Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking a Car With Music

Posted by timothy on from the lady-gaga's-secret-plan dept.

itwbennett writes "Researchers at the University of California, San Diego, and the University of Washington have identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops. But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. 'It's hard to think of something more innocuous than a song,' said Stefan Savage, a professor at the University of California."

11 of 133 comments (clear)

  1. Hackers can turn your home computer into a bomb! by mykos · · Score: 4, Funny

    http://www.mopo.ca/2007/08/hackers-can-turn-your-home-computer.html

  2. Uh, what? by gman003 · · Score: 5, Interesting

    I can accept malicious data taking over the stereo system. That's believable. What I find impossible is going from there to the rest of the car. I installed my own stereo system - the only wires involved were power and output to the speakers. That's it. Unless they can find an exploit in a 12v battery, they literally cannot get to anything automotive.

    Maybe newer cars, where everything is "integrated", are different. In which case, I'm glad I bought a used '99 Talon rather than a brand-new anything.

    1. Re:Uh, what? by Anonymous Coward · · Score: 5, Informative

      Newer cars with integrated stereos hook them up to the car's CAN bus. From there all bets are off.

    2. Re:Uh, what? by drinkypoo · · Score: 3, Informative

      Maybe newer cars, where everything is "integrated", are different. In which case, I'm glad I bought a used '99 Talon rather than a brand-new anything.

      If your car uses the CAN-bus for stereo controls, and has only a single CAN-bus, then yeah, you can probably hack the security, which is integrated into the PCM, from the stereo.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Uh, what? by Osgeld · · Score: 4, Informative

      can bus

      http://en.wikipedia.org/wiki/Controller_area_network

      course it all depends on what your car has in it, my 06 kia not a big deal as my stereo is not connected to it, much like you mention above, my mom's 2011 jeep on the other hand, you cant even unlock a door without talking on it

    4. Re:Uh, what? by MacGyver2210 · · Score: 3, Interesting

      I've never seen a keyless entry system connected to a CAN bus.

      I have in no way worked on all cars out there, but that would be what we with common sense call 'poor system design'.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  3. Re:Bad Programmers by NotQuiteReal · · Score: 5, Insightful

    Why are the most ubiquitous products the most buggy?

    Maybe because they (products) need to be cheap and quick to market to become ubiquitous?

    Remember the old "joke"?
    * Cheap
    * Good
    * Fast
    Pick 2


    There are a lot of folks who just by the latest (fast) stuff they can afford (cheap). Quality (good) doesn't enter into the equation.

    --
    This issue is a bit more complicated than you think.
  4. Re:Attacks by StefanSavage · · Score: 5, Informative

    > In a talk, Stefan claimed to have the ability to remotely drive as well, i.e., steer/accelerate/brake.
    I'd be surprised if you're not misremembering... both because we hadn't spoken publicly about concrete remote vulnerabilities before our NAS briefing and because some of this is not true. In particular, steering is not electrically intermediated on most cars (new electric cars aside) and we've never demonstrated acceleration control (engine start/shutdown, yes... acceleration no... although I'd be surprised if it wasn't possible).

  5. Please Do by dmomo · · Score: 3, Funny

    If it will disable bass boomers in my neighborhood.

  6. Sounds like my AV receiver by tlhIngan · · Score: 3, Interesting

    After obtaining a service manual for my AV Receiver, firmware updates are done by using a CD player with digital out, and hooking it to the TOSlink input on the front.

    Put it in a special service mode, put a specially burned CD in the CD player, and hit play. The AV receiver grabs the firmware update information off the digital input.

    Presumably there's safeguards to ensure that the firmware is transferred correctly, as well as various sync signals to ensure that if you accidentally seeked at the beginning or the player skipped it would be detected.

    Probably not a simple modulated audio stream since that'll be quite slow.

  7. Re:Hackers can turn your home computer into a bomb by Mister+Transistor · · Score: 3, Funny

    Would that be Mushroom Cloud computing?

    --
    -- You are in a maze of little, twisty passages, all different... --