

Cars hacked through wireless tire sensors - sil3ntmac
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

======
Groxx
> _the tire sensors only send a message every 60-90 seconds, giving attackers
> little opportunity to compromise systems or cause any real damage._

I fail to see how the _normal_ rate of the system at all implies what rate
_can_ be achieved if attempting to hack the system. Unless it's peak receiving
rate is 0.5 baud.

~~~
bajsejohannes
I was equally confused. I assume they must mean that the low frequency makes
it impractical for _tracking_ vehicles.

------
sil3ntmac
According to wikipedia (<http://en.wikipedia.org/wiki/Tire-
pressure_monitoring_system>), most Tire-pressure monitoring systems nowadays
use RF as their communication link.

I'm no EE major, but I do like to tinker with stuff like this... Anyone know
what would be the best way to 'view' the RF signal? Hook something like this
[http://www.mouser.com/ProductDetail/Linx-
Technologies/RXM-43...](http://www.mouser.com/ProductDetail/Linx-
Technologies/RXM-433-LR_/?qs=1hp3elAyKCmAgU90q27DmQ%3d%3d) up to an
oscilloscope?

Edit: This looks pretty useful as well:
[http://focus.ti.com/docs/toolsw/folders/print/ez430-rf2500.h...](http://focus.ti.com/docs/toolsw/folders/print/ez430-rf2500.html)

~~~
silentOpen
<http://gnuradio.org/redmine/wiki/gnuradio>

------
NathanKP
The worst thing about this security flaw is that cars don't really have a good
update system for their OS. You have to take your car in to a dealership to
get the ECU software updated.

If cars were designed so you could plug in an Ethernet cable to update the
firmware, then patches for security flaws like this would be easier to
distribute. With cars becoming more and more computerized we might reach that
point some day.

~~~
js4all
I am not sure, if user service updates are a good idea. This would open a path
to other risks. Anyway, I agree, there is currently no good solution for
updates.

~~~
jonah
Other risks sure, but other benefits as well. Modern ECUs are pretty flexible
and can be reflashed through the ODB-II port with extended functionality. cf.
EMCS: <http://www.goapr.com/products/ecu_upgrade_s4.html>

~~~
TeHCrAzY
Something I use, along a similar line: www.evoscan.com

Don't mind the wall of text website: I think it appeals to the revheads or
something. The software is really quite clever (it can monitor and display
variables from the ecu, along with allowing you to tinker with the software).

------
lr
Ok, I guess I shouldn't feel so bad when I miss a test case or get an
occasional exception in my web apps.

------
wil2k
I've once seen something on TV (iirc Discovery Channel or so) about certain
government agencies using this together with certain antenna's to be able to
track vehicles on the freeway.. so this is not completely new when it comes to
the tracking bit..

------
underscore
The paper is here, I think:
<http://ftp.cse.sc.edu/reports/drafts/2010-002-tpms.pdf>

(I didn't see a link in the article)

------
heycarsten
With the robustness of modern ECUs I'm surprised that these signals are not
checked before being evaluated. Even my Arduino is capable of doing that.

------
js4all
This is serious. Even bad sensor readings open the system for attacks.

