Slashdot Mirror
Car Hacking is 'Distressingly Easy'
Bruce66423 points out a piece from the Economist trying to rally support for pressuring legislators and auto manufacturers to step up security efforts on modern, computer-controlled cars. They say,
Taking control remotely of modern cars, for instance, has become distressingly easy for hackers, given the proliferation of wireless-connected processors now used to run everything from keyless entry and engine ignition to brakes, steering, tyre pressure, throttle setting, transmission and anti-collision systems. Today's vehicles have anything from 20 to 100 electronic control units (ECUs) managing their various electro-mechanical systems. ... The problem confronting carmakers everywhere is that, as they add ever more ECUs to their vehicles, to provide more features and convenience for motorists, they unwittingly expand the "attack surface" of their on-board systems. In security terms, this attack surface—the exposure a system presents in terms of its reachable and exploitable vulnerabilities—determines the ease, or otherwise, with which hackers can take control of a system. ... There is no such thing as absolute security. [E]ven firms like Microsoft and Google have been unable to make a web browser that cannot go a few months without needing some critical security patch. Cars are no different.
http://frankgerlach.d-n-s.name/Ansaetze.html
Yes, please fix all the easy bugs. But that does not mean *all* the security bugs have not been fixed. Get rid of excessive software in cars. We don't need wi-fi, remote unlocking or push-button start or any of that other unnecessary nonsense.
That's what I do, I have a 1998 car which I intend to keep for the rest of my life.
It still has some electronics (ECU, ABS), but nothing upgradable without going under the bonnet and actually removing the computers to reprogram them. And obviously nothing wireless (well, the radio, but it's strictly one way and independent from the rest of the car).
Rust, Swift, Sappeur, Vala - they must also be used in the car industry. Instead of C. Look at the CVE database - 50% of exploits are solely due to the cowboy style of C (lack of memory safety).
Or just roll over and concede that electronics are too dangerous.
When I see real reports, rather than scaremongering, I'll pay attention.
The vulns may be real, but most require physical access to the vehicle.
The real question to me is. Do these cars really need all this shit? How about a car that just takes me where I am going, don't really need it to babysit , entertain of second guess me.
Why should a hack of the navigation or audio system allow access to the braking system? Why hasn't the DOT mandated an air gap between critical vehicle operation systems(braking, acceleration, ignition, steering, transmission, etc) and all others.
I can confirm how fuck-all simple it is to rig an RTLSDR dongle assembly with a 9-volt battery and a small breadboard to intercept & jam an incoming signal from the actual fob. After the dongle knows the frequency, it is now synced to the proper frequency range and "channels" to cycle through while the legit fob is now "out of sync" since the next time the fob sends a signal it won't be the right one needed to trigger whatever it was supposed to do. Eventually the legit fob will come around to the right signal needed but its hard to say how many times the owner would need to keep hitting the button. All that occurs in the 300 mHz range I think. I'm sure any of the other higher systems' signals are probably in the gHz WiFi range but that would just require the proper antenna since a software defined radio has a wide range and can be calibrated very precisely as to not bleed over the plan's spectral mask delineations.
The real question to me is. Do these cars really need all this shit?
So long as there is consumer demand the answer is yes.
How about a car that just takes me where I am going, don't really need it to babysit , entertain of second guess me.
Those are available if you want them. Not hard to find relatively bare bones vehicles if you bother to look. For people who want something a little more sophisticated there are extra options available. Personally I LIKE having a screen in my car with GPS. I like having satellite radio, remote entry, heated seats, AC and USB power, backup camera, etc and I'm willing to pay a bit extra for them. Personal preference and your mileage may (literally) vary.
Personally, I want a hackable car. What I do not want is a /remotely/ hackable car.
I want a vehicle where I, as the owner, can access all its bits-n-bobs - even the digital ones - to tune it as I desire. I do not want a car whose computers are so saddled down with "security" that the only ones who can access its electronic brains are "authorized" technicians who have paid tens of thousands of dollars for the appropriate software and hardware. Too often I see "security" being used by automobile manufacturers as an excuse to lock out the owners (or even ordinary mechanics) from modifying - or even diagnosing - the vehicle without first tithing to the manufacturer for the privilege.
Of course, only I as owner (or any I authorize) should be allowed to adjust my car in this way; obviously, I do not want any nefarious parties to alter my car's settings - especially not while I am driving! But while this is something the designers and manufacturers need to keep in mind, so far I am unaware of /any/ successful attempt to "hack" a moving car. Of course, if a nefarious individual gets access to the OBDII port on my car, there's no end to the damage he could do, but no computer (or car! think "cutting the brake lines") is safe if somebody has physical access to it.
So forgive me if I interpret these worried cries about how my car might be "hacked" less as an earnest warning about my vehicle's vulnerability to malicious actors and more as another attempt by the manufacturer to gouge the owner out of even more money just so he can continue to tinker with his own property.
There have been public demonstrations, some televised, of certain models of modern car that allow you to change things like timings and injection sequences, via OBD, over Blueooth, using default passcodes.
I'm sure they're all patched now. Of course. No more will that ever happen again.
There's also been demos of being able to DoS certain buses in the car remotely and wirelessly, preventing everything from in-car entertainment to immobilisers from working, etc. using similar techniques.
These things are all out there. Go look. And that's just OBD. God knows what happens when you start tying in Wifi into the car speakers, joining that to the satnav for Internet updates, joining those to the car etc.
You can see cars on the market today, not even particularly unusual or modern ones, that pull in OBD information into the electronic dashboard which also doubles as a music interface and a satnav and a fuel gauge and a Bluetooth phone interface and everything else. It's not at all hard to imagine that such things haven't covered every single possible hole where information from one can leak to another.
And anything OBD-writing is potentially dangerous. As in "blow up your engine" dangerous. Most older OBD systems are nothing more than read-only technical data. Newer ones do more to allow flashing, firmware updates, and even modification of settings that control emission levels (e.g. fuel injectors, exhaust re-introduction pumps, etc.). Add that together and you have one big mess waiting to happen.
There's a reason that you don't buy mod-chips for your engine nowadays that you can swap out to pass emissions test and then swap back to get the "sports performance" of your car. Because they don't need to swap the chips physically any more.
"hacking" is one of those scare words, hijacked and stripped of all former meaning, that don't mean anything but do imply some sort of godlike semblance for the unnamed, unknowable, "hacker" cyber bogeymen doing whatever it is they're doing.
So it cannot possibly be "distressingly easy".
And for when you say "Links or it never happened":
http://www.forbes.com/sites/an...
Or just Google OBD hacks.
convenience is the reason there is so much trouble.
"If any question why we died, Tell them because our fathers lied."
So the problem is not that "it is not hard to find a bare bones vehicle" but that I can't find the model I want with limited electronics: I want xenon lights, "oh, well, that comes with the comfort package that also comes with lane departure and blind spot alarms and remote start".
So put the xenon lights on yourself if that is important to you. Nothing wrong with modifying your car to suit. I've never owned a car that I haven't added at least one aftermarket feature. I've done plenty of it myself. It's possible to find almost any modification you could possibly want if you are willing to look hard enough and/or spend enough money on it.
All you need are a couple pistons fitted into a block, so that you can run some fuel to the pistons, to turn a shaft, which spins your transmission, which then turns the wheels. I manage just fine with two wheels, and a set of handlebars, powered by an engine produce back in 1982. No automagic turn signal canceling, no power windows, no air conditioning, no heater - although I am somewhat of a sissy, in that I insist on a windshield.
Cars. I want very little more in a car than I have on my motorcycle. I don't WANT the damned car to do tricks. If I really want any tricks out of the car, I'll invest a few thousands under the hood, and in the transmission. Thank you very much - just a simple engine, tranny, and some wheels will be enough.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Requiring car manufacturers to "own" all of the possible software defects for the life of a car means that manufacturers will have to put a limited life on some of these systems. Otherwise each car they make will have a potentially infinite cost. "You want anti-lock brakes after 5 years? Here's the maintenance fee... and you can expect that to rise by 10% per year."
the growth in cynicism and rebellion has not been without cause
I have worked infosec for about 16 years now. There's plenty of validity to these vulnerabilities, but you have to understand what impact enhanced controls will have on the consumer. You are marching your freedom to service your own vehicle down the path of no return. What you'll end up with is devices that will only communicate with interfaces that have signed certificates. You are enabling exclusivity. Say goodbye to being able to buy your own diagnostic tools.
Yes, for always on technology there is a risk of some threat coming at you that messes with your car. The real focus here should be security groups and consumer advocacy groups trying to PREVENT these technologies from being integrated into cars without some sort of user manual override, or protection model where unsafe parameters cannot be configured remotely. There is truth to all of this, but there is a strong air of FUD surrounding it that just needs to stop.
Yes, these have been on Slashdot before. And as said before, the big scaremongering jump is that while there are several well publicized examples of people hacking or DoSing buses by connecting a cable to the interface, demonstrations of remotely doing so wirelessly is much more scarce.
Yes, you can do a lot through the OBD. So what? If you have access to the OBD, you also have access to roll under the car and cut the brake line or pop open the hood and tamper with the engine that way.
There will come a day when some clown, nut, terrorist, whatever will stand on a bridge over a highway and push a button on his remote. And all cars will speed up and turn left. When there is no left turn. Computerizing creature comforts in a car makes sense. Computerizing, engine, brakes and things that can kill you... well, what are they thinking?
Wuddooeyeno? IITYWYBMAD? Like nuts? eclecticallyincorrect.com
I think Automakers should really, REALLY expand their configurators to include all the gritty details of electronics - for advanced buyers.
I don' t think you appreciate the cost of doing that. Every option and component you add to a car adds non-trivial cost and complexity to the vehicle. There is no real economic case to be made (currently) for vehicle manufacturers to do this. The added cost of production, development and support and the added customer confusion would hugely outweigh any economic benefit. They also have to be supported for decades afterwards. Do you really want the same bluetooth system 15 years from now? Probably not. The GPS in my truck (2009 model year) was developed around 2004 and it shows. It wasn't even state of the art back then and it is really starting to show its age now.
Being able to say "I don't want bluetooth-based this on my car" would totally be awesome.
Oh well, wishful thinking.
It would be awesome but it very much is wishful thinking. They may get there one day but it won't be anytime soon. I actually run a company that supplies wire harnesses to the auto industry. They are absolutely NOT equipped to offer that sort of granular level of options even if they wanted to. There would have to be considerable standardization and a lot of supply chain development before it would be even technically feasible. Plus remember that options are by definition not on every vehicle so they have to be sold at substantial markups - the smaller the volume the bigger the markup.
I want very little more in a car than I have on my motorcycle.
And I want quite a lot more in a car than you have on your motorcycle. Doesn't mean either of us is right or wrong but I think there are more of people like me than there are of people like you. I want a car with a quiet interior, satellite radio, heated seats, a GPS, etc. I drive rather a lot and want a car that allows me to do so with reasonable comfort. You clearly don't live where I do if you actually want a car with no heat and no AC. I've driven cars like that and you can keep them if you actually like sitting on a block of ice in December or baking in July.
> There have been public demonstrations, some televised, of certain models of modern car that allow you to change things like timings and injection sequences, via OBD, over Blueooth, using default passcodes.
What car has Blutooth OBD without having to have physical access to the car to attach a bluetooth dongle to the OBD port?
Your hair look like poop, Bob! - Wanker.
put a switch to disable the external access to the guts of the car.
switch off:
no on-star access, no wifi, no bluetooth, no web browser, etc.
Or maybe a switch to disable s/w updates
A segfault is actually a NICE THING from a security point of view. It is much more serious if a cyber warrior can sneek into your system, plant a few tank busting mines and then disappear traceless.
An immediate segfault in the "Communications ECU" is much better than said cyber warrior sneaking in and fucking with the ESP/ABS system.
Or a segfault in the radar distance system's ECU: That will turn on a red light instead of giving the enemy warrior the opportunity to also attack your brake system. Note that the radar signal ITSELF might be used for inserting the malware.
Can you say "wireless murder" ?
That is exactly what OBD was designed for. You certainly need to physically protect the interior of your car, where the OBD port resides. You also need to protect the brakes from manipulation.
Also, I know that many ECUs now require cryptographically signed code to accept update flashing.
If a car can be hacked or damaged by any remote control* in a way that the driver doesn't accept as inherent in the design of the car, then it is fundamentally broken:
* Car locks/remote engine/start/etc. should not be remote-controllable, but like any radio they are inherently subject to a jamming-based denial-of-service attack.
* Safety systems that detect nearby objects, lane striping, etc., suffer the inherent risk that they can be both blinded/jammed and that they can be fooled into thinking there is a nearby object or lane-marking when there is not. But they should not be subject to "command and control" signals from outside the car.
* OnStar and other systems that are designed to allow limited remote access to the car present an inherent attack vector, especially if they are designed to take over a car without giving the driver a veto.
*For clarity: I'm talking remote-locks, remote-start, or using RF to talk to the car's computers. I'm not talking high-energy weapons or anything that confuses/damages the driver like a laser pointer to his eyes.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You have an industry that deals with system and buses that were never designed to be secure. Simply because not only was it never intended to be "user enhance-able", it was never intended to be accessible without being, you know, INSIDE the car. Where you would first of all need a key to get in.
But then marketing came along... need I say more?
Security and convenience are diametrically opposed. There are very, very few things you could possibly think of that improve both, but a load of thing where raising either damages the other one.
And in the battle between convenience and security, convenience wins. Always. Especially in the consumer market. Because the nifty little gadget is something you can show off. But that your car can't be hacked ain't something that will impress the neighbor. Well, if that neighbor ain't me, that is... cue dialogue I had recently
"Look, new car!" ... yeah..."
"Erh.. yeah (meh)"
"And look, I needn't open it, I just walk to it and it opens"
"Car key in your pocket?"
"Yeah!"
"And you're transmitting your key to your car"
"Yeah!"
"Aaaaand... constantly while you're walking around."
"Uh.... well,
"Whew. Glad mine doesn't inform anyone and everyone what key I use wherever I go. Someone bad might listen..."
Oddly that was the last time he wanted to brag with his new car... anyway.
People don't understand security. So it's no selling point. And not having it also ain't no reason that would keep people from buying. At least 'til the first cars get stolen and the insurance refuses payment 'cause there are no signs of unlawful entering or manipulation. Only then someone might come up with a demonstration and then the injured can get into a lengthy legal battle with the insurance company and the car company... and only THEN, when people get sensitized to it because they can actually FEEL that they'll be troubled by it, only then they'll consider security an issue. And only then car makers will take it into consideration.
In other words, nothing to see here, kid just needs to touch the hot stove, only then we'll see them cry and learn. If anything, take it as proof that the average idiot out there ain't smarter than a 3 year old.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Oh, the car-without-a-dashboard-because-it-has-been-so-hacked-on hack, whereby the brakes were partially disabled with a computer and various vehicular things were controlled by someone other than the driver.
Any tool with a toolkit can do that to any car. The only "OMG!" in that article (which I did read, over a year ago when it was published) is that it happened with a Macbook.
A smarter tool can can do the partially-disabled brakes trick on any ABS-equipped vehicle using a 555 timer and a toggle switch, especially if they get to deconstruct the car first.
Give me a proper fucking citation about OBD hacks over publicly-accessible Bluetooth, as you claim to be so prevalent, or sit down at the back of the class.
Go ahead and Google it. Let me know what you find.
Thanks!
Kid-proof tablet..
They could simply throw in a unidirectional serial link over an opto-coupler to get all information from the engine systems. This is how you interface a PC to industrial-grade multimeters. Provides enough isolation to let you poke the probes into equipment with up to 1000V. Simple, cheap and readily available.
My guess is that there is nothing technical preventing separation but rather economical or time constraints because security was an afterthought. Or it never was considered in the first place, seeing how well designed and secure the average keyless entry system appears to be.
The submission should probably have said 'interconnected' instead. Integrating the separate buses into a common data bus does save the weight of the numerous cables, using wireless to connect the control processors, on the other hand, would be something new.
Even the writers for Battlestar Galactica new that interconnected systems leads to catastrophe.
The wireless access being put in without much care for the sake of ease of use the main issue, not that cars ECU's can be modified.
The performance tuning community depends on being able to do ECU modifications to bump up performance.
The debate about ECU security is actually about encrypting or otherwise hindering the ability of car owners to modify their tune. Locking down the ECU is relatively easy; the farm tractor manufacturers already use encryption and keys and will void a warranty if their ECU's are modified. This created an increase in demand for older farm equipment that could be modified.
This issue boils down to freedom to own and do what you will with what you own verses licence-ship and having to accept something with use limitation.
From your linked article, and I quote:
a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake
No remote attack exists. All demonstrated attacks require physical access to, at a minimum, plug something into the OBD-II port. No remote or wireless attacks have yet been found or demonstrated.
Why the fuck do our cars need to be connected to the internet of things. Cars work when they have the least amount of electrical components hooked to them. Carburetors were great and easy to troubleshoot, fix and rebuild. Then came fuel injections and those pesky injectors cost big bucks to replace sometimes more than the car is worth and all the new ones are computer controlled. Now all our cars have black boxes in them and when I go to the emissions station to get cerified they hook to the box and it rats me out. (Of course I clear out the info about 2 weeks before I go and run around a bit ) All of hat has been followed up by our vehicles that are on the internet Onstar and the like. guess what folds A Holes all over the world are taking notice and car jacking has just gotten much easier. Hell I don't even have to tamper with the brakes if I want to kill someone all I have to do is notice when they drive away hack in notice were they are and when they power through a curve I can add a little more juice and kill the brakes then let nature takes it course. So this all begs the question? Why. We don't we divorce our vehicle's operations from communications ability, ie a firewall? Is any of really needed. I personally don't drive all that much. I work from home. I have a 99 Dodge pickup truck and 2 Harley's we really need to reevaluate where we are going with all this...
Paul E. Bahre