise regulations, t
Re: (Score:2)
cutting the brake line is pretty damn obvious, so is a bomb. If you wanted to be sneaky about it, you could add a module that would allow you to remotely command the car, while on the highway, to accelerate and then suddenly turn left, while also disabling the brake, traction control, and ABS. In other words, you could make it look like an accident. Depending on how
Re: (Score:2)
The evidence of tampering would be the hardware physically attached to the diagnostics port. Nowhere do they talk about modifying the system and having it go off later. If you read the paper [autosec.org] they link to with the folowing text you will see that it too required physical access to the diagnostics port.
Other researchers have accessed car networks via bluetooth and developed ways to compromise autos through firmware.
They seem to be hoping we will take their word for what the paper says or didn't read it themselves.
Sensationalist... (Score:2)
So if you see a hacker hiding under your dashboard you need to worry, as NON OF THIS CAN BE DONE without physical access of the vehicle from inside.
Call me when they can hack Any car wirelessly from 300 feet away using their laptop, until then all of this is nothing but fearmongering.
30 feet not enough? (Score:2)
Recent model BMWs have been hacked wireless from 30 ft away. That is enough for the thief to hide the device used for the hack near a spot where the owner would normally park the car. They would sniff/block the central locking, so they would be able to gain access to the inside of the car. They would then trigger a buffer overflow by removing and replacing certain fuses in a certain sequence and that would gain them access to the key secrets stored inside the car's computer. They would use a device to have
Re: (Score:2)
CAN enabled light bulbs? No, there is a CAN enabled relay box somewhere near the top of the engine bay (maybe reachable from the outside of the car if you use your imagination and pretend you have octopus tentacles for arms) which controls the lighting. As for trailer connections, maybe on a semi where the CAN bus is standard SAE J1939, but on cars and light trucks, the protocols are all manufacturer specific so there would be no
Re: (Score:2)
No it hasnt. stop reading into what is nothing more than a rolling code exploit.
Re: (Score:2)
I'm fairly certain that with bigger antennas... you would be able to do this trick at 300 feet
Radio doesn't work like that. For optimal transmitting/receiving you need the antenna to be tuned to the frequency being transmitted. Try to use a two meter antenna for wifi and you'll be lucky to get a signal at all. The antenna needs to be the same length as the frequency's wavelength (or certain multiples; I've forgotten a lot).
Re: (Score:2)
So if you see a hacker hiding under your dashboard you need to worry, as NON OF THIS CAN BE DONE without physical access of the vehicle from inside.
Call me when they can hack Any car wirelessly from 300 feet away using their laptop, until then all of this is nothing but fearmongering.
What's your phone number?
http://www.technologyreview.com/news/423292/taking-control-of-cars-from-afar/ [technologyreview.com]
CAN bus + Wireless = Bad news (Score:3)
CAN was never developed with security in mind. What for, it was supposed to be a LOCAL, WIRED bus on a closed system that should only be accessed by someone whose authority to access it has been verified by different means (i.e. he has the keys to the car in the first place). Now, we can see how CAN can be abused with local access. Well, duh. Insecure system is insecure. Film at 11. Right? Well, technically, yes, but let's look a hint further, shall we?
The news here is that cars get more and more wireless features. It's simply more convenient for you to plug in all your nifty toys, from cellphone to iToy to navigator system without actually having to PLUG them somewhere. Now it's very tempting for the makers of said cars to stuff them onto the very same bus. CAN is already in your car, pretty much every kind of electronics can talk to it, ain't it the perfect thing to tie your toy into?
In theory, yes. In practice, I predict that unless car makers take special care to secure those wireless entry points we'll see a lot of similar hacks in the future, only that this time they'll be done from outside the car without physical access to it.
Re: (Score:2)
At that point they can put authentication on the wireless access points and leave the rest of the physical bus unauthenticated. Until the time that unauthenticated wireless access points are installed this is a non-story and just hype.
Re: (Score:2)
That's a tack-on solution, and I guess we should all know how well such solutions work. For reference, see the internet, its protocols and how we tried to add a "secure layer" to the mess instead of simply coming up with a solution that is intrinsically secure.
Re: (Score:2)
It is a tack on solution to solve and issue caused by a tack on problem.
Is there a an authentication protocol between the video card in your computer and the PCI bus, your mouse and the USB controller, your hard drive and the SATA bus? This is a similar situation. The point is that one needs to install hardware onto the bus to have access. The difference is that the internet is connected to millions of computers all over the world. A vehicle's network is self contained up until it is connected to the intern
Are all busses unauthenticated? (Score:2)
I bought a used Volvo S80 about 4 years ago. I added the iPod connector for the stereo -- a factory option my car didn't come with.
The dealer had a real problem getting it to work -- the stereo would indicate the input was there, but when you switched to it it would work for about a minute and then stop working. The description they told me was that the car's data bus was rejecting the accessory because it wasn't authenticating.
Now, I don't know if this was an accurate assessment or not, but it took som
Re: (Score:2)
Re: (Score:2)
No, it was related to the car's data bus. The same kit that includes an iPod connector (the "old" 30 pin) also includes a USB connector for using ordinary memory sticks, and that wouldn't work, either. It wasn't an Apple issue.
The Direct Access Argument (Score:2)
I've noticed several comments revolving around the idea that direct access to the vehicle is needed, so there's no need for concern.
It seems to me that while this certainly influences the application of such technology, it doesn't mean all is cool. How long would it take to come up with a purpose-built device that would attach to the relevant access port the same way illegal bank card readers attach to ATM's?
For the sake of argument, let's say it would have WiFi or Bluetooth capability, feed off the
Re: (Score:2)
How long would it take to come up with a purpose-built device that would attach to the relevant access port the same way illegal bank card readers attach to ATM's?
Are you busy this Sunday? We could probably hack it out.
For the sake of argument, let's say it would have WiFi or Bluetooth capability
If the bus controlling safety critical functions has any wireless connectivity, it's a problem. The fix is easy though.
All it would take is one crooked mechanic at a dealership or service center
If this is the only way a mechanic can think of to sabotage a car, then he's a lousy mechanic.
Re: (Score:2)
You're absolutely right about the mechanic having easier ways to sabotage a car. But I was thinking more of situations where anything that happened to the car (or fleet of cars) would happen at the hacker's convenience, maybe weeks or months later. I don't know of too many modifications a mechanic could make that would work on that basis. I'm no car expert, so my opinion on that is by no means unarguable.
Re: (Score:2)
If anything happened the box would be found and traced back to the mechanic that put it in. What stops a mechanic from installing a remotely controled valve on the brake line? It still requires phisical hardare attached to the vehicle and is very different from remote access without physical access.
Re: (Score:2)
Re: (Score:2)
Thank you, Captain Obvious. I own a code reader. The point is that, having got access, the car could be left alone for months or years.
None of this is new (Score:5, Insightful)
Of course you can do all sorts of things exactly like this with the CAN bus; that is what it was designed for, that's what it's used for every day. Just about every make has software available (around for over a decade in many instances) to do every single one of those things; in most cases (except odometer rollbacks) they are replicas of the dealer tools to do the same thing. This includes speedometer adjustments (in place to account for wheel/tire diameter), diagnostic tests like cycling locks, ABS valves, various engine bits, etc.
Exactly what "research" was required to discover this? Is it "hacking" for me to purchase a piece of commercial software and use it's well-documented functions, most of which are also detailed in the service manual they sold me for $50?
Let me know when somebody has actually developed a Bluetooth-based attack vector and get back to me. (And plugging a Bluetooth transceiver into the OBD II port doesn't count) Until that point: snooze...
Re: (Score:2)
But now you can manipulate it from Unity.
Imagine being able to hack your car from your laptop, tablet and phone?
Re: (Score:2)
Imagine being able to hack your car from your laptop, tablet and phone?
You've been able to do that for years. A CAN bus adapter is hardly rocket science. You can buy them off-the-shelf.
This is like firesheep (Score:2)
Nothing people didn't already know, but shows people how simple it is.
It has been known for years CAN bus needs authentication.
Surprising to me (Score:5, Interesting)
I used to write software for aircraft instruments.
What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
I would have thought that certain features of the car would be fixed program/unchangeable, at the very least to simplify the design.
Re: (Score:2, Insightful)
It's not that its reprogrammable, it's that you can spoof the data going to it from the wheel sensors. Because they have everything on the same data bus (they use a modified version of CAN busses in aircraft) you can inject (by literally plugging into the bus) your own packets with new speed data.
Re: (Score:3)
Governed by the motor that controls the throttle. More and more cars are going to drive-by-wire systems. It makes traction control, economy modes and cruise control much easier.
Re: (Score:3)
Re: (Score:2)
I guess one day in the near future, someone will invent the digital speedometer, and that will cease to be true.
Re: (Score:1)
I used to write software for aircraft instruments.
What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
I would have thought that certain features of the car would be fixed program/unchangeable, at the very least to simplify the design.
The first reason is because parts in a car can be changed. The example of a speedometer is a perfect example - The speedomoter works by taking revolutions from the axel and display those revolutions per second to a more human-readable from. So what so you think will happen when someone changes their wheels from 18 inch rims to 22 inch rims? The car is travelling faster than what was originally designed, as your wheels move the car further per revolution of your axel. Thus, the speedometer must be adjusted t
Re: (Score:1)
On my car at least, the manufacturer openly allows for the installation of different diameter tires (for the same rim diameter) - ie. 195/65R15 and 195/60R15 - not just different widths/rim diameters ie. 195/65R15 and 205/55R16
This actually means that for the same given RPM the speedometer will now be off by a few percentage points - and they have in the setup menu (which is driver accessible) an option to adjust tire circumference (by % - up to +/- 10%) so as to have a more accurate reading for the tires
Re: (Score:2)
If you change wheel sizes, then you should be able to adjust the reading. External circumference of allowed wheel sizes for a certain vehicle can vary quite a bit, if I remember correctly.
I've just checked, and for Opel Astra G legal tire circumference varies beetween 72.5 inches (165/70 R14) and 78.1 inches (205/55R16), a 7% difference. One might want to use a type of tire for summer and another for winter (for example). While lower/higher indicated speed wouldn't be such a problem, m
Different wheel size (Score:3)
Re: (Score:2)
Why make the speedo adjustable?
For calibration; cars can come with different gear ratios and tire diameters, so rather than make multiple speedometers or have to change a speedometer gear or wheel speed sensor, the algorithm can be made selectable or modifiable so it can be changed over the OBD2/CAN bus.
Re: (Score:2)
What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
From what I read, it's not clear whether they actually modified the speed sensor (or wheel position, or whatever they use) of if they spoofed the packets between the sensor and other parts of the system (e.g. the instrument panel).
not that surprising (Score:2)
the speedometer is supposed to be a fixed device (or nowadays, daemon) that converts the turns of the transmission shaft, with tables of which gear does what, to an approximation of linear speed.
two gotchas... output of the shaft sensor hardware, and table lookup. depending on how much processing is between A and Z, fertile ground.
your readout device may be pristine, but as we all know, GIGO.
Re: (Score:2)
I drive a Volvo. The manufacturer spec tires are hard to find in the US - so most people get a tire that's almost the same size (usually, slightly larger). This tire diameter difference causes an issue with the speedometer. You're always travelling faster than the speedometer reports. Accessing and reprogramming the speedometer would allow an owner to have his cake (cheap and readily available tires) and eat it too (accurate speedo).
Personally, I find that the car performs better with the right tires.
Re: (Score:2)
The only thing I've got is that I've had cars with an analog (2012 Camaro) and a digital (2008 Civic) speedometer that allow you to switch between mph and km/h making that an additional function they have. Didn't read TFA, but making it appear slower than actual? km/h to mph would do that.
Re:Surprising to me (Score:5, Insightful)
Sadly, it may not require physical access. All the entertainment system and GPS nav are connected to the bus as well. It may be possible to get in through wifi or bluetooth and hack an entertainment device to proxy you in to the CAN bus. See this [technologyreview.com].
Re:Surprising to me (Score:5, Informative)
This is the only comment here so far of any consequence. Hacking a car by plugging into the CAN bus is hardly rocket science, but remotely gaining access to the car's ECU's via bluetooth is a very different matter indeed. Securing CAN is pretty much a non-starter, but securing those wider area wireless networks that cars are increasingly supporting is something that should be taken very seriously indeed. And if Toyota's recent drubbing in the source code courts shows anything, it shows that car manufacturers don't make very good software houses.
Re: (Score:3)
Re: (Score:2)
What exactly does "separate" mean? Modern cars have multiple CAN and LIN (and FlexRay and Ethernet) networks, but they are bridged by modules that gateway specific messages/signals from one network to the other. Your entertainment system probably reacts to the state of your vehicle (are some functions not available when in drive? Going above some speed? Doors open?). Separate very likely does not mean "air gapped" like you'd mean in a high security computer network.
That said, I'm not totally convinced b
Re: (Score:2)
they are "fixed" at the rom level, change the chip to do anything else
Do you know they're not using Flash? It's been a long time since I've seen masked ROM for anything but boot functions and whatnot. Even if it's cheaper, masked ROM is a production nightmare.
Re: (Score:2)
For that there is the OTP bit in many Flash devices. Any safety critical system should be using it.
Re: (Score:2)
Even more scary are recent embedded devices which use low retention time NAND Flash for firmware storage and copy into RAM before execution.
Re: (Score:2)
they are "fixed" at the rom level, change the chip to do anything else
Even in the good old days, if the chip was a UVPROM, you could re-program/re-flash it easily enough. All you needed was a flashing socket, some software, and a blacklight.
Re: (Score:2)
With the right processor instruction set like that of the 8080, you could patch the UVPROM without erasing it because NOP instruction could be all cleared bits. Just include a series of NOP instructions wherever you might want to program a patch without erasing first.
Re:nothing ot see, move on (Score:4, Informative)
Not really. ABS for example modulates the braking power. In one test, researchers were able to put the brakes into 'maintenance mode" normally used when changing the pads. In that mode, the brakes don't work. If I understand correctly, that mode is used instead of the old trick of compressing the wheel cylinder with a c clamp.
To complete the lunacy, in some cars, the parking/emergency brake is electrically activated now.
Re: (Score:2)
This is a blatent lie. there is no "maintaince mode" for ABS brakes, not even my BMW, my BMW motorcycle, my honda or my jeep have such a "mode" for changing break pads. and yes I have the same tool they use at all the high end shops, the Snap-On Solus is what is used by 99% of all repair shops out there, there are no magical, "retract the pads please HAL" mode to make brakes easier...
Whoever told you this knows nothing at all about cars and made that up.
Re: (Score:2)
Re: (Score:2)
Look here [billgillam.com](scrool down just a bit)>
Now, don't you feel stupid for accusing me of a blatant lie? Kinda like in the cartoons when a dunce cap appears?
Re: (Score:2)
I found [billgillam.com] an example.
Re: (Score:2)
It is lunacy. When it's a simple cable you can actually use it to stop the car when the main brakes fail. With a bit of finesse you can even use it to limp to a safe place to stop and fix the main brakes.
Re: (Score:2)
Any kraut car (i suppose any car, full stop) with ASR / ESP has electronic throttle, not mechanical cable. (by definition - the system has to be able to cut the throttle, and it can't with a mechanical cable).
Re: (Score:2)