Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lexus Computers Infected Via Bluetooth

Posted by timothy on from the that's-not-good dept.

Country_hacker writes "SCNews is reporting certain models of Lexus have been found with corrupted operating systems in their on-board computers. Evidently the virus got transferred through the Bluetooth interface. It's still unclear whether or not the computers run Symbian."

9 of 339 comments (clear)

  1. Symbian and Cabir Virus by EggMan2000 · · Score: 5, Informative
    Cabir is transmitted as an SIS file (Symbian distribution file), disguised to be a Caribe Security Manager utility. If the infected file is launched, the telephone screen will display the inscription "Caribe".

    The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.

    Here is a link Caribe

    Anti-virus companies have been warning for some time that mobile networks could be the next targets of virus authors. Mikko Hyppönen, director of anti-virus research at F-Secure, said several months ago that there was a danger of viruses spreading into GPRS networks through USB ports, and that pocket-PC devices would be easy targets for virus coders.

    --
    what? what I thought we were in the trust tree in the nest, were we not?
  2. Here is the bio on the Lasco virus writer by EggMan2000 · · Score: 4, Informative

    This is the guy who wrote the Lasco variant and posted source code online: Marcos Velasco


    --
    what? what I thought we were in the trust tree in the nest, were we not?
  3. Re:Obligatory by QuasiEvil · · Score: 5, Informative

    It almost certainly will still run, unless it's a completely idiotic design. The ECM and/or PCM (engine control module / powertrain control module, whatever these cars call it, the thing that runs the automatic transmission, the injectors, the spark, idle air control, etc.) is almost certainly not attached in any meaningful way to an embedded computer running a known OS. They're all attached to some sort of bus on modern OBD-II cars, but the ECM is usually capable of operating on its own. ECMs and PCMs are usually 8 or 16 bit micros with truly embedded software (read: no conventional OS, written specifically for the application at hand). Modern ones are flash-upgradable, but I highly doubt this would be enabled through any sort of radio interface, and even if it was, it wouldn't be any sort of thing where it could pick up a virus.

    Sounds to me like the fancy mapping stuff and maybe some user interfacing is controlled by the affected computer, not the fundamental powertrain stuff. Any car designer that runs his powertrain off anything but a hardened, reliable, embedded micro is just an idiot, and I can't believe Toyota would do something that dumb.

  4. Re:Obligatory by drinkypoo · · Score: 4, Informative
    The car has a whole separate computer for essentials. These used to run a single program as a matter of course but some of them are now fast enough to run a RTOS instead, and some of the communications protocols used today essentially demand that you have a real OS on there. The cars actually have several computers in them now, and probably have one each for the engine, transmission, skid control, body management, and maybe even separate units to manage power seatbelts. The airbags might have a computer or just some relays, too. Then, there is a computer that manages stuff like navigation and entertainment, and maybe climate control. Oh yeah, that's anoth computer I forgot, climate control. It even has several of its very own sensors and actuators...

    Anyway, all of this stuff is connected together to some degree except the entertainment computer, which probably only connects to the PCM, usually through the BCM, when climate control is managed by it. Seatbelts connect to the BCM, climate control might, airbags will. The ABS will connect to the PCM in cars with traction control and also tell the transmission's computer (connected to the PCM) what to do, as well as modulating throttle via the PCM.

    The car already contains a network of computers, and each one typically is designed to work with its neighbor and only powertrain components directly influence units to which they are not attached. The worst thing you might do to a car like this (in most cases) is screw with the climate control settings.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:Obligatory by TheKubrix · · Score: 2, Informative

    You got it wrong.... it starts as: Up Up Down Down..... you obviously never played the game otherwise it would have been embedded for life ;)

  6. Re:So what? by cheinonen · · Score: 2, Informative

    Reasons why I might want Bluetooth in my car:

    - When someone calls my cell phone, I can his a button to mute the stereo, answer the call, and use my car stereo (with a mic in the car) for taking the call so it doesn't distract me while driving.

    - When Apple finally releases an iPod with Bluetooth, or something similar, just drop it into my car anywhere and start playing tracks off it like it was plugged in.

    Those are two quick, easy reasons that I'd want bluetooth in my car, and I'm sure there are more.

  7. Additional details by Phil+Wherry · · Score: 4, Informative

    I'm a little suspicious of this story.

    I drive an LS430. The navigation system, phone, audio system, and air conditioning control system are driven by a system made by Denso. I can't say with certainty what operating system it's running, but it looks like an evolution of a design they've had going since at least 1998.

    The Bluetooth interface is rather limited. You can use the hands-free capability after pairing it with your phone. You can transfer a phonebook using the OBEX profile. To my knowledge, none of the other Bluetooth profiles are supported--most notably the Object Push Protocol (OPP). In order to get OBEX phonebook transfers to work, you have to put the car phone system into a special mode; it won't just blindly accept transfers--even from paired devices. If this system is running Symbian and is really vulnerable, I wonder if it manifests itself only when attempting to transfer phonebook entries from an infected device.

    The same navigation system is used in a number of cars beyond the Lexus LS430 and LX470. The SC430, GX430, and RX330 use the same Bluetooth system, as does Toyota's Land Cruiser and Prius.

    Phil

  8. Arogant ignorance by ArrayIndexOutOfBound · · Score: 4, Informative

    Symbianite writes to Ron Condon (SC editor) and David Quainton (article author):

    In your article Mobile virus infects Lexus cars by David Quainton a reference is made to Symbian operating system as follows:

    " It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses. "

    Symbian is a MOBILE PHONE operating system and has nothing to do with cars. No car manufacturers are Symbian licensees. This could not have been hard to verify - Symbian's web site (www.symbian.com) clearly lists Symbian licensees.

    Further to this, what you refer to as "various worms and viruses" is actually malware. All existing malware for Symbian is not based on bad code exploits but rather on user's explicitly bypassing security and dismissing security warnings.

    Please ensure that this error is corrected asap. This is bad press for a good company (Symbian) and I am sure they will not waste time in debunking this ignorant rant.

  9. this isn't even a story by wilsynet · · Score: 2, Informative

    The article is full of FUD and contains very little factual content.

    It speculates that the car may run Symbian, or run Windows, or run who knows what? It claims that viruses may infect these operating system but supplies no evidence that any such infection has ever occurred.