Unpatchable 'Flaw' Affects Most of Today's Modern Cars (bleepingcomputer.com) 226
Catalin Cimpanu, writing for BleepingComputer: A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others. The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components. The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team. Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Sounds like good design to me (Score:4, Insightful)
Re:Sounds like good design to me (Score:4, Insightful)
Maybe what you're missing is that it shouldn't be possible for an attacker to induce this state in the first place.
Oh enough of this shit (Score:5, Insightful)
I am so sick of infosec nerds thinking they know more than the engineers at Ford, BMW, etc. About building cars. Coming up with new "vulnerabilities" - "I just need physical access to the car's OBD-II port with a laptop". Stick to Flintstones cars if you feel so insecure, the rest of us will drive fearlessly in luxury.
Re:Oh enough of this shit (Score:5, Insightful)
In fact, this is such a known quantity by anyone that knows what the hell is going on in a modern car that there are products you can buy for some cars that actively edit the CANbus signals going into the ECU to tune the car's engine without invasive and potentially dangerous loading of non-sanctioned firmware. And, this additive hardware adds settings and features that were never available to the car from the manufacturer, such as altering turbo boost based on current octane sensor data and oil temperature data - increasing power when safe to do so, but decreasing if fuel quality is bad, or the engine is too hot. It achieves the desired effect in a safer, better, and more reversible way than an ECU flash with a different boost mapping.
And this is possible because you can slap a signal processor in between the ECU and the rest of the CANbus, and the ECU will never know it's happening. Something starts to go wrong, and you disable it or remove it completely (unless something goes REALLY wrong, in which case caveat emptor, buddy.)
Yeah, I'll go ahead and keep the open CANbus instead of some new standard that requires all kinds of lockdown and essentially DRM, and deal with the exactly zero "vulnerability" issues in literally billions of vehicle-miles travelled by CANbus equipped vehicles.
Re: (Score:3)
Is this for real cars, or only for the Knight Industries Two Thousand?
Re: (Score:2)
You prick, now I have the theme song stuck in my head.
Re: (Score:2)
Re: (Score:2)
+1 for APR
Re:Oh enough of this shit (Score:5, Informative)
So I am one of those infosec guys and we have been doing CAN bus assessments for the big 3 for some time now. This has to be the stupidest article I have read in some time.
First off the next gen cars are already implementing 'segmented' CAN buses with a firewall module that allows some devices to send white listed messages from the less privileged body areas to the more privileged engine management and safety buses. So this problem is already being solved.
Very few existing cars have a path to remotely introduce CAN messages. Some do but those interfaces have by and large been hardened pretty well, the Jeep stuff from some years ago is long fixed.
So what have here is basically if you are in the car you can do bad stuff by wiring into the can bus. Okay I make the airbag fail too buy yanking it out of the dash board, who cares.
Re:Oh enough of this shit (Score:4, Funny)
Okay I make the airbag fail too buy yanking it out of the dash board, who cares.
The person whose airbag you just yanked out of their dashboard?
Re: Oh enough of this shit (Score:2, Funny)
I can hack your brakes With à wire Cutter. No Laptops required.
Re:Oh enough of this shit (Score:4, Funny)
Just like this server is totally unsecure all I have to do is swap the hard drive and motherboard and I have root access.
Re:Oh enough of this shit (Score:4)
That is what I am saying though. They are hardening the cellular interfaces which at one point were laughably badly done. They are starting to segment the network and put what are basically firewalls onto the CAN bus.
What you are seeing now is that cellular interface will be connected to the body module, and sure it can send any message it wants, so you pwn the cellular adapter. Alright great, but the firewall module that connects the body modules zone of the CAN bus to the say the engine-management modules zone of the CAN bus will only pass certain messages. It won't say let you change the fuel mix but will pass the "Show me your fault codes" message.
The firewall modules are programmable in terms of policy, I don't know if the one I was looking at could have its policy updated remotely or if you'd need to cable up. That was out of scope, we were assigned to test the policy. The rules were we could plug into the ODB2 port and/or pop the infotainment system out and plug in there. Were were supposed to prove that even if you got code running on the infotainment system (possible can update firmware, handles user provided files, usb etc) you could not interact with anything safety critical.
Re: (Score:3)
Well, it's always been possible for someone with physical access to the car to sabotage it. There are hundreds of ways you can make a car inoperable, likely to break down, or downright dangerous.
What's different for most cars is that there are more elaborate ways of doing it now.
But if the car is at all manageable OTA or wirelessly, that's a different story; we're not talking about needing physical access any more. You could hack someone's car while it sat in their locked garage, or while they were drivi
Re: (Score:2)
Well, it's always been possible for someone with physical access to the car to sabotage it.
When I was a teenager one of my friends saw a beaten up old car with no windows on sale for $250 and on the sign it said "runs." My friend only had $40. So he popped the hood, (no windows) and removed the ignition rotor. Then he went and asked about the car. In the end he bought it for $40.
These car-hack stories are so weak. If you're inside my car, instead of fiddling with the electronics, you might just steal it. That would be way worse. If terrorists want to hold your car hostage by controlling the brake
Re: (Score:2)
Still bullshit. Of a Car can be accessed ober the Mobile Phone, that Interface must be properly Secured. Using correct crypto protocols. No NSA backdoors please. That rules Out TLS and Similar crap.
But how is that à CAN Bus issue ?
ECU Software is already crypto signed, by the way.
It is almost impossible to prevent a person that has physical access to your car from installing some sort of remote controlled device that can cause failure of some component. There are millions of vehicles out there with 'hacking' vulnerabilities, yet we don't see these attacks happening. Sometimes being aware and practical are enough, sometimes more is needed.
Re: (Score:2)
Maybe what you're missing is that it shouldn't be possible for an attacker to induce this state in the first place.
That is not a flaw in CAN. It is flaw in the component. Since the "remote access" threat is something the researchers (or the journalist?) just made up, and is supported by no evidence whatsoever, this would require physical access to the component. If a bad guy gets physical access to your engine, then all bets are off. There is no such thing as a secure device in hostile hands.
Re: (Score:2)
Agreed, before you just cut the brake lines if you had physical access.
Re: (Score:2)
That's why they put the word "or" in there strategically, so that the scary part could be complete bullshit and they could still claim their sentence was true.
Re:Sounds like good design to me (Score:4, Insightful)
That's like saying that it shouldn't be possible for an "attacker" to "hack" your brake lines with a hacksaw.
If you have physical access to the vehicle and want to do someone harm, there are far easier ways than a laptop plugged into the ODB2 connector. And, the most obvious way that an auto manufacturer would "fix" this "flaw" is to engage in some scheme reminiscent of DRM, further locking down anyone from being able to repair the car themselves.
Oh, you want to replace the stereo? Fuck you, the security controller for the door locks is in the back, and it all has to have our special firmware on it to talk. You can get the $300 upgrade the stereo at the dealership for $2000.
No thanks, I'll stick with the "flawed" CANbus.
Re: (Score:2)
Re: (Score:2)
Maybe what you're missing is that it shouldn't be possible for an attacker to induce this state in the first place.
It isn't, because it requires local access. If you already have installed hardware in the car, you don't need other tricks, you could have done all of the same things by physical manipulation.
Re: (Score:2)
"How about I just plant a bomb (dirka dirka); it's simpler."
O_o You may have spare bombs lying around to plant in cars, they're hard to come by where I live.
Re: (Score:2)
What am I missing?
Try it while waving your hands in the air and modulating your voice rapidly up and down, and see if you don't feel a little more freaked out by the FUD.
Re: (Score:2)
What happens is that the malfunction indicator comes on. Screwing up the anitlock brakes means that the 'antilock' function no longer works, not that the brakes don't work.
Multiple CANs Per Vehicle (Score:2)
That's why you must silence the comms (Score:2, Informative)
My approach so far is to avoid buying cars that include communications. Eventually, though, even older used cars will have this crap.
At that point, I'll have to disable the comms. Right now, that appears to be easy to do in almost every car (just locate and remove the antenna). Hopefully, that will get me through the rest of my car-driving years.
Re: (Score:2)
A communications disruption can mean only one thing.
Invasion.
Re: (Score:2)
What are you going to do when the antenna is embedded in a window?
Re: (Score:2)
I'd either pass on buying the car outright, or count the cost of replacing the window as part of the purchase price and see if it's still worth it to me.
Re: (Score:2)
(Or, now that I think of it -- the antenna has to make the jump from the window to the circuit board somewhere. Probably with a wire. Snip, snip.)
Re: (Score:2)
Just become like this guy [mgaguru.com], who, based on his comments, travelled about 40,000 miles in his 55 year old car last year.
Re: (Score:2)
The sim is not usually removable, and the electronics may be integrated into critical circuit boards you don't want to mess up.
The antenna, however, is always easy to access (it needs to be somewhere unshielded).
Re: (Score:2)
antenna can be built right into the board like it is on IoT devices. There could be a backup antenna and you'd never know. For somebody trying to be paranoid, you're not doing a very good job at it.
You have to find brands that have a separate telemetry computer, and that can tolerate its removal.
Usually the Japanese brands are well engineered to continue functioning without all the doodads, so you can just unplug stuff you don't like.
Re: (Score:2)
antenna can be built right into the board like it is on IoT devices.
Depends on where the board is. The antenna has to be somewhere outside of shielding.
For somebody trying to be paranoid, you're not doing a very good job at it.
I'm not seeing how paranoia enters into it. Paranoid would be if I thought cars were phoning home when they aren't. We both know that they are.
In the end, though, this is probably something I'll be able to sidestep completely simply by sticking with buying cars that are old enough. That's a solution I'm fine with.
Re: (Score:2)
You might want to refrain from telling people what they know, since you're not even from a planet with humanoids that have that capability.
I do know that most vehicles do not phone home. I also know that when I drive a rental car, it does.
Re: (Score:2)
I'm not sure why you're so upset that you feel the need to be insulting. I didn't kick your puppy, I merely stated a personal preference.
By the way, how do you think the newer crop of cars (such as Fords starting in 2016) can get over-the-air software updates?
Re: (Score:2)
I merely stated a personal preference.
No, you stated what I know, and got it wrong. If you can't even comprehend your own words, don't get started complaining about mine.
Re: (Score:2)
Right next to your unwarranted insult mod.
Not wanting my equipment talking to other people without my knowledge and consent isn't even remotely paranoia. There are copious very real security issues involved.
Exploit requires access (Score:5, Insightful)
Acccess can be obtained (Score:2)
you must have a device physically connected to the CAN bus.
Which *for now* means a laptop connected on the ODB port.
But which could mean in the future hacking into some component of the car that is on the CAN bus it self (like the infotainment center, which needs to get information about fuel consumption and a few other stuff).
Hack remotely (Bluetooth, some even support Wifi and 3G/4G) that component and then you get full access to the CAN bus.
Expect *high range cars* to have two separate CAN bus and the infotainment only talking on the "public" CAN bus (and all
Same manufacturers for both ends of the market (Score:2)
Its very unlikely the cheap cars will only have 1 network or that it will be segregrated in a different way (for good or bad) than the higher end models. Almost all car manufacturers address nearly the entire spectrum from entry level to super luxury, and tend to favor standardization to control R&D and maintenance costs. The chief differences between 'high end' and 'cheap' are the quality of materials used for upholstery etc., engine performance, more expensive alternatives of some components, space ag
Re: (Score:2)
Even on high end cars, the (multiple) CAN busses are usually connected through a gateway device. On my 2006 Jetta, the Engine, Transmission, etc... are on a different bus than the convenience items (locks, windows, sunroof, stereo, etc...) However, I can still access them all through the ODB-II port. Ideally this gateway would act as a firewall to protect the critical systems, the question is how good is it?
Re: (Score:2)
It's very good. It has rules in it for every packet that it can possibly see and where that packet is allowed to go.
Spam error packets like these jackasses are using would be silently eaten by the gateway resulting in 0 ill effects to the car.
Re: (Score:2)
THIS!
Seriously, if you have physical access to a vehicle to access the CAN Bus, you can cut a break line or otherwise mess with anything on the car. Safety systems, Security systems, entertainment systems, you name it. Physical access implies all the same risks as this CAN buss "vulnerability" and MORE.
I'm not seeing the huge problem here, at least not for car owners.
Re: (Score:3)
To perform this DOS attack, you must have a device physically connected to the CAN bus. If an attacker has that kind of access to your car, a DOS attack is not your biggest problem. The attacker could just as easily pump 120 volts into the bus and fry every component. Or leave a time bomb on the driver's seat.
Bomb under the car is a wellknown security issue with cars. It has been known for years. OMG!!! When will they solve it???
Comment removed (Score:5, Insightful)
Re: (Score:2)
tl;dr if you are a political target, get an older car without an electric throttle body and electric power steering bullshit.
Such a car will be hopelessly outclassed by anything modern. It's not a good plan for security, either.
"All it takes" (Score:2)
Special device needed to carry out local attacks
The research team says that all it takes is a specially-crafted device that attackers have to connect to the car's CAN bus through local open ports.
So, to be clear, a specially-crafted device, connected directly to an open local port.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
Um... So don't let strangers with car hacking gear ride along with you in your car -- or watch them *very* closely -- check.
Re: (Score:2)
Ah, I stand corrected. This isn't so bad, then.
I will continue to avoid buying cars that have wireless communications facilities, though.
Re: (Score:2)
I will continue to avoid buying cars that have wireless communications facilities, though.
Agreed. I'm disappointed that most (all?) new higher-level Hondas come with keyless entry and ignition. I get that it lessens their costs in making door and ignition locks, but at our expense of a $$$ and large keyfob. At this point, I'd pay extra for a regular ignition key and door locks, but that won't be an option. Luckily my 2001 Civic EX (120k miles) and 2002 CR-V EX (46k miles) are in excellent shape, except needing a few clear-coat touch-ups.
Re: (Score:2)
In most places you can probably just go to an auto locksmith and get third party ignition installed. They already install third-party systems that have both keyed and keyless access, just upgrade to one of those and turn off the keyless part.
Another approcah. (Score:5, Funny)
There is another approach. CAN traffic happens over a differential pair. I have a specially-constructed device that can jam CAN traffic. I call it a "paperclip." I bend it and plug it into both data lines on the OBD port and the network is dead.
We need to ban these dangerous hacking paperclips.
Very dangerous (Score:2)
But plenty of people have access to cars of family members and friends. More than 75% of the homicide victims know their perps. Stranger on stranger murder rate is less than 25%. [quora.com]
So one could sabotage a car of a family member in a manner very difficult to detect using a device plugged into the network, targets the brake system once the car speed is above 75 mph. An average dumb criminal, (all criminals are du
Re: (Score:2)
Huh? What do you mean 'targets the brake system'? If the brakes are in any way controlled by the CAN bus, and the default for any component of that failing is anything other than 'apply the brakes', then THAT is a much more serious concern, and much more likely to happen, than this theoretical hack.
Now, it is possible for it to target the antilock brakes, because they do have sensors connected to the bus. But all a failing anitlock brake sensor causes (which is what the hack simulates) is the ANTILOCK fu
Re: (Score:2)
So one could sabotage a car of a family member in a manner very difficult to detect using a device plugged into the network, targets the brake system once the car speed is above 75 mph.
There's a reason why brakes are designed as a failsafe design. Even if you took out the ABS controller, the brakes will continue to work. They are still a hydraulic connection between the master cylinder behind the pedal, and the brakes themselves in the wheel. Yes, in hybrid cars with regenerative braking, the first few inches of pedal travel just activate electronics, but once you go beyond that, you still have the tried and true hydraulic brakes.
Are there other ways that you could sabotage a vehicle elec
Re: (Score:2)
>Most of us would just dismiss it as some hype, because it requires physical access to the cars.
Yep. Because someone with physical access can do all sorts of things, including putting a tracker on it, cutting a brake line, or attaching a bomb.
Nobody I know habitually checks their vehicles for those kinds of modifications before driving, and I doubt anyone's going to start checking their CAN bus integrity either.
Re: (Score:2)
Most of us would just dismiss it as some hype, because it requires physical access to the cars.
That's about the size of it.
So one could sabotage a car of a family member in a manner very difficult to detect using a device plugged into the network, targets the brake system once the car speed is above 75 mph. An average dumb criminal, (all criminals are dumb) would lack the technical knowledge to do it. But now a days I see kits being sold on Amazon for USB sticks that will fry the mother board if plugged in. So it wouldn't be long before such devices make it to the market. Yes, eventually the police will catch one and then it would become standard protocol to look for this. But till then ...
This and a zillion other things anyone who has physical access and is bored can dream up.
Remote network access to car == REALLY BAD IDEA (Score:2, Insightful)
Re: (Score:3)
Yeah, but the CAN bus isn't remote. It is the local backbone between the various computers in a car. I had always been under the impression it was not secure it was assumed any hardware on it was trusted.
Re: (Score:2)
Except the "OnStar" or equiv. is also connected to the CAN bus. That's the remote connection.
Toyota and the phantom gas pedal signal (Score:2)
Stuck CAN bus signal. From what I've gathered, my first guess when it first hit the news turned out to be the actual problem.
I was involved in writing calibration, diagnostic and simulation tools for GM and their suppliers in the late 90s and early 00s, I saw this problem several times on the low-speed bus, but that wasn't as critical (well, your instrument panel or radio might go wonky, but critical components run a high speed bus)
In other words... (Score:2)
...if you jam a network, it will stop working. Whoever figures out how to avoid that will win a Nobel. And a position of headmaster at Hogwarts.
It's called a human driver. (Score:2)
Yes, there are also several other, less dangerous flaws involving frame droppage, but the human driver is the most dangerous, unpatchable flaw in modern vehicles.
Re: (Score:2)
Interestingly, in other news that might be patched soon by self-driving cars. And civilians in many cases might eventually be limited to small, light vehicles for manual control.
Another one? (Score:2)
If someone has access to the CAN bus, you are already pwned. It is not much of a flaw, except don't let hostile applications or hardware have direct access to the CAN bus. This is like saying PCs have a flaw, because something plugged in the PCIe bus can do bad things.
Re: (Score:2)
But it IS an unpatchable flat that affects most of todays modern computers!
Simply connecting a device to the PCIe bus exposes your entire memory contents!
All you need to do to remotely access that is find a vulnerability in the kernel!
Sorry, No (Score:2)
There is no such things as an unfixable flaw in a car. It all has to do with how much money you have and how much of it you are willing to spend to fix the issue.
Cars don't need a networked ECU. (Score:3)
What's the worst that could happen? (Score:2)
I have a car with a CAN network (two networks actually, with the gauge cluster acting as a gateway between the fast and slow networks)
The only thing the ABS control use uses the CAN bus for is to illuminate the warning lights on the gauge cluster.
The control unit is directly connected to the wheel speed sensors and valves.
The engine ECU and transmission ECU are actually the same thing, so there is no issue with that. If it wasn't auto-transmissions go in to limp home mode if they detect failure and still wo
A few other options (Score:2)
There are a few older and more popular options for attackers with local access to disable your brakes. The most popular uses a knife.
Remotely? Well, connecting a local control bus to the internet certainly is a flaw.
CAN was not designed with security in mind (Score:2)
CAN is not a secure bus. And it was never meant to be one. CAN, when it was invented, was to be a lightweight bus system that connects internal car systems. And as such it works perfectly. At its conception, there was neither any kind of provision to make it "user space safe" nor was any form of wireless connection to it foreseen.
And if you use it as such it is a great bus system and does its job. Of course if you let marketing run amok, well, you get what you get when you let marketing amok. I highly doubt
Re: (Score:3)
Well, you have found the problem: "not accessible from the outside."
Car makers have jumped on the "smart everything" revolution, so they built devices into the cars that can bridge CAN with cell phone networks (On-Star, for example). If you own the On-Star, you can do pretty much whatever you want.
The problem is not with CAN, however. The problem is with the typical crappy security between things that bridge CAN to other data sources.
The one thing to remember about CAN is that it is a SHARED BUS. There i
Re: (Score:2)
So don't plug shit into it. When you wire a new car stereo, plug in speakers, antenna, power, "memory" power, ground, and that's it! Maybe a CD changer or something. Don't plug into the car's control systems. Problem solved! If you don't trust the stereo that came with the car, don't get the entertainment option just install your own.
My question is, why are people using electronic doodads given to them by a car manufacturer, just because they're in the car? If you want doodads, choose your own doodads. Use
Re: (Score:2)
You don't have to plug anything into it. All of that stuff is already built-in. GM cars already have On-Star built-in. Every car has a remote door unlocker (and maybe engine starter) built in. Many entertainment systems also include Bluetooth. These are all potential intrusion points, and there even before you drive the car off of the lot.
Re: (Score:2)
Not all cars require installation of OnStar, that is crazy. You do realize I can make it up out of the basement to look around, and even drive my own car sometimes, right?
You may not know how your remote door locks work, but I do know how mine work.
I also know how bluetooth works. And if your bluetooth car stereo is connected to your ECM, you have other problems.
If you don't know how any of the technology works, no, that does not make everything an intrusion point.
Re: (Score:2)
Yes, a PHY could detect continuous transmission by simply having a time-out.
Or clever software could keep on turning transmission on and off to fool the timer.
How would you prevent a device from sending packet of a higher priority or sending packets from a different address to spoof the data? While it might be possible, it would mean putting a LOT more smarts into the PHY -- such as the ability to actually partially decode packets, and all of the configuration that goes with it.
Think of a bank vault -- do
Re: (Score:2)
When I was 14, I was banned from a radio shack for returning charged caps.
Re: (Score:2)
That's not really true, nothing about the "exploit" allows for remote access. If you have *another* exploit that allows remote access (remote access that allows you to directly manipulate CAN frames, to be specific), you can then use it, but the "flaw" has no remote accessibility.
Note that calling it a "flaw" or "exploit" is a bit hyperbolic: that's a bit like calling "rm -rf --no-preserve-root" an exploit because someone with root access can use it to wipe your computer. Yeah, no shit someone with low-lev
Re: (Score:2)
It depends on what the goal of the attacker is. If your goal is simply to destroy the vehicle or make it immobile, then sure a sledgehammer and a knife will do a better and faster job if you have physical access to the car.
If your goal is to for example assassinate someone and make it look like an accident, then it may be a different story
Re: (Score:2)
There is no hypothetical vector for disabling the brakes. There is a hypothetical vector for turning off the anti-lock function. Big deal.
When these sensors fail (which is what this hypothetical attack simulates), the computer turns off the affected system and lights the malfunction lamp. That is all that happens.
A failed airbag system does not cause you to crash, it just makes it more dangerous if you DO crash.
Which do you think is more likely to happen: some wiring gets corroded and the computer start
Re:All of these have this flaw (Score:5, Insightful)
Almost all of the older machine control style buses have this exact flaw. NONE of them authenticate. All of them can be MITM very easily. Most IoT systems out there are predicated on the fact that they can do this.
You think it is bad? No, its worse than that. I try not to think about it much.
Doesn't bother me at all. With or without this flaw, people can sabotage your car. In this case, they have to have the technology, knowhow, access and motive to exploit the flaw. Why would they take the difficult path when there are much easier ways to F with your car?
Re:All of these have this flaw (Score:5, Interesting)
Except that as infotainment systems get more complex and more heavily integrated with the vehicle's CANBUS system and with the Internet via cellular networks, suddenly the possibility that someone can sabotage your car without having ever come within a thousand miles of you becomes a real prospect. Now add drive-by-wire where the vehicle controls are just inputs and the computer more directly controls acceleration, braking, and even steering, and you've got a recipe for a disaster if someone figures out how to exploit all models of a manufacturer with the same flaw. Imagine if all Honda Accords with lane-departure and adaptive cruise control suddenly accelerate at full-speed for five seconds then suddenly turn fifteen degrees to the left. If an attack like that was successful it would probably hurt or kill thousands of people.
Re: (Score:2)
Re: (Score:3)
>you are into fully autonomous driving ...
I didn't see anything about that - all they initially mentioned was "drive by wire", where there's no direct mechanical linkage between the driver and the car - something which is becoming increasingly common. Just that, and an internet-connected... anything on the same bus, and a hijacker could potentially crash the car at will. Lane assist, etc. might make the attack easier, but then again all they really have to do is spoof the gas pedal sending a "maximu
Re: (Score:2)
It might not be that hard, but it doesn't mean auto manufacturers have been following those standards. Just look into the Jeep Liberty hack from a couple years ago.
Valid point, but even then the hack was only performed in what was basically a lab setting, with the hackers having physical access to the car.
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
This exploit may require local access, but the more constant connectivity there is in cars, the higher the risk of remote exploits. Then, instead of one person fucking with one other person's car locally at 3am, one person can fuck with 60 million people's cars from across the world.
Centralization is something both companies and consumers are in love with, but it brings major risk factors.
Re: (Score:3, Interesting)
Because all they need to do is send a malicious RDS message through the FM network to a vulnerable car radio. Many radios are on the CANBUS these days, and it is highly unlikely that the developers of the radio software care about security or that secure channels for expedient software updates were designed in.
However, there are much more exciting things that you can do once you're on the CANBUS, instead of just shutting down ABS.
Re: (Score:2)
Because all they need to do is send a malicious RDS message through the FM network to a vulnerable car radio. Many radios are on the CANBUS these days, and it is highly unlikely that the developers of the radio software care about security or that secure channels for expedient software updates were designed in.
Given that the RDS protocol is really simple, I really doubt you can p0wn a car radio through RDS. Fixed message sizes and few undefined bits make it almost trivial to implement robust parsers for the protocol. You'll have to find another weakness, I think.
Re: (Score:2)
Because all they need to do is send a malicious RDS message through the FM network to a vulnerable car radio. Many radios are on the CANBUS these days, and it is highly unlikely that the developers of the radio software care about security or that secure channels for expedient software updates were designed in.
However, there are much more exciting things that you can do once you're on the CANBUS, instead of just shutting down ABS.
But, to my point, if its so easy why isn't it happening in the real world?
Re: (Score:3)
The vulnerability affects the petrol tank that's deployed in modern cars and used to hold fuel that runs the vehicle's internal components. The flaw was discovered by college students everywhere, and involves pouring sugar into it. Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a petrol tank standard design choice that makes it unpatchable.
Then there's the "penknife in the side wall of the tires" flaw, the "pull the distributor cap/spark plugs/ignition wiring flaw", the ...
Re: (Score:2)
If your car is worth anything at all, odds are someone will desire to take it. I've seen videos of people stealing various makes of BMW via diag hacks, made easier by alarm blind spots. And it's not limited to high-ish end makes; bog-standard hondas, vws, and fords are stolen and stripped all the time.
It gets much easier with "OnStar"... that's a radio with complete control of the car.
The topic was more sabotage than theft. But car thefts have reduced significantly with new technology in place. Stealing cars now is a lot harder than its ever been, and the type of theft you describe is quite rare relative to overall theft numbers.
Re:All of these have this flaw (Score:4, Informative)
Most IoT systems out there are predicated on the fact that they can do this.
That's only one flaw in IoT. There are many others especially when consumer and commercial products connect to the vendor's central management instead of to the customer's central management. Those flaws include having to have an untrusted device on one's network that has to be able to communicate with the Internet, having software that might not be readily patched yet may be running on a consumer-grade OS, and any vulnerabilities affecting the vendor's central management.
Daktronics, I'm looking at you.
Re: (Score:2)
Re: (Score:3)
But it requires LOCAL access. They could remotely disable the brakes after first installing a remote controlled device into the car. For christ sake, they could do that anyway, if they have local access and can install things in the car, they could just disable the brakes....
Re: (Score:2)
Jeep already had a widely publicized issue that let anyone access the can-bus over the net.
All cars are vulnerable to a local access attack, but some might leave the can-bus accessible to the entertainment system which increases the attack surface significantly... Especially if said system is internet connected.
Re: (Score:2)
Almost all of the older machine control style buses have this exact flaw. NONE of them authenticate. All of them can be MITM very easily. Most IoT systems out there are predicated on the fact that they can do this.
You think it is bad? No, its worse than that. I try not to think about it much.
Personally I prefer this to adding unnecessary complexity and the real prospect of vendors wielding it to lock people out of performing their own repairs or modifications.
All manufacturers have to do is cut the transmit line from their lame cellular stalker radios and "infotainment" garbage... of course even that's too hard for these idiots.
Re: (Score:2)
"remote" only in the sense that he might be clinging to your undercarriage instead of crouching down under the driver seat.
Or way over on the passenger side floor, under the dash, where the CAN bus connects to the control computer(s).
Re: (Score:2)
Fill up the oil and check the gas once in a while, yeah, I had a car like that, too...