Slashdot Mirror
How To Take Control of a Car's Electronics, Cheap
mspohr writes with this excerpt from The Register: "Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road. The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems. 'A car is a mini network,' security researcher Alberto Garcia Illera told Forbes. 'And right now there's no security implemented.'"
So basically they can't do anything unless they have physical access to the car Even the best computer security generally won’t do much against a determined hacker when they have actual physical access to the device
“No security implemented” Most of us don’t keep our cars in an environment where strangers have unrestricted access to them. For some, that is a form of “Security”.
No security? BS. That would suggest that all one has to do is lift the skirt and look. That's not the case, however, since not all the data is easily sniffed. Seems this is just a product leak/blurb to build a brand, nothing else.
any electronics in it. Good luck hacking something that uses good, old, trusted technology from the '30s.
The hacker has to physically install a dongle in the port, or plug the hard ware somewhere under the hood of the car. Once that is done, it would be possible to control the cars electronics remotely.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
And how does this differ from the Bluetooth ODB-II connector I use to stream car data to my cell phone? That is wireless and also requires being plugged into the diagnostic port on the car.
I can pull all sorts of data from that. If I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.
This isn't hacking. It is a product demo for VW.
Learning HOW to think is more important than learning WHAT to think.
This issue surrounds physical access to the vehicle, at which point no amount of security is going to be able to protect it (it will only make it more difficult to do). Adding security would make it significantly more difficult for mechanics and enthusiasts to work with their vehicles. My vote is towards adding a notification light on the dash board for when a device is connected to the vehicle's computer (that cannot be turned off by the computer [e.g. controlled by an auxiliary system]), which would notify the user that something is not right (if they did not connect something).
Plenty of people have offered criticism. Hold on, let me check the current beta and see how much of it has been taken...
Oh, look, it's all been ignored. There's still a massive block of whitespace at the top of the page for no apparent reason. The comment box is still so narrow it looks like I've written several pages of text when in reality it's more like three sentences. They "fixed" the sidebar along the side of the screen, though, in that instead of being a giant empty space it's plastered with ads. So there's that, I guess. I'm not entirely sure why there's an ad for diamonds next to this comment I'm writing, but I guess they ran out of tech jobs that are nowhere near me to advertise. (Edit: Oh, and the captcha text field is too narrow to display any of the text you enter. Great.)
But, then again, they were very clear: Slashdot is now an IT B2B site, not a nerd news site. The new commenting system will help ensure that those of us still stuck in the past who for some reason thought Slashdot was about "news for nerds" will GTFO and go some place else, so the important IT exec types can chat amongst themselves in their new Web 3.0 version of Slashdot.
I'll miss the old Slashdot, but if we're honest, it's been dead for years.
Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975
You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?
Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.
Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.
You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.
i've worked on CAN protocols. the protocol itself seems like an obfuscated / cryptic 'standard'. unless a really bright person simplifies it, i doubt the standard script kiddy can hack it.
ps. please keep the original slashdot layout. the beta is crap -- it will be even after all the bugs are worked out.
CANbus has no security, you say? Well, duh. The PCIe bus has no security either. Nor does USB or any of the other hardwired buses. What's his point?
Considering the fact that nobody is ddosing or hacking slashdot, I would say things are actually quite civil.
"Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road... the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.
That's like saying I can get wireless access to your server, provided you let me have physical access first so I can plug in my wireless NIC.
Please, please, kill beta now. Delete every bit of this horrible interface.
What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.
Nevertheless, Dice is desperate to make money off of Slashdot, since it has not lived up to their financial expectations, a fact that they have revealed in a press release detailing their performance in 2013:
Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
Beta is not a cosmetic change. It is a new design that deliberately ruins the one thing that makes /. what it is today -- the commenting system. There is nothing wrong with Slashdot, from the users' perspective, that demands breaking its foundations. As others have commented, this is an attempt to monetize /. at any any cost, and its users be damned. Dice views its users, the ones who create the site, as a passive audience. As such, it is interchangeable with its intended B2B crowd. We, the current users of Slashdot, are an obstacle in Dice's way.
That is why they ignore the detailed feedback they have received in the months since they first revealed Beta. That is also why they now disregard our grievances. Their claims of hearing us are a deliberate snow job. It is only pretense, since at the same time they openly admit that Classic will be cancelled soon:
"Most importantly, we want you to know that Classic Slashdot isn't going away until we're confident that the new site is ready.
Don't hold your breath waiting for Dice to fix Beta. Their vision of Slashdot is a crippled shadow of the site as it is today. Don't let them pull the wool over your eyes. Dice doesn't need us, and it wants us out.
Slashdice delenda est!
Just imagine all the chemical and physics hacks you can do once gain access to a car's hardware!
Seems my comment is a reaction to the useless Slashdot-Beta.
So, you like beta?
because relatively few people go along with "I'm a racist. Do what I want.". Many people immediately consider doing the opposite, just because the person making that statement doesn't want it to happen.
Sleep your way to a whiter smile...date a dentist!
They already backed off on the beta. Pay attention, dude.
And a server machine is a mini-network, and right now there's no security implemented if you plug your exploit into the control bus... So what? That's it's purpose, and the LAST thing we want is for it to be locked down so you can ONLY attach in components and diagnosis systems from the manufacturer. This even goes equally for drive-by-wire solutions; if you get physical access even for a moment you can cut the brake lines or pour sugar in the gas tank. Or attach a GPS tracker if you're so inclíned.
I'm really not too worried about it, so long as any wireless connectivity is secured.
Old cars had zilch for security. Wanted to take off with it? On really old cars, just cut and twist a few wires, cross two more momentarily, and you're off. Not even a column lock to get in the way.
More recent cars? Hmm, prior to electronic keys (and keys with resistor values, i.e., GM ignition keys), slide-hammer the ignition and use a screwdriver to turn it, or if the column under the dash is acceptable, just pull and jumper a plug, and push a lever to unlock the column. You drive off in the car.
Now cars are more secure than ever. How are they stolen now? Easy: flatbed. It takes just moments, and no one second-guesses a wrecker driver on a public street or parking lot. Or, hacked, if the thief has time and the right tools to do it. It is more difficult than ever to steal and part out a car now, since components more and more often have to be "married" to the ECU/ECM and the key controller (sometimes part of the BCM, sometimes its own computer), and other components in order for them to work - but in order to marry the component (be it an ABS controller, head unit, nav unit, amp, etc.) the old component needs to be "divorced" from the original car.
What does this mean? Car thefts requires a whole lot more sophistication and funding, which leaves it to fewer and fewer players.
In any event, once you have physical access it is game over. Let's stick to locks since they have been keeping honest people honest for years, and security has gotten better than locks, even if the security is through obscurity or merely time.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
What happened to your adverbs? Beta works badly and is being improved too slowly.
And then type another line, followed by another paragraph code here:
This will prove to myself whether or not Beta, in all of it's innovative wonder, will finally allow Slashdot to recognise a return command.
That is all.
Shoes for Industry. Shoes for the Dead.
Not only did it not recognise my return char, it fucking CHANGED FONT after using a paragraph command. WHISKEY TANGO FOXTROT? This isn't beta software. This is mid Alpha, at best.
Shoes for Industry. Shoes for the Dead.
Wait, someone can control something by physically plugging something into a control port designed for that purpose?
It's a neat trick, but if the bad guy has physical access, it doesn't take a wireless dongle in the CAN port to mess shit up...
Caveat Emptor is not a business model.
You're assuming too much. Namely that "it works" and "is being improved."
Upward mobility is a slippery slope - the higher you climb the more you show your ass.
Am I the only one that thinks car manufacturers reactions to these "hacks" is just going to be heavy DRM on the bus, more nickel-and-diming for unlocking features, and more expensive parts because third parties are locked out because of the DMCA?
Right now in agriculture, everything is quite proprietary on the bus, but having it free and open would be a huge boon. There is no DRM at this time, but the protocols themselves are closely guarded secrets. In an ideal world, one companies' GPS receiver should work with another company's autosteer navigation system, and that should work with any company's tractor (yes steer by wire over the bus).
Of course the researchers likely aren't advocating for DRM by calling for security, but the layperson isn't going to make the distinction and I think auto companies are going to use this for fear-mongering to push expensive, proprietary solutions on us that we really don't need. Do I need my remote start kit to cost $2000 and have to come from the car company only. I mean cars are so insecure you can start a car by tapping into 4 wires under the dash with any old off-the-shelf remote start kit! Horrors!
Hackers hacked into home networks using off-the-shelf cheap ethernet cables, by plugging those into ethernet ports of home routers.
One wonders what they think about SourceForge --- it's not even mentioned in that financial report...
After Richard Clarke, fmr. national security advistor to bush jr. amd clinton, publicly brought up the concern that journalist Hastings was murdered, the trolls insisted that such control over a car wasn't possible. Well, here you go. If these guys can rig up a car, you bet your ass the feds can.
says Anonymous Coward
I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.
No, you can't send over CAN this way, at least not without risking messing up the core structure of your network. Most nodes in vehicle CAN send messages periodically. Each message type has a unique id, and sending two messages with the same id at the same time can result in collisions. But even if these don't collide, they will get overwritten right after by the next real message. If the inconsistencies are bad enough, the safety fuses will catch them and shut the system down. Any respected automotive OEM implements such mechanisms. I In CAN it's not possible to intercept messages and perform a MIM attack, unless you hack into a gateway like LIN or flexray to CAN.
I work with for the automobile industry and quite honestly, I'm sick of reading this type of articles where people gain physical access to the OBD or vehicle bus, including the respective network databases, and claim to have hacked a car. It is like saying that a house is insecure because you can break into it, turn on the stove, and cause a fire with it.
If you can hack the car from the outside, give me a call. But don't pretend to be a hacker by exploiting things that were never meant to be protected. We are encoding things that we care about and if the CAN is not encoded, is because we don't care about you fucking up the bus communication. On the contrary, we will most likely end up crashing your car and buying a new one.
Most cars have a high speed CAN, for all functions needing messages at a rate of about 10 or 20 ms like Abs, engine, etc. There is also a low speed CAN, which is used for things like heating, and low rate signals of about 100 and 200 ms. The advantage of low speed CAN is that it can be put into low power and use it to wake up devices, like a wake up on LAN. I Then there is the LIN bus. This is a low speed, single wire cheap bus. It is used for things like wipers. These are the basic three buses.
Cars like BMW and Mercedes have two or three high speed CAN, a MOST bus for entertainment, and a flexray for safety critical applications. Other manufacturers use TTP instead of flexray, but the safety and timing is in both cases the main reason for not using CAN throughout.
Cars are also slowly rolling out Ethernet, mostly due to the high speed and low cost.
All buses are connected to each other in one way or the other via dedicated gateways. These gateways are usually not pure network gateways, but standard ECUs used for vehicle functions, also serving as gateways.
Then there are internal buses. For example some controllers include multiple ECUs connected via SPI or similar. The engine ECU is almost always connected to the CAN bus because it requires a lot of information from other systems, such as speed, gas pedal input, etc. The actual firing of the sparks is very time critical, and this is after done via a dedicated TPU controller, integrated as a sub core in the engine ECU (take a look at the MPC555 documentation), connected to the main ECU via an internal bus.
The point is that no one gives a Shit if you Fuck up your car by plugging something to one of the vehicle buses. From the OEM perspective, the car must be non hackable from the outside, but once you are in, it's your problem.
" advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business."
What are they talking about there?
If they were counting on advertising, they don't understand people at all.
I've never seen any advertising while reading Slashdot.
That's by choice, to enable me to freely buy what I want, when I do want something.
Because I made a vow a few decades ago:
Push an ad in my face, and I will never, never, never buy your product.
If I didn't routinely block ads, I'd never be able to buy anything again.
Now, if I want something I search for it.
Why do this? Bitter regret. I fell for the promise that a better search tool would improve my life.
What they failed to say: search tools are used to find _me_ not to help _me_ find what _I_ want.
What part of "I search for it" not "it searches for me" don't they understand out there?
Fool me once, fool me -- never fool me again.
God SHUT UP ABOUT THE BETA! I'm really sick of every story being hijacked by these stupid comment threads.
Now see, I disagree. If someone means to do you enough harm, no amount of CAN port security will help. As some user mentioned above, it won't stop them from drilling a hole in your gas tank or cutting your brake lines. Me personally, I wouldn't worry too much about it. I might even install one in my own car just for my own personal use. Also, prepositional phrases do not factor in when determining plural/singular verbs. So your last sentence would actually be "Ruin the community of nerds that has grown coming on two [expletive deleted] decades."
ditto.
D.
And 90% of the objectors are AC's - you don't get a vote as AC, guys. Say it from your named account. Perhaps your paid for, ad free named account.
"If you're not paying for the product, you are the product."
I'll take care of the squealing, wretched, pinhead puppets of Gotham!