Slashdot Mirror
The Shoddy State of Automotive Wireless Security
angry tapir writes "Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged. While the potential for misuse may be minimal, this vulnerability points to a troubling lack of rigor with secure software development for new automobiles, said Wenyuan Xu, a computer science assistant professor at the University of South Carolina, who was a co-lead on the study. The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington DC."
If the potential for misuse is minimal, then it's only common sense to make the tire communications simple and easy to troubleshoot, and to assign the security people to work on something that matters.
break
break!!!
Oh... sudo break.
Oh yeah, good thing RFID detectors are so freaking expensive. Plus, someone covertly tracking you is going to be really upset if they can't read your tyre pressure.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
We currently show you driving 95 miles an hour with four flat tires. Would you like to be routed to a service station?
...the government is tracking you already (where I live, toll tag transponders can be seen on telephone poles miles from the toll roads). If you have OnStar (even if it's "disabled"), GM can still locate your vehicle. I suspect it's even possible to monitor a vehicle's CANBUS for unique signatures that would identify a specific vehicle. Hell, your cell phone will give you up.
For some reason, I'm not too worried about the RFID tags on my tire valve stems.
Cars don't need wireless sensors. In fact they don't need most of the electronics that gets built in at all. This may seem old-fashioned but for nearly a century a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately when a deflating tyre is detected. I believe this system is moderately effective and not subject to radio spoofing.
Ask me to design my ideal car and it'll have a lightweight but strong aluminium body, a simple, efficient diesel engine, comfortable seats and a decent stereo. Everything else is chaff, I don't even need ABS.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Why bother with the tire pressure when you can make instruments give false readings, kill a car engine remotely or turn off the brakes ?
Typically, I find that the engineers that work in these industries (automotive/transport/white goods/manufacturing) have very little motivation to think about security. The pressure is all on building features into products. They are generally led by electrical or mechanical engineering managers, who are pushed with limited budgets and time-to-market constraints to get something out the door. So they do the most limited research on how to add widget X to the product. As engineers, their dangerous enough to think they know how to program, when most of their experience is microcontrollers or some simple scripting. Security is something that just adds cost in most of their minds.
They would want to know about changes so that they can guess where/when you have picked off or left off passagers or cargo.
FRA: STFU GTFO
I mean, anyone can program them to go to 20000th floor and we could end up in orbit or something.
"If the sensor IDs were captured at roadside tracking points and stored in databases, third parties could infer or prove that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs,"
The issue described in the article is that you can identify the tires by their RFID tag. This means that you could track cars. The article completely fails to mention that you ALREADY HAVE A FUCKING LICENSE PLATE ATTACHED TO YOUR CAR! The license plate is a unique identifier required by law on all motor vehicles. Anyone who wants to prove you visited location XYZ is simply going to use a $20 camera and get a shot of your license plate. Yeah, getting readings with RFID is a little easier then setting up a camera and some plate scanning software, but neither one is very hard for someone who wants to track you.
As for "confounding" the control unit, that's not a problem with security, that's a problem with the fucking control unit. The article mentions that once they sent false data to it, they couldn't get the thing to work correctly even after rebooting it. Any device that can't handle junk data is worse than useless. Something being intolerant of noise is not a security problem, it's a stupid engineer problem. Sure, it might not function while you're jamming it with garbage, but if it fails to work after a reboot then you've done something seriously wrong.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Tire sensors are built to run on battery for years. You can't easily get to them and change the battery, so these things are extreme low power devices. Each line of code for these controllers costs real world battery lifetime and shortens maintenance cycles. The same goes for extra crypto hardware: every transistor costs. So I'm not surprised that the protocol is not secured to oblivion. There simply isn't room for that unless battery storage capacities rise by an order of magnitude or two. So, a part of me wonders whether this researcher has had a look at the constraints of these systems and understood them before he tried to make the news.
Still, this is no excuse for being able to corrupt the receiving controller irreparably by some protocol error. These errors can occur normally as transmission errors, not just through deliberate attacks. This is where the sloppy engineering exists and the only part of the story that is actually newsworthy.
http://www.moonlight3d.eu/
A colleague recently got a call from his wife: her car dash had lit up with warning lights. After about half an hour he traced it to a single fault: an under-inflated tire, presumably reported (correctly) by one of the sensors described in TFO. One tire warning light - OK so far.But the tire warning system had talked to the ABS system, which had decided for inscrutable reasons that it wouldn't work with an underinflated tire. And that had talked to the central monitoring system, which had turned on the "Safety Critical Fault" light. And maybe a few other things. The result was, like Three Mile Island, a single underlying fault had turned into a christmas tree of warnings that an unskilled interpreter (the wife) was terrified of and a skilled engineer (my colleague, a very good hardware engineer) took half an hour to troubleshoot.
The point being that there is a possibility for a dangerous prank here. By fooling cars into thinking their tires are dangerously underinflated, you can give the driver a serious fright - with possibilities comic to the simple minded, but potentially dangerous if the driver is distracted or does something unexpected like braking to a sudden halt.
Consciousness is an illusion caused by an excess of self consciousness.
Do they also drop when you point out the 3" tall sequence of number on the front/back of their car is unique to that car and easily readable by roadside cameras, the police or passers-by using built-in organic sensors?
No sig today...
Surley the best solution to this is no security at all and just use a very low power signal. How far should it need to go between the tyre and a fixed point on a car (a few cm at the most I think). Would it even be possible for the sensor to be connected to the cars computer via a cable and just eliminate the wireless security hole. Then they just need to have the reciever ignore any signal with values outside the valid range.
Sorry but you will not figure out how to bomb a embassy by reading the tire pressure in my front left tire. All this is nothing but FUD and fear-mongering by a researcher that is late on the scene to automotive hacking. Many of us in the automotive hacking circles have done this stuff for well over 30 years. Now suddenly just because one guy who decided to make a lot of noise about it it's a problem?
it is not a problem, ignore this attention whore.
You cant send a virus down the tire pressure comms channel to the ECM and cause the car to explode or disable the brakes. (Except for toyota cars... JOKING!) and his demos with wirelessly changing the dashboard and other "hacks" are via a 3rd party wireless device he installed in the car.
If I buy a new windows server and install VNC without a password can I demonstrate to the world how horribly insecure the newest windows server release is? It's the same thing. Everyone glosses over the fact that none of his hacks are possible without having the target's car for a few days and installing a lot of gear in it.
The ONLY wireless OEM hack I have ever seen is the one where you blast mp3 files to bluetooth devices with the codes set to 0000 or 1234.. and that was to a BMW. Unfortunately it did not allow me to take control and steer the car or control the brakes. It did allow us to play audi adverts to the guy.
Do not look at laser with remaining good eye.
if warning lights on your dash causes you to freak out and flip over your car or drive dangerously, then you should not be driving.
Do not look at laser with remaining good eye.
At first I read that as "Unisex Security Symposium" and wondered why they would have a technical symposium for only one gender.
I don't think unisex means what you think it means:
adj.
1. Designed for or suitable to both sexes: unisex clothing; unisex hairstyles.
2. Not distinguished or distinguishable on the basis of sex; androgynous in appearance: cultivated a unisex look.
n.
Elimination or absence of sexual distinctions, especially in dress.
Well the entire A380 doesn't run on WEP, but the entire cabin entertainment system does.
And having been involved in other parts of the A380 design, I can tell you that data security problems were not even on the product development radar. Non-IT engineering companies view IT the same way that the rest of the world does and generally doesn't design against malicious uses, only accidental failures.
It just means you won't be able to get in touch with the helpdesk to reset your password so's you can get into your car and actually start it, and you'll likely die of thirst on a Death Valley crossing or freeze to death in some Minnesota winter right outside Frostbite Falls.
we need to get rid of the dealer lock in and let any shop be able to fix the car.
Usenix is a meeting of UNIX eunuchs. The anagram is fitting.
While it's true that ABS doesn't help, electronic traction control does indeed help significantly. It's also more expensive of course...
Actually, ABS doesn't always stop in a shorter distance. In gravel, sand, deep snow, and ice, ABS tends to increase stopping distance because locked wheels dig in and stop more quickly.
Studies were done in Munich comparing ABS and non-ABS taxicabs, and they found that accident rates were similar. It appears that the drivers with ABS took more risks. (http://psyc.queensu.ca/target/chapter07.html)
In 1996 the IIHS found that vehicles with ABS were less likely to be in accidents causing fatalities in other cars, and more likely to be in accidents causing fatalities in the car with ABS.
Electronic Stability Control on the other hand has been found to be effective at reducing accidents.
It's a lot cheaper to embed RFID readers in the roads as they get repaved then to install cameras at the same number of locations.
If I can shut your car off by sending it low-powered radio signals, that's a problem.
The ONLY wireless OEM hack I have ever seen is the one where you blast mp3 files to bluetooth devices with the codes set to 0000 or 1234.. and that was to a BMW. Unfortunately it did not allow me to take control and steer the car or control the brakes. It did allow us to play audi adverts to the guy.
Where'd you find a BMW with factory A2DP?
That's the real problem. Until they started adding wireless, the cars were perfectly secured by simple physical means. Security on the wire was irrelevant since the wire was entirely within the car. If you could access the wire, you could just add a tracking device or cut the brake line.
Now that they're going wireless, security in the communication is starting to actually matter but they have no experience there.
What you're missing is that you don't need to worry about security when no security is needed. If you have a stand-alone PC that isn't networked, all the security you need is a lock on the door. Making the "tire low" light come on could do no damage; no security is needed there, either.
The trouble with security researchers is they think our homes all need doors like bank vaults and unbreakable glass in the windows.
Free Martian Whores!
They have to be wireless because TPMS sensors are actually INSIDE the tire (mounted to the inside of the rim or the base of the valvestem). Also, cars usually only have one TPMS receiver so each sensor needs to be able to transmit at least a few feet to reach a central point on the vehicle. Keep in mind, the "40 meters" cited in TFA is a maximum and not an average. 10 meters is probably a better average.
Of course, your Bluetooth hack is a bug in car's BT system. The system shouldn't be set to pairing mode unless it's manually initiated, so it shouldn't matter what the auth codes are. If the device wasn't previously paired, it shouldn't be accessible. Same issue as with the tires, it's not validating input properly because someone was lazy.
My blog. Good stuff (when I remember to update it). Read it.
The problem isn't with the engineers or their managers, it's with cost annalists that haggle over things as little as 1 cent or even 1/2 cent in cost to produce a part, all of which engineering time factors in to. Good design of most parts takes a back seat to small amounts of savings per part and it's the same across all car manufacturers that produce large amounts of cars. It's kowtowing to investors trying to extract every dollar of profit out of their investment.
Look under the hood of any car, truck or van produced in the pass 10 or 15 years and notice how compact everything is. That's not to improve handling or roll center. It's all to save as much material in building the car. If they could do it to the body of the cars they would, but they can't because it need to pass safety tests and people looking to mid and large sized vehicles are not going to buy them is they are too small.
I'd assume the traction control system would correlate individual wheel drag with low-pressure tire information. Lower tire pressure = More drag. If it gets a reading that's very low, there should be noticeable drag.
Before we had pressure sensors in tires, we had traction control systems to let us know these things.