Lawsuit Claims Major Automakers Have Failed To Guard Against Hackers 107
Lucas123 writes: A Dallas-based law firm has filed a class-action lawsuit in the U.S. District Court for the Northern District of California claiming Ford, GM and Toyota all ignored basic electronic security measures that leave vehicles open to hackers who can take control of critical functions and endanger the safety of the driver and passengers. The suit, filed on behalf of three vehicle owners and "all others similarly situated" is seeking unspecified damages and an injunction that would force automakers to install proper firewalls or encryption in vehicle computer bus systems, which connect dozens of electronic control units. "Toyota, Ford and GM have deliberately hidden the dangers associated with car computer systems, misleading consumers," attorney Marc Stanley said. The lawsuit cites several studies revealing security flaws in vehicle electronics. A 2013 study by the Defense Advanced Research Projects Agency found researchers could make vehicles "suddenly accelerate, turn, [and] kill the brakes." A study released last month by Sen. Edward Markey (D-Mass.) also claims automakers have fallen far short in their responsibility to secure their vehicles' electronics.
this will get fixed (Score:2)
Jurassic Park..... (Score:1)
(Little girl jacks into your car's ecm) .... (Hack)....
This is a Unix system.... I know this....
(Next Driver)
Hang on to your butts!!!!
Clever girl....
Of all the stupidity (Score:3)
Re: (Score:2)
Classless action. (Score:5, Funny)
Yay, more class action lawsuits. Car owners prepare to get your 30 cent rebate forms ready! Lawyers, buy a new vacation home!
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
True, but this suit offers a libertarian alternative to government regulation, and hopefully will achieve the same outcome.
Who or what runs the legal system? And why would the manufacturers respond with anything other than 'fuck off - we will do what we like' to a judgment against them?
This is not the libertarian alternative. That would be that you can choose not to buy a car until some manufacturer deigns to build one that is secure - or you can build one yourself.
Re: (Score:3, Insightful)
There will be no recall fix if they attempt to encrypt the CAN bus. Most of the processors on the bus are not powerful enough for software encryption. They have hardware CAN modules.
A typical Dodge has from 17 to 22 CAN nodes on three CAN buses. Each node is, of course, a processor. Just how powerful does the sunroof controller have to be, anyway? Many of the processors on the bus have 128-256K flash program memory and 34 to 96k ram.
Never gonna happen.
Re: (Score:2)
If I owned a car that was susceptible to this sort of problem I would much rather the lawsuit compel the automaker to fix the problem rather than give me money. Pay the lawyers, but just fix the damn problem as a recall.
I warned several times over the last couple of years that this would happen. Nobody in their right minds (today, that is) runs the critical systems and navigation system on the same CPU. Much less the entertainment system or communications!
The data collection without permission issue has been around for a while, too.
I'm glad to see people getting after this finally.
Re: (Score:3)
In at least some cases, it will take more than your usual simple recall to handle this problem. There are some very very serious design problems in the electronics of many of today's cars.
Re: (Score:2)
If I owned a car that was susceptible to this sort of problem I would much rather the lawsuit compel the automaker to fix the problem rather than give me money. Pay the lawyers, but just fix the damn problem as a recall.
I'd prefer if any hacker attacking a car that way should go to jail according to the damage done or attempted. Like anyone trying to manipulate how the brakes on my car work should go to jail for attempted murder. (I'd prefer if that person doesn't go to jail for actual murder). But then, a person can do all kinds of damage, both expensive and dangerous, to a car without any hacking.
Re: (Score:2)
Re: (Score:1)
Well, you can't wait for people to actually be harmed because at that point it's a rat race to sign them up, and your law firm probably won't win.
No, by preemptively suing for damages because you are so scared you might be hacked, they are playas!
Re:Classless action. (Score:5, Insightful)
Sorry, but this is a complete bullshit lawsuit. Most of the hacks have required physical access to the CAN bus or have required modifications to the entertainment system to remove the firewalls in place - yes they have them on some I'm familiar with. A few jackasses have put out scary "hacks" and now this is the crap that we get to deal with? The CAN bus shouldn't be encrypted as not only will this drive cost up but it will also prevent some of the good stuff going on like replacement ECU in the performance industry and diagnostic tools for the home user.
Sorry, but this is complete and utter garbage and I hope it's tossed out damned fast.
Re: (Score:2)
There are likely easy paths and harder paths in. If you can't put a malicious CD or USB stick in and take control, you hit one level. If you can't plug a device into a port under the hood that can take over control, that is another hurdle. Ultimately though, you need to keep the system secure from the OnStar and its ilk being an attack vector. From fairly credible reports, this is not the case.
Re: (Score:2)
OnStar has apparently got the ability to disable some cars, for it to have this "safety feature" it's going to have to have capability. I'm not a fan of OnStar for many many reasons but this is a feature so I can't bitch about it too much - you can however find the silly cell modem and remove it. The car will probably squeal like a stuck pig for your having done so...
Standing? (Score:5, Informative)
They're suing because, theoretically, some third party could make them the victim of a crime? Good luck with that.
Re: (Score:2)
This is kind of more of a consumer protection thing. In california you used to have telephone book lawsuites because someone used a product in ways it wasn't intended and got hurt somehow because there was no warning or instructions not to use it that way. Its the reason we have warnings to remove children from baby strollers before colapsing for storage and those instruction pictures showing how to suffocate someone on plastic bags. In theory, if a manufacturer can make reasonable changes to products or wa
Re: (Score:2)
The key difference is that in those other cases someone (the person suing) was actually hurt. In this case, nobody has been hurt, but somebody thinks that theoretically somebody could maybe possibly be hurt somehow under some condition.
The examples you give are not 'consumer protection' things, they are manufacturer liability prevention. Yes, you should be smart enough to know this on your own, but even if you don't we warned you. An actual consumer protection example would be where a stroller was recall
Re: (Score:2)
The key difference is that in those other cases someone (the person suing) was actually hurt. In this case, nobody has been hurt, but somebody thinks that theoretically somebody could maybe possibly be hurt somehow under some condition.
Not just "could possibly be hurt somehow", but "could possibly be hurt by a criminal causing intentional damage". It's one thing to complain if your pet dies inside the microwave because there was no written warning, it's something else if someone dies because a criminal put a pound of TNT in the microwave and turned it on. Or if someone dies because a clever criminal damages the microwave so that it will explode the next time it is used.
Re: (Score:2)
Exactly
Overblown Hyperbole (Score:5, Insightful)
In a 2013 study that was funded by the Defense Advanced Research Projects Agency (DARPA), two researchers demonstrated their ability to connect a laptop to two different vehiclesâ(TM) computer systems using a cable, send commands to different ECUs through the CAN, and thereby control the engine, brakes, steering and other critical vehicle components
So you're telling me that if you have direct physical access to a car's ECU, you can issue commands to it? No shit sherlock. That is THE WHOLE POINT of the CAN bus. The only alternative would be to close down the bus and only allow "authorized" accessories to be connected to it - hello sky-high diagnostic fees and goodbye to useful bluetooth OBD connectors.
Call me when this can be done wirelessly. Oh and yes I did read the "What the companies failed to note is that the DARPA study built on prior research that demonstrated that one could remotely and wirelessly access a vehicleâ(TM)s CAN bus through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo" blurb - which still failed to materialize an actual working example of exploiting a CAN wirelessly.
Re: (Score:2)
So in other words you are saying someone should die because of an exploit before something should be done? Sounds reckless to me. The car companies have been warned by many of these studies and still haven't done anything about it. Maybe this suit will get them off their asses. I won't hold my breath though...
Re:Overblown Hyperbole (Score:4, Insightful)
No, he is saying that there should be an actual danger before you yell the sky is falling.
What are the actual odds of an accident being caused by a hacker? What are the actual odds of an accident being caused by a software bug in security code?
Re: (Score:2)
Actual odds may be as large as odds of a spouse's brake lines being cut or a Toyota accelerating out of control with no obvious excuse.
Actually, i do not know the odds but i do not think the will to increase them is zero.
Re: (Score:1)
all those so called "exploits" require physical access to the car and wiring, at that point nothing is safe
Re: (Score:3)
Depends - maybe not if they use progressive for insurance:
http://www.forbes.com/sites/th... [forbes.com]
Min
Re: (Score:2)
So you say 'not true', then give an example where it is true. Or did this guy magically rifle the car without actually physically being there?
I know of an exploit involving C4 (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If someone has physical access, they can also slice a break line, cut a belt, drain the oil pan, put engine-kill into the crankcase, or many, many other things.
The fallout of this lawsuit is going to be bad for all consumers, and it actually puts car makers in a better spot:
Need an air filter? For security reasons, only Powell Motors filters will work, which have to be installed and activated by equipment only the dealer will have. Need a new battery? It has to be a genuine Powell part [1] because the ba
Re: (Score:2)
So in other words you are saying someone should die because of an exploit before something should be done? Sounds reckless to me. The car companies have been warned by many of these studies and still haven't done anything about it. Maybe this suit will get them off their asses. I won't hold my breath though...
In my country, there are millions and millions and millions of people who could kill me with a knife. And about the same number of people could kill me with a brick. Since guns are rare, the number of people who could kill me with a gun is lower, but still many thousands.
How many people are there who could kill me by manipulating the electronics in my car? It's not many. It's not something I worry about. It's possible, but anyone wanting to kill someone that way would have much, much easier methods avail
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
OBDII is mandated by the government.
Re: (Score:2)
The funny thing is that they only require the connector, no actual data. My car (Tesla model S) has an ODB II connector but it doesn't provide anything other than power and ground. The manufacturer can access the car via wifi, 3G or a special Ethernet port but not through ODB II. Before screaming about the insecurity of Wifi and 3G, all communication is sent over an encrypted OpenVPN connection and the devices connected to the internal Ethernet network are fairly secure. There's a web server that serves up
Re: (Score:2)
Uh, no. They require actual data relating to the emissions control system. Obviously, your car does not have an emissions control system. Such is not the case for the vast majority of cars on the road.
give me a hacksaw (Score:1)
Re: (Score:3)
And if I want to cause you to have an accident in your pre-ECU car I can cause substantial damage with some wrenches and a minute. What's your real point? I want to maintain the ability to hack/modify my own vehicles. Encrypting bus communication would pretty much kill that unless their was a mandate to release the encryption keys to the vehicle owner (and then what about leased cars, financed cars, etc.) which is unlikely to happen. As long as it's not fully remotely exploitable (meaning you never have to
Re: (Score:2)
And if I want to cause you to have an accident in your pre-ECU car I can cause substantial damage with some wrenches and a minute.
But what you can't do is cause the tie rod you cut to fail at exactly the point where I'm a hairpin turn along a cliffside road. Or the brakes to fail, steering to quit working, and airbags prematurely detonate as I try to come to a stop from 70mph with a semi truck in front of me. I guess you could put some remote detonated explosive or something on a brake line, airbag sensor, and steering linkages, but how long will it stay there while exposed to road and weather conditions? A disguised bluetooth adapt
Re: (Score:2)
You watch too many movies. If someone actually wants you dead there are far easier ways to accomplish that than hacking your car. For instance, they could shoot you as you drive past. That actually happens in the real world. Should we sue automakers so they only use bulletproof glass and armor plating? Or they could drop a rock on you as you go under an overpass, also happens in real life. Or a bomb.
Re: (Score:3)
The control systems ARE isolated with firewalls, the hacks that have been demonstrated - to my knowledge - have removed those. What exactly does "hardening the OBDII port" mean? You realize that locking that down will prevent diagnostic and home use tools form working right? Rate limiting? The signals that have been demonstrated to disable brakes were standard brake diagnostic signals recorded from using a standard tool, it wasn't abnormal. Filtering is already done by the entertainment systems on stuff I'm
Re: (Score:3)
IIRC, the "brake disabling" hack involved many layers in a car with a dashboard that resembled a breadboard moreso than a car, and relied on being able to emulate/override the wheel-speed sensors so that the ABS computer -thought- it should be carefully modulating the brakes as if driving on ice or marbles or whatever.
Anyone who has experienced it can easily attest that on dry pavement, even without third-party fuckery, a faulty ABS sensor can be a scary thing: One recognizes that the coefficient of fricti
Re: (Score:2)
I have had a faulty ABS sensor, and the experience was not like you say. Here is what actually happened: the yellow 'ABS' light on the dash came on, informing me that the ABS was disabled. Scary.
Re: (Score:2)
Umm no, I sat in the talk where this was presented and while they did tear that Prius a new ass diving into the dashboard they never claimed to be faking out the ABS sensors and they mentioned the ABS pump making hellacious noises - which is what occurs when you bleed the silly thing. Overwhelm the CAN bus with data signals telling the pump to bleed and it will try...
BTW - I have a faulty ABS sensor on one of my cars right now thanks to the Winter slush slopping all over it and screwing with the tone ring.
Re: (Score:2)
So what you're saying is that by overwhelming things, an attacker can make brakes misbehave at a whim?
And you're also saying that flooding a CAN bus can save an expensive dealer trip when it comes to bleeding brakes on a Prius?
Awesome! That's even worse / better than what I was suggesting.
Thanks!
Re: (Score:2)
The control systems ARE isolated with firewalls, the hacks that have been demonstrated - to my knowledge - have removed those.
That's news to me then. My impression from watching a video a while back of how these worked was that they were simply using the OBDII port to send false signals and/or flooding the bus with so much traffic that the signals couldn't get through. I could have sworn they specifically said that the dash was only apart because they'd been monitoring signals while developing the hacks and couldn't be bothered to put it back together again.
What exactly does "hardening the OBDII port" mean?
Throw an interface in between it and the rest of the car that will do th
Re: (Score:2)
Some of the hacks that claim to be done wirelessly have relied on reprogramming entertainment firmware, others simply flooding the bus as you've surmised. The OBDII port is but one way into the bus, any device on the bus offers access to this bus to include some surprisingly easy to access places. It's a shared network, nothing knows that these signals from from the OBDII port. Rate limiting WILL call for more processing, something has to count packets and have smarts - you've added another computer to the
Re: (Score:2)
If they can get in past a locked door, they can get into the glovebox. I'm not such a special snowflake that anyone is trying either of these.
Yes but it's one more layer to defeat. It might also keep the casual maliciousness out (say the neighbors kid just read about this cool thing you could do the hack a car). Either way, it's a really simple step with no downsides.
An interface between the OBDII and the bus might slow some of this but it may also screw with diagnostics, it's an interesting idea but it will also increase cost in an industry that tries to shave pennies off of a production run :(
It would be an extra device, just like a hardware firewall. My $30 desktop switch has enough brains to let me configure it to block some basic stuff (like MAC flooding) plus act as a switch. I'm sure it cost a 10th of that before all the retail markups. The cost argument is why I'm
Re: (Score:3)
This is exactly my own viewpoint. All of this is a bunch of stirred up nonsense. Yes, systems like OnStar which bridge between the CAN bus and the phone network need protection. What I absolutely do NOT want is to see encrypted communications that I as the owner cannot see in plaintext on a wired bus. This will put non-dealer mechanics out of business pretty quickly and/or drive up repair costs tremendously including effectively preventing me from working on my own car. I think it's a dream come true for de
Re: (Score:2)
In a 2013 study that was funded by the Defense Advanced Research Projects Agency (DARPA), two researchers demonstrated their ability to connect a laptop to two different vehiclesâ(TM) computer systems using a cable, send commands to different ECUs through the CAN, and thereby control the engine, brakes, steering and other critical vehicle components
So you're telling me that if you have direct physical access to a car's ECU, you can issue commands to it? No shit sherlock. That is THE WHOLE POINT of the CAN bus. The only alternative would be to close down the bus and only allow "authorized" accessories to be connected to it - hello sky-high diagnostic fees and goodbye to useful bluetooth OBD connectors.
Call me when this can be done wirelessly. Oh and yes I did read the "What the companies failed to note is that the DARPA study built on prior research that demonstrated that one could remotely and wirelessly access a vehicleâ(TM)s CAN bus through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo" blurb - which still failed to materialize an actual working example of exploiting a CAN wirelessly.
Obviously you aren't a lawyer. You never let facts get in the way of a good lawsuit. I'm surprised I haven't seen an add on TV for a class action suit against a company for having dangerous Dihydrogen Monoxide in their products.
Re: (Score:2)
OK. What's your number?
Scenario: Physical access via an unlocked vehicle (quick trip into the carry-out, forgetfulness, or whatever), and an active attacker (with whatever motives an attacker has).
Attacker simply plugs in a COTS ODB-II Bluetooth dongle -- perhaps modified to be extra small (remove housing, clip LEDs, add black conformal coating), perhaps modified to talk to different buses than the standard interface, perhaps modified to have a stronger radio and/o
Re: (Score:2)
Is a random person going to do this?? why??? Is a terrorist going to do this??? again why???
No, the ONLY reason someone would do this is personal. and if they were going to go through all the trouble to do this, they could do something else much easier
Re: (Score:2)
To extend your argument to its logical conclusion:
All attacks worth worrying about are personal, political, or business in nature. Risk mitigation must take this into account.
I know that Dropbox is insecure, but I use it anyway, because nobody I personally know can fuck with me using that vector and I have a personal policy against growing vendettas.
The random attacker won't give a whit of my cell phone landscape photos, or of my shorthand business notes. And I'm not into politics.
So, being a boring perso
Re: (Score:2)
Scenario - you lock your car up for the night, I roll up with a hacksaw blade, roll under your car, and nick the fuel line next to the exhaust manifold slightly. Rolling down the freeway the next day whoosh, you go up like the Challenger.
Scenario - you lock your car up for the night, I roll up with a hacksaw blade, roll under your car, nick a brake line. Rolling down the freeway the next day and whooops - you have no brakes.
Scenario - you lock your car for the night, I roll up with a small BT device connect
Re: Overblown Hyperbole (Score:1)
Except that all of your "using a saw blade at night" "scenarios" of attacking cars:
1) leave physical traces (chemicals, tool marks, etc.) in the wreck, alerting investigators that foul play occured,
2) need close physical proximity between attacker and car to carry out, raising the risk of detection considerably,
3) are "dumb" in terms of efficiently and are more likely to leave the car damaged but the victim safe, alerting him to foul play,
4) are physical, peer to peer in nature: one attacker, one car. You
Re: (Score:1)
Bluetooth (depending how they implement pairing), CD and synced Android device sound like viable attack vectors. None of them are instant remote control with no action by the owner, but they're all quite usable.
Bluetooth: If it makes you enter a code displayed on the other device to pair, that's more secure. But if the car just displays something like "$DEVICENAME Do you want to pair with this device? [Yes] [No]", it's not really. Either someone will habitually click yes, or can be enticed to through carefu
Re: (Score:2)
Re: (Score:2)
Hard to have a remote starter if you can't wireless control the engine. Hard to have traction control if you can't control the engine and brakes from the same point. Hard to have stability control if you can't control the steering, brakes, and engine.
Can those things be done some other way? Probably. But the other ways are more likely more complex, and you would have to show that the more complex ways actually increase safety, which may not be the case.
Re: (Score:2)
It would probably be rather easy to disablr input from unapproved ports or devices once the vehicle reaches a certain speed or is in gear for a specific length of time. This would allow for diagnostics, remote starters and so on. They could even employ a diagnostic override that requires pluging a resistor chiped dongle in under the hood or somewhere allowing user modifications and whatever at the owner's direction.
The fear doesn't seem to be you and your car. Its some hacker issuing commands at 5:30 causin
Re: (Score:3)
That's how it generally works already. Important stuff is on one CAN bus (ECU, ABS pump, auto trans controller if it has auto trans, airbags, etc). All the secondary stuff like door modules (controls locks, windows, etc), cabin illumination, the radio/navi and whatnot are on a secondary CAN bus (or LIN, or..).
This way if your rear door module dies and manages to take down the (secondary) bus, the car still runs.
I don't see much point in securing it, as you need physical access anyway. I'd rather see it go t
But people want to know how it works (Score:3)
People would still want to know how it all works so they aren't stuck going to the dealer for service. So how do you reconcile the two?
Re: (Score:2)
What about... (Score:2)
If automakers built cars that were as easily hijacked as Windows, everyone would be driving with body guards.
Here is all you need to do (Score:2)
1. Segregate the parts of the computer with networked access from the portions of the car that actually involve driving. Brakes, acceleration, engine timing firmware, etc. All of that should be airgapped from the GPS OnStar stuff.
2. Make the storage media that those systems use both physically accessible from the inside of the car AND compatible with conventional computer technology. The internal storage of these systems should be on an SD card or a USB 3.0 Flash drive or a little SSD hard drive. The point
I'll be watching this one (Score:1)
I would rather have them sue target (Score:2)
If class actions were taken against these companies, then quickly, companies would spend the money and secure themselves. So would companies like these car makers.
Automakers suck! (Score:2)
I always suspected that automakers were amateurs. Real engineers use CMake.
Re: (Score:2)