Slashdot Mirror
Intel Team Takes On Car Hackers
nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."
http://www.autosec.org/publications.html
Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.
Dog is my co-pilot.
Its almost as if you'd want a system that only ran signed code...
not let a computer drive your car. They've been doing this for years, and it works pretty well. Problem solved.
Sounds like the auto makers are getting tired of individuals being able to change their own cars engine/transmission settings, and or, do fixes that usually require paying the dealer.
Congress mandated an open set of engine/car diagnostic codes due to them not releasing service information some years back. Sounds like they're investigating the possibility of re-imposing something similar via "security" concerns.
"Think of the children that could be put at risk if $evil-auto-hacker isn't protected against!"
Those that can hack these systems will hold their best exploits until they need them,
want to get famous, or just for the lulz. Nothing has changed, this was a problem from the beginning,
signed code or not (that is a step in the right direction though IMO).
I played with having a computer in my car for a few years and it is shocking what you can do once you have access to the CAN bus. I mean it's cool that I can plug a device in and program it so that it will catch the commands from my window switches and have them instead activate my blinkers, but that (theoretically as far as I know) a compromised update to your radio could let it do the same thing is a bad thing and that there is a growing trend for cars to be more connected (e.g. wifi hotspots, etc..) is outright scary.
Maybe they could start by separating networks for the critical functions and entertainment systems. The only possible access to the critical systems should be by a physical connection. They don't need (bad) software security experts to help solve this problem. They need good network architects. It shouldn't simply be a matter of the engine verifying that the "more gas" command came from the ECU and not the radio. The radio should simply never be able to get a message to the engine without wiring changes.
McAfee makes me think of AV, and AV makes me think band-aid. Please, please let's not end up with a situation where cars are susceptible to viruses, therefore an AV application scans for viruses. Cars (or at least, the important bits of them) should be secure from the ground up.
The problem has been that the designers have given computer security no thought *whatsoever*, and applied techniques already well known to security people, too late for some victims.
For example, the first remote keys were susceptible to replay attacks. Anyone with half a clue about computer security already knew at that time that needed a challenge/response scheme. But keys with challenge/response came later. And keys with sufficiently secure crypto algorithms came later still.
For example, it's common to have the audio system, the ignition, the satnav, etc. all on the same data bus, with no authentication. From a security point of view, that's a disaster waiting to happen. Researchers have already demonstrated hacking the MP3 player to unlock the doors -- pointing out it's not much of a stretch to having hacked cars unlock themselves and email their GPS location to the attacker.
Worked on some of the first Microsoft-based car nav radios, a Windows-CE based auto-specific system. MS was in the mode of "Hey, 3rd party apps are a feature!" and the auto companies were like, "Not gonna happen."
Not in the land of Congressional hearings and $100 million recalls. You think Facebook dodging the class action suit in that other thread is a big deal, imagine a lawyer trotting broken or dead bodies before the camera because one of the Big Three didn't properly vette Angry Birds: Cruisin' Down the Highway.
Viruses and malware are just a matter of time.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Needless to say, never connect the critical systems to the internet or to other computers connected to the net. Besides security concerns-- ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.
Here's a revolutionary way to combat illicit car hacking. It'll blow your mind away.
Ready?
Are you sure?
Don't make the car computer have a wi-fi antenna.
Groundbreaking, isn't it?
Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?
How about this: Just mount an iPad (or Galaxy) into the console.
Done.
But, no, they want to show you the oil level on a touchscreen instead of in front of the steering wheel. Meaning they have to hook it into the engine computer. Giving attackers an in.
I'm not a lawyer, but I play one on the Internet. Blog
The car manufactures risk being held liable for people stealing their cars through remote exploits. For years now insurance claims have been denied for certain auto theft claims based on the theory that certain types of keys couldn't be replicated. During the interim of course hackers had figured out how hack the key systems and started stealing the cars without the keys.
Sooner or later the inevitable happened and they got caught on video doing so. I believe there was a story over the UK a few weeks ago about this. Now that the evidence is ironclad the issue has to be acknowledged and Intel is simply targeting a market that is newly available. There is no reason that other companies can't target this same market to provide security services either. To be frank I'm surprised nobodies 'stolen' a car at defcon or black hat yet for one of the demo's.
ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.
Most importantly an attempt to eliminate the resale market.
Perhaps in the future you'll have to register and buy annual (or more often) updates for your car from the app store, and you won't be allowed to change the owner of the car, why the heck would you be permitted to do that, are you some kind of car thief?
I'm sorry sir your engine computer hardware is yours, but the software that runs on it is only licensed to the original buyer. You can only buy an engine computer software license with the purchase of a new engine computer. A new engine computer is only $999.95 or you can buy a $125 month two year service contract and get a complimentary new engine computer for free. Its all to protect you from hackers, you see.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
few months back there was an article here about how car computers are ripe for hacking and everyone said the car companies suck for such crappy security
now that they are doing it the car companies suck for locking down their cars
I am very impressed with a person "who forced ATMs to ... cause medical pumps to release lethal doses of insulin." But why are ATMs and medical pumps connected to each other in the first place?
We need updates "over the air", without operator intervention! It's too inconvenient for owners to have to come into a dealer for updates, that's unreasonable!
And it won't allow us to do the updates as often as we like! We're always fixing bugs, so we need the ability to update the software every 6 hours... sometimes even less! Look at Firefox and Windows - how often do they update? It's an industry standard!
And encryption? That's haaaard! It takes time and effort to implement and it adds no value to the end product. We could better monitize our developer value by having them implement bells and whistles! More features is perceived as better value, making the left automatic window button work differently than the right one is seen as more valuable by the end user! Don't spend time on encryption, it's features all the way!
==============
Force the manufacturers to update once a year or less, this will help make sure that they get it right and only fix things that are needed.
Force the manufacturers to recall the vehicle for an update. Yes, it's inconvenient. Yes, it's necessary. Pro tip: Making it expensive to fix will encourage the manufacturer to get it right the first time.
Force the manufacturers to open the spec on the software, including the update channel. If a hacker can crack it, it's not secure enough.
This is not hard. Other products have figured this out already (for example, printer industry). When it's expensive to fix, it puts pressure on the manufacturer to get it right the first time.
Why would you be loading fishing software onto a car?
Or worse... they start treating oil filters like laser toner, and declaring them to be "expired" the moment your odometer ticks off 3,000 miles.
English is my first language and I am utterly ashamed. I would have much preferred something without all the stupid spelling. my eyes are [ tearing ]
So that fiery CHIPS officer and his family in San Diego for whom no human amount of effort could save themselves from terror by electronic FAILUNDER comes down to ' its not our fault?' someone reprogrammed the blackboxen?
It's got two things going for it
(a) it's a manual
(b) it's a TVR
(for those that don't get (b), you really have to know what you are doing to start one, look up Top Gear for more info)
So rise up, all ye lost ones, as one, we'll claw the clouds.
Is building up viably secure automotive computing platforms part of a push toward a fleet of automated teamsters?
Too late
The truth is that all men having power ought to be mistrusted. James Madison
That's the main thing. Devices that are irrelevant to essential system services, like sound systems, climate control, phone and WiFi, should be kept apart from the central processor.
If they need to communicate at all (I would argue no), it should be in one direction only: control signals from the main processor outward, with nothing in the other direction except for hard-wired feedback such as "Yes, I am turned on." By that I mean: they should be separate hardware systems with their own specialized software. Maybe a microcontroller, or some such. But one thing such peripheral systems should NOT be, is simply software subsystems running on the main processor.
The main processor should be limited in its communication/control of such devices. Feedback such as "Bluetooth is turned on" might be useful to some extent, but Bluetooth, WiFi, climate control, etc. should be offloaded from the main processor to subsystems of their own.
That simply eliminates most of the problem, and I know of no good reason they could not be designed that way. Just don't lump everything into a single system and OS. That's a big mistake.
I'll take the hackers, thank you--with them I at least have some chance of purging *their* malware from my computer system.
Needless to say ? It can't be overstated, if you ask me. This is disaster waiting to happen, grab some popcorn after you secure yourself a 20+ year old car in good shape.
Can I light a sig ?
Strange that they left out biometrics[Ford], which is probably an imminent method of security in the future. WTF McAfee would be taking the lead in that, I don't know.
Forward! -- Emperor Norton, 2012
Really? McAfee researchers? This is the company that crashed millions of their business customers' systems with an untested update. As I write this there are 1000s of home McAfee customers who have lost Internet connectivity because of another untested update. These are the people you want to listen to when it comes to security? Oh Pulease!
and you won't be allowed to change the owner of the car,
That's pretty far fetched; unless all the car manufacturers did this at the same time, the sales for those cars with this 'feature' would drop through the floor since they would have no resale value. If all the car manufacturers *did* do it at the same time it would probably be some sort of cartel issue and illegal.
Much more likely is that you would have to officially update the registration with the manufacturer in order to carry on receiving necessary updates after a change of owner, and to do this you would have to pay a 'reasonable admin fee to cover costs' (as they would put it), which could be quite lucrative for the car manufacturers, but not seriously affect resale values if set at the 'right' level. This way they get a cut of all resales for doing virtually nothing.
I always wondered if this wasn't at least partly done to capture the customer's audio system spending.
Car makers traditionally have been way behind the times in terms of car audio, and even simple upgrades were always really expensive due to the highway robbery prices they charged (since they were nearly always a dealer add-on).
So you bought the base model radio and then went to Best Buy or wherever and bought a better model, speakers, power amp for less money than the car maker wanted.
At first car makers seemed to resist buy going double-DIN, but the carmakers fixed that with brackets, double-DIN stereos and other faceplate doodads.
Now with the integration, you can't do squat. My 2007 Volvo S80 uses the stereo for the car's menu system; even the dash stuff would be hard to work around; it's not a typical double-DIN setup. Even the speakers are used as part of the safety systems and backup sensor.
If you really wanted aftermarket audio, I think you'd almost need a completely remote system (maybe controlled by smartphone or some other touchscreen mounted separately like an aftermarket GPS or phone holder). And then there's the whole speaker issue...
Bonus points to the first person that talks their way out of a traffic ticket with the excuse that their car has been hacked.
Having McAfee running anything on your car will, at minimum, will add 3 seconds to your acceration times, and knock 5 mpg off your milage. You will also have to run the A/C more to offset the extra heat load on the CPU. Plus, about every fifth update, it will kill your car so dead, you will have to call AAA for a tow.
the highway goes right though there maybe the GPS is off and showing me on a local road that I was on the main road next to it.
Let's assume ENIAC and 1943 as the start date for modern computing. In nearly 70 years of computing one thing we should all know very well by now is that there is no such thing as secure code. If a user has access to the system it operates on it's inherently insecure.
I am Bennett Haselton! I am Bennett Haselton!
In truth, I was more ignoring that point. There's a legitimate concern that whenever you provide interfaces that can do powerful things on a system, they can almost by definition be abused.
Often though, locking down things in the name of security doesn't do a thorough job of protecting against real mischief. A half measure job won't prevent real attackers from getting in. But, it will often prevent anyone but "authorized" service personnel from doing anything. For an industry that makes a good bit off of the service and repair of their products, it's tempting to wall off what independent mechanics/electronics techs can do.
Having security as a ready to hand reason is great cover for that.
fine my cost is $40 hr + all parking fees + $0.55 a mile
"Manual controls for all key systems - keys and the like."
We had that, and the result was that cars were hotwired. In today's cars, there are cryptographic challenge/response schemes with the key, making them much harder to steal. Of course, this introduces a wireless digital interface...
Car systems are incredibly robust to random failures, but they don't do well against intentional failures that bypass the failsafe mechanisms.
Anybody read Robopocalypse?
It also makes it harder to replace your stock deck with third-party alternatives.
Your third-party stereo may be better and cheaper, but will you install it if it breaks the integrated features (such as audio notifications that are pumped through the stereo system, or other stupid crap that doesn't need integration). If you do install it, then the cost of install goes up because of the complexity, making the overpriced manufacturer supplied/supported units seem like a better choice...
No need for the mileage charge, if you don't show, they'll come give you a ride for free. If you still resist, they'll throw in a few days of free room and board.