
Car hack uses digital-radio broadcasts to seize control - estefan
http://www.bbc.com/news/technology-33622298
======
jcr
see also:
[https://news.ycombinator.com/item?id=9921557](https://news.ycombinator.com/item?id=9921557)

------
anentropic
There's something very wrong when you can control the _brakes_ of the vehicle
via hacking the infotainment system... :(

~~~
nfoz
And the problem is that we're going to blame the hackers, rather than the car
manufacturer for creating such a defective product.

~~~
tomswartz07
I think this is the heart of the argument.

Personally, I find it astonishing that the manufacturer hasn't caught this.

Here's my (probably) unpopular opinion: In the very near future, you might
have to become 'certified' as a programmer for anything that touches the
internet _EDIT: AND has the possibility of killing someone._ Much in the same
way that a regular Joe can't build a bridge over a river without a few Civil
Engineering certifications, a programmer can't make an internet-connected
program that touches the internet and also controls a 2 ton moving vehicle.

There are rookie mistakes, and there are systematic failures; a LOT of these
recent issues seem to be systematic in nature. The easiest fix in that case is
to fix the system.

~~~
krapp
Is is possible the manufacturer is aware.

When Ford released the Pinto, they determined the cost of simply paying out
potential lawsuits for driver deaths would be less than the cost of actually
fixing the cars' tendency to explode when rear-ended, so they just let people
die until the numbers balanced out[0].

Granted, that was a hardware issue and not a software issue, but if the risk
of a class-action lawsuit is involved, and that risk is magnified by a recall
or public awareness of the problem, then the motivation may be the same.

>In the very near future, you might have to become 'certified' as a programmer
for anything that touches the internet.

I think a better option would be to mandate that certain things can't touch
the internet. It would be absurd if I, someone who writes PHP/SQL and C# crud
apps for a living, had to be certified as a systems programmer (or the other
way around.)

The problem to me is the insidious way we as a society have sort of
collectively accepted that connecting things to the internet is inevitable and
always a good idea. Instead of making sure the engineers who connect the car's
brakes and steering to the internet through the radio are competent, how about
_not making that decision to begin with?_

[0][http://www.motherjones.com/politics/1977/09/pinto-
madness](http://www.motherjones.com/politics/1977/09/pinto-madness)

~~~
jameshart
The Pinto analogy is dangerous. The flaw in the Pinto was that when it got
into a certain, common type of collision there was a higher-then-normal chance
that its fuel tank might explode.

The risk was NOT that because of this vulnerability, there was a chance that
bad guys might go around ramming into Pintos to make them explode. Who would
even _do_ that? Or maybe that if you rammed a knitting needle into the back of
a Pinto it would trigger a fuel leak. Well so what? Probably similar issues
exist in any number of cars, but it's not something people would actually _do_
(and if they did it would obviously be criminal), so... that's not really an
engineering flaw.

So the insecurity of infotainment systems in cars is NOT like the Pinto issue.
Nobody is suggesting that when the infotainment system plays a Mariah Carey
song it will, because of a bug, shut off the brakes. Or that during a common
kind of collision, the infotainment system causes the airbags to fail to fire.
No, this is only a risk if someone actively attacks the infotainment system
and deliberately shuts off the brakes, or triggers an acceleration, or
whatever.

There are already ways to physically sabotage a car to make it dangerous to
drive - cut the brake lines, puncture the fuel tank, whatever. Those are, to a
certain way of thinking, security vulnerabilities. If you're someone who is
concerned about people trying to kill you, you probably take extra precautions
to secure your car to mitigate those risks. Ordinary people just park their
car on the street and assume assholes are not going to trigger a slow leak in
their brake fluid.

So why should ordinary people be concerned that someone might install a trojan
in their infotainment system which is going to shut off their brakes on the
highway?

~~~
krapp
The chance may be low, but I think people should be concerned because it
exists at all. It doesn't _have_ to be possible to install a trojan that shuts
off a car's brakes on the highway - that possibility is the result of
engineering choices and compromises which could have, and still could, be
avoided. It doesn't have to be an acceptable level of risk for drivers to take
on themselves, either. That there's little chance of someone taking advantage
of it is irrelevant.

~~~
jameshart
My point is that we're used to thinking of computer security as being an
absolute necessity because, for example, it is of value to a bad guy to simply
take control of a network-connected computer to become part of a botnet. Or to
use it to obtain valuable personal data which passes through the computer. But
I think that leads us to overestimate the risk created by the possibility that
hacker activity could extend to the physical realm, because if a hacker
crosses that line, it has _consequences_.

My car's infotainment system doesn't know my credit card number. It probably
makes a pretty poor botnet member (but even if someone does hack it and turn
it to churning out spam they're not going to be trying to get to the CAN bus).
And there's little value to a badguy in just breaking my car for no reason. If
someone just wants to break cars and hurt people, they can go throw rocks off
an overpass. People do do that, admittedly, but they're not revealing an
engineering flaw in cars by doing so.

If you can use this hack to pop the door locks and override the ignition, then
maybe we should be talking.

------
sschueller
All these reports really makes you wonder if there was foul play in Michael
Hastings accident.

[https://en.m.wikipedia.org/wiki/Michael_Hastings_(journalist...](https://en.m.wikipedia.org/wiki/Michael_Hastings_\(journalist\))

~~~
tomswartz07
> Former U.S. National Coordinator for Security, Infrastructure Protection,
> and Counter-terrorism Richard A. Clarke said that what is known about the
> crash is "consistent with a car cyber attack".

Holy moly.

~~~
maxerickson
He is circumspect in his full comments, in context the text quoted in
Wikipedia is not a positive statement that it was a cyber attack.

[http://www.huffingtonpost.com/2013/06/24/michael-hastings-
ca...](http://www.huffingtonpost.com/2013/06/24/michael-hastings-car-
hacked_n_3492339.html)

------
motters
Sadly, accidents are probably going to happen before infotainment gets
decoupled from CAN bus. You don't just need a firewall, those need to be on
physically separate networks.

~~~
maxerickson
I don't think there will ever be a recall to separate them in shipped
vehicles.

~~~
jerf
No. It's de facto impossible. If all I had to worry about was the software
alone I would despair of ever correcting this in a reasonable period of time;
to also have to overcome fundamental hardware challenges? Not a chance.

For a long time I've wondered what would prove to be Security-Pocalypse that
finally convinces everybody that this is a real problem. This is not yet it.
But if somebody takes one of these attacks and gets... "creative"... in those
ways that aren't really that hard to come up with but I hate to actually spell
out online (it's scary to think too hard about this... there's no possible way
these vulns could be closed before a bad actor could... be very bad...)...
_that_ could become the moment the 21st century finally realized that secure
code is no longer optional.

That will be one hell of a shakeup.

~~~
motters
It is scary to think about because automated exploits could perhaps be scaled
up and cause real mayhem. Hopefully it doesn't have to get that far before
some elementary redesign of network architecture inside of vehicles. It's not
rocket science. Just separate the safety critical network (which include
brakes, steering, etc) from the non critical information and entertainment
network.

------
mnglkhn2
The auto industry will very quickly have to learn from the aviation industry
in terms of integrating all these diverse information systems safely and
securely. One difference is that cars are way more accessible than planes to
be tampered with and hence the security systems will most likely have to be
seriously hardened.

EDIT: please take "integrate" to mean to properly place each system on its own
space and then surface the necessary APIs in a secure fashion. Of course
physical separation of entertainment and car systems is the logical step, and
it comes from the aviation industry.

~~~
djrogers
No NO No NO NO!

There is no justifiable reason for these things to be integrated _at all_.
Yes, it saves the mfr some $$, but people can DIE because of this stupidity.

As recent events have shown, the aviation industry hasn't integrated these
systems securely - they're just harder to get to so it took a while before
people started discovering their flaws -
[http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-
computer-...](http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-
systems/)

Secure integration is not possible - the only right way for companies as inept
as legacy auto makers to do this is for the systems to be separated.

------
jamesbrownuhh
I see.

"NCC's work - which has been restricted to its labs..."

"Mr Davis said he had simulated his DAB-based attack only on equipment in his
company's buildings..."

"But he added that he had previously compromised a real vehicle's automatic-
braking system ... by modifying an infotainment system, and _he believed_ this
_could be_ replicated via a DAB broadcast."

So basically this is one of those non-stories where a researcher looking for
some press coverage broadcasts a custom radio station with a name like 'LOL I
HAKD UR CAR', then shows it - in an office - to a zero-knowledge reporter who
is immediately impressed as if it was a demonstration of anything at all.
Whereas actually it's just some bloke in an office saying "well I'm sure this
is possible, I've never done it, obviously."

I'm reminded of the words of Travis Goodspeed... Proof Of Concept or GTFO.

------
romaniv
I'm tired of articles that explain absolutely nothing about the actual
methodology of the hack.

Does Jeep Cherokee have separate buses for high-speed controller and low-speed
infotainment CAN? (That's the usual setup.) What controller acts as the
gateway between them? Is it read-write (which would be incredibly dumb) or did
they actually hack that controller after hacking infotainment?

I had shown similar articles/research papers to my friends working in
automotive. They pointed out several factual mistakes and said it's generic
fluff with no meaningful technical details. (See the questions above.)

If realistically exploitable, these vulnerabilities are serious stuff.
Hackers/journalists need to get their shit together and communicate these
findings in an appropriate way. 99.9% of automotive engineers do not go to
Black Hat conference.

~~~
lawnchair_larry
See the wired article.

~~~
romaniv
I saw it. It doesn't answer any of the questions above. The fact that they
were able to hack an infotainment system connected to the internet is not
surprising. Anyone who knows how those things are written sort of assumed that
this was possible.

The noteworthy part of this is being able to bridge the gap between the two
CAN networks, and it's not explained in any way.

~~~
mzs
The thing is that your questions aren't really very applicable. For example if
there is a high speed and low speed CAN bus or just one really does not matter
cause of details about how it works. Also that applies to the question about
read/write/modify - that's not really how CAN bus works at all, it's more like
commands and there are some nifty ways to filter, like codes needed. For
yesterday's article it boils down to modules not doing careful enough
verification and likely a really boneheaded in hindsight mistake in the
Uconnect software. The talks will be great resources for a lot of people, I'm
eagerly awaiting them.

~~~
romaniv
_For example if there is a high speed and low speed CAN bus or just one really
does not matter cause of details about how it works._

It matters a lot. Typically, there is a gateway (in body or chassis
controller) between the two (or three) buses. It puts some messages from the
controller bus onto infotainment bus, but not the other way around. It's done
specifically to prevent infotainment systems interfering with workings of the
car.

If Jeep has everything running on the same bus, it's incredibly stupid.

~~~
mzs
That is a bit over simplified. In practice more is passed, but for example the
ECU ignores based on rules like RPM above X, TCM not in P, and so on. There is
pressure to move to a single high speed bus and modules that pass messages
based on priority and time.

------
estefan
> The UK's Society of Motor Manufacturers and Traders has responded by saying
> that car companies "invest billions of pounds to keep vehicles secure as
> possible".

Well they haven't done a particularly good job.

Anyone else spooked that this has come out of a security company based in
Cheltenham (where GCHQ is...)?

~~~
Lawtonfogle
>invest billions of pounds to keep vehicles secure as possible

ORLY? Can I ask them to point me to billions of expenditures done to ensure
security that had no other purpose. Unless they are talking physical security
like crash safety, I don't think they have spent billions they would've
otherwise saved by not developing secure systems in the cars.

------
wil421
The article talks about taking control of a Jeep Cherokee yet the captions
shows a Jeep Grand Cherokee.

Does anyone know if the exploit is across the whole line with U-Connect? I
plan on purchasing a Grand Cherokee but I may wait and see how this plays out
(or get an older model).

~~~
tomswartz07
If it's related to the article from the other day, then yes;

It appears that they're gaining access via UConnect, which is connected to
TMobile's cell phone network. Allegedly, this exploit makes it vulnerable from
anywhere that the vehicle would have TMobile cell coverage.

~~~
maxerickson
Sprint!

(It is mentioned in the terms:
[http://www.driveuconnect.com/terms/](http://www.driveuconnect.com/terms/) )

------
ricky54326
Agreed with one of the comments, why do articles like this never share any
sorts of details about the hack? Is this not a responsible disclosure /
patched?

