Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Reveal Nasty New Car Attacks

Posted by samzenpus on from the unsafe-at-any-speed dept.

schwit1 writes "Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat. Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day's experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn't so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.) The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers."

6 of 390 comments (clear)

  1. Re:High risk by HornWumpus · · Score: 3, Informative

    OBDII is not wireless.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  2. Re:High risk by icebike · · Score: 2, Informative

    Nothing in that story says anything about a hacked car.

    --
    Sig Battery depleted. Reverting to safe mode.
  3. Re:Not News: They put it into brake service mode. by ChumpusRex2003 · · Score: 4, Informative

    Correct. On this type of hybrid vehicle, there is a regenerative braking system.

    Under normal driving conditions, while the vehicle is in motion, the motor/generator will be used to retard the vehicle. The brake pedal is connected to a electronic pressure sensor, and also mechanically to a hydraulic master cylinder.

    Unlike on conventional vehicles, there is no vacuum powered booster, instead the master cylinder hydraulics are used to operate an electro-hydraulic servo, with electronic override. This way, under emergency braking, you get full hydraulic force applied to the wheel cylinders with minimal pedal effort. The electronic hydraulic control will also apply hydraulic pressure when the vehicle is stationary and the brake pedal depressed, and also periodically applies hydraulic pressure when the vehicle is stopped and the transmission in P (for self-test purposes) and when the vehicle is powered on.

    The hydraulic servo mechanism can be disabled in order to permit brake maintenance (this releases hydraulic pressure in the booster and prevents automatic application of pressure to the wheel cylinders), permitting access to maintain the friction surfaces. It appears that this hack, merely consisted of transmitting the CAN bus command to put the hydraulic servo system into maintenance mode.

    At low speeds, when the electrical regen isn't operative, this will result in the brake pedal travelling further than expected and loss of power assistance. However, with sufficient pedal pressure, it should be possible to slow the car using unboosted pressure.

  4. Re:High risk by adolf · · Score: 4, Informative

    It's already a risk. And it's cheap.

    Plug a GSM modem into an RS-232 ODB2 interface.

    Programming it is really hard, and stuff: ATS0=1&W

    Power is even harder: Ignition-switched power is supplied by the ODB port.

    Using it is perhaps the most difficult part: Call the modem, it answers and connects, and...done.

    Yeah, sure: I can do all kinds of obvious and nefarious things to a car if I have physical access to it.

    But this way, I can have the car work perfectly normally for a week or a month or whatever.

    And then, long after they forget about having their window smashed and the change holder looted in the middle of the night, I can have it misbehave at exactly the moment that it is perhaps most dangerous.

    Just sayin'.

    --
    Kid-proof tablet..
  5. Re:High risk by Ol+Olsoc · · Score: 4, Informative

    TFA asserts otherwise. Apparently onstar and integrated infotainment systems can obtain same access to CAN bus access as the OBD port.

    Onstar can do many things to your car outside your control. Remember when they were bragging about how they could disable your car if someone stole it? It worked by disabling the throttle, forcing the vehicle to idle, so the perp would pull over to the side of the road. My guess is that if they can do that, they can controll a whole lot more. They can remote diagnose car issues, so that means they access things like timing, engine temps, vacuum lines, no doubt much more. And if they can read them? Who knows?

    And you don't even need to subscribe! http://www.consumeraffairs.com/news/gm-includes-free-remote-start-on-2014-models-060713.html

    How about that? They can start your car remotely. Umm, that means they can stop it remotely.

    How about this? They track you for free, and sell the data. Of course you are anonymized. Until you aren't.

    http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  6. Re:High risk by Anonymous Coward · · Score: 2, Informative

    Security through obscurity isn't "no security at all". It's just inadequate. There's still the hurdle of overcoming obscurity.
    No.

    Yes.
    If you're going to go around parroting Bruce then at least get it right. What he said was that relying ONLY on obscurity is foolish, because once the secret it out it no longer provides protection.