Slashdot Mirror
Lexus Computers Infected Via Bluetooth
Country_hacker writes "SCNews is reporting certain models of Lexus have been found with corrupted operating systems in their on-board computers. Evidently the virus got transferred through the Bluetooth interface. It's still unclear whether or not the computers run Symbian."
Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.
So maybe this thing is running Windows? In this case, we already have a solution.
And shouldn't vehicle have a read-only section just for the essentials? So that even the main system is down, the car will detach the OS and still function like a, like a, car?
Rock that crushes, Paper & Scissors that don't matter.
The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.
Here is a link Caribe
Anti-virus companies have been warning for some time that mobile networks could be the next targets of virus authors. Mikko Hyppönen, director of anti-virus research at F-Secure, said several months ago that there was a danger of viruses spreading into GPRS networks through USB ports, and that pocket-PC devices would be easy targets for virus coders.
what? what I thought we were in the trust tree in the nest, were we not?
Proof that like seeks like when it comes to reliability.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
From the article:
"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems
"Aeroplanes"
Adorable. Absolutely adorable. Where did they get this guy, from 1938? I think the last time I saw that word was in a Jules Verne novel or something.
Brits love spelling things like that as a way because they know how much it pisses Americans off.
But british men make me uncomfortable. They throw off my gaydar. I never can tell whether they are really, really British or just really, really gay.
He does work for a Finnish company, so that explains alot. Did you ever notice that there is no body more british than someone who USED to live in Britain?
Mod down people who tell people how to mod in their sigs
It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses.
This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here. What I do see are large privacy implications and holes for infection... We are worried about RFID tags and readers installed along the highway? Why they don't even need to add the RFID tags to the wheels. Just have all the car's devices communicating through Bluetooth. The car owners think their sweet, overpriced, GPS navigation system is badass and the government gets to see where you were going, how fast you were going, and where you are going to. Perfect.
"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure. "Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."
While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.
For now I'm sticking to my handheld GPS and windshield mounts. The only way it can be infected is if I sneeze on it and the only way that someone else could read it from 15 feet away would be with binoculars or a telephoto lens.
BTW, Bill Roehl is a known Saturn owner. He traded one in for another in 2002. That information is about as useful as knowing Bill Gates auctioned his 1999 (non BT equipped) Lexus off for charity.
That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?
for driving one of these tech-encrusted things when a good old-fashioned CAR will do the job.
sulli
RTFJ.
That definately show interoperability, but I have to wonder if the virus is bluetooth qualified?
Oh yeah. All of you waffling on about "Microsoft never fixes their browser" can get a big bowl, pour all your words into it, and tuck in:
http://secunia.com/product/4227/#advisories
Six UNFIXED vulnerabilities dating back several months.
"oh but yeah but like microsofts are bigger and no but they suck and they make it all crap and they dont know how to program"
SHUT THE FUCK UP.
Firefox isn't something I'll be showing to my boss with a record like this. I don't give a shit about the usual anti-MS rhetoric - Firefox holes go unpatched, and that's that.
... to be late for work, because the 'flat tire' excuse is so passe.
Kitt: Michael. What are you doing? Stop ... Stop ... Daisy daisy. Tell me your answ ......
"It's difficult to meditate on amphetamines." - Joe Walsh
This is the guy who wrote the Lasco variant and posted source code online: Marcos Velasco
what? what I thought we were in the trust tree in the nest, were we not?
I guess you could say that it's more than just a "Bug" on the windshield.
"The Matrix has you."
"Last year the Slammer worm infected 13,000 Bank of America ATMs as a result of them moving to a Windows-based operating system."
Only this time, you don't have a reset button or three-fingered salute available to you to clean out the memory.
About the only advantage here is that unless someone is able to write to the flash ROM or BIOS or whatever they use to store settings, it should go away if you simply disconnect the battery, let it sit for a few minutes, then reconnect and restart... unless you need some kind of specialized tool that only the dealers will have.
Two words: Aegis Cruiser
OCO is Loco
I rather doubt the OS in the vehicle is covering critical components such as breaking. The thought of a mobile virus is disturbing though.
Gimme that booze you little pumpkin pie hair cutted freak!
cars of today are too complicated...
i miss the days when a automobile was just a riding lawnmower with a windshield...
Get the facts muthafucka!
The first incidence of a drive-by virus!
Using the code to inspire a car to:
- Flash obscene messages in morse code through the brake light
- Warn of imminent empty tank, then say 'Just kidding' on the information center display.
- Mess with the volume of the radio subtly, if it uses CANbus.
- Lock the doors while playing a WAV of cackling laughter through the NAV system's audio interface.
If you avoid the obvious 'rofl make teh car crash like windows lololololol omfg' ideas, there should be lots of fun things you could do with the security hole this virus uses.
I always thought thoses Sybians were dirty. That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?
I hope you meant to say: Who the heck drives around with one in her car though?
a common counter to mac and linux's lack of exploits is that it's not worth infectors' time, that windows' ubiquity makes it the favorite target and that mac/linux's lack of exploits is not necessarily due to their inherent superiority in design.
well, if lexus cars, which must number far fewer than mac/linux computers and can only be infected from close physical proximity (much less convenient than attacking over the network), are targeted for infection, what gives?
Bluetooth bites! Windows sucks! Lexus rocks! Bad combo man!
and buy tin foil in bulk, it's gonna take a lot to protect my car...
Seriously, can the infected car infect another car that's sitting next to it at a stop light? Or people who are walking by it in the crosswalk?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Good thing I am an open source developer and can't afford Lexi. Kia Rio is pretty good for me, thank you very much.
But I can now laugh at my former boss, who uses Windows every day and drives Lexus to work. Another bad day for him, haha.
Perhaps this could explain why Lexus owners can't drive!
well if the virus can infect the cars "operating system" what would stop it from trying to get into the onstar system? It would be pretty nasty to have your car get turned off remotely while driving.
To eventually use computer hardware and software that's too well known and vulnerable? It's the Praetorians from The Net. They want to get their Gatekeeper software onto all military hardware.
running a sybian /funny
is going to cause infection.
Ah great! I was actually wondering what Kapersky would find as a new whistleblowing topic for this month.
Not a bad one this Lexus thing. And he AGAIN got the Slashdot attention. And AGAIN more publicity, although I have yet to hear anything from Kapersky that would be of any real interest.
In Soviet Russia, Kapersky OWNS Slashdot. But well...nevermind, he's an insensitive clod.
From TFA "I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems,"
Please tell me this is not true.
Get a horse!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Calm down folks. I've seen plenty of cool looking computers built in to aircraft instrument panels. Yes, some of them run Windows.
First, you can be assured that they only update via a firmware media card such as SDRAM. Nobody's going to point a Bluetooth antenna at an airplane and knock it out of the sky.
Second, of the gripes that most of you have about Windows, the majority and the most egregious behaviors have to do with what happens when you network these things to insecure places. Windows has actually become quite stable in the last few releases. In a stand-alone configuration these systems are fairly reliable platforms.
Third, most pilots rarely get in to the down and dirty features of their displays. They don't have the time, nor do most of them care enough to learn any more than they need to get the airplane safely from point A to point B. You can say one thing for certain about Windows: the path is well worn. As long as you are doing relatively conventional stuff, it will serve you well.
Fourth, these are just navigation boxes. There are backup instruments. If a navigation computer dies, there will be other resources to navigate with. There are very few things in the panel of the airplane which do not have a backup of some sort --particularly where the avionics stack is concerned.
I say this as one who really doesn't like using or programming with Windows. Like any tool, it has its flaws; though when properly used, it can be quite safe.
Nearly fifty percent of all graduates come from the bottom half of the class!
Corpse tu8ned ,over
The machines are rising. Turning on thier masters!!
It is better to be the hammer than the anvil.
The Cylons were unavailable for comment.
http://shit.slashdot.org/article.pl?sid=05/01/26/1 88224
ever heard of traction control??
Bluetooth is a known security nightmare. It was BORN BAD. After all the experience with hackers and worms etc the industry learned NOTHING.
Bluetooth HAS to have streaming crypto and verification ala Bruce Schneier's Helix.
The fact that it hasn't is CRIMINALLY IRRESPONSIBLE and typical of an industry that just doesn't get it.
Mumia Abu-Jamal is *laughably guilty*. Check the evidence.
...street gangs have been reported to tote Bluetooth-enabled notebook computers instead of firearms.
Dedicated Linux servers (root access) $45 p.M.
I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems
... but we don't. This is the Navigational System- and it isn't clear that it was adversely affected by the virus! I'm glad they caught this now, BEFORE it caused major problems.
He's (probably) talking about in the cabin. If that's the case, so what? Worst case: passengers can't watch the inflight movie. (I might even be grateful for that)
Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do...
One of the BIG things drummed into me during flight training was: fly the airplane. It doesn't matter if the nav systems are acting up. The same applies to automobiles. (Though I'm sure there will be accidents "caused" by crashed Nav. systems)
Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.
I can't decide if this a non-sequitir, or a wonderfully subversive way to relate insecurity and viruses with Microsoft/Bill Gates.
I hope they sort this out before al-Qaeda learns how to remote-carjack these vehicles...
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
1966-68 or so.
They're entirely mechanical, the aftermarket is huge, and they're fairly reliable.
--
the strongest word is still the word "free"
"It's still unclear whether or not the computers run Symbian."
Does 'timothy' have a disability that makes their car look like a mobile phone? Symbian is a mobile phone OS. It does not get put into cars.
Granted, there is a very tenuous link in the article between two completely different products both being compromised via Bluetooth, but that does not automatically mean they are the same.
It would be just as valid to suggest that the car runs Linux, because it's possible to transfer a trojan app between two Linux machines via Bluetooth.
Microsoft Windows XP is the most secure and versatile operating system ever.
Sex toys that take command-line arguments? Try sybian /fast /strong and tell us how that experience went.
You can hold down the "B" button for continuous firing.
If it was running Windows instead, there'd be a pithy comment on the front page and then a couple dozen responses blasting the idiocy of trusting Microsoft.
Whether it runs Symbian is irrelevant.
No, wait. No it's not. There still doesn't exists a single Symbian VIRUS which could SELF-REPLICATE. Because it should be impossible.
If a phone asks you:
a) Random guy is sending you a file, do you want to receive it?
b) This file is an installable application with name XYZ, would you like to install it?
c) The origin of this application could not be verified, unless you trust the source, it is not recommended to install it. Would you like to install it anyway?
d) Application XYZ want's to use bluetooth interface, do you allow this?
Do you answer YES to each of these questions?
I wouldn't.
Anyway, if this one truely replicates without user intervention, there must exists a way to execute the code. What is the normal way to achieve this on PC? Stack/buffer flaw within a privileged process.
Now, I'm going to say something which will come and bite me in the ass: There is no way to execute code 'accidentally' in Symbian.
If you have evidence to the contrary, I'd be most interested in how it is done...
Sorry about my pompous attitude. I'm sure someone will figure something out in the future, but right now, is there a way?
Bot Assisted Blogging
That's just the story the guy came up with when the cop asked him why he was going 80 in a 55 zone.
Remember the days when Republicans were the party of fiscal responsibility?
i always thought these were pretty fancy autos, i was looking at the photo gallery of the LX interier and it still has a friggin casette player when decent autos come with atleast cd players...
Regarding the question whether Symbian is involved: Here's some money for you to make... Load up your phone with all Symbian "viruses" that are out there and see if you can make the challenge!
Sorry for botching my /strong tag. My bad.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
He's (probably) talking about in the cabin. If that's the case, so what? Worst case: passengers can't watch the inflight movie. (I might even be grateful for that)
Worst case? Try the Inescapable Giant Goatse at 30,000 feet!
Does any plane really have enough bags to handle the aftermath?
.. more cheesy 80's cyberjunk predictions come to fruition.
... Space Aliens!!!
cars, with computer viruses. man.
wait, i know whats next, don't tell me, don't tell me
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
I understand that whenever you try and drive your car to a legitimate Lexus service centre, the virus redirects you to that dodgy body shop by the river.
AT&ROFLMAO
You're mistaken. Go read up.
Streaming crypto might be a good idea except Bluetooth was designd to be simple and low power, and crypto doesn't fit that bill.
Just because a Windows machine can be infected doesn't mean TCP/IP is born bad. Sybian is a bad implementation.
Learn.
...because all those WHAT s you'd hear would not be from his new album.
You can hold down the "B" button for continuous firing.
I'm a little suspicious of this story.
I drive an LS430. The navigation system, phone, audio system, and air conditioning control system are driven by a system made by Denso. I can't say with certainty what operating system it's running, but it looks like an evolution of a design they've had going since at least 1998.
The Bluetooth interface is rather limited. You can use the hands-free capability after pairing it with your phone. You can transfer a phonebook using the OBEX profile. To my knowledge, none of the other Bluetooth profiles are supported--most notably the Object Push Protocol (OPP). In order to get OBEX phonebook transfers to work, you have to put the car phone system into a special mode; it won't just blindly accept transfers--even from paired devices. If this system is running Symbian and is really vulnerable, I wonder if it manifests itself only when attempting to transfer phonebook entries from an infected device.
The same navigation system is used in a number of cars beyond the Lexus LS430 and LX470. The SC430, GX430, and RX330 use the same Bluetooth system, as does Toyota's Land Cruiser and Prius.
Phil
Say you're chatting on the phone at the mall, and some phr33k injects the virus into your BT phone. You head home, and the virus hops into your car on startup. Then, as you're passing this 5Kr1p7 K1dd13'5 ex-girlfriend's exit the virus notices this on your GPS and disables your car. Maybe by cutting off fuel injection, forcing you to coast to the side of the road.
As you sit there trying to get it going again, every car that passes you is infected.
It's a brilliant DDoS. Sort of like having a bunch of pizzas delivered to her house, only the punk closed down the highway.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Symbian OS is an embbeded operating system usually used for cell phones. Its an updated and renamed version of the Epoc32 os which has been used in handheld and palmtop computers.
I was not arguing that Americans changed the spelling of many English words. I agree with that.
I was arguing that the airplane was invented in the US, and that the inventors get to name their invention what they want.
But as I looked up the links, I only became more confused. The Wright brothers called their airplane an "aeroplane", so I don't know why we'd change the spelling of that, since even the original american inventors spelled it differently.
that locks itself up with out of memory conditions after a couple of months of running.
Not on a network other then a dedicated point-to-point connection to the device that it is controlling/monitoring.
Every couple of months I have to go out and kick the stupid thing because it goes belly up because it runs out of virtual memory and locks itself up.
Eventually it'll make sense to toss a chip and OS with far more power than required into every appliance .. and probably far more hackable.
One line blog. I hear that they're called Twitters now.
Any older Diesle engine will once operating require no electricity of any form of fasion to function. and is completely impervious to any form of power spike police surge trap etc..
Inflated fear can also keep good ideas from growing. How long has it been since an engineer has been able to seriously suggest using hydrogen in blimps? How many times have they had to explain that it can be used safely in balloons, cars, etc?
Imagine what the fallout would have been if Richard Feynman hadn't found impeccable software practices during the Challenger investigation. Ouch, eh?
It's easy to be too alarmist as to be too blasé.
Sometimes seventeen/Syllables aren't enough to/Express a complete
Anyone stupid enough to shell out $40,000 for a camry with leather seats deserves to get a virus. For $30,000; I'll buy them the camry, a garmin streetpilot, and give them a swift kick in the nads. they'll feel the same and be $10,000 less in the hole.
STFU & GBTW
...with which we will happily hang ourselves with. My advice to all of you is to try to remember what it is like to survive in the stone-age because I think that western civilization is in decline and the falling curve from its peak may become dramatic in the next 3-7 years. Maybe we should stop worrying about our cars and try to work together to use our knowledge to fix the problems in this world?
Cabir/Caribe is not a virus. It is a Trojan. As with all other Symbian "viruses" that have been released so far, the user must deliberately run it to infect themselves. It will never be possible to fully protect anything running on any operating system from this sort of attack.
There have as yet been no vulnerabilities in Symbian OS discovered that would allow for the spread of actual viruses or worms. Which I think is pretty damn good compared to other operating systems.
Symbianite writes to Ron Condon (SC editor) and David Quainton (article author):
In your article Mobile virus infects Lexus cars by David Quainton a reference is made to Symbian operating system as follows:
" It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses. "
Symbian is a MOBILE PHONE operating system and has nothing to do with cars. No car manufacturers are Symbian licensees. This could not have been hard to verify - Symbian's web site (www.symbian.com) clearly lists Symbian licensees.
Further to this, what you refer to as "various worms and viruses" is actually malware. All existing malware for Symbian is not based on bad code exploits but rather on user's explicitly bypassing security and dismissing security warnings.
Please ensure that this error is corrected asap. This is bad press for a good company (Symbian) and I am sure they will not waste time in debunking this ignorant rant.
Funny. I remember saying 'once' to an American thrice. He thought I was stammering.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
but I too have had a similar feeling,
I once had to do a system quote for a system which I was told somehow supported a life support machine that was running windows 95.
I was really quite annoyed that I wasn't allowed to reccommend a *nix/bsd/blah solution.
Oh well, I dont work there anymore anyway :)
Sorry! Can't make it into work today. My car has a virus.
What is the inverse of the Matrix?
The article is full of FUD and contains very little factual content.
It speculates that the car may run Symbian, or run Windows, or run who knows what? It claims that viruses may infect these operating system but supplies no evidence that any such infection has ever occurred.
All your base stations are belonging to us.
As you say, crashing is not really the problem, though my sister's PC sometimes crashes with her kids' games (video driver issue). However, Windows XP has now moved on (mostly) from crashing to some really hard problems that are almost as annoying and in some cases worse.
I have a brand new WinXP laptop from Dell for work, with 2GB RAM and 1.8 GHz or so CPU - it has two entertaining problems that illustrate this:
1. Kept on waking up from sleep mode after an hour or so - turned out to be that WinXP SP2 will not hibernate if you have more than 512 MB of RAM. Disabling hibernate fixed this, but why should I have to?
2. Takes over an hour to reboot - started in last month, this involves the 'Applying computer settings' stage lasting over one hour. I've spent several hours trying to debug this so far - there is no way around the one hour reboot so this is actually worse.
The hibernate problem could well happen under Linux but it would probably be easier to trace what was happening (debatable though).
The very slow reboot is something that is really hard to debug without Windows ninja skills - I have looked at the event logs but it's not at all clear which service is causing the problem. Disabling services mentioned in various MS KB articles has not helped. I class this problem as almost worse than a crash - sometimes I have to reboot to install new software and I then lose the use of the laptop for over an hour... WinXP is really not helping my productivity here.
My point is that WinXP is now so complex, particularly as you install a lot of software, that it's really hard to find out what is going on. Linux or perhaps MacOS X would be a much better platform for power users - since they are both *nix based, it is a lot easier to see what's going on.
http://www.nzhistory.net.nz/Gallery/Pearse/Pearse. html
It appears that some of his supporters may have claimed that he flew first, but Pearse himself made no such suggestions.
"In two letters, published in 1915 and 1928, the inventor writes of February or March 1904 as the time when he set out to solve the problem of aerial navigation. He also states that he did not achieve proper flight and did not beat the American brothers Orville and Wilbur Wright who flew on 17 December 1903"