Slashdot Mirror

← Back to Stories (view on slashdot.org)

Least Secure Cars Revealed At Black Hat

Posted by Unknown on from the why-bother-cutting-the-brake-lines dept.

Lucas123 (935744) writes Research by two security experts presenting at Black Hat this week has labeled the 2014 Jeep Cherokee, the 2015 Cadillac Escalade and the 2014 Toyota Prius as among the vehicles most vulnerable to hacking because of security holes that can be accessed through a car's Bluetooth, telematics, or on-board phone applications. The most secure cars include the Dodge Viper, the Audi A8, and the Honda Accord, according to Researchers Charlie Miller and Chris Valasek. Millar and Valasek will reveal the full report on Wednesday, but spoke to Dark Reading today with some preliminary data. The two security experts didn't physically test the vehicles in question, but instead used information about the vehicles' automated capabilities and internal network. "We can't say for sure we can hack the Jeep and not the Audi," Valasek told Dark Reading. "But... the radio can always talk to the brakes" because both are on the same network. According to the "Connected Car Cybersecurity" report from ABI Research, there have been "quite a few proof of concepts" demonstrating interception of wireless signals of tire pressure monitoring systems, impairing anti-theft systems, and taking control of self-driving and remote control features through a vehicle's internal bus, known as controller area network (CAN).

140 comments

  1. so that's why the Prius' behave that way. by turkeydance · · Score: 4, Funny

    my apologies to the drivers. i thought it was them.

  2. It's my 2004 Focus by gelfling · · Score: 5, Funny

    Because if it starts at all it may very catch on fire.

    1. Re:It's my 2004 Focus by phorm · · Score: 1

      Sounds like good security to me. Car can't be stolen because it won't start. If it is started, it incinerates the car thieves...

  3. Bullshit. by mythosaz · · Score: 2, Insightful

    "But... the radio can always talk to the brakes" because both are on the same network.

    Bullshit.

    They might be on the same network, but that doesn't mean they can talk to each other.

    1. Re:Bullshit. by viperidaenz · · Score: 3, Informative

      They're on the same network, which is a broadcast network.
      Everything can talk to everything else.
      A CAN bus is not a switched network. Same goes with Flexray and all other automotive networks.

    2. Re:Bullshit. by Anonymous Coward · · Score: 2, Insightful

      Maybe they can't by design. But in a "radio" I worked on you could spoof CAN and we used that to test our software. Radio acted as if it were a few other devices. For their credit, brakes and the like were on a physically separate network, though.
      I have also never met any sort of security concerns regarding internal data processing and communication protocols. Most internal protocols and implementations I've seen trust the sender 100%.
      I once attended a meeting discussing navigation map data. They weren't the least concerned when the vendor told them their application(which runs as root, because...) would crash when given bad data, but it's okay because they check the self-reported SD serial number. Even if you don't care about your customer, opening up access to bluetooth, wifi, cellular networks, video recording and the like could cost you a few lawsuits.

    3. Re:Bullshit. by Charliemopps · · Score: 4, Informative

      "But... the radio can always talk to the brakes" because both are on the same network.

      Bullshit.

      They might be on the same network, but that doesn't mean they can talk to each other.

      Modern cars are required by law to operate on a CANN Buss which is very similar to old buss networks: http://en.wikipedia.org/wiki/B...
      All devices send and receive on the same wire. So every device can talk to every other device on the network, all the time.
      This works as long as all devices on the network are trusted devices... but then you add bluetooth and wifi? Now you have a network of implicitly trusted devices with a giant hole in it.

      If the radio integrates media controls into the steering wheel and has song titles next to your speedometer, you're screwed. That bluetooth device has full access to the entire network. Now if it treats the bluetooth device like an audio input, and the only wires going into the "bluetooth PCB" are 12vdc, ground, and left and right outputs, then you're probobly ok. But there's no way most consumers are going to know which it is.

      I personally dismantled the radio integration into my Fords CANN bus as soon as I got it. It was a nightmare. Parts of the dash didn't even work with the factory radio removed! I had to buy an after market CPU to plug into the buss to replicate some of the radios functions just so I could use a standard dinn mount head unit. All of this and the radio I got, that's not on the Buss, has more features. Why the hell is the head unit for my stereo controlling major functionality in my car?!!?!

      What's worse, in the newest cars as of next year... devices will be registered by mac address to the cars computer. As a result you'll need to log in with a $6k+ software package you can only buy from Ford, GM, etc... and register the mac addresses of new devices you install. You will not be able to remove or replace anything on your own at home anymore. In fact, I bet the dealer will be the only place you can get repairs done within 20yrs.

    4. Re:Bullshit. by Charliemopps · · Score: 0

      you type faster than me ;-)
      I just said the same thing. lol
      Also, CAN Buss is not new. It's been in Semis for a very long time.

    5. Re:Bullshit. by cheater512 · · Score: 1

      No seriously they can. They might not out of the box, but the capability is there and chances are if someone has their way with the radio for a few minutes it very much will start talking to the brakes.

      Your statement would be 100% correct in a ideal world. We are not in an ideal world.

    6. Re:Bullshit. by Anonymous Coward · · Score: 1

      CANN Buss which is very similar to old buss ...
      CANN bus as soon as I got it. It was a nightmare. Parts of the dash didn't even work with the factory radio removed! I had to buy an after market CPU to plug into the buss to replicate some of the radios functions just so I could use a standard dinn mount head unit. All of this and the radio I got, that's not on the Buss, has more features.

      What, were you playing Scrabble and got stuck with a bunch of extra 'N's and 'S's? It's CAN bus and DIN.

    7. Re:Bullshit. by TubeSteak · · Score: 4, Informative

      What's worse, in the newest cars as of next year... devices will be registered by mac address to the cars computer. As a result you'll need to log in with a $6k+ software package you can only buy from Ford, GM, etc... and register the mac addresses of new devices you install. You will not be able to remove or replace anything on your own at home anymore. In fact, I bet the dealer will be the only place you can get repairs done within 20yrs.

      Automakers agree to 'right to repair' deal
      http://www.autonews.com/article/20140125/RETAIL05/301279936/automakers-agree-to-right-to-repair-deal
      January 25, 2014

      Last week, two trade groups representing automakers -- the Alliance of Automobile Manufacturers and the Association of Global Automakers -- announced an agreement with independent garages and retailers to make Massachusetts' law a national standard.

      [...]

      Under the deal, all auto companies would make their diagnostic codes and repair data available in a common format by the 2018 model year, as the Massachusetts law requires. In return, lobbying groups for repair shops and parts retailers would refrain from pursuing state-by-state legislation.

      You couldn't be more wrong.

      --
      [Fuck Beta]
      o0t!
    8. Re:Bullshit. by disposable60 · · Score: 1, Flamebait

      That just means they're required to sell it to you. No limit on what they're allowed to charge, though.

      --
      You're looking for quotes? See my journal.
    9. Re:Bullshit. by tapspace · · Score: 1

      In addition, I would challenge Charlie's and Chris's assessment of this. I didn't dig into it myself, but I would guess that a stateless gateway allows the radio to talk to the brakes in most autos, not just the few identified.

    10. Re:Bullshit. by Rich0 · · Score: 4, Interesting

      Yup. Are the brakes actually controllable via CAN though? If the pedal just operates a transducer which relays instructions via CAN, that seems a bit risky to me. I wouldn't want even a single PHYSICAL linkage as a point of failure for the brakes, let alone an electronic one.

      Granted, even if they have a cable backup, having a trojan apply full brakes without warning at highway speed would not be a fun experience (especially if it could disable ABS - which might or might not be possible but since ABS has self-diagnostics that need to report back to the dash it seems plausible that it could be tampered with). A cable backup would only prevent software from disabling your brakes - not prevent it from applying brakes.

      Really, something like a radio should not be on the same network as safety-critical devices. Heck, do you really want to even do the necessary rigor to ensure that a faulty radio design doesn't cause a safety issue? Nothing should be plugged into a safety-critical bus without serious testing and design controls.

    11. Re:Bullshit. by JoeMerchant · · Score: 2

      They've been playing at this since the 1970s. Scan code systems that sell for $50K. "Open" protocols that you have to be a member of the society to get a copy of, membership fee: $25K plus a reason they deem as valid to join. This was last century.

      Just be glad that the OBD-III proposals with RFID communication requirements never got passed (or did they?) - with that, the same type of toll readers that are more and more common could as easily query your OBD port and read everything about your present vehicle condition - effectively making possible a "go directly to your mechanic and pay to fix your vehicle or get your license revoked" checkpoint anywhere desired, including across a 6 lane interstate where traffic moves at 80mph - yes, the protocol can query all the vehicles on the road simultaneously as they drive through a checkpoint.

    12. Re:Bullshit. by bonehead · · Score: 2

      you type faster than me ;-)
      I just said the same thing. lol
      Also, CAN Buss is not new. It's been in Semis for a very long time.

      Also, the people who write the software for this type of platform are, at least traditionally, much more concerned about available RAM than they are about security. In this arena, the old-school folks have always worked in an environment where isolation from the outside world was pretty much a given.

      As such, even the fairly ineffective security measures that are in place on the Internet haven't even been considered for use in these types of systems. Attaching wireless capabilities to them was very foolish.

      All thing's considered, this all just goes to reinforce my dream of owning a mint condition 1965 Plymouth Barracuda.

    13. Re:Bullshit. by bonehead · · Score: 1

      CANN Buss which is very similar to old buss ...
      CANN bus as soon as I got it. It was a nightmare. Parts of the dash didn't even work with the factory radio removed! I had to buy an after market CPU to plug into the buss to replicate some of the radios functions just so I could use a standard dinn mount head unit. All of this and the radio I got, that's not on the Buss, has more features.

      What, were you playing Scrabble and got stuck with a bunch of extra 'N's and 'S's? It's CAN bus and DIN.

      You must be very insecure and unhappy in your real life.

      It's the only reason I can think of that you'd try to put down a very factually correct post based on a few irrelevant typos.....

    14. Re:Bullshit. by bonehead · · Score: 1

      Under the deal, all auto companies would make their diagnostic codes and repair data available in a common format by the 2018 model year

      If I offer something for sale for the low, low price of $10,000,000, I have complied with the requirement to make it "available". Ain't my problem if you can't afford it.

      Meaningful legislation would specify "make available at no cost", or at least set a cap on what they're allowed to charge.

      Like the vast majority of legislation these days, this sounds good on the surface, but has too many holes in it to do anyone any good.

    15. Re:Bullshit. by bonehead · · Score: 4, Insightful

      Yup. Are the brakes actually controllable via CAN though?

      Old school brakes, like you'd find in a mid-70's muscle car? Nope.

      Modern anti-lock brakes, that depend on computer control? You bet your ass they can be fucked with through the onboard computer.

      I'm an old-school geek. I've been fascinated and excited by technology for over 40 years now. But in the last half decade, I've been noticing that we're growing way, WAY too fast. We're implementing things and putting them out in the real world as soon as we "can do it". We're not waiting until "we can do it safely".

      It's consumer culture gone wild.

    16. Re:Bullshit. by viperidaenz · · Score: 1

      Yup, Honda Accord's (not sure about current model, but definitely 2003 -> 2007, probably most Honda's actually...) use the gauge cluster as the gateway between the two can networks
      Not sure if every message is relayed or just a set of specific ones, it's copying between a 500kbit bus to a 33.6kbit bus...

    17. Re:Bullshit. by gl4ss · · Score: 1

      yeah so I can take over all wifi and bluetooth devices in vicinity?

      what I mean is that the research is just bullshit done by googling around. it's bullshit and should never have gotten greenlit to be presented without actual trials!

      --
      world was created 5 seconds before this post as it is.
    18. Re:Bullshit. by viperidaenz · · Score: 5, Informative

      Everything was fine until OnStar...
      With OTA updates and the rest of the systems in the car using the CAN bus for diagnostic messages and reprogramming, you've got problems.

      I haven't RTFA but I would assume the Honda Accord isn't as 'hackable' is because they use a separate K-Line bus for diagnostics instead of doing it over the CAN bus. Other than that, every single system in the Accord is connected in some way. The audio bus connects the radio to the aircon unit., The aircon unit is also connected to the body CAN bus (you'd need to reprogram it to make a bridge though). The gauge cluster connects to both the body CAN and the powertrain CAN bus. The ECU, ABS, Traction Control, Air bags, etc are all on the powertrain bus.

      If you took control of the powertrain bus, you could speed the car off down the street (thanks drive-by-wire), lock up the wheels on one side of the car and spin it sideways into a wall (traction control), while setting off the side airbags on the wrong side of the car to increase the impact the occupants receive (not sure if the airbags can be triggered from the CAN though, I doubt it. Can probably disable them though)...

    19. Re:Bullshit. by Anonymous Coward · · Score: 0

      Oh, but it's true! Let's take for example the 2006 TrailBlazer.

      The Liftgate/Endgate Module (controls the back hatch functions, also contains the receiver for the key fob), OnStar module, overhead DVD player, Driver Door Module, Passenger Door Module, Powertrain Control Module, Body Control Module, Radio, XM Radio Module, Bose Amplifier, Driver Memory Seat Module, SIR Module, HVAC Control Module, Auxiliary HVAC (the controls for the back) module, Transfer Case Shift Control Module, Electronic Brake Control Module, Instrument Panel Cluster, and Theft Deterrent Control Module are all linked along a common "Class 2 Serial Bus." The Transmission Control Module is the only thing not directly linked, instead having two links from it to the PCM, and a couple wires running to the OBDII port also.

      Being a GMT360/370/305 platform enthusiast, I see plenty of stuff crop up on a forum regarding failures of the data bus in various ways. A common one is that the wire leading to the LGM either gets shorted to another wire or to ground in the flexible hosing that goes between the liftgate and the vehicle itself, which causes messed-up communication. The LGM itself crapping out also starts spurting garbage data onto the network. Suddenly, your driver door buttons don't work and they don't even light up when the lights are turned on. Because these functions require a proper data bus.

      Another incident that recently happened was a person who had the DVD player had an issue, I can't remember if it was the wire or the player itself. In short, when they tried starting the vehicle the Driver Info Center would display "UNKNOWN DRIVER," because the DVD player was clogging up the network and the BCM, TDCM and PCM couldn't communicate with each other and decide that the right key was indeed in the ignition.

      The radio, satellite radio, and OnStar modules are obvious entry points, if they can be cracked and are configured in such a way that information received wirelessly can be put through the bus. OnStar I know can access the bus wirelessly, that's how the OnStar service can offer the automatic call when you wreck (the SIR reports to the OnStar module to make the call), and how they can read off MIL codes to you (they send a signal via the OnStar module to get codes from the PCM, PCM responds, OnStar module transmits information back to the company). I believe in 2009 OnStar modules were equipped in these vehicles with BlueTooth functionality for connecting your phone to the hands-free phone system, which may provide another attack vector.

      All this without even having to get in the vehicle. Crawling under and accessing the PCM's wire harness for the correct wire, or the EBCM since it's strapped under the vehicle, can allow a physical access point assuming it's just sitting there. The proper message sent in through this will allow you to unlock the door. If the vehicle is sitting there on and just locked or something, you could do all kinds of stuff. There really is no authentication of the device, it's just "Hey BCM, roll down the rear right window," instead of "Hey BCM, this is the Driver Door Module speaking, here's my serial code 12345, roll this down." That's why Snap-On and other high-end tools can also command many vehicle functions to do arbitrary things like move the throttle plate to a specific spot, instead of just the official GM Tech II scanner tool. "Yo PCM, advance the variable valve timing." It will do so, no questions asked.

      Think about it.

    20. Re:Bullshit. by bonehead · · Score: 5, Interesting

      Everything was fine until OnStar...

      Well, yeah, now that I think about it, I'd have to agree....

      There's absolutely nothing wrong with these systems in your vehicle being able to communicate with each other. I think most of us can agree that there are many benefits to it.

      The problems only arise when the systems gain the ability to communicate to systems outside of your car. And especially when they can do it without your consent, or even knowledge. And OnStar was the first and most obvious example of that ability.

      The first time I ever really noticed OnStar was back when it first came out. A buddy of mine was driving, and we made a stop and he locked his keys in. This was "back in the day" so I immediately started trying to figure out where I could get my hands on a wire coat hanger. He pulled a card out of his wallet, called an 800 number, and a few seconds later all 4 doors unlocked. My initial reaction was "Damn! That's fuckin' cool!"

      About 10 seconds later I thought "Damn! That's fuckin' creepy!"

      And now it's not just OnStar that can do that. Now cars have bluetooth and WiFi, so if it's not secure (and they don't build them with security in mind"), any smart guy with a cell phone and access to Google can do similarly creepy things....

      SIDE NOTE: There's an alley at work where we all go to smoke (yes, I'm a smoker, get over it). On the other side of the alley is another company's parking lot. There are two nearly identical GM SUV's that park in that lot. One has a broken off OnStar antenna, the other has an intact OnStar antenna. All of us refer to the two vehicles as "the smart one" and "the dumb one".

    21. Re:Bullshit. by philip.paradis · · Score: 1

      yeah so I can take over all wifi and bluetooth devices in vicinity?

      Given a reasonable toolbox, that's arguably a reasonable proposition these days, at least for many devices in your immediate vicinity. Yes, things really are that bad.

      --
      Write failed: Broken pipe
    22. Re:Bullshit. by Anonymous Coward · · Score: 0

      All thing's considered, this all just goes to reinforce my dream of owning a mint condition 1965 Plymouth Barracuda.

      Get it while they exist. Soon there won't be one and there will be no parts for one.

    23. Re:Bullshit. by Anonymous Coward · · Score: 0

      You must be very insecure and unhappy in your real life.

      It's the only reason I can think of that you'd try to put down a very factually correct post based on a few irrelevant typos.....

      I don't see any put down, and they are not typos, if all the same words in the message are typed incorrectly.

    24. Re:Bullshit. by advocate_one · · Score: 2

      one of these days, there'll be an antenna which you won't know about, the visible one being a dummy... easiest way to hide the antenna would be to put it behind a plastic body panel.

      --
      Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
    25. Re:Bullshit. by bonehead · · Score: 1

      That's why I said earlier in this thread that I have reinforced my belief that my next car will be a late 60's or early 70's muscle car.

      Might not be as "green" as some would like. But it was built without any spy tech, and I could spot any suspicious crap that has been added on after the fact.

      Not like today's models, which are basically just computers on wheels. Take out the factory radio to install a superior aftermarket model, and suddenly your heater doesn't work.

      You can't tell me there's not a 3 letter agency behind that sort of retarded engineering.

    26. Re:Bullshit. by MrKaos · · Score: 4, Funny

      you type faster than me ;-)
      I just said the same thing. lol
      Also, CAN Buss is not new. It's been in Semis for a very long time.

      I think the real question is: How much Buss would a CAN Buss Bus if a CAN Bus can CAN Can?

      --
      My ism, it's full of beliefs.
    27. Re:Bullshit. by Anonymous Coward · · Score: 0

      Oh, you don't want to *disable* ABS, you want to include the ABS system in your attack. The ABS system can control brakes individually... If you think locking up all wheels is scary, imagine locking up only the wheels on one side of the car.

    28. Re:Bullshit. by Anonymous Coward · · Score: 0

      Then China will make a cheap copy and people will use that... Done.

    29. Re:Bullshit. by Antique+Geekmeister · · Score: 1

      "Welcome to Bittorrent".

      If the specifications are available online to one dealer, within short order they will be available illicitly worldwide.

    30. Re:Bullshit. by drinkypoo · · Score: 1

      Modern cars are required by law to operate on a CANN Buss which is very similar to old buss networks

      Modern cars are required by law to pass certain crash tests, get enough mileage to get the automaker's averages up to a certain point, put out emissions below a certain point, have the headlights and taillights in a certain position, come with seatbelts, airbags, ABS and AYC, and speak one of four documented OBD-II protocols on their DLC. They're not required to use a CAN bus. In practice, they do, because CAN is the only OBD-II protocol which can be used for both a bus and a diagnostic link. However, there are pre-OBD-II cars which use CAN between engine and trans and have a separate diagnostic bus, and there are post-OBD-II cars which don't use CAN at all.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    31. Re:Bullshit. by drinkypoo · · Score: 1

      That's why I said earlier in this thread that I have reinforced my belief that my next car will be a late 60's or early 70's muscle car.

      Might not be as "green" as some would like.

      My 1960 Dodge Dart (2dr/Phoenix) got over 20 mpg on the freeway, not too shabby. That was with a 240 hp 5.2 liter V8. If you added a high-flow cat to it, it probably would run relatively clean as well, in spite of being carbureted. That car always ran like a peach.

      How about something in the middle, like a W126 300SD? Those get 30 mpg on the freeway in spite of the lack of a lockup torque converter.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    32. Re:Bullshit. by Anonymous Coward · · Score: 0

      If i had the points I'd give them to you!

    33. Re:Bullshit. by F.Ultra · · Score: 1

      All thing's considered, this all just goes to reinforce my dream of owning a mint condition 1965 Plymouth Barracuda.

      And chasing down the tall man!

    34. Re:Bullshit. by danbert8 · · Score: 1

      I unplugged the On-Star module underneath the glove compartment in my G6. Then the cruise control stopped working. Taking it into the dealership, of course their solution is to plug On-Star back in, and then the cruise magically started working again. Tell me that GM isn't going to sabotage the cars of people who choose to disable On-Star... So I got a Ford instead. Not that My Ford Touch is any great technology either.

      --
      Yes it's an anecdote! Were you expecting original research in a Slashdot comment?
    35. Re:Bullshit. by AmiMoJo · · Score: 2

      You have to weigh up the merits of each system.

      Old style mechanical only brakes:
      - Immune to thus far theoretical remote hacks

      New style computer assisted brakes:
      - Safer (ABS, distributed braking force, 4 wheel steering etc)
      - Warns you of failures before you find out by crashing

      Since modern cars don't seem to be suffering from an epidemic of brake failures I don't think we can say that they are any less reliable than the old mechanical linkage. Thus your choice is between greater safety or protection from theoretical attacks that might not even be able to affect your vehicle. Not that FTA mentions they didn't actually do any of these hacks, they just did a survey and listed the most likely cars to be vulnerable without checking them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    36. Re:Bullshit. by JoeMerchant · · Score: 2

      The manufacturers think they can do it safely. They even have multinational conferences where they get together and the 2 guys from every company who would rather travel than work sit around and agree with each other that they have put in enough safety checks to protect their customers.

      The problem is, most people can't mentally scale risk up to millions of copies. The basic engineer's metric is: "I tried it on my test rig as many ways as I can think of and nothing ever failed." Put this guy in a "world class" test facility with all the best toys money can buy and he'll write you all kinds of analyses "proving" that their accelerated degradation models guarantee a trillion hour MTBF. Problem is: when you put a million imperfect copies of a thing into the real world, with a million different people operating them in thousands of different use cases in hundreds of different environments, the "world class" test facility becomes a myopic little ivory tower by comparison.

      One of the answers is "post market surveillance" - but that's expensive, politically unpopular, and logistically difficult to implement, though it is getting cheaper and easier, I don't think it's getting any more politically acceptable. Personally, I feel that the commercial arm of the corporations have corrupted the good in onboard diagnostics, putting up a little "feed my mechanics' and dealers' families" light on your dashboard that comes on for every little problem, but still managing to let you get stranded by the side of the road with little to no warning Why would I ever trust such a system to "phone home" with data about my driving habits?

    37. Re:Bullshit. by sjbe · · Score: 1

      My 1960 Dodge Dart (2dr/Phoenix) got over 20 mpg on the freeway, not too shabby. That was with a 240 hp 5.2 liter V8. If you added a high-flow cat to it, it probably would run relatively clean as well, in spite of being carbureted.

      I think it is unlikely it would be particularly clean. A car that old would lack an evaporative emission control system which accounts for a fairly high percentage of emissions. It lacks sensors to detect and correct for emissions. It also is carbureted which is demonstrably less clean than fuel injection. Even with a modern catalytic converter, while it might run pretty well, I would find it very surprising if it was terribly clean on the emissions.

    38. Re:Bullshit. by Anonymous Coward · · Score: 0

      GM cars were prone to be stolen even without OnStar. It was so bad that my mechanic couldn't keep one on premises and outside his garage without having one stolen.

    39. Re:Bullshit. by Anonymous Coward · · Score: 0

      Yes, but the brakes don't have to listen. If the brakes don't need the messages from the radio, then they aren't going to be reading the messages from the radio. And even if they do need the messages from the radio, they need them for radio related things. You can't exactly send a brake request from the radio. It would be completely ignored, or rather, the brakes aren't programmed to understand it.

    40. Re:Bullshit. by Indes · · Score: 2

      Considering I wrote the CAN interface for an OEM; Yes, Anything can talk to anything else... BUT...
          That's why there's an interface which will only allow you to send data you're meant to send.

        They also point out two vehicles with the SAME available lineup of head units and identical CAN architecture, then claim they're both the most and least secure vehicles.

        Will one of my interfaces ever talk to a brake module? No, Not without a nasty firmware hack. So no, your radio won't be talking to your brakes, or engine. Sorry.

    41. Re:Bullshit. by atomicdoggy · · Score: 1

      Who the hell put a cat on a 1960 model car in the first place (it wasn't there form the factory).

    42. Re:Bullshit. by viperidaenz · · Score: 1

      and the unburnt fuel in the exhaust when the carb runs rich would clog up the catalytic converter.

    43. Re:Bullshit. by Rich0 · · Score: 1

      None of those computer-assisted brake technologies require:
      1. That the brake pedal input be transmitted over a single electronic cable (or even a single physical cable for that matter).
      2. That the computers applying ABS communicate in any way with anything else in the car, other than perhaps turning on a warning light if there is a failure.
      3. That the failure warnings that appear on the dashboard be communicated using anything more than a single output line.

      I'm not against automation of safety systems. I just think that the design has to be robust when you're talking about a situation where a failure can result in fatalities. Even a single physical brake cable is an undesirable point of failure - usually the emergency brake will be completely independent for this reason.

      There is definitely no need for brakes to talk to something like a radio.

  4. Dupe post by Anonymous Coward · · Score: 0

    Duplicate of http://tech.slashdot.org/story/14/08/02/1843200/the-worlds-most-hackable-cars

    1. Re:Dupe post by viperidaenz · · Score: 1

      That was an article saying they will share their findings at Black Hat
      This is one about their findings they shared at Black Hat

  5. You're in a maze of twisty articles, all alike... by SlaveToTheGrind · · Score: 2, Insightful

    We've been here before. Two days ago.

  6. so... by thieh · · Score: 1

    Are we to stop driving and start using the bicycle?

    1. Re:so... by viperidaenz · · Score: 1

      Or scrap your Toyota's, Cadillac's and Jeep's and buy Audi's, Honda's and Dodge's

    2. Re:so... by Anonymous Coward · · Score: 1

      or you could simply not react out of panic like a pathetic sheep, recalls, patches, and sheer unlikeliness of some of these exploits.. does that help you or do we need a media article to frighten you about something else instead

    3. Re:so... by R3d+M3rcury · · Score: 1

      Yes.

    4. Re:so... by Ol+Olsoc · · Score: 1

      Yes.

      Teenagers........are.......walking.......on.........our........lawns!!!

      that, and athiests are waging a war on Christmas.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    5. Re:so... by Anonymous Coward · · Score: 0

      Because that's the only other choice? Wow dude

    6. Re:so... by Anonymous Coward · · Score: 0

      that, and athiests are waging a war on Christmas.

      and we're winning!

    7. Re:so... by pslytely+psycho · · Score: 2

      "Teenagers........are.......walking.......on.........our........lawns!!!"

      Quickest way to be rid of them...

      Roll out the lawnmower, hedge trimmers, edgers, fertilizer and watch them set new world records as they leave posthaste!!!

      --
      Donald Trump, on a crusade to make Nixon look respectable
    8. Re:so... by Ol+Olsoc · · Score: 1

      "Teenagers........are.......walking.......on.........our........lawns!!!" Quickest way to be rid of them... Roll out the lawnmower, hedge trimmers, edgers, fertilizer and watch them set new world records as they leave posthaste!!!

      Ah, hit them at their weakest point.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  7. They did not hack it by manu0601 · · Score: 5, Interesting

    They did not hack anything, this is just speculation based on documentation. BlackHat used to offer more serious stuff.

    1. Re:They did not hack it by viperidaenz · · Score: 1

      Good point.

      I have a Honda Accord with satnav. The satnav can always talk to the brakes, they're on the same CAN bus.
      The radio can talk to the satnav through a separate bus, which also talks to the aircon.
      The aircon talks to the body CAN network.

      Even without satnav, the radio can talk to the aircon and the aircon can talk to the body CAN.

      Infact... everything can talk to everything, because the gauge cluster acts as a bridge between the two CAN networks.

    2. Re:They did not hack it by Minupla · · Score: 2

      Here's the difference - we have firewalls on the Internet.

      What they're saying is that the Bluetooth is sitting on the same network as your anti-lock brakes and there is no firewall.

      Not sure about you, but where I work, if I didn't put a firewall between the internet, and my web servers and at least one more between my web servers and the database, I'd be looking for a new job. These guys hooked it up to the "internet" (bluetooth) and decided they didn't need any additional security between there and the "database" (your brakes).

      Security is all about layers, and they've said that Bluetooth is all the security your health and safety critical systems needs. Not sure about you, but that doesn't leave me with a warm and fuzzy feeling.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    3. Re:They did not hack it by manu0601 · · Score: 1

      Here's the difference - we have firewalls on the Internet.

      Which explains why web site are never hacked, and why it happens everyday in cars.

      Oh, wait....

  8. Re:You're in a maze of twisty articles, all alike. by J.R.C.L. · · Score: 1

    that's right. http://bit.ly/1qOrXX0

  9. pure speculation by J.R.C.L. · · Score: 1

    pure speculation, http://bit.ly/1qOrXX0

  10. High speed car chase on "Cops" by Latent+Heat · · Score: 0, Offtopic
    Didn't they have these episodes of "Cops" where the patrol officer would pull a car over for a "minor traffic infraction", run the plates, find out the vehicle was stolen, and a high speed chase would ensue?

    No offense to your 2004 Focus, but it has been years since I watched the program, but the stolen car was always a Saturn?

    I know that auto theft is a felony and the police are there to protect and serve, and this car was some poor dude's ride before it got boosted. But the cops engage in a high-speed chase to recover . . . a Saturn? Which ends up wrapped around a light pole in most of the "episodes"? "Sir, we recovered your car . . ."

    So is it really worth the danger to the public to give chase to a criminal who has boosted a 10-year old Saturn?

    1. Re:High speed car chase on "Cops" by Pentium100 · · Score: 1

      Well, the criminal then gets to pay for the damage he caused to the car.

      If something was stolen from me I would damn sure want to (preferably) get it back or at least get loss compensated. It does not matter that that something is not worth tens of thousands of dollars - it's still my money and my item.

      Now, whether it is worth to the public - yes, most likely. While I would probably be OK with the government buying me an identical car after the cops refuse to recover the stolen one, the number of car thefts would increase. After all, if you steal a car that's cheap enough, the police won't chase you, so you get a free car.

    2. Re:High speed car chase on "Cops" by Arker · · Score: 2

      Simply letting him get away would be horrible, because of the prevention aspect. If that were standard practice on the part of the cops, then the rate of car theft would certainly go way up.

      But there is another possibility besides letting him go and flying off in a risky high speed chase. There's this old-school police technique called a 'tail' where you follow at a distance and let the target think he's getting away (while of course using your radio to get ahead of him.) Much less chance of injury or death that way. Too old-school for US cops these days, but in some backwards jurisdictions it might still be used.

      --
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-
      Friends don't let friends enable ecmascript.
    3. Re:High speed car chase on "Cops" by fustakrakich · · Score: 1

      Yep, there's not too many cars that can outrun a Motorola...

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:High speed car chase on "Cops" by Anonymous Coward · · Score: 0

      in most cases, stolen cars are branded "salvage". If you get it back intact, it will be worth significantly less.

      In other words, oddly enough, lazy cops are doing you a favour if they fail to recover the car and you have insurance. :)

    5. Re:High speed car chase on "Cops" by rogoshen1 · · Score: 2

      considering most car thefts are committed by a very small number of people, anytime one of those little buggers gets tossed in the clink, we're all better off.

    6. Re:High speed car chase on "Cops" by mjwx · · Score: 2

      Well, the criminal then gets to pay for the damage he caused to the car.

      Awww, it's so cute you think rich people are stealing old Astra's.

      If something was stolen from me I would damn sure want to (preferably) get it back or at least get loss compensated.

      This is what we call "Insurance".

      In Australia people are taking to stealing keys as immobilisers have become so common and effective it's easier to break into a house and flog the keys before taking the car. I dont really care that much if they do this and steal my 14 yr old Nissan... It's insured for $13,500. Sure it would be a shame as it's a mint condition Silvia S15 but in the end it's a car I have properly insured.*

      If you dont have your car insured, that's your problem. As for getting it back, well considering the kind of people who steal cars I'm not sure I'd want that either (the first thing Police do on recovered cars is a sharps check, a check for used needles. Insurers will do the same to make sure the cops didn't miss any).

      * I drive a manual, these days that's enough to stop most thieves in their tracks.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    7. Re:High speed car chase on "Cops" by Anonymous Coward · · Score: 0

      How does a manual (gearbox I presume) stop thieves?

    8. Re:High speed car chase on "Cops" by pslytely+psycho · · Score: 1

      Thieves, like the majority of the motoring public, generally have limited, if any experience driving a standard transmission. The stick has become the Linux of transmissions.

      According to the article, and that number seems about right, only about 10% of cars are sold with a stick.

      I needed to transport my 1997 Camaro across town after an emergency surgery that coincided with a move. I had a hell of a time finding someone who could both drive a stick and was willing to drive the car. Most who sit in it are freaked out that your front vision ends at the windshield and you simply cannot see the hood at all. That seems to make most people a bit squeamish about driving it.
      On the plus side, no one EVER asks to borrow my car,

      --
      Donald Trump, on a crusade to make Nixon look respectable
    9. Re:High speed car chase on "Cops" by jawtheshark · · Score: 2

      Only in the Northern America and apparently Australia. In Europe, you can bet that everyone can drive sticks. Technically, you can do your driving license on a automatic, but it usually reserved for the physically disabled and you only are allowed to drive automatics with such a license.

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    10. Re:High speed car chase on "Cops" by F.Ultra · · Score: 1

      In my country high speed chases in cities or highly populated areas are prohibited due to the high risk of collateral damage. It's far better to let the car thieves get away than to kill some innocent bystanders.

    11. Re:High speed car chase on "Cops" by FireFury03 · · Score: 1

      considering most car thefts are committed by a very small number of people, anytime one of those little buggers gets tossed in the clink, we're all better off.

      Well, better off until you realise how much its costing you to toss them in the clink, of course...

      --
      http://blog.nexusuk.org
    12. Re:High speed car chase on "Cops" by smooth+wombat · · Score: 1

      Well, better off until you realise how much its costing you to toss them in the clink, of course...

      Then just shoot them. I'll be glad to pay for the cost of the bullet. It's a win-win for everyone. Another criminal off the street and the taxpayer doesn't have to pay to coddle them by keeping them in jail.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    13. Re:High speed car chase on "Cops" by FireFury03 · · Score: 1

      Well, better off until you realise how much its costing you to toss them in the clink, of course...

      Then just shoot them. I'll be glad to pay for the cost of the bullet. It's a win-win for everyone. Another criminal off the street and the taxpayer doesn't have to pay to coddle them by keeping them in jail.

      Yeah, removing due process could never result in abuses or miscarriages of justice so it's a pretty good idea.

      --
      http://blog.nexusuk.org
    14. Re:High speed car chase on "Cops" by Anonymous Coward · · Score: 0

      I had similar issues getting someone to drive my AWD turbo 4 with a manual trans when my foot was broken.

      Something about a 2.0 liter engine making over 500 horsepower at the wheels that scares people. The throttle is not linear with that much power.... You gotta give it something like 80% throttle from a stop because the turbo isn't spinning. But if you don't lift up and go back to around 20% throttle once the turbo gets going the car will start essentially pulling forward even though you are still holding the gas pedal steady.

      Since its 4 wheel drive the slack in the drivetrain is harsh if you mess up the clutch release. That and basically the engine size is always changing making the throttle scary for those who never have driven such a high horsepower 4 cylinder.

      "It's the car that drives itself" I had a friend tell me.

    15. Re:High speed car chase on "Cops" by Hodr · · Score: 0

      Ahh the old Europe is superior to US because they drive stick argument. I love it when people become overly proud of a talent that pretty much anyone can learn in a few hours at a Walmart parking lot.

      Your healthcare may be superior, but driving a stick is a personal preference and is about as boast-worthy as being able to operate the fryer at a burger joint.

    16. Re:High speed car chase on "Cops" by smooth+wombat · · Score: 1

      Who said anything about removing due process? If the folks who stole the car are duly convicted by the evidence, then we can shoot them.

      They obviously don't care about abiding by the basic rules of society so why should the taxpayers have to pay to keep them around?

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    17. Re:High speed car chase on "Cops" by jawtheshark · · Score: 2

      I didn't say we're superior. I said "in Europe every one can drive stick". That is fact, not superiority or anything. You interpret it that way. That says more about you than about me.

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    18. Re:High speed car chase on "Cops" by Anonymous Coward · · Score: 0

      Yes, the high level (and it is high, the cost is enormous, several times the cost of putting them in jail) of care taken for capital punishment cases has completely eliminated all mistakes from the system:

      http://en.wikipedia.org/wiki/Wrongful_execution#United_States

      Oh wait, it didn't. Last mistake was in 2004, decades after the incredibly high standard being used was introduced.

    19. Re:High speed car chase on "Cops" by Anonymous Coward · · Score: 0

      >If you dont have your car insured, that's your problem.

      So, if someone steals your stuff, they can just call "no insurance" and it's okay?

      Is that like calling "no touchbacks" in schoolyard tag or something?

    20. Re:High speed car chase on "Cops" by robkeeney · · Score: 1

      Doesn't it actually mean that they're just too poor to afford automatics?

    21. Re:High speed car chase on "Cops" by amicusNYCL · · Score: 1

      They obviously don't care about abiding by the basic rules of society so why should the taxpayers have to pay to keep them around?

      Yeah, capital punishment for car theft, that's a fantastic idea. How about drunk drivers, they don't care about following society's rules either, right? Might as well kill them for a first offense. Take care of that problem. Jaywalkers should probably be shot and killed also. And if someone lets their grass grow too long and violates a city ordinance, well, might as well take them out too. The same goes for anyone convicted of a speeding offense, if they can't follow the rules then we should just go ahead and kill them.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    22. Re:High speed car chase on "Cops" by pslytely+psycho · · Score: 1

      Yeah, I actually knew that standards were more popular in Europe, I didn't know why however, but I do recall that in some (most?) EU countries it is more difficult and expensive to obtain your general license than the states. Here, if you have a pulse, you can pretty much drive a car.
      Interestingly enough, that is very similar to N. American CDL* licensing where everyone learns a stick unless physical disabilities prevent it. Of course if you fall into the latter category, there are very few transporters who run automatic transmission fleets, so Owner Operator is generally the best way to go if you can't physically drive a stick. (I train CDL drivers).

      *CDL = Commercial Drivers License

      --
      Donald Trump, on a crusade to make Nixon look respectable
    23. Re:High speed car chase on "Cops" by jawtheshark · · Score: 1

      Yes, most countries make it hard and expensive to get a license. It gets expensive quick if you flunk a few times, and since there is a theoretical part and a practical part you can flunk on both... Most people I know have flunked either one at least once. I know, I did...

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    24. Re:High speed car chase on "Cops" by mjwx · · Score: 1

      >If you dont have your car insured, that's your problem.

      So, if someone steals your stuff, they can just call "no insurance" and it's okay?

      No, it means you dont understand what "its your problem" means.

      If you dont have insurance and your car gets stolen, you're on your own. It's your problem to deal with.

      Whether you get theft insurance is your choice, I choose to because I'm smart enough to know that thieves are out there. Besides this, high speed chases almost always bring cars back as burnt out, crushed shells. So again, if you've got no insurance you're pretty much stuffed.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    25. Re:High speed car chase on "Cops" by mjwx · · Score: 1

      Ahh the old Europe is superior to US because they drive stick argument. I love it when people become overly proud of a talent that pretty much anyone can learn in a few hours at a Walmart parking lot.

      Amazing that most Americans lack this "talent pretty much anyone can learn in a few hours at a Walmart parking lot" given it's so simple to aquire.

      Manual (stick) drivers are better because they are proactive, rather than reactive. Automatic drivers wait for the car to do something, then react. This translates into other disciplines necessary for driving such as hazard detection and risk avoidance, they wait for the hazard to become a risk, then try to mitigate it. Manual drivers on the other hand constantly have to think 5 seconds ahead of what the car is doing, so they see hazards earlier and mitigate potential risks earlier.

      Beyond this, manuals are just more fun to drive.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  11. Chevy Nova by Anonymous Coward · · Score: 0

    I would not feel secure in this car.

    And of course, no one will ever read this.

    1. Re:Chevy Nova by Anonymous Coward · · Score: 0

      And of course, no one will ever read this.

      You're absolutely correct.

  12. Opinion from industry insider by nhtshot · · Score: 5, Interesting

    I work in the automotive after market (ECU tuning). I can actually back up what they're saying. Even if they did come by it via speculation, they're actually pretty much dead on.

    That is primarily because the german cars use what we call a "Can Gateway" but is better of though as a firewall. Every different system in the car has it's own private canbus. Anything that needs to travel between the busses has to go through the gateway. In the case of VW/Audi vehicles, it's locked down quite well. It knows what packets belong on what bus and only allows a very limited subset of properly formatted and required packets to pass between those busses.

    Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).

    Doing those things requires access to the can wires, but the bus is used for so much now-a-days, there's always plenty of places to access it. Many of them without requiring keys or an open hood.

    1. Re:Opinion from industry insider by w_dragon · · Score: 1

      Does nobody do signing or encryption of signals to control systems? Having had issues with VW's electrical systems in the past I wouldn't blindly consider a more complicated setup to be a benefit from them.

    2. Re:Opinion from industry insider by nhtshot · · Score: 5, Informative

      "Does nobody do signing or encryption of signals to control systems"

      VW/Audi does. The newest generation use 2048bit RSA signatures for everything. The previous generation used 1024, which is still pretty much unfactorable for a reasonable price.

      But, they can't use encryption of any consequence or signing on the bus. It's all real time and needs to be that way. Would you want your airbag to wait to deploy until it had verified even a 512bit signature on the "oh crap we've been in an accident" message?

      Same thing with ABS.

      The only real place they can use that (and they DO use it here) is for starting. When you're starting a car, there is no imminent danger. In VW/Audi, they have the "immobilizer" system. It uses RSA again. The instrument cluster, ECU and each key have a coded serial number. Each devices holds a hashed/signed copy of the serial numbers of the other 2 and the VIN. If the 3 don't all agree, the car won't start.

      There are some ways around the system, but they require opening the ECU and various other things that are quite time consuming and very obvious. Nobody has (to the best of my knowledge) beaten the immobilizer system via methods that don't require a grinder.

    3. Re:Opinion from industry insider by plover · · Score: 1

      I figured as much. So since you're deep into the electronics, I have a question about my Ford that perhaps you can answer. Is the CAN bus extended out to the side mirrors that are filled with electronics, such as lighting, heaters, motors, and blind spot indicators? (My Taurus has all of the above.) Or is the bus terminated inside the panel of the door, and dedicated wires run to the various mirror assembly components? I've often thought that a thief who wouldn't mind trashing the passenger side mirror could access the CAN bus and unlock the doors.

      --
      John
    4. Re:Opinion from industry insider by nhtshot · · Score: 4, Interesting

      I don't work with Fords, so I can't answer your question specifically. In general, the trend in cars is to have fewer controllers and devices on the bus controlling more and more things. In the VW/Audi world, all of the "body control" stuff is handled by a single module under the dash.

      At the same time, many of those modules and the wires between them are accessible easily under the hood. I can reach under a VW, remove a plastic underbody panel and get to the powertrain (most important) canbus without opening the hood. I'd come up greasy, but I could certainly do it from under the car. With a little practice, I could probably do it in under a minute.

      In the VW case though, that wouldn't do any good. I couldn't start the car or unlock the doors (door locks aren't on the powertrain can and the gateway won't pass through a door unlock message originating on powertrain). I could monitor their engine/transmission/ABS though and could turn off the car, change the gears or set/adjust the cruise control once the engine was running. I might even be able to trick the ABS into thinking the car is skidding and get it to lock up the brakes (I haven't played with ABS controllers much, so I'm not 100% certain of this one),

    5. Re:Opinion from industry insider by sinij · · Score: 1

      I don't think it is possible, most of 'mission-critical' systems have to be real-time where response measured in milliseconds. There isn't enough time to preform any kind of authenticity or non-repudiation checks. What possible is properly isolating internal CANbus.

    6. Re:Opinion from industry insider by 0123456 · · Score: 2

      You just need a pre-negotiated shared key. AES encryption is pretty fast.

      However, you still probably don't want to do it, because, if the encryption somehow gets screwed up, your ABS brakes will reject the readings from the brake sensors and cause you to crash when you lock the wheels. There are potential safety issues on both sides.

    7. Re:Opinion from industry insider by drinkypoo · · Score: 1

      In the VW/Audi world, all of the "body control" stuff is handled by a single module under the dash.

      Central locking is still its own module, isn't it? It certainly is in my 1997 A8. Fords seem to tend to have a BCM which controls doors, windows and lights. In my 1997 A8, lighting is separate from locking.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:Opinion from industry insider by drinkypoo · · Score: 1

      There are some ways around the system, but they require opening the ECU and various other things that are quite time consuming and very obvious. Nobody has (to the best of my knowledge) beaten the immobilizer system via methods that don't require a grinder.

      For a 2014 Audi, that might be true. For a 1997 Audi, you can buy a $100-200 device which will read the key codes from the PCM and program new keys.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    9. Re:Opinion from industry insider by pslytely+psycho · · Score: 1

      " I've often thought that a thief who wouldn't mind trashing the passenger side mirror could access the CAN bus and unlock the doors."

      Heads to Hollywood script in hand for "Gone in sixty seconds...the mirror jackers....."

      --
      Donald Trump, on a crusade to make Nixon look respectable
    10. Re:Opinion from industry insider by sinij · · Score: 1

      Pre-negotiated shared key is very hard to do right, due to the need to perform secure key injection AND trust unverified third parties (e.g. independent mechanics). You also have to worry about have non-static configuration (e.g. what happens when your independent mechanic changes a sensor, how do you authenticate it?).

      About the only implementation I can think of is to have car run its own Trust Authority, with owner and not manufacturer (yeah, right) controlling it. This way adding new sensor will be a question of typing in the owner's password. Unfortunately, most people will leave everything default and not care about security implications, leaving such security measures largely ineffective. So we are back to "air gap it" solution.

    11. Re:Opinion from industry insider by jandrese · · Score: 1

      I have to imagine that things have changed at least a little bit in 17 years.

      I appreciate the theft deterrence aspect of this, but I wonder what it does to the third party parts market. For the key and immobilizer that's fine, but when every single part on the car needs a specific code that is baked into the ECU then repairs start to get tricky.

      --

      I read the internet for the articles.
    12. Re:Opinion from industry insider by jandrese · · Score: 1

      You don't have to pre-place keys everywhere in the car. You just need all of the asymmetric key exchange to happen when you turn the key. If it takes 50 ms then so be it. Hopefully nobody gets in a high speed collision 45ms after starting their car. After that each component will have negotiated a symmetric key that they can use for the rest of the communication. You can decode a 256bit AES key in a couple of microseconds on even cheap microcontrollers these days.

      --

      I read the internet for the articles.
    13. Re:Opinion from industry insider by Anonymous Coward · · Score: 0

      Nobody has (to the best of my knowledge) beaten the immobilizer system via methods that don't require a grinder.

      So all I need is a sub sandwich from New England to crack the ECU? Cool.

  13. Honda Accord "most secure" by Anonymous Coward · · Score: 0

    Haha oh wow

  14. all defeated by a 1980's lada by Anonymous Coward · · Score: 0

    That baby was secure, bluetooth to hack, no gps, phone, no radio

    It's greatest security flaw was created by users not buying a quality pad lock to secure its doors

  15. Whew! by 93+Escort+Wagon · · Score: 1

    Next time the brakes fail on my 93 Ford Escort Wagon, I'll rest easy in the knowledge that it was a simple mechanical failure and not hacked!

    --
    #DeleteChrome
  16. so by Anonymous Coward · · Score: 0

    i wonder how the Mercedes C250 Coupé stacked up.

    1. Re: so by Anonymous Coward · · Score: 0

      Michael Hastings

      Mere hours before the fiery car crash that took his life, journalist Michael Hastings sent an email to friends and colleagues urging them to get legal counsel if they were approached by federal authorities.

      âoeHey [redacted] the Feds are interviewing my 'close friends and associates,'" read the message dated June 17 at 12:56 p.m. from Hastings to editors at the website BuzzFeed, where he worked.

      ADVERTISEMENT
      "Perhaps if the authorities arrive 'BuzzFeed GQ', er HQ, may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues.â

      Fifteen hours later, in the early morning of June 18, Hastings was driving a Mercedes C250 at a high speed when he lost control in Los Angelesâ(TM) Hancock Park neighborhood, causing the car to fishtail and crash into a palm tree. The impact caused the car to burst into flames, trapping the 33-year-old inside.

  17. My old 75 Ford pickup, no so computer hackable by Anonymous Coward · · Score: 0

    I guess I am safe with my old pickup. No one has hacked in to that old pair of teeth in the glovebox yet. (I wonder what was in there that made them turn blue?

    1. Re:My old 75 Ford pickup, no so computer hackable by sinij · · Score: 1

      Not a problem, they just keep crashing runaway Piruses into your pickup truck. Sure, it may take more than one.

    2. Re:My old 75 Ford pickup, no so computer hackable by schlachter · · Score: 1

      safe? no. hack proof? yes.

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
    3. Re: My old 75 Ford pickup, no so computer hackable by Anonymous Coward · · Score: 0

      Any truck with a frame and a reasonably modern cab is going to be fairly safe in comparison to a modern unibody vehicle, even with the crumple zones and modern safety features. Many of the modern safety features are to make up for the more lightweight flimsy body design.

    4. Re: My old 75 Ford pickup, no so computer hackable by sinij · · Score: 1

      This is actually false, frame is less robust design as far as car crashes go. The only reason it might do better in a crash is because frame of a truck would sit higher than bumper of a passenger car, and truck would have more mass. Take two comparable cars, one with a frame and another with unibody and crash them into eachother - people in the frame-design car design would likely horribly die while unibody would walk away with minor bruises. Crumple zones, force dissipation into entire unibody, and rigid cage are just THAT GOOD at protecting passengers.

  18. Too much bullshit by ArchieBunker · · Score: 3, Interesting

    I bought a 99 Volvo S80 and it has the fancy auto dimming rear view mirror. The car was used so of course expensive mirror no longer dims. You can't even swap out a junked mirror because of the address bullshit. You have to keep the circuitry from your mirror and swap only the mirror itself. Otherwise you need the dealer software to reprogram the main computer.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:Too much bullshit by usuallylost · · Score: 1

      Check around my guess is you can get software online that will let you let you reprogram the computer. I used to own an Audi. On some versions of my car you could hold the unlock button on the fob for some number of seconds and it would roll all the windows down. Holding the lock button would roll them all back up. They wouldn’t enable it on my car because it wasn’t a feature on my model. Come to find out that my car supported it but that they had simply programed the computer not to do it. A friend of mine, also an Audi owner at the time, bought a $20 cable that came with a software package that gave you complete access to the computer on the car. We were able to change any parameter that the dealer could change. In my case the only parameter I changed was changing the feature for opening and closing the windows from the key fob from off to on.

      The same package also let you access all the error codes that the system logged and had a handy database that told you what they all meant. Which was a great help in figuring out problems with the car.

    2. Re:Too much bullshit by frinkster · · Score: 1

      I bought a 99 Volvo S80 and it has the fancy auto dimming rear view mirror. The car was used so of course expensive mirror no longer dims. You can't even swap out a junked mirror because of the address bullshit. You have to keep the circuitry from your mirror and swap only the mirror itself. Otherwise you need the dealer software to reprogram the main computer.

      Did you bother asking the dealership what the cost to reprogram was? It might have been very inexpensive or even free.

      My local Volvo dealership plugs the cars into the computer and runs diagnostics and software updates as a matter of course (no charge) any time you bring the car in for service. Their labor rates are competitive with independent mechanics and they offer a free shuttle to/from work, so I just have my maintenance done there. They clearly want repeat customers (they need repeat customers) and in my opinion are doing quite well at it. I've had a number of German and Japanese cars and prefer the Volvo approach. I'm not interested in fancy drinks in the fancy waiting room - A) I take my coffee black, thank you very much, and B) don't really want to spend my free time in a waiting room.

  19. They are by ArchieBunker · · Score: 2

    The brakes are controllable on cars with collision avoidance.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  20. Oh, great... by Anonymous Coward · · Score: 0

    In a sense, the car is becoming a large mobile device, according to Morrison and others.

    So now when your car crashes you'll experience a Red Screen of Death.

  21. Re:You're in a maze of twisty articles, all alike. by Anonymous Coward · · Score: 0

    They probably figured that the hit count was low because it was a Saturday submission, so figured they would get better traction today. Little did they know it was because it's really because there is not much to discuss and/or people just don't care...

  22. They did not hack it by jeff-nelson3388 · · Score: 2

    I can't understand it either. If they are accusing so many car makes of having vulnerabilities, they should have been able to get access to at least one to formulate an actual attack. If everything on the same network was considered vulnerable by default - the Internet would be vulnerable.

    --
    @_jeff_nelson +jeffnelsonjeffnelson
  23. my beloved jeep wrangler by shadowrat · · Score: 3, Funny

    I guess the wrangler didn't make the list, but it can hardly count as hacking when the hood doesn't even lock closed.

  24. well by Anonymous Coward · · Score: 0

    we'd have to ask Mr. Hastings..

  25. didn't physically test the vehicles in question by fustakrakich · · Score: 1

    Well, we all like to whack off, don't we? Oh, I'm sorry, what was the question? Do our little automakers need some more free press? If the damn computer is more reliable than good old mechanics, then stick with the black boxes and hope for the best. We're just rolling the dice (get it?) anyway.

    --
    “He’s not deformed, he’s just drunk!”
  26. Least secure by Anonymous Coward · · Score: 0

    Try leaving your car parked in Queens with the window down.

  27. But but but but the whole POINT ... by Ungrounded+Lightning · · Score: 1

    .. german cars use what we call a "Can Gateway" but is better of though as a firewall. Every different system in the car has it's own private canbus. Anything that needs to travel between the busses has to go through the gateway.

    A separate CAN(N)BUS for each system? But the original POINT of the bus was to replace the expensive, custom, wiring harness - a bundle of special-purpose wires as thick as your wrist - with a power line and a pair of signal wires. One big party line with everything talking on it. Now you're bringing back the harness AND adding an extra box.

    (The above is only half facetious.)

    Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).

    Which, of course, is the downside of the system.

    An alternative to restoring the bundle is for each user of the "big party line" to "recognize the voice" of those who can give it instructions - and have a list of what instructions each can give it. I won't go into details, but there is ample room for design here. An interloper would be reduced to trying to "mimic the voice" of a talker with enough authority to command the action, or DOSing by "shouting over" legitimate commands.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:But but but but the whole POINT ... by soccerisgod · · Score: 1

      An alternative to restoring the bundle is for each user of the "big party line" to "recognize the voice" of those who can give it instructions - and have a list of what instructions each can give it. I won't go into details, but there is ample room for design here. An interloper would be reduced to trying to "mimic the voice" of a talker with enough authority to command the action, or DOSing by "shouting over" legitimate commands.

      Not with CAN. CAN has no concept of a sender address. It is thus impossible to determine where a CAN telegram originated.

      --
      If a train station is a place where a train stops, what's a workstation?
    2. Re:But but but but the whole POINT ... by jandrese · · Score: 2

      Not with the protocol itself (because you couldn't trust it anyway), but you could implement crypto on top of the bus to avoid that problem. Everybody signs the messages and only accepts messages from approved sources who have signed their messages correctly.

      --

      I read the internet for the articles.
  28. Rare cars by Anonymous Coward · · Score: 0

    It is great that we now know some very rare cars are either very hackable or hard to hack, but do they also have results for some more common cars?

    1. Re:Rare cars by pslytely+psycho · · Score: 1

      Well, if high end cars are vulnerable, I doubt that the security in lower end cars is better.

      --
      Donald Trump, on a crusade to make Nixon look respectable
  29. OOPs, forgot the link....... by pslytely+psycho · · Score: 1

    http://www.huffingtonpost.com/2014/06/25/teens-steel-car-cant-drive-stick_n_5530996.html

    I know, I. R. A. Idiot.....

    --
    Donald Trump, on a crusade to make Nixon look respectable
  30. OEM by Indes · · Score: 3, Interesting

    I work at an OEM... I know for a fact The Dodge Viper and the Jeep Cherokee share the same line-up of head units and the CAN architecture is identical.

      How are they both the most and least secure?

      (Also, the Radio can't talk to the brakes, as much as they'd like you to think - I'd know, because I wrote the code for the interface that talks on the CAN network.)

  31. Officer by Anonymous Coward · · Score: 0

    NO I didn't rob the bank, the car did!

  32. Radio by phorm · · Score: 1

    Well if the radio/stereo was hooked in, how about hacking by overpowering the source signal and broadcasting some nasty parameters to take advantage of an exploit...?