

Car Hacking Whitepaper and tools released - Moral_
http://blog.ioactive.com/2013/08/car-hacking-content.html

======
ChuckMcM
Some awesome analysis. I need to get wireshark for CAN :-)

Its amazing to me to have seen the transformation of cars from things that
were primarily mechanically controlled to ones that are primarily software +
actuators controlled. A lot more ways to fail. No doubt at some point 'high
speed' chases will no longer be possible when the cops send an SMS to your car
telling it to pull over.

~~~
tomkinstinch
It's amazing how much code goes into all of the microcontrollers and
processors in a modern car. An IEEE article from a couple years ago cited that
a modern luxury car may have 100M+ lines of code controlling it, vs 5.7M for
the F-35 Joint Strike Fighter aircraft (loc is not a great metric, but
still...).[1] The jet plane software is no doubt subjected to more security
scrutiny, but even if cars had the same code quality it seems like there would
be at least a few vulnerabilities in those 100M lines.

Also, if you're curious about interacting with CAN there are a number of
hobbyist transceivers out there[2], or to simply listen a logic analyzer would
do the job[3].

1\. [http://spectrum.ieee.org/green-tech/advanced-cars/this-
car-r...](http://spectrum.ieee.org/green-tech/advanced-cars/this-car-runs-on-
code)

2\.
[https://www.sparkfun.com/products/10039](https://www.sparkfun.com/products/10039)

3\. [http://www.saleae.com/logic16](http://www.saleae.com/logic16)

~~~
kristoffer
A luxury car that has 100M+ lines of code is probably running quite a large
Linux installation for Infotainment. You don't get that amount of code just
for the control software.

~~~
rcxdude
Plus a lot of the controller code will be auto-generated from simulink or
similar.

------
epoxyhockey
Not to be confused with the forthcoming paper from Birmingham's Flavio Garcia
& Dutch researchers Baris Ege & Roel Verdult. That paper focuses on Volkswagen
brands, including Porsche and Bentley. source:
[http://www.theguardian.com/technology/2013/jul/30/car-
hackin...](http://www.theguardian.com/technology/2013/jul/30/car-hacking-
ignition-injunction)

This paper focuses on Ford and Toyota.

------
vladoh
If you have physical access to the car to the extend that you are able to talk
to the CAN bus, you could as well cut the brake fluid lines, corrupt the tires
so they explode when they get hot and the pressure rises, put poison in the
air conditioner or whatever. Sure, fiddling with the electronics gives you
more creative ways to do harm, but the assumption that you have physical
access to the can is a very strong one. Furthermore, some cars have multiple
buses, with the more critical ones being harder to access.

A lot of people are negative about all the electronics, but there is a reason
there are all there. The electronics allow you to have engines that are three
times more powerful than those of 15 years ago and in the same time consume
only half as much fuel. The electronics allow you to measure and control
everything much more precisely.

Also electronics allow you to implement security systems like ABS, ESP and so
one which are really helpful (ABS saved me several times!).

Talking about security of the CAN - one should think that adding more security
means that more powerful ECUs will be required, which means more weight and
more power consumption, which means more fuel consumption. Is it worth it?

One more point for the security - critical ECUs that control steering, brakes,
airbags and so on are required to get the corresponding ASIL (Automotive
Safety Integrity Level) certificates which require a lot of testing and
sometimes redundant sensors (similar to those for airplanes). So it is not
that simple for a ECU to send some false messages on the bus.

~~~
kristoffer
"Talking about security of the CAN - one should think that adding more
security means that more powerful ECUs will be required, which means more
weight and more power consumption, which means more fuel consumption. Is it
worth it?"

Seriously? Even if we added high end embedded processors (e.g. 1 GHz ARM) it
would hardly be noticeably in the car's total weight. Of course automotive
manufacturers will need to think more about security. CAN is a pretty crappy
protocol to start with (security wise at least) ...

~~~
vladoh
I know it sounds absurd, but it really is like this. Typical car ECUs have
about 40-50 MHz processors and there are about 70 ECUs in a modern car.
Imagine switching them all to 1GHz ARM cores - how much more expensive it will
be and how much more space you will need. You will also most probably need
bigger PCBs and cooling and there comes the additional weight.

Also the CAN protocol may be crappy for development, but allows for more
simple hardware design (connectors, wires etc), which again saves weight. The
cables in a modern car weigh about 50 kg so imagine doubling that in order to
use a better protocol - this would be like always driving with one more
passenger.

Such things may look small, but they quickly add up...

------
j2d3
Something similar to this stuff is possibly how Michael Hastings was
assassinated in Los Angeles, June 18, 2013.

There is a current HN thread about this:
[https://news.ycombinator.com/item?id=6162450](https://news.ycombinator.com/item?id=6162450)

~~~
j2d3
Also, google "Boston Brakes Michael Hastings" and you'll find a lot of
speculation along these lines with a lot of significant support for the idea.
Strikes me that a top result was an article from the Atlantic about how the
FBI doesn't buy this "conspiracy theory" \- but what if the "big story"
Hastings was talking about being onto right before he was killed was the one
that just came out about the FBI + DEA spying on people. Hrmmm.

------
ivanbrussik
can someone help me roll back my Mercedes mileage before my lease ends :--)

------
ivanbrussik
didn't this car hacker know to change the title of his "microsoft word"
document before converting to PDF.

