
Car hackers can kill brakes, engine, and more - abennett
http://www.itworld.com/security/107771/car-hackers-can-kill-brakes-engine-and-more
======
maukdaddy
News at 11: Physical access allows total control! More on this amazing
story...

~~~
ccc3
From the article:

 _But as they look at all of the wireless and Internet-enabled systems the
auto industry is dreaming up for tomorrow's cars, they see some serious areas
for concern._

Yes, it is a bit absurd to be concerned about somebody planting a laptop in
your car then gaining control. They could just cut the brake lines without
even having to get into the car. The point is that cars in the future will
have wireless connections and be able to send diagnostic reports over this
connection. That will create some level of connection between the vehicle's
sensors and a network outside of the car. In fact, it's almost certain that
some vehicle systems will be controlled by inputs from an external connection.
Can you imagine every airbag in southern California simultaneously deploying?

The auto industry has never really had to consider this type of network
security in their software. I think it's in everyone's best interest if they
start thinking about it.

~~~
jrwoodruff
Not even the future. I'm pretty sure General Motor's OnStar service does most
of this already.

THAT would be an interesting test.

------
lutorm
Brakes are mechanical systems. Can anyone figure out how the computer could
even begin to disable them? I guess one could imagine the ABS module could be
used to cut out the brakes permanently instead of pulsing them. (Maybe this is
another reason people should learn to brake properly instead of relying on
dumbing-down systems... ;-)

~~~
roc
Just about anything with ABS or traction control has a digital override of the
drivers intent. That was the big fact people seemed to overlook during the
Toyota-acceleration fiasco.

I wasn't nearly as concerned about the actual problem as I was about the
computer deciding a brake instruction from the user should be _ignored_.
Modified, certainly. But _ignored_?

It boggles the mind.

~~~
jrwoodruff
I don't remember hearing this, mainstream media was so focused on floor mats
and sticky accelerators and what not. Are you saying that while the car was
accelerating the computer overrode the driver braking and failed to apply any
brakes? Source?

------
bcl
All new cars have diagnostic ports using open protocols.
<http://www.obdii.com/> has some of the details. They use the CAN bus so it
would be fairly easy to attach a small microcontroller with CAN support and an
802.11 or GSM module to give you remote access.

I'm not sure how well documented the control protocols are (stopping car,
turning off brakes, etc.) but it is apparent from this article that they can
be discovered.

~~~
go37pi
The control protocols are not well documented at all, starting in 1996, all
cars are required to have OBD ports.

The manufacturers don't want people to know the control protocols for various
reasons (security, manufacturers make money selling repair materials and codes
to repair shops, licensing codes to third parties etc.)

But it is possible to discover the control protocols, a friend and I worked on
it for his Toyota Yaris I think by monitoring all the outputs from the OBD and
changing a status (locking a door) and watching what bits change. We got a lot
of equipment and help from a professor at school. We used a GPS and ended up
making a little app that monitored where the car went, its speed, and various
car statuses on google maps. There's a lot of info out on the Toyota Prius if
you feel like getting started.

------
tptacek
I yield to no man in the gravity and intensity of my fanboyish appreciation of
Stefan Savage, but... people have been hacking engine ECUs (for benefits) for
decades. Meanwhile, if I want to kill someone, I'm just going to cut lines
inside the car. You know, like they did in Hitchcock movies?

~~~
NateLawson
You may not be up on the latest car designs, but attaching the ECU to the
Internet is indeed a problem. Preemptive response: no a firewall is _not_ the
correct answer to this problem.

------
JohnThomas
It's called OnStar: remote disable, and more, all at the click of a command
key. I've been waiting to see news of a car-theft ring using OnStar to steal
cars.

------
dthakur
"the security researchers say that by connecting to a standard diagnostic
computer port included in late-model cars"

If the objective is just to kill brakes/turn off the engine, there are easier
techniques.

I remember reading about a $200 handheld EMP weapon that achieve this (can't
find the link right now).

~~~
wendroid
brick -> windshield works pretty good too

~~~
jacquesm
How does that kill the brakes or turn off the engine?

------
johngalt
My carbureted 1970's chevy pickup is looking better and better /s

This is obviously a hit piece. The mechanical systems of a car are more
hackable than the computer (bleeder valves anyone?). We might as well be
concerned about people bending railroad tracks.

I'll agree at some point there will be a huge news generating security issue
that will wake up manufacturers, but people are so paranoid about
cars/computers that I doubt it will be a continuing problem.

------
TeHCrAzY
This seems like a little bit of FUD. This isn't any different from hooking up
a device to the brakes that receives a mobile signal and stops them from
working mechanically.

~~~
watty
I agree, it'd be nice to know how much easier it is (if at all) to mount an
tie in a computer to their car. They do make a good point:

"But as they look at all of the wireless and Internet-enabled systems the auto
industry is dreaming up for tomorrow's cars, they see some serious areas for
concern."

~~~
jerf
_Hopefully_ , the wireless and Internet-enabled systems will be completely
isolated from the CAN-bus.

At first I hoped it would be air-gap isolated, but after I thought about it
for a bit I realized that's not possible. In particular, one obvious
application for the Internet is playing network MP3s to your car radio, which
is also pretty intimately tied into the CAN-bus in modern designs. So while
there may not be an "official" path from Internet->CAN-bus, it's one buffer
overflow in the car radio away from working, probably. And what are the
flerking odds that the car radio is implemented in anything other than (
_spit_ ) C, which in the hands of embedded engineers who haven't had to think
about security for decades pretty much guarantees buffer overflows will
abound?

And of course if we're going to implement remote condition monitoring in the
style of OnStar, there may very well be direct Internet<->CAN-bus
interconnects built right in.

I'm sort of regretting having taken the time out to think about this. Now I'm
scared.

~~~
zenocon
Speaking from a little bit of experience in this area...these networks are
often not isolated. It depends on the vehicle and network architecture, but
there are valid business reasons for getting at the entire network through Wi-
Fi.

Buffer exploits in C aren't the issue. The issue is cracking the weak
encryption scheme, and figuring out the unpublished sequence of CAN bits to
send that do things like lock/unlock doors or change the powertrain
calibrations. OEMs try to hold this info close to the vest for obvious
reasons, but there is a large subculture out there reverse engineering it.

------
jcromartie
OBDII has been around for a while. Also, bolt cutters are a far more efficient
way to do this.

------
eliot_sykes
If you're paranoid about this, consider driving a classic car.

------
wendroid
When I sit in my car I can also apply the brakes, turn the heater on / off,
switch to maximum volume, open the windows, heck I can even drive it into a
tree !!

