Slashdot Mirror

← Back to Stories (view on slashdot.org)

Car Hackers Mess With Speedometers, Odometers, Alarms and Locks

Posted by Soulskill on from the no-mr.-bond,-i-expect-you-to-die dept.

mask.of.sanity writes "Researchers have demonstrated how controller area networks in cars can make vehicles appear to drive slower than their actual speed, manipulate brakes, wind back odometers and set off all kinds of alarms and lights from random fuzzing (video). The network weaknesses stem from a lack of authentication which they say is absent to improve performance. The researchers have also built a $25 open-source fuzzing tool to help others enter the field."

5 of 159 comments (clear)

  1. Re:Surprising to me by Anonymous Coward · · Score: 2, Insightful

    It's not that its reprogrammable, it's that you can spoof the data going to it from the wheel sensors. Because they have everything on the same data bus (they use a modified version of CAN busses in aircraft) you can inject (by literally plugging into the bus) your own packets with new speed data.

  2. Re:Surprising to me by sjames · · Score: 4, Insightful

    Sadly, it may not require physical access. All the entertainment system and GPS nav are connected to the bus as well. It may be possible to get in through wifi or bluetooth and hack an entertainment device to proxy you in to the CAN bus. See this.

  3. Re:Hmmm... by GeoBain · · Score: 2, Insightful

    Permitted is quite different from required.

  4. Re:Hmmm... by Anonymous Coward · · Score: 2, Insightful

    The speedometer and the odometer are two different instruments. You can certainly make the speedometer show a higher speed without having the odometer show a higher distance. It's as easy as printing a narrower scale on the speedometer.

  5. None of this is new by sirwired · · Score: 4, Insightful

    Of course you can do all sorts of things exactly like this with the CAN bus; that is what it was designed for, that's what it's used for every day. Just about every make has software available (around for over a decade in many instances) to do every single one of those things; in most cases (except odometer rollbacks) they are replicas of the dealer tools to do the same thing. This includes speedometer adjustments (in place to account for wheel/tire diameter), diagnostic tests like cycling locks, ABS valves, various engine bits, etc.

    Exactly what "research" was required to discover this? Is it "hacking" for me to purchase a piece of commercial software and use it's well-documented functions, most of which are also detailed in the service manual they sold me for $50?

    Let me know when somebody has actually developed a Bluetooth-based attack vector and get back to me. (And plugging a Bluetooth transceiver into the OBD II port doesn't count) Until that point: snooze...