Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Team Takes On Car Hackers

Posted by samzenpus on from the who's-driving dept.

nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."

10 of 153 comments (clear)

  1. Interesting readings by Anonymous Coward · · Score: 4, Informative

    http://www.autosec.org/publications.html

  2. Boy, does this have the potential for bad by Scareduck · · Score: 5, Insightful

    Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.

    --

    Dog is my co-pilot.

    1. Re:Boy, does this have the potential for bad by Trepidity · · Score: 4, Interesting

      A more likely short-term motivation is that they want exclusive ability to sell expensive repairs and required-for-maintenance devices.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:Boy, does this have the potential for bad by Miamicanes · · Score: 4, Informative

      Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.

      Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit. It's just like UEFI. If I have a copy of the key, it's awesome. If the only copy of my key is held by Microsoft or Sony, it's a shameless pwnage of my consumer rights whose physical and political defeat is a moral imperative.

    3. Re:Boy, does this have the potential for bad by CanHasDIY · · Score: 4, Interesting

      Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit.

      Oh, they'll give it to the mechanic's, alright - that is, the one's who work for their dealership.

      Cars have actually been going that way for years, in a shameless attempt to kill of independent shops and shadetree mechanics; the process goes like this:

      - new model of Car X comes out
      - new model requires a special tool for trivial adjustment, i.e. toe adjustment on the steering wheels
      - manufacturer patents the tool, so only they can make/sell it
      - manufacturer refuses to sell the tool to anyone other than one of their own branded shops
      - customers are forced to take Car X to the manufacturer branded dealership to have trivial repair made, at more than double what it would cost for an independent shop to make the same repair

      Source: One of my many trades (one, specifically, that I actually have an education in) is 'auto mechanic.')

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    4. Re:Boy, does this have the potential for bad by orgelspieler · · Score: 4, Funny

      I think this is the first time I've seen anybody do a computer:car analogy in reverse on this forum.

  3. CAN is cool, but... by iamgnat · · Score: 5, Insightful

    I played with having a computer in my car for a few years and it is shocking what you can do once you have access to the CAN bus. I mean it's cool that I can plug a device in and program it so that it will catch the commands from my window switches and have them instead activate my blinkers, but that (theoretically as far as I know) a compromised update to your radio could let it do the same thing is a bad thing and that there is a growing trend for cars to be more connected (e.g. wifi hotspots, etc..) is outright scary.

    Maybe they could start by separating networks for the critical functions and entertainment systems. The only possible access to the critical systems should be by a physical connection. They don't need (bad) software security experts to help solve this problem. They need good network architects. It shouldn't simply be a matter of the engine verifying that the "more gas" command came from the ECU and not the radio. The radio should simply never be able to get a message to the engine without wiring changes.

    1. Re:CAN is cool, but... by slim · · Score: 4, Interesting

      Not just theoretically -- University of Washington researchers crafted an MP3 that let them at the CAN via the MP3 player: http://www.newscientist.com/blogs/onepercent/2011/03/how-an-mp3-can-be-used-to-hack.html

  4. Stupid stuff again by Compaqt · · Score: 4, Informative

    Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?

    How about this: Just mount an iPad (or Galaxy) into the console.

    Done.

    But, no, they want to show you the oil level on a touchscreen instead of in front of the steering wheel. Meaning they have to hook it into the engine computer. Giving attackers an in.

    --
    I'm not a lawyer, but I play one on the Internet. Blog
  5. Re:A revolutionary idea by slim · · Score: 4, Informative

    Don't make the car computer have a wi-fi antenna.

    There are plenty of other vectors. The keyless ignition system. The remote central locking. The MP3 decoder. The digital radio. With physical access -- direct connection to the bus.