Car Hackers Mess With Speedometers, Odometers, Alarms and Locks

← Back to Stories (view on slashdot.org)

Car Hackers Mess With Speedometers, Odometers, Alarms and Locks

Posted by Soulskill on Tuesday October 29, 2013 @07:31PM from the no-mr.-bond,-i-expect-you-to-die dept.

mask.of.sanity writes "Researchers have demonstrated how controller area networks in cars can make vehicles appear to drive slower than their actual speed, manipulate brakes, wind back odometers and set off all kinds of alarms and lights from random fuzzing (video). The network weaknesses stem from a lack of authentication which they say is absent to improve performance. The researchers have also built a $25 open-source fuzzing tool to help others enter the field."

159 comments

Min score:

Reason:

Sort:

Hmmm... by AdeBaumann · 2013-10-29 19:37 · Score: 2

How many idiots will use this in the safe knowledge that they can't be busted for speeding anymore, I wonder...

--
I gave up sigs almost a year ago.
1. Re:Hmmm... by Anonymous Coward · 2013-10-29 19:54 · Score: 0
  
  None, because a car's speedometer reading is not provably binding in a court of law.
  Primarily this is due to them already being overrated by government mandate - in the name of the "Every k over is a killer" anti-speeding campaigns, vehicle speedometers are required to read 100km/h when actually doing 95km/h (or your local equivalent). And yet knowing this you cannot get every speeding ticket ever issued to be revoked.
2. Re:Hmmm... by maxwell+demon · 2013-10-29 20:13 · Score: 2
  
  If your speedometer shows a higher speed than your real one, then whenever you are too fast, your speedometer will be showing a too high speed, and therefore you cannot claim not to have known that you have been too fast. However I'm not so sure what the ruling would be if the speedometer shows a too low speed (and it's not your fault for either negligence in getting the car serviced or proven active manipulation, and you weren't so much over speed limit that you should have noticed it even without reading the speedometer).
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
3. Re:Hmmm... by Anonymous Coward · 2013-10-29 20:15 · Score: 0
  
  vehicle speedometers are required to read 100km/h when actually doing 95km/h (or your local equivalent)
  Source please?
4. Re:Hmmm... by AlphaWolf_HK · 2013-10-29 20:15 · Score: 4, Informative
  
  Just to clarify how the law works on this one, in most states (probably all, but there are 50 of them so you never know if there are variations) when you hop behind the wheel and start driving any car (whether you own it or not) you are responsible for the operation of that car, including if anything is wrong with it that causes an accident or any sort of moving violation, such as a malfunctioning safety device (and the speedometer is a safety device.)
  Now that doesn't stop you from suing a manufacturer, mechanic, or other responsible party if something has gone wrong with the car that wasn't your fault and caused any damages. But, any damages (even just a ticket) are your responsibility first, and if the cause was from a manufacturer or mechanic, it's then on you to recover your losses from them. In other words, if your brakes fail due to manufacturer defect, you can't just tell the guy you rear ended to go collect from your car manufacturer. He goes after you, and whatever he collects from you, you then have to collect from the manufacturer.
  You also still end up with a ticket and a mark on your driving record, because again you assumed responsibility for anything wrong with the car by driving it.
  
  --
  Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
5. Re:Hmmm... by They'reComingToTakeM · 2013-10-29 20:22 · Score: 3, Interesting
  
  The UK's annual MOT test (compulsory for all vehicles over 3 years old) states that a speedometer is permitted to read up to +10%/-0% of actual speed. ie. 66mph when you're actually doing 60, but not 60 when you're doing 61.
6. Re:Hmmm... by Anonymous Coward · 2013-10-29 20:31 · Score: 0
  
  How many idiots will use this in the safe knowledge that they can't be busted for speeding anymore, I wonder...
  Just drive into a car park (parking lot your side of the pond) with a carrier transmitting on 433.920 Mhz ham band in blighty and watch the dumd smucks doing a basil faulty on the car cuse it wont unlock or disarm the alarm or lock and with one model it completely fritzes needing a battery disconnect to get it to even turn ON ..
7. Re:Hmmm... by GeoBain · 2013-10-29 21:12 · Score: 2, Insightful
  
  Permitted is quite different from required.
8. Re:Hmmm... by Anonymous Coward · 2013-10-29 21:15 · Score: 1
  
  Ignorance is no defence it's still our fault even if the speedo is inaccurate its your responsibility to ensure it is accurate.
9. Re:Hmmm... by thegarbz · 2013-10-29 21:30 · Score: 1
  
  Likely zero, if the laws are sane like ours. If you claim your speedo is inaccurate (+/-10% in my state) and they find you were right congratulations you were driving an unroadworthy vehicle. There's another fine on top of your speeding fine.
10. Re:Hmmm... by tlambert · 2013-10-29 21:30 · Score: 2
  
  vehicle speedometers are required to read 100km/h when actually doing 95km/h (or your local equivalent)
  Source please?
  http://www.caranddriver.com/features/speedometer-scandal
  http://online.wsj.com/news/articles/SB123119286106955181
  http://www.theglobeandmail.com/globe-drive/car-tips/why-you-may-not-be-driving-as-fast-as-you-think/article11487709/
  In general, German cars are known to exaggerate speed by up to 10% in order to guarantee compliance with European law (ECE-R39).
  In the U.S., it's been historically common to "detune" speedometers in rental cars to exaggerate the speed, and therefore clock up additional miles which are then charged to the renter. It's also been historically common to roll back odometers prior to sales of cars coming from rental fleets to increase their market price as used cars. Both of these practices are illegal these days, but as shown in the articles above, you can get up to a 10% exaggeration in cars which are explicitly within manufacturer specifications, which translates into 10% more miles on your rental bill, if you rent a car from one of those manufacturers.
11. Re:Hmmm... by Anonymous Coward · 2013-10-29 22:33 · Score: 2, Insightful
  
  The speedometer and the odometer are two different instruments. You can certainly make the speedometer show a higher speed without having the odometer show a higher distance. It's as easy as printing a narrower scale on the speedometer.
12. Re:Hmmm... by Sun · 2013-10-29 23:07 · Score: 1
  
  At least where I live (Israel), most (but not all) criminal charges require a "criminal intent" component. You cannot be charged with murder if you did not intend anyone killed (but can be charged with man slauter, as that one doesn't require criminal intent).
  As far as I know (IANAL), speeding requires criminal intent. If you show you had no reasonable way of knowing you were speeding, you cannot be charged. The reason that works is that certain types of negligence are enough to show criminal intent (so you cannot claim you had no way of knowing you were speeding because your speedometer is busted).
  I should point out that driving with busted road lights is an offense that does not require criminal intent. Despite that, there was a case of a police car that drove after a driver for some time, and at one point stopped the driver for malfunctioning break light. The judge acquitted, because he said that policemen's own testimony was proof that the lights were functional at the beginning of the drive, and that the driver had, therefor, no way of knowing there was a problem. To the best of my understanding, this ruling is against the letter of the law, but it does come as a counter example. That particular judge has a number of surprisingly sane sentences, which might suggest that it is an exception.
  Shachar
13. Re:Hmmm... by Anonymous Coward · 2013-10-29 23:35 · Score: 2, Informative
  
  Your WSJ link was written by someone that doesn't know a great deal about commodity GPS navigators. Yes, on straight and level ground a GPS navigator will tend to be more accurate than a speedometer, but by far the majority of them lose accuracy when driving up and down inclines. You can see this for yourself by keeping a constant speed on your speedo and monitoring the GPS speed drop as you climb or descend a hill.
  Why? Because the majority of GPS navigation software calculates speed based on delta-lattitude and delta-longitude only (well, with lattitude correction), completely ignoring delta-altitude. Apparently 3D velocity vectors are too hard for the average software engineer to calculate.
14. Re:Hmmm... by Anonymous Coward · 2013-10-29 23:38 · Score: 1
  
  I don't know about that. I remember in high school one of my friends was driving a car and the speedometer didn't work. He was next to a cop so he matched the cops speed and apparently the cop was speeding, so the cop pulled him over (if only he were older and wiser, he would have demanded the cop to be ticketed as well, oh well), but when explaining his speedometer was broken, he was not given a speeding ticket, but only a defective vehicle ticket. And at least in my state, that's a big difference as speeding is a moving violation and defective vehicle is not, which mean speeding counts against your license and is reportable to your insurance and jacks up your price, while defective vehicle is/does not.
  To be said, I'm not sure if he could have been given a speeding ticket, and I'm sure had he been doing 60 in a 30 it would have been a different story, but in this case, the non-functional speedo saved him a speeding ticket and instead landed him with something like a $20 fine.
15. Re:Hmmm... by oPless · 2013-10-29 23:47 · Score: 1
  
  Have you actually seen the altitude reading on a GPS unit? It's terrible. It's much less accurate than the long/lat as you need to see more satellites to get a proper 3d fix *and* even then it's pretty crap.
16. Re: Hmmm... by Anonymous Coward · 2013-10-29 23:53 · Score: 0
  
  Several phones and other small receivers back the GPS up with a barometer for altitude measurements. GPS altitude from a cheap receiver is useless.
17. Re:Hmmm... by Anonymous Coward · 2013-10-30 00:06 · Score: 0
  
  The ECU of an engine due to factors of the clock and the voltage regulation and the variance of the device which is not calibrated and dut to the fact that the designers made everything relative, not caring about accuracy .... is accurate in the first standard deviation to +/- 10% and the second standard deviation takes it to about +/- 14%. This means at 55mph registered on the speedometer you could be driving 62.7mph or 47.3mph. The latter is more likely as the systems are typically about 10% off to the low side by design. Applying this tendancy the speed registered at 55mph on the speedometer is most likely to fall between 56.4mph and 42.7mph. Due to drift of sense resistors over time this becomes even more inaccurate towards the slow side. --- If you haven't figured out by now, this is my area of work. The prosecution of a person for violation of speed or safe operation conditions using an ECU needs to be impeached on the basis of the following conditions.
  (1) The ECU is not secure and can be altered in functionality and factors such that its accuracy is completely in question.
  (2) The ECU is not calibrated and thus the accuracy of even a normally functional ECU is in question by what I indicated above.
  (3) The ECU is subject to having its records altered after the fact and the party witnessing against the defendant in this case having custody of the ECU can cause defalcation and misrepresent the data and no party can validate if this has occurred. -- Essentially this is a case of "You are guilty -- Because we said so."
  Use of ECU based or "black box" recordings should never be taken as evidence in court, rather they should at best be considered as minor indicator factors for investigations to look at other factors. This is relatively similar to the fact that a breath alcohol test is often done by police and is in the butt of their flashlight. They can use this information to "suspect" but it is not evidence admissible in court. ECU data should be of the same status unless you want the car to be calibrated regularly and have a secure data bus which does not exist.
18. Re:Hmmm... by cpt+kangarooski · 2013-10-30 00:37 · Score: 1
  
  In the US, speeding is a strict liability offense; if you drive faster than the speed limit, you are liable, even if you acted with such reasonable care that you could not even be said to have acted negligently, much less recklessly, knowingly, or intentionally.
  It's not a standard that gets used a lot, but it is also known in statutory rape and some copyright infringement.
  
  --
  -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
19. Re:Hmmm... by number17 · 2013-10-30 00:44 · Score: 1
  
  If you show you had no reasonable way of knowing you were speeding, you cannot be charged.
  When you get clocked doing 20 over and you tell the cop that your speedometer is broken let me know if their words aren't "Tell it to a judge."
20. Re:Hmmm... by swb · 2013-10-30 00:54 · Score: 2
  
  IANAL and I've never even had a speeding ticket in 31 years of driving, but isn't there a reasonable expectation of general accuracy in a speedometers, and also a reasonable expectation of deviation from specific accuracy?
  I don't think there is a specific requirement for me to check/verify my speedometer accuracy, there's a whole host of government regulations that require carmakers to produce vehicles to a specific standard. And as long as when I drive with the flow of traffic, I kind of have to believe my speedometer isn't grossly inaccurate.
  In general practice, the police don't ticket people for going 56 MPH in a 55 MPH zone because there are a whole laundry list of reasons why you cannot maintain perfect speed accuracy -- the equipment isn't capable of that precision, the data displays are generally analog displays lacking that kind of precision, and environmental factors (wind, road resistance, etc) can cause speed variations, not to mention the power controls (throttle) aren't perfectly linear or setup for fine-grained control.
  Now, you won't get away with doing in 80 in a 55 zone because there are all kinds of mediating factors that should make it obvious something is wrong with your car -- passing most traffic very quickly, etc.
  I always try to check my speedometer calibration either via GPS (now) or via cruise control on flat terrain over a marked distance with a stopwatch. I had a motorcycle that showed a displayed speed 9-11 MPH slower than actual speed. I actually enquired about having it fixed and they told me it could not be manually adjusted, only totally replaced and even then they said it was not likely to be any more accurate.
21. Re: Hmmm... by nocosd · 2013-10-30 01:04 · Score: 1
  
  That is not accurate. A lawsuit for a car accident will most likely be for negligence, which requires proof of negligence. If a mechanic fails to fix your brakes correctly, you will not be liable unless you are negligent in not discovering the faulty repair. The person you hit because of the bad breaks couldn't collect from you, but potentially could from the mechanic.
22. Re:Hmmm... by Anonymous Coward · 2013-10-30 01:28 · Score: 0
  
  I think it's still your fault in the law's eyes but will need to be tested in court. It's still your fault if you're speeding after changing your tires and not adjusting the speedometer to reflect a tire size change.
23. Re:Hmmm... by zidium · 2013-10-30 01:30 · Score: 2
  
  If you haven't had a single speeding ticket in 31 years, and you're a heterosexual male and drive more than *very* rarely, then you have issues and should see a doctor, possibly about testosterone boosting.
  
  --
  Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
24. Re:Hmmm... by iamgnat · 2013-10-30 01:45 · Score: 1
  
  You also still end up with a ticket and a mark on your driving record, because again you assumed responsibility for anything wrong with the car by driving it.
  I'm in VA and had a period in my younger days where I saw far too much of the inside of my local traffic courts. As such I can say that if you came to court with certified documentation that your speedometer was under reporting most judges would let you off (especially if you also brought receipts showing it was corrected). In a few cases the judge would do the math based on your calibration report and reduce the ticket to what you "thought" you were doing. I never saw such a case where the judge stuck them with the original ticket.
25. Re:Hmmm... by iamgnat · 2013-10-30 01:48 · Score: 1
  
  When you get clocked doing 20 over and you tell the cop that your speedometer is broken let me know if their words aren't "Tell it to a judge."
  By saying that to the cop you are showing that you are aware of the situation which makes you at fault since you are showing prior knowledge. That's different than getting your speedo calibrated after the ticket and finding it under reporting. Unless they can find evidence to the contrary the reasonable assumption of the later case is that you had no way to know it was broken.
26. Re:Hmmm... by behrooz0az · 2013-10-30 01:54 · Score: 0
  
  Too bad I can't love your post.Even if I had modpoints, Where I live(Iran) You are charged with a 3 digit number of charges if You love anything related to israel, even without intent.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
27. Re:Hmmm... by X0563511 · 2013-10-30 02:15 · Score: 4, Interesting
  
  Indeed. My speedometer has matched every roadside radar display I've encountered.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
28. Re:Hmmm... by larry+bagina · 2013-10-30 02:24 · Score: 1
  
  He's not a heterosexual male ("I anal" was the first clue).
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
29. Re:Hmmm... by operagost · 2013-10-30 02:44 · Score: 1
  
  I'm not an expert, but in no US state I've lived in do you end up with points on your license if your vehicle experienced a mechanical failure. If a cop's dumb enough to cite you, feel free to challenge it in traffic court. Now, if your vehicle doesn't meet the inspection requirements (expired sticker, obvious lack of maintenance like bald tires), that's different.
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
30. Re:Hmmm... by Bob+the+Super+Hamste · 2013-10-30 02:55 · Score: 1
  
  It is possible to do that. I have only gotten 1 ticket in my 25 years of driving and that was for 46 in a 45 (it was a harassment stop and that was all the cop could get me on) which got thrown out in court. Then again when I want do drive like a raped ape I will go out to the track and beat on my stuff in a safe environment instead of trying to show off on the street. Other than that go with the flow of traffic and don't speed through little shitty towns
  
  --
  Time to offend someone
31. Re:Hmmm... by tlhIngan · 2013-10-30 03:44 · Score: 1
  
  Why? Because the majority of GPS navigation software calculates speed based on delta-lattitude and delta-longitude only (well, with lattitude correction), completely ignoring delta-altitude. Apparently 3D velocity vectors are too hard for the average software engineer to calculate.
  Except GPS altitude resolution is far worse than lat/long. Without SA, 2D positioning is roughly anywhere from 3-10 meters. Altitude positioning is at a minimum, +/- 100 meters or more.
  Using 3D vectors would result in wildly inaccurate GPS speed readings because your GPS altitude while standing still can vary quite significantly.
  Additionally, unless you're on a particularly steep slope (like say, Lombard street), the amount of vertical altitude gained wouldn't really throw the results out too badly. A normal slope is usually under 5% or so (100m long, 5m up,). Doing Pythagoras reveals the hypotenuse is 100.12m, or about 12cm longer, or a 0.12% error, well below the positioning error of GPS.
32. Re:Hmmm... by Penguinisto · 2013-10-30 03:52 · Score: 1
  
  A couple of things to note...
  * Tire size changes your speedo accuracy. When I went from stock to 32" all-terrain tires on my old Jeep, my speedo under-reported - the speedometer (at least in older cars) gets its input from the transmission output gearing, not the wheels. This means a larger tire diameter gives you faster speed than a smaller one at the same driveshaft RPM. Conversely, a smaller overall tire diameter will over-report your speed for the same reasons (for those who get into the whole low-profile thing). I think the rough estimate was something like a 3-5 mph boost for every additional inch in tire diameter.
  * Most states have a bit of 'slop' factor in their official statutes due to a recognition of speedometer accuracy; I recall that Utah's state troopers don't bother with you unless you're going at least 7 mph over. This doesn't mean that doing 5 mph over is smart though, because unless your speedo is perfectly tuned, you could already be going 5-7 mph faster than you think you are.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
33. Re:Hmmm... by Sun · 2013-10-30 04:02 · Score: 1
  
  The one comment thread I thought was safe from politics..... :-)
  Shachar
34. Re:Hmmm... by gsslay · 2013-10-30 04:15 · Score: 1
  
  You, the driver, are responsible for the legal operation of your vehicle. If your vehicle's instruments are incorrect and you get a ticket then equipment malfunction is no defense. Otherwise no-one would ever pay any traffic related fine, because they could always blame their car. I didn't stop in time because my brakes are broken. I didn't indicate because my indicator is bust. I'm disturbing the peace because my muffler has a hole. I drove at 50 because my speedometer is wrong. Not my fault.
  If it is the car's manufacturer's fault, or your car mechanic's, then that is something you can take up with them, legally if you like. But you're still getting the speeding ticket.
35. Re:Hmmm... by Anonymous Coward · 2013-10-30 04:25 · Score: 0
  
  Just like Tommy Thompson did.
  
  Records compiled by the State Division of Motor Vehicles show six of seven speeding tickets and one for running a red light issued to Republican gubernatorial candidate Tommy Thompson have been reduced since 1979.
  Five of the speeding tickets were lowered to defective speedometer convictions and one to imprudent speed, the records showed.
  Thompson said he believed it necessary to avoid speeding convictions because it was important politically to keep his driver's license.
  Thompson, a lawyer and the Assembly minority leader, said he hired hsi Mauston law partner, Dennis Schuh to win defective speedometer pleas to avoid speeding convictions.
  Recrods of Thompson's tickets show the defective speedometer claim was used for at least three vehicles Thompson was driving when arrested for speeding.
  Schuh said he did not recall whether speedometers were repaired in any of the cases.
  
  That's how it works for the rich and well connected.
36. Re:Hmmm... by SleazyRidr · 2013-10-30 04:27 · Score: 2
  
  I am a heterosexual male, and while I do not have the experience of the GP, I have driven fast enough to make you shit your pants (one of the reasons I don't let you in my car.) I also have never received a ticket, because I go to magical places known as racetracks when I want to drive faster than the local constabulary allows.
  
  --
  Is 1563649 a prime number?
37. Re:Hmmm... by zidium · 2013-10-30 05:16 · Score: 1
  
  You guys are all better at conforming to a fascist system than I am! Much better!
  You're telling me you always plod along slower than the rest of traffic or are incredibly lucky? Never needed to be somewhere important enough that you had to book it 15 miles over to get there on time?
  Can't say I would want to trade your life for mine. Sure I got problems, but I've also lived a little!
  
  --
  Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
38. Re:Hmmm... by zidium · 2013-10-30 05:18 · Score: 1
  
  I'm not nearly as good at cowtowing to an arbitrary far-lower-than-safe speed limit meant to bring in revenue for some random city I don't even live in than you, apparently.
  I understand how women and old people could have evolutionary advantages for not (safely) pushing the envelope, but young men? Hmm...
  
  --
  Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
39. Re:Hmmm... by SleazyRidr · 2013-10-30 05:32 · Score: 1
  
  Cruise control, baby. Makes public roads so much more fun. Like I say, racetracks let you actually go fast, instead of hitting 80 and having to slam on your brakes to avoid the truck who just pulled into your lane.
  
  --
  Is 1563649 a prime number?
40. Re:Hmmm... by Capt.DrumkenBum · 2013-10-30 05:40 · Score: 1
  
  The one comment thread I thought was safe from politics..... :-)
  I blame Obama! That bastard!
  
  --
  If I were God, wouldn't I protect my churches from acts of me?
41. Re:Hmmm... by Xicor · 2013-10-30 06:07 · Score: 2
  
  if you could prove that your car was tested in working condition with the proper speed on the meter, and you had proof of the speed your car was going before you got pulled over, you could go and argue that the police's radar wasnt in proper working condition... in fact that is one of the best ways to avoid all speeding tickets. 95% of the time, the radar gun isnt calibrated according to the calibration requirements of the manufacturing company (like once per couple of days or something). so you go to court and say the radar gun was wrong and get them to bring out the calibration logs... most of the time they cant.
42. Re:Hmmm... by swb · 2013-10-30 06:19 · Score: 1
  
  I just don't get caught.
  I've broken 100 MPH in 3 cars and on my motorcycle. When the speed limit was 55, I did Duluth to Minneapolis on my motorcycle in in 2 hours flat. My math tells me that's at least 77 MPH average. That's nothing now that the speed limit is 70, but it was kind of an accomplishment when it was 55.
  But all of that is largely behind me. I like to go fast where I can, but my interest in LEO contact is less than zero. I would rather set my distance-sensing cruise control at about 4 MPH over the limit and just cruise.
43. Re:Hmmm... by CeasedCaring · 2013-10-30 08:01 · Score: 1
  
  GP probably intended to say "Required to read within +10%/-0%".
  In addition, no MOT == no insurance (also compulsory in UK), leaving the vehicle owner open to prosecution resulting in large fines, disqualification from driving, and possibly even confiscation & destruction of the vehicle.
44. Re:Hmmm... by David_W · 2013-10-30 08:53 · Score: 1
  
  But you're still getting the speeding ticket.
  Often times, if you can bring proof to court that you had the malfunction repaired (generally a receipt from a reputable mechanic saying they adjusted/replaced/whatever the relevant part) the ticket will be dismissed. For example, my sister was cited for having her windows tinted too dark (she bought the car, used, in WV, which is less stringent than VA, where she actually lived). She had the films removed, came to court, and the citation was dismissed. Of course this probably only works about once per car.
45. Re:Hmmm... by Tassach · 2013-10-31 06:25 · Score: 1
  
  At least where I live (Israel), most (but not all) criminal charges require a "criminal intent" component. You cannot be charged with murder if you did not intend anyone killed (but can be charged with man slauter, as that one doesn't require criminal intent).
  US law used to recognize Mens Rae (guilty mind) as a necessary component for a criminal conviction. However, the War On Drugs has given rise to the predominance of strict liability in criminal law (whereas it was formerly confined primarily to civil law).
  
  --
  Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
46. Re:Hmmm... by Tassach · 2013-10-31 06:26 · Score: 1
  
  When you get clocked doing 20 over and you tell the cop that your speedometer is broken let me know if their words aren't "Tell it to a judge."
  I've been in court when I've seen judges reduce the fine based on speedometer calibration report from a mechanic.
  
  --
  Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
47. Re:Hmmm... by Anonymous Coward · 2013-10-31 09:53 · Score: 0
  
  In the US, speeding is a strict liability offense; if you drive faster than the speed limit, you are liable, even if you acted with such reasonable care that you could not even be said to have acted negligently, much less recklessly, knowingly, or intentionally.
  It's not a standard that gets used a lot, but it is also known in statutory rape and some copyright infringement.
  The legal term "strict liability" is simply a euphemism for "we legal professionals refuse to acknowledge the Bill of Rights, in spite of the oaths we swore to uphold it, because it's not in our long term economic interests, as a class in society, to do so".
  The Bill of Rights was written to be an open-ended document, in order to deal with the objection made by the Anti-Federalists that any Bill of Rights would be incomplete and would fail to list many rights that the people would need to assert against their government. That's why we have a 9th Amendment (unspecified rights retained by the people) and a 10th Amendment (unspecified rights reserved to the people). Strict liability does not permit the operation of these rights: as such, it's unconstitutional.
  If we hold somebody to be guilty of wrong doing as a result of brain-dead application of some literal text in a law book (or even some rule of law, or application of a precedent), when they are in fact engaged in reasonable conduct under reasonable circumstances, we are violating their rights.
  An arrest made in such circumstances is indistinguishable from criminal kidnapping, a fine (or even forcing somebody to pay for legal services) indistinguishable from armed robbery.
  By definition, rights retained by the people are retained by the people. It is not within the legal authority of any entity of government to take away such rights, for if they did, the rights would no longer be retained by the people. Hence, any court ruling to the contrary would be an illegal ruling, with the judge or judges involved engaged in a violation of the oaths they have sworn to uphold the Bill of Rights.
  When considering any legal issue, it is generally worth spending a few minutes reflecting upon the fact that legal professionals, as a class in society, are in a position of ethical conflict of interest with respect to the nature, scope, and form of the legal system. Legal system with certain characteristics, such as contradictions, or rules of law that interfere with reasonable rights, create a long term dependence on (or, in other words, an artificial economic demand for the services of) the legal profession to protect people from their own legal system. The "strict liability" "rule" is simply one example of a VERY large ethics problem in US law.
Not too surpising. by Anonymous Coward · 2013-10-29 19:37 · Score: 0

It's not like the systems were ever intended to be secure, or anything like that...
Surprising to me by Okian+Warrior · 2013-10-29 19:47 · Score: 4, Interesting

I used to write software for aircraft instruments.
What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
I would have thought that certain features of the car would be fixed program/unchangeable, at the very least to simplify the design.
1. Re:Surprising to me by Anonymous Coward · 2013-10-29 19:52 · Score: 0
  
  they are "fixed" at the rom level, change the chip to do anything else
2. Re:Surprising to me by Anonymous Coward · 2013-10-29 19:55 · Score: 2, Insightful
  
  It's not that its reprogrammable, it's that you can spoof the data going to it from the wheel sensors. Because they have everything on the same data bus (they use a modified version of CAN busses in aircraft) you can inject (by literally plugging into the bus) your own packets with new speed data.
3. Re:Surprising to me by houghi · 2013-10-29 19:57 · Score: 2
  
  The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
  If^hWhen the US finally adapts to the metric system. Obviously.
  
  --
  Don't fight for your country, if your country does not fight for you.
4. Re:Surprising to me by Anonymous Coward · 2013-10-29 19:58 · Score: 0
  
  They cant reprogram the speedo, but they can spoof data packets going to it with new speed data. It's all on the same data bus so you literally just hook up to 2 wires and your in. Physically access required obviously.
5. Re:Surprising to me by Anonymous Coward · 2013-10-29 20:00 · Score: 0
  
  but at the end, its all still governed by mechanical means, the fly in the ointment is electrical cars ............
6. Re:Surprising to me by sjames · 2013-10-29 20:22 · Score: 4, Insightful
  
  Sadly, it may not require physical access. All the entertainment system and GPS nav are connected to the bus as well. It may be possible to get in through wifi or bluetooth and hack an entertainment device to proxy you in to the CAN bus. See this.
7. Re:Surprising to me by brantondaveperson · 2013-10-29 20:28 · Score: 4, Informative
  
  This is the only comment here so far of any consequence. Hacking a car by plugging into the CAN bus is hardly rocket science, but remotely gaining access to the car's ECU's via bluetooth is a very different matter indeed. Securing CAN is pretty much a non-starter, but securing those wider area wireless networks that cars are increasingly supporting is something that should be taken very seriously indeed. And if Toyota's recent drubbing in the source code courts shows anything, it shows that car manufacturers don't make very good software houses.
8. Re:Surprising to me by Anonymous Coward · 2013-10-29 20:29 · Score: 1
  
  I used to write software for aircraft instruments.
  What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
  I would have thought that certain features of the car would be fixed program/unchangeable, at the very least to simplify the design.
  The first reason is because parts in a car can be changed. The example of a speedometer is a perfect example - The speedomoter works by taking revolutions from the axel and display those revolutions per second to a more human-readable from. So what so you think will happen when someone changes their wheels from 18 inch rims to 22 inch rims? The car is travelling faster than what was originally designed, as your wheels move the car further per revolution of your axel. Thus, the speedometer must be adjusted to reflect this.
  The second reason is that they don't want to have to rewrite programs with hard coded constants for EVERY single model of car released. It makes sense to write code that can be used in multiple scenarios. Of course this brings in a certain level of unreliablity, however so long as this unrealiablity does not cause problems for the selling company, why would they worry?
9. Re:Surprising to me by Anonymous Coward · 2013-10-29 20:46 · Score: 1
  
  On my car at least, the manufacturer openly allows for the installation of different diameter tires (for the same rim diameter) - ie. 195/65R15 and 195/60R15 - not just different widths/rim diameters ie. 195/65R15 and 205/55R16
  This actually means that for the same given RPM the speedometer will now be off by a few percentage points - and they have in the setup menu (which is driver accessible) an option to adjust tire circumference (by % - up to +/- 10%) so as to have a more accurate reading for the tires you're using at the moment
  So ... is this requirement enough to warrant a change ?
10. Re:Surprising to me by viperidaenz · 2013-10-29 20:58 · Score: 2
  
  Governed by the motor that controls the throttle. More and more cars are going to drive-by-wire systems. It makes traction control, economy modes and cruise control much easier.
11. Re:Surprising to me by Calinous · 2013-10-29 21:13 · Score: 1
  
  If you change wheel sizes, then you should be able to adjust the reading. External circumference of allowed wheel sizes for a certain vehicle can vary quite a bit, if I remember correctly.
  I've just checked, and for Opel Astra G legal tire circumference varies beetween 72.5 inches (165/70 R14) and 78.1 inches (205/55R16), a 7% difference. One might want to use a type of tire for summer and another for winter (for example). While lower/higher indicated speed wouldn't be such a problem, maybe the fuel efficiency "hit" shown on the trip monitor might be a different thing.
12. Re:Surprising to me by Anonymous Coward · 2013-10-29 21:15 · Score: 0
  
  Perhaps you were making a joke and have never driven a US automobile. A US vehicle speedometer is double gauged and indicates both mph and kph.
  Therefore, no such upgrade would be necessary on any vehicle built in the last 40+ years.
13. Re:Surprising to me by NJRoadfan · 2013-10-29 23:39 · Score: 2
  
  According to the service manual for my car, the "entertainment" CANBus system (which has the bluetooth connection) is separate from the rest of the car's systems. What worries me is that some companies (I'm looking at you Nissan) has gone to using bluetooth based diagnostics tools at their dealerships.
14. Re:Surprising to me by zeroduck · 2013-10-30 00:06 · Score: 2
  
  What exactly does "separate" mean? Modern cars have multiple CAN and LIN (and FlexRay and Ethernet) networks, but they are bridged by modules that gateway specific messages/signals from one network to the other. Your entertainment system probably reacts to the state of your vehicle (are some functions not available when in drive? Going above some speed? Doors open?). Separate very likely does not mean "air gapped" like you'd mean in a high security computer network.
  That said, I'm not totally convinced by any of the hacks I've seen that there is reason for panic. The one I saw where they were able to control remotely required physical access to an ECU to reflash firmware. Give me physical access to any of your electronics, and I'll make it bend to my will.
15. Re:Surprising to me by kimvette · 2013-10-30 00:15 · Score: 1
  
  Why make the speedo adjustable?
  For calibration; cars can come with different gear ratios and tire diameters, so rather than make multiple speedometers or have to change a speedometer gear or wheel speed sensor, the algorithm can be made selectable or modifiable so it can be changed over the OBD2/CAN bus.
  
  --
  The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
16. Re:Surprising to me by ebno-10db · 2013-10-30 00:34 · Score: 1
  
  What's surprising to me is that single-function devices can have their functions changed. The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
  From what I read, it's not clear whether they actually modified the speed sensor (or wheel position, or whatever they use) of if they spoofed the packets between the sensor and other parts of the system (e.g. the instrument panel).
17. Re:Surprising to me by ebno-10db · 2013-10-30 00:36 · Score: 1
  
  they are "fixed" at the rom level, change the chip to do anything else
  Do you know they're not using Flash? It's been a long time since I've seen masked ROM for anything but boot functions and whatnot. Even if it's cheaper, masked ROM is a production nightmare.
18. Re:Surprising to me by Anonymous Coward · 2013-10-30 00:42 · Score: 1
  
  Your entertainment system probably reacts to the state of your vehicle (are some functions not available when in drive? Going above some speed? Doors open?). Separate very likely does not mean "air gapped" like you'd mean in a high security computer network.
  It very much depends on the manufacturer. Some gateway messages between buses with no airgap between, but others do completely isolate the entertainment bus, with speed, brake, reverse and steering wheel button info passed in the old fashioned way, via separate signal wires.
19. Re:Surprising to me by jrumney · 2013-10-30 00:46 · Score: 1
  
  Do you know they're not using Flash? It's been a long time since I've seen masked ROM for anything but boot functions and whatnot. Even if it's cheaper, masked ROM is a production nightmare.
  For that there is the OTP bit in many Flash devices. Any safety critical system should be using it.
20. Re:Surprising to me by jrumney · 2013-10-30 00:47 · Score: 1
  
  Therefore, no such upgrade would be necessary on any vehicle built in the last 40+ years.
  I guess one day in the near future, someone will invent the digital speedometer, and that will cease to be true.
21. Re:Surprising to me by Anonymous Coward · 2013-10-30 01:23 · Score: 0
  
  Maybe you should stick to aircraft.... :-)
  Car speedometers like bike speedometer are based on rotational speed/frequency. A larger or smaller tire will affect that reading. So at the very least it needs to be at least one time configurable for tire size assuming they use the same speedometer on various makes and models, though, it might not be a bad idea to be post configurable by the dealer, in the event a different size tire is used than originally configured.
22. Re:Surprising to me by Anonymous Coward · 2013-10-30 01:44 · Score: 0
  
  Cool! I presume you have a case where there was a digital speedo in a US vehicle that could *not* optionally display the speed in kph? Tell us about it!
23. Re:Surprising to me by danknight48 · 2013-10-30 03:12 · Score: 1
  
  The speedometer has one function: to report the vehicle's speed. What requirement is satisfied by allowing this to change? Why would you even need to upgrade it?
  Wheel circumference.
  As most cars rely on the rotation of a wheel to calculate speed. A new set of tires, and/or change in wheel circumference (low profile), would result in incorrect speedometer readouts.
  By allowing the change of speedo settings, this could be "fixed".
24. Re:Surprising to me by YabooYig · 2013-10-30 03:38 · Score: 1
  
  The speedometer will be configured to respond to a specific CAN message.
  
  For example, in J1939 the vehicle speed is contained in a message formatted as follows:
  
  Header ------------- Bytes 1-8
  18FEF100 __ ll hh __ __ __ __ __
  
  The speedo filters messages which have the header __FEF1__ and convert bytes 2 and 3 into speed, then displays it.
  The hackers devices merely blasts the bus with erroneous messages.
25. Re:Surprising to me by Penguinisto · 2013-10-30 03:56 · Score: 1
  
  they are "fixed" at the rom level, change the chip to do anything else
  Even in the good old days, if the chip was a UVPROM, you could re-program/re-flash it easily enough. All you needed was a flashing socket, some software, and a blacklight.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
26. Re:Surprising to me by Agripa · 2013-10-30 04:20 · Score: 1
  
  With the right processor instruction set like that of the 8080, you could patch the UVPROM without erasing it because NOP instruction could be all cleared bits. Just include a series of NOP instructions wherever you might want to program a patch without erasing first.
27. Re:Surprising to me by Agripa · 2013-10-30 04:22 · Score: 1
  
  Even more scary are recent embedded devices which use low retention time NAND Flash for firmware storage and copy into RAM before execution.
28. Re:Surprising to me by Crudely_Indecent · 2013-10-30 04:44 · Score: 1
  
  I drive a Volvo. The manufacturer spec tires are hard to find in the US - so most people get a tire that's almost the same size (usually, slightly larger). This tire diameter difference causes an issue with the speedometer. You're always travelling faster than the speedometer reports. Accessing and reprogramming the speedometer would allow an owner to have his cake (cheap and readily available tires) and eat it too (accurate speedo).
  Personally, I find that the car performs better with the right tires. If you're going to drive a car with a turbo, get good tires.
  
  --
  
  "Lame" - Galaxar
29. Re:Surprising to me by PKFC · 2013-10-30 04:45 · Score: 1
  
  The only thing I've got is that I've had cars with an analog (2012 Camaro) and a digital (2008 Civic) speedometer that allow you to switch between mph and km/h making that an additional function they have. Didn't read TFA, but making it appear slower than actual? km/h to mph would do that.
30. Re:Surprising to me by Anonymous Coward · 2013-10-30 05:17 · Score: 0
  
  What if you replace the rims?
  The speedometer must be able to be scaled properly based upon the mechanical movements of the attached parts.
  One revolution of a 13" rim goes less distance than one revolution of a 22" rim. The speedometer needs to be adjusted to account for this.
31. Re:Surprising to me by Anonymous Coward · 2013-10-30 05:40 · Score: 0
  
  My 2005 CTS allows me to change the units from US to metric while moving. The speedometer display responds immediately.
32. Re:Surprising to me by Anonymous Coward · 2013-10-30 05:44 · Score: 0
  
  In addition to spoofing the data coming from the sensor, you can simply re-scale the display. I have not done vehicle coding, but am a controls engineer for a living and I would bet that the speed information comes in, then it is probably multiplied by a scaling constant to make it mph. Chang the scaling constant, change what is displayed. I would wager that all the vehicle inputs come in in this manner so just change scaling constants and suddenly every gauge is reading off. Throw in an algorithm that changes that constant randomly and hilarity ensures!
33. Re:Surprising to me by Anonymous Coward · 2013-10-30 06:08 · Score: 0
  
  car manufacturers don't make very good software houses.
  Can you give me a car analogy?
nothing ot see, move on by Anonymous Coward · 2013-10-29 19:47 · Score: 0

all they could do with the brakes is turn off and on any "skid control" systems, the brake system on cars is STILL a mechanical/hydrochloric system , link from steering wheel to steering rack is not fly by wire in the EU, and cars still have "butterfly" valves for air intake, that is linked to pedal postion .. via mechanical cable
1. Re:nothing ot see, move on by sjames · 2013-10-29 20:27 · Score: 3, Informative
  
  Not really. ABS for example modulates the braking power. In one test, researchers were able to put the brakes into 'maintenance mode" normally used when changing the pads. In that mode, the brakes don't work. If I understand correctly, that mode is used instead of the old trick of compressing the wheel cylinder with a c clamp.
  To complete the lunacy, in some cars, the parking/emergency brake is electrically activated now.
2. Re:nothing ot see, move on by Anonymous Coward · 2013-10-29 20:44 · Score: 0
  
  will find out about 'maintenance mode", a friend of mine, works with the manufacturers on designing canbus systems for cars, diagnostics and test devices
3. Re:nothing ot see, move on by sjames · 2013-10-29 20:56 · Score: 1
  
  I found an example.
4. Re:nothing ot see, move on by Lumpy · 2013-10-29 22:43 · Score: 1
  
  This is a blatent lie. there is no "maintaince mode" for ABS brakes, not even my BMW, my BMW motorcycle, my honda or my jeep have such a "mode" for changing break pads. and yes I have the same tool they use at all the high end shops, the Snap-On Solus is what is used by 99% of all repair shops out there, there are no magical, "retract the pads please HAL" mode to make brakes easier...
  Whoever told you this knows nothing at all about cars and made that up.
  
  --
  Do not look at laser with remaining good eye.
5. Re:nothing ot see, move on by NJRoadfan · 2013-10-29 23:45 · Score: 1
  
  Most cars with an electronic parking brake require that it be put into a service mode to change the rear pads. Most cars will disable the ABS/Traction Control function while the controller is in diagnostics mode, but the braking system will still function and stop the car.
6. Re:nothing ot see, move on by LurkNoMore · 2013-10-30 00:29 · Score: 1
  
  all they could do with the brakes is turn off and on any "skid control" systems, the brake system on cars is STILL a mechanical/hydrochloric system , link from steering wheel to steering rack is not fly by wire in the EU, and cars still have "butterfly" valves for air intake, that is linked to pedal postion .. via mechanical cable
  Wow, the EU must be a pretty backward place. From a performance stand point, I know when they unveiled the new 2005 Mustangs in America a lot of people griped that the throttle is electronically controlled, there is no direct linkage. Not to mention, luxury brands like Lexus, Range Rover, etc all use electronic throttle control. Hell, do you remember all of the "unexplained" acceleration problems that Toyota had? It was because of electronic throttle control. PS, they lost the lawsuit that dealt with a 2005 Camry.
7. Re:nothing ot see, move on by Anonymous Coward · 2013-10-30 00:45 · Score: 0
  
  That's what it's supposed to do. What happens when it goes wrong?
  AC
8. Re:nothing ot see, move on by Anonymous Coward · 2013-10-30 00:59 · Score: 0
  
  i guess its for safety, as for mustangs, now, THEY are backwards
  most cars i think, run fly by wire AND mechanical link, in tandem, one has to agree with the other
  as for toyota, it shows the need i guess for a dual system? like in the "backwards" EU
9. Re:nothing ot see, move on by Anonymous Coward · 2013-10-30 02:18 · Score: 0
  
  as for toyota, it shows the need i guess for a dual system? like in the "backwards" EU
  I must admit I don't know of any law or rule that states pure ride-by-wire is not allowed in Europe. If there is any such rule it will only apply to cars, because virtually all major European motorcycle brands have pure ride-by-wire models.
10. Re:nothing ot see, move on by sjames · 2013-10-30 05:28 · Score: 1
  
  Look here(scrool down just a bit)>
  Now, don't you feel stupid for accusing me of a blatant lie? Kinda like in the cartoons when a dunce cap appears?
11. Re:nothing ot see, move on by mirix · 2013-10-30 05:54 · Score: 1
  
  Any kraut car (i suppose any car, full stop) with ASR / ESP has electronic throttle, not mechanical cable. (by definition - the system has to be able to cut the throttle, and it can't with a mechanical cable).
  
  --
  Sent from my PDP-11
12. Re:nothing ot see, move on by Anonymous Coward · 2013-10-30 06:23 · Score: 0
  
  To complete the lunacy, in some cars, the parking/emergency brake is electrically activated now.
  It's not lunacy. They last better because people have the bad habit of pulling it too hard by hand and making the lever shorter to make it harder to pull isn't an option either since then a few old ladies wouldn't have the strength required. An additional benefit is of course space for an extra cup holder or whatever when the brake is just a button.
13. Re:nothing ot see, move on by sjames · 2013-10-30 06:42 · Score: 1
  
  It is lunacy. When it's a simple cable you can actually use it to stop the car when the main brakes fail. With a bit of finesse you can even use it to limp to a safe place to stop and fix the main brakes.
14. Re:nothing ot see, move on by Anonymous Coward · 2013-10-30 07:16 · Score: 0
  
  If you know so much about cars, why can't you spell "brake pads" correctly?
15. Re:nothing ot see, move on by Cramer · 2013-10-30 09:58 · Score: 1
  
  VW VR6 (don't remember year)... mechanical throttle with all the rest of the electronic crap. The ECU still controls the fuel pump, injectors, and ignition coils. You'll go as fast as the ECU allows.
16. Re:nothing ot see, move on by colinjl · 2013-10-30 10:57 · Score: 1
  
  all they could do with the brakes is turn off and on any "skid control" systems, the brake system on cars is STILL a mechanical/hydrochloric system , link from steering wheel to steering rack is not fly by wire in the EU, and cars still have "butterfly" valves for air intake, that is linked to pedal postion .. via mechanical cable
  Wow! what do they make the brake components from to avoid them being eaten away by the 'hydrochloric' system?
Right..... by Anonymous Coward · 2013-10-29 19:50 · Score: 0

So you're trying to tell me, If I physically tap into the wires that drive the speedo/alarm/etc I can make them do funny stuff? Thats CRAZY!
The only thing that makes this more dangerous than doing the same thing on an old car is you only need to get 2 wires to have access to many systems. Besides that, it's the modern day equivalent of getting underneath the car and cutting brake lines. Why is all this so surprising?
In fact the purpose is to simplify a design by Anonymous Coward · 2013-10-29 20:15 · Score: 0

The car factory builds a number of different cars on one assembly line. Also the service points and supporting logistics must be capable of fitting a replacement for 10-15 years after the car is made. Maybe the instrument is not simplified but the manufacture and support of the vehicle range is.
If the speedometer can be told some information about the car then it can be installed in many cars. For instance, the number of pulses to travel 1000 m will account for variants in drive ratios and wheel sizes.
The speedometer is actually part of a higher integration, the combined instrument cluster. Every instrument on it will have some adaptation to the specific vehicle it is installed in. The tachometer should know the number of cylinders in the engine, the temperature gauge should know the normal operating temperature of that engine so it will point straight up when normal. Maybe it measures fuel consumption and calculates driving range so it should know about the size of the fuel tank and the amount of fuel dispensed with each pulse. Maintenance reminder? Schedules are different for different engines and even markets (one european automaker does not remind the driver to change his brake fluid on cars delivered to north america.)
So we have hundreds of variant combinations that can be solved with one part running the one software project. Maybe the same electromechanical unit can be placed in a different housing to be used in different car platforms with different dashboard shapes.
It's of no consequence that module variant coding makes it more difficult for the user to repair his own car by exchanging parts, since many of these also are storing unique data about the individual car such as serial number, backup of odometer, running hours, etc.
In other Breaking News... by nonsequitor · 2013-10-29 20:43 · Score: 2

In other breaking news, cutting the brake lines of cars can prevent them from operating correctly. Somebody issue a recall, quick!
This is not news, a CAN bus is viewed by the industry in the same way as analog wiring in the car, physically vulnerable. It's an issue when the side view mirror actuators are on the CAN bus, and thieves can open the door and start the engine with this technique. However, this research is stating the obvious for anyone in the know. Next thing you know, one of these researchers will find a copy of the J1939 protocol standard used by the automotive industry and discover what the CAN messages mean without fuzzing the problem space.
If someone found an On Star exploit that allowed a hacker to remotely accomplish these things on the CAN bus, then it would be news, this is not.
1. Re:In other Breaking News... by GeoBain · 2013-10-29 21:24 · Score: 1
  
  If someone found an On Star exploit that allowed a hacker to remotely accomplish these things on the CAN bus, then it would be news, this is not.
  From the article: The researchers were able to control everything from the car’s brakes to its door locks to its computerized dashboard displays by accessing the onboard computer through GM’s OnStar and Ford’s Sync, as well as through the Bluetooth connections intended for making hands-free phone calls.
2. Re:In other Breaking News... by VortexCortex · 2013-10-29 21:46 · Score: 1
  
  Oops.
3. Re: In other Breaking News... by nonsequitor · 2013-10-29 21:54 · Score: 1
  
  What article did you read? The article linked in the summary says physical access to the CAN network was required for this hack. They said other researchers had hacked the car over Bluetooth, but not the researchers in the article.
4. Re:In other Breaking News... by jklovanc · 2013-10-30 01:15 · Score: 1
  
  This is the quote from the article;
  
  With physical access to the cars the men were able to make vehicles appear to drive slower than actual speed, manipulate brakes, alarms and unlock doors.
  
  The article links to a paper discussed in a previous article that also dealt with control through direct physical access.
  Here is a quote from the paper
  
  Figure 2 shows the experimental setup inside the car. For these experiments, we connected a laptop to the car’s standard On-Board Diagnostics II (OBD-II) port.
  They have physical access to the diagnostics port not wireless access through a vehicle system.
Good! by thegarbz · 2013-10-29 21:34 · Score: 1

Not every bloody thing need authentication. To gain access to the CAN bus you need physical access to the car. If you had that you could just cut a brake line, or simply plant a bomb. Not everything needs authentication / encryption. If it all does you end up with a form of lockout.
I saw another comment here saying that the entertainment system is also connected to the CAN bus and that offers wireless or bluetooth connections. Well why not take that leap and identify if you can somehow hack THAT entry vector and affect the vehicle in the same way. If so, great, let's plug THAT hole.
1. Re:Good! by Lumpy · 2013-10-29 22:38 · Score: 1
  
  No matter how badly the armchair hackers here want to sound like they know something, you cant hack the canbus via the bluetooth audio channel in the car stereo.
  A lot of them learned all they know about hacking from TV shows and movies.
  
  --
  Do not look at laser with remaining good eye.
2. Re:Good! by Anonymous Coward · 2013-10-29 22:44 · Score: 1
  
  If you had that you could just cut a brake line, or simply plant a bomb.
  If you don't want your manipulation to be detected afterwards, cutting brake lines or planting a bomb is probably not a viable solution, while manipulating the electronic systems might go unnoticed. Also, unlike a cut brake line, the time between manipulating the car and triggering the break failure can be arbitrary large, which may considerably reduce the probability for the attacker to be identified. For a cut brake line, you can narrow it down to the people who could have had access to the car since the last use (because if at that time the brakes worked, the brake line wasn't cut yet). OTOH, for an electronic manipulation, the relevant access to the car may have been a much longer time ago.
3. Re:Good! by necro81 · 2013-10-30 01:22 · Score: 1
  
  To gain access to the CAN bus you need physical access to the car. If you had that you could just cut a brake line, or simply plant a bomb.
  cutting the brake line is pretty damn obvious, so is a bomb. If you wanted to be sneaky about it, you could add a module that would allow you to remotely command the car, while on the highway, to accelerate and then suddenly turn left, while also disabling the brake, traction control, and ABS. In other words, you could make it look like an accident. Depending on how you stage it, the car may or may not be thoroughly inspected, so your easily-concealed module may or may not be discovered afterwards.
4. Re:Good! by jklovanc · 2013-10-30 01:26 · Score: 1
  
  The evidence of tampering would be the hardware physically attached to the diagnostics port. Nowhere do they talk about modifying the system and having it go off later. If you read the paper they link to with the folowing text you will see that it too required physical access to the diagnostics port.
  
  Other researchers have accessed car networks via bluetooth and developed ways to compromise autos through firmware.
  They seem to be hoping we will take their word for what the paper says or didn't read it themselves.
Surprise by Anonymous Coward · 2013-10-29 21:36 · Score: 0

Car Hackers are hacking.
another nail in the coffin for autonomous vehicles by Anonymous Coward · 2013-10-29 22:22 · Score: 0

What could've been an impressive technology continually reveals an increasingly scary weakness, who would've thought?
Sensationalist... by Lumpy · 2013-10-29 22:36 · Score: 1

So if you see a hacker hiding under your dashboard you need to worry, as NON OF THIS CAN BE DONE without physical access of the vehicle from inside.
Call me when they can hack Any car wirelessly from 300 feet away using their laptop, until then all of this is nothing but fearmongering.

--
Do not look at laser with remaining good eye.
1. Re:Sensationalist... by neurovish · 2013-10-30 04:28 · Score: 1
  
  So if you see a hacker hiding under your dashboard you need to worry, as NON OF THIS CAN BE DONE without physical access of the vehicle from inside.
  Call me when they can hack Any car wirelessly from 300 feet away using their laptop, until then all of this is nothing but fearmongering.
  What's your phone number?
  http://www.technologyreview.com/news/423292/taking-control-of-cars-from-afar/
2. Re:Sensationalist... by Anonymous Coward · 2013-10-30 13:03 · Score: 0
  
  That article is full of made up bullshit. That rag is as bad as CIO magazine in fake information.
Or you could by Anonymous Coward · 2013-10-29 22:43 · Score: 0

break into the car, cut open the seat cushion, and put a bear trap there.

But, if you fuck with people's ride and injure their friends and family members, someone's gonna shoot your ass, so why not invent something better?
CAN bus + Wireless = Bad news by Opportunist · 2013-10-29 22:55 · Score: 2

CAN was never developed with security in mind. What for, it was supposed to be a LOCAL, WIRED bus on a closed system that should only be accessed by someone whose authority to access it has been verified by different means (i.e. he has the keys to the car in the first place). Now, we can see how CAN can be abused with local access. Well, duh. Insecure system is insecure. Film at 11. Right? Well, technically, yes, but let's look a hint further, shall we?
The news here is that cars get more and more wireless features. It's simply more convenient for you to plug in all your nifty toys, from cellphone to iToy to navigator system without actually having to PLUG them somewhere. Now it's very tempting for the makers of said cars to stuff them onto the very same bus. CAN is already in your car, pretty much every kind of electronics can talk to it, ain't it the perfect thing to tie your toy into?
In theory, yes. In practice, I predict that unless car makers take special care to secure those wireless entry points we'll see a lot of similar hacks in the future, only that this time they'll be done from outside the car without physical access to it.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:CAN bus + Wireless = Bad news by jklovanc · 2013-10-30 01:34 · Score: 1
  
  At that point they can put authentication on the wireless access points and leave the rest of the physical bus unauthenticated. Until the time that unauthenticated wireless access points are installed this is a non-story and just hype.
2. Re:CAN bus + Wireless = Bad news by Anonymous Coward · 2013-10-30 22:03 · Score: 0
  
  You mean like in some existing cars where you can just call their built-in cell phone and do a buffer overflow giving you full access to the CAN bus?
3. Re:CAN bus + Wireless = Bad news by Opportunist · 2013-10-31 01:48 · Score: 1
  
  That's a tack-on solution, and I guess we should all know how well such solutions work. For reference, see the internet, its protocols and how we tried to add a "secure layer" to the mess instead of simply coming up with a solution that is intrinsically secure.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:CAN bus + Wireless = Bad news by jklovanc · 2013-10-31 03:23 · Score: 1
  
  It is a tack on solution to solve and issue caused by a tack on problem.
  Is there a an authentication protocol between the video card in your computer and the PCI bus, your mouse and the USB controller, your hard drive and the SATA bus? This is a similar situation. The point is that one needs to install hardware onto the bus to have access. The difference is that the internet is connected to millions of computers all over the world. A vehicle's network is self contained up until it is connected to the internet and that is where the security needs to be; at the connection point.
Somewhere by The+Cat · 2013-10-29 23:07 · Score: 0

Somewhere there is a low-level engineer who pointed out that security was broken who was shouted down in meetings by asshole middle managers and then fired.
The middle manager was then given a bonus while the substandard product became standard.
This is America in 2013, where the United States of America can't build a web site.
1. Re:Somewhere by operagost · 2013-10-30 02:55 · Score: 2
  
  Correction: the US government can't build a web site. US companies build web sites all the time.
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
Different wheel size by dutchwhizzman · 2013-10-29 23:12 · Score: 2

Cars come with different wheel/tire size combinations. In the past, getting another circumference wheel on your car meant that your odometer/speedo was off and you had to fiddle with magnetic fields or gear boxes in the cable to correct that. Because you want a different size/width tire for winter tires (narrower, higher side) than for summer (wide tire, low profile) you will eventually have to deal with this somehow if you want optimal grip during both summer and winter. Car manufacturers chose to deal with this by making the tire size programmable, so there would be an electronic correction for this.

--
I was promised a flying car. Where is my flying car?
No, bad by dutchwhizzman · 2013-10-29 23:15 · Score: 1

This is bad for car manufacturers. Why? Because they have to warrant that cars live a long time and will be emissions compliant too. If people can hack around in these systems, all sorts of things can happen that will make them unable to do this. I'm all for having the systems open and being able to tinker with them myself, but from a manufacturer standpoint, this is bad.

--
I was promised a flying car. Where is my flying car?
1. Re:No, bad by twistedsymphony · 2013-10-30 00:56 · Score: 1
  
  This isn't "news", people have been hacking around with that stuff since there have been computers controlling the engines in cars (which has been around since the 70s). The only thing that makes this news is that hackers recently had a bright idea to make a Bluetooth dongle for remote control.
  
  Since the start of the OBDII Standard (which was a requirement starting for 1996 model years) There have been companies that have sold devices that let you plug into the computer and modify it's parameters, disabling emissions warnings and changing fuel and timing maps, or "recalibrating" the gauge readouts, among other things. This isn't some niche thing either... this has become the foundation of the whole aftermarket tuning industry. A single model car will have several companies offering competing products.
  
  Honestly, adding additional security is a bad thing, as it is now there are enough roadblocks preventing you from having control over the software that's in your car (to actually make those changes to the computer you essentially have to reverse engineer the communication and modification protocols, hence why a single programming devices only works on specific model cars)... For all intents and purposes your new car is jailbroken, adding additional security would lock it down and take that control out of the hands of consumers.
  
  --
  Collector's Edition
2. Re:No, bad by csnydermvpsoft · 2013-10-30 00:56 · Score: 1
  
  I'm quite certain that existing regulations regarding warranties, emissions, etc. already contain clauses that limit an automaker's liability in the event that the vehicle is tampered with. Otherwise, someone could cut out the catalytic converter from their car, sell it (for the precious metals), and have the automaker replace it under warranty. Computer-based modifications would fall under the same category.
3. Re:No, bad by jklovanc · 2013-10-30 01:29 · Score: 1
  
  I call BS. Car manufacturers are not liable for all the cars that fail emission testing. Manufacturers are liable up until the vehicle is initially sold. After that the liability shifts to the owner.
4. Re:No, bad by Politburo · 2013-10-30 01:43 · Score: 1
  
  If someone is hacking around in the system, the warranty is void and the liability is on the one that does the hacking.
  
  Legally no different than cutting off your cat.
5. Re:No, bad by Bob+the+Super+Hamste · 2013-10-30 03:19 · Score: 1
  
  The US law and EPA says otherwise. It is not for the lifetime of the vehicle but is for 2years/24,000miles or 8years/80,000miles depending on the part. Now things get a bit dicey with aftermarket modifications as manufactures seem to want to blame any failure on anything not from the factory so if you go around mucking with the cars computer expect to have them say tough shit.
  
  --
  Time to offend someone
6. Re:No, bad by jklovanc · 2013-10-30 03:46 · Score: 1
  
  From the quoted article;
  
  The test failure does not result from misuse of the vehicle or a failure to follow the manufacturers’ written maintenance instructions;
  People hacking around the system could easilly be seen as "misuse".
7. Re:No, bad by thegarbz · 2013-10-30 14:43 · Score: 1
  
  No it's not. A car manufacturer's responsibility ends when the vehicle is sold, or if the vehicle is serviced.
  As pointed out to those who think they can game a speeding fine by messing with their speedo then pleading innocence, you were behind a vehicle that fails to meet [insert criteria] which makes it unroadworthy. Here have an additional fine.
  It's no different to those putting downpipes where the exhaust pipe belongs. The manufacturer is not liable for a car that no longer meets the noise regulations, the owner is.
30 feet not enough? by dutchwhizzman · 2013-10-29 23:24 · Score: 1

Recent model BMWs have been hacked wireless from 30 ft away. That is enough for the thief to hide the device used for the hack near a spot where the owner would normally park the car. They would sniff/block the central locking, so they would be able to gain access to the inside of the car. They would then trigger a buffer overflow by removing and replacing certain fuses in a certain sequence and that would gain them access to the key secrets stored inside the car's computer. They would use a device to have the car's own transponder clone one of those IDs into a blank key and as a result, they would drive away with the car, with a functioning key and no damage to it whatsoever.
I'm fairly certain that with bigger antennas and a more powerful transmitter, you would be able to do this trick at 300 feet, but I doubt that'd make a difference. By the way, the hacker doesn't have to hide under the dashboard, they have access to the CAN bus on the outside of the car too. All light units and the plug for the trailer hitch are connected to this bus. Wires for the bus are usually exposed on the underside of the car, or easily accessible with the removal of a panel only held on by a few screws. Even if one of those notoriously leaky programmed BT enabled center consoles wouldn't be pwnable, physical access would be 2 minutes and a philips screwdriver away.
No, it's not universal for all brands yet, but current developments and product announcements indicate that it won't be long before that *will* happen, unless the car industry starts asking security professionals how to deal with this instead of reinventing the wheel themselves.

--
I was promised a flying car. Where is my flying car?
1. Re:30 feet not enough? by jrumney · 2013-10-30 01:12 · Score: 1
  
  All light units and the plug for the trailer hitch are connected to this bus.
  
  CAN enabled light bulbs? No, there is a CAN enabled relay box somewhere near the top of the engine bay (maybe reachable from the outside of the car if you use your imagination and pretend you have octopus tentacles for arms) which controls the lighting. As for trailer connections, maybe on a semi where the CAN bus is standard SAE J1939, but on cars and light trucks, the protocols are all manufacturer specific so there would be no point in passing them through to a trailer.
2. Re:30 feet not enough? by Lumpy · 2013-10-30 01:43 · Score: 1
  
  No it hasnt. stop reading into what is nothing more than a rolling code exploit.
  
  --
  Do not look at laser with remaining good eye.
3. Re:30 feet not enough? by mcgrew · 2013-10-30 11:19 · Score: 1
  
  I'm fairly certain that with bigger antennas... you would be able to do this trick at 300 feet
  Radio doesn't work like that. For optimal transmitting/receiving you need the antenna to be tuned to the frequency being transmitted. Try to use a two meter antenna for wifi and you'll be lucky to get a signal at all. The antenna needs to be the same length as the frequency's wavelength (or certain multiples; I've forgotten a lot).
  
  --
  Free Martian Whores!
4. Re:30 feet not enough? by Anonymous Coward · 2013-10-30 12:19 · Score: 0
  
  There are plenty of antenna concepts, like a parabolic reflector, that use elements larger than the wavelength and have improved gain/directionality by using a larger reflector. Other designs that are meant for compact space are smaller than the wavelength, but could benefit from being made larger.
Are all busses unauthenticated? by swb · 2013-10-29 23:38 · Score: 1

I bought a used Volvo S80 about 4 years ago. I added the iPod connector for the stereo -- a factory option my car didn't come with.
The dealer had a real problem getting it to work -- the stereo would indicate the input was there, but when you switched to it it would work for about a minute and then stop working. The description they told me was that the car's data bus was rejecting the accessory because it wasn't authenticating.
Now, I don't know if this was an accurate assessment or not, but it took some kind of software patch specific to my car to make this work.
I'm also not sure if this is the car's CAN bus, either, or if its some private data bus within the car.
1. Re:Are all busses unauthenticated? by Politburo · 2013-10-30 01:48 · Score: 1
  
  That is some Apple walled garden bullshit, nothing to do with automotive buses.
2. Re:Are all busses unauthenticated? by swb · 2013-10-30 06:25 · Score: 1
  
  No, it was related to the car's data bus. The same kit that includes an iPod connector (the "old" 30 pin) also includes a USB connector for using ordinary memory sticks, and that wouldn't work, either. It wasn't an Apple issue.
The Direct Access Argument by hyades1 · 2013-10-29 23:43 · Score: 1

I've noticed several comments revolving around the idea that direct access to the vehicle is needed, so there's no need for concern.
It seems to me that while this certainly influences the application of such technology, it doesn't mean all is cool. How long would it take to come up with a purpose-built device that would attach to the relevant access port the same way illegal bank card readers attach to ATM's?
For the sake of argument, let's say it would have WiFi or Bluetooth capability, feed off the car battery, and sit there doing nothing until activated in any of a number of ways. Right now some cars allow a very wide range of options and functions to be accessed through direct access and a laptop...engine performance, ABS, air bags and much more. I'm sure this list will grow steadily over time. It isn't difficult to think of many useful tasks that could be performed with remote access to one or more cars.
All it would take is one crooked mechanic at a dealership or service center to install a bunch of them, or to target a fleet of cars or an individual's car. As always, the weakest link in computer security is the one with a heartbeat.

--
I've calculated my velocity with such exquisite precision that I have no idea where I am.
1. Re:The Direct Access Argument by ebno-10db · 2013-10-30 00:46 · Score: 1
  
  How long would it take to come up with a purpose-built device that would attach to the relevant access port the same way illegal bank card readers attach to ATM's?
  
  Are you busy this Sunday? We could probably hack it out.
  
  For the sake of argument, let's say it would have WiFi or Bluetooth capability
  If the bus controlling safety critical functions has any wireless connectivity, it's a problem. The fix is easy though.
  
  All it would take is one crooked mechanic at a dealership or service center
  If this is the only way a mechanic can think of to sabotage a car, then he's a lousy mechanic.
2. Re:The Direct Access Argument by hyades1 · 2013-10-30 01:33 · Score: 1
  
  You're absolutely right about the mechanic having easier ways to sabotage a car. But I was thinking more of situations where anything that happened to the car (or fleet of cars) would happen at the hacker's convenience, maybe weeks or months later. I don't know of too many modifications a mechanic could make that would work on that basis. I'm no car expert, so my opinion on that is by no means unarguable.
  
  --
  I've calculated my velocity with such exquisite precision that I have no idea where I am.
3. Re:The Direct Access Argument by jklovanc · 2013-10-30 01:42 · Score: 1
  
  If anything happened the box would be found and traced back to the mechanic that put it in. What stops a mechanic from installing a remotely controled valve on the brake line? It still requires phisical hardare attached to the vehicle and is very different from remote access without physical access.
4. Re:The Direct Access Argument by Politburo · 2013-10-30 01:50 · Score: 1
  
  The 'relevant access port' is typically the OBDII which is under the steering wheel. So you're back to needing direct access to the vehicle.
5. Re:The Direct Access Argument by hyades1 · 2013-10-30 12:59 · Score: 1
  
  Thank you, Captain Obvious. I own a code reader. The point is that, having got access, the car could be left alone for months or years.
  
  --
  I've calculated my velocity with such exquisite precision that I have no idea where I am.
None of this is new by sirwired · 2013-10-29 23:44 · Score: 4, Insightful

Of course you can do all sorts of things exactly like this with the CAN bus; that is what it was designed for, that's what it's used for every day. Just about every make has software available (around for over a decade in many instances) to do every single one of those things; in most cases (except odometer rollbacks) they are replicas of the dealer tools to do the same thing. This includes speedometer adjustments (in place to account for wheel/tire diameter), diagnostic tests like cycling locks, ABS valves, various engine bits, etc.
Exactly what "research" was required to discover this? Is it "hacking" for me to purchase a piece of commercial software and use it's well-documented functions, most of which are also detailed in the service manual they sold me for $50?
Let me know when somebody has actually developed a Bluetooth-based attack vector and get back to me. (And plugging a Bluetooth transceiver into the OBD II port doesn't count) Until that point: snooze...
1. Re:None of this is new by freezin+fat+guy · 2013-10-29 23:59 · Score: 1
  
  But now you can manipulate it from Unity.
  Imagine being able to hack your car from your laptop, tablet and phone?
2. Re:None of this is new by ebno-10db · 2013-10-30 00:49 · Score: 1
  
  Imagine being able to hack your car from your laptop, tablet and phone?
  You've been able to do that for years. A CAN bus adapter is hardly rocket science. You can buy them off-the-shelf.
3. Re:None of this is new by Anonymous Coward · 2013-10-30 05:08 · Score: 0
  
  >Of course you can do all sorts of things exactly like this with the CAN bus; that is what it was designed for, that's what it's used for every day.
  Bingo. What's next, an article that the PCIe bus isn't secure either?
Don't see any 'tool' by Anonymous Coward · 2013-10-30 02:33 · Score: 1

And where exactly is this $25 tool? What is it even? The hardware obd adapter you can get from ebay/amazon/chinese site? Is it $25 for some software that sends CAN packages? Why are internet articles such shit these days?
not that surprising by swschrad · 2013-10-30 03:04 · Score: 1

the speedometer is supposed to be a fixed device (or nowadays, daemon) that converts the turns of the transmission shaft, with tables of which gear does what, to an approximation of linear speed.
two gotchas... output of the shaft sensor hardware, and table lookup. depending on how much processing is between A and Z, fertile ground.
your readout device may be pristine, but as we all know, GIGO.

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
good reason to keep that 1970s Chevy running? by Anonymous Coward · 2013-10-30 04:27 · Score: 0

or some other old car from 20th century?
Who cares if it is new? by Anonymous Coward · 2013-10-30 05:06 · Score: 0

My (expensive, factory) service manual did not have all the codes, and the Internet has found only a few.
But fuzz testing... ah, fuzz testing. It's great as long as you're not doing it on your own car!
I have a bluetooth ODBII interface permanently mounted in my car and have already fixed several of the auto maker's stupid programming mistakes with it.
And that's why by Anonymous Coward · 2013-10-30 16:57 · Score: 0

I have a car that has no computers and nearly no electronics in it. I live in a blissful state of simplicity and reliability. Everything simply works.
This is like firesheep by Lennie · 2013-10-30 23:03 · Score: 1

Nothing people didn't already know, but shows people how simple it is.
It has been known for years CAN bus needs authentication.

--
New things are always on the horizon