Hacker News new | past | comments | ask | show | jobs | submit login

If the LIN bus can access lights, and is bundled up with IMHO unrelated systems like radio/entertainment then that seems wrong by design. I say this as if somebody can remotely control your lights on a car, that in itself at the wrong time could and would prove dangerous.



Lights for instrumentation (inside the car). At least on the systems I worked with. I'm not much of an expert on that bus.

Well, messing with this bus (audio volume.. blinking displays etc) could be disruptive as well, but not as critical as killing the engine.


I had a read up upon LIN https://en.wikipedia.org/wiki/Local_Interconnect_Network

Was introduced as a cheaper alternative to CAN, and to be used for non-critical aspects of cars (intended). Though seat controls are listed as common use for it. Which with some occupants and cars with the seatbelt - would enable the seat to pull the driver away from the controls. So whilst not directly deemed critical - certainly a vector of concern in some permutations of seat/driver position (thinking large 4x4's driven by small people who end up having the seat fully forward and raised, as an example).

My initial concern was the main lights, though as you cleared that up to just internal lighting - that again could prove a problem as dark roads, a sudden change in internal lighting would from internal glare reduce visibility.

Biggest take away is that the LIN bus has no form of encryption and the only verification would be checksums upon the data packet.

I'm sure we will read more about LIN over the years as the ability for car makers to cut-corners is not unheard of and as LIN is cheaper to implement than CAM, can see how that may well play out.


>Though seat controls are listed as common use for it. Which with some occupants and cars with the seatbelt - would enable the seat to pull the driver away from the controls. So whilst not directly deemed critical - certainly a vector of concern in some permutations of seat/driver position (thinking large 4x4's driven by small people who end up having the seat fully forward and raised, as an example).

Combine seat adjustment with GPS position reporting and you could devise a way to make a targeted person lose control, without taking control of "critical" systems, exactly as they're crossing a bridge.

Suddenly I feel the urge to Faraday-cage my car.


I expect we will see that in a movie/thriller next year


I work in one of the big 3's there is significant push to physically isolate all the CAN buses. The guys that hacked into Jeep were ex-NSA and worked on the hack for more than a year to get it to work. I'm not saying cars are 100% secure, but this sort of attack will take crazy effort and maybe physical access to the car.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: