Slashdot Mirror
Remote Exploit On a Production Chrysler To Be Presented At BlackHat
Matt_Bennett writes: A scary remote exploit is going to be published that enables someone connected to the the same wireless (mobile data) network
to take over many [automobile] systems, including braking. This is an exploit in Chrysler's Uconnect system. Charlie Miller and Chris Valasek also demonstrated exploits in 2013 that could be done via a direct connection to the system, but this is vastly expanded in scope. The pair convinced Wired writer Andy Greenberg to drive around near St. Louis while they picked apart the car's systems from 10 miles away, killing the radio controls before moving on to things like the transmission.
As I felt with their first video, these "security researchers" play with the steering on a car moving 40mph on a public road. Now they've gone and done this. Playing with the driving controls on a 2 ton vehicle moving at 70 mph on a busy road.
In this video they said "it wouldn't be anything life threatening" which shows that they don't have a clear view of reality in the situation. A seat belt won't
you have a 70mph head on collision with a semi. The driver wasn't informed beforehand that he could bail out of the test by restarting the car, they waiting
until he was panicing to try to tell him that.
What if they made a mistake and turned the car into oncoming traffic? What if their computers were remotely controlled?
Is the situation with car's vulnerabilities serious? Yes of course.
Will this video help to drive home the problem to the public? Maybe, but probably not.
Should they have done this demo on a public road? Absolutely not.
Bottom line, when you are doing a test where there is physical risk, you need to be in control of the environment and not putting the public in harms way.
This isn't your home computer and your email account. This is real life.
Who's all getting fired at Chrysler for this? Right now I mean, eventually everyone when Chrysler inevitably goes under for being the worst car company standing.
Now if they could only shut off the blue smoke that I see coming out of most Chrysler tailpipes...
People still buy that brand?
Bravo gentlemen. The only way this will get the full and due attention of the media and the car companies is by demonstrating life-threatening risk in the UConnect system. If this were a track test, it would be dismissed by the car companies as contrived, and the media would rather talk about Trump. This will now assuredly end up on the front page unless killed by Chrysler via influence peddling. It's time digital security was a real concern when it comes to my family hurtling down the highway at 75mph in what can now be convincingly argued is a very real digital death trap.
Disagree, in fact I'll probably shake their hands at DEFCON (assuming they're there again).
The fact that they demonstrated vulnerabilities and then showed automakers multiple ways how to avoid such things (#1 firewall or separate networks; #2 technology to detect and kill anomalous signals) and STILL the automakers shipped defective product...is the problem.
>> Will this video help to drive home the problem to the public?
No, but I'd expect a few class action lawsuits will get their attention. I've read a few attorneys' periodicals warming up trial lawyers for IoT product liability, and automakers and their big pockets are sure to be some of their first targets (I think I've seen one settlement already happen).
As much as I want to lay the blame for this on it being a Chrysler, now Fiat, product it seems that all auto makers are making a mad rush to have these hyper connected cars. My current car has features I couldn't care less about but is still mostly mechanical linkages and not drive by wire, I'm not sure what I will get when I have to replace it as shortly after it was made the silliness of connected cars started taking off. Maybe I'll just have to get my MG Midget restored before I have to replace my current car and just drive that instead.
Time to offend someone
Uhhhh? Do you somehow think that making a function private in the source code means that it's impossible to jump to that location at runtime? That's really not how it works.
WHICH IS WHY EXPOSING SUCH BUGS NOW IS IMPORTANT, YES!
Do you not see that, despite seeing the potential dangers of this? The Uconnect shit has been around for years now!
I'm not really talking about automakers or the vulnerabilities of cars. I'm only saying that Valasek and Miller were irresponsible security researchers for conducting a dangerous test on public road. This is the kind of thing that will give all security research a bad name or at least bring it under heavy scrutiny.
Disagree, in fact I'll probably shake their hands at DEFCON (assuming they're there again).
The fact that they demonstrated vulnerabilities and then showed automakers multiple ways how to avoid such things (#1 firewall or separate networks; #2 technology to detect and kill anomalous signals) and STILL the automakers shipped defective product...is the problem.
>> Will this video help to drive home the problem to the public?
No, but I'd expect a few class action lawsuits will get their attention. I've read a few attorneys' periodicals warming up trial lawyers for IoT product liability, and automakers and their big pockets are sure to be some of their first targets (I think I've seen one settlement already happen).
I guess you are out of touch with reality, too. You don't need to risk an accident on a highway to prove that your remote control works. The flaws in the system needed to be exposed, but risking a car accident on a highway involving people who didn't consent (aka the truck driver) makes them assholes. That was an unneded stunt. At the moment I fell like I'd like to exploit the hand shake with them and get them into a police grip and bump their head on wall to show them the dangers of shaking hands the safe way.
I point you to Admiral Adama of (Battlestar Gallactica) wise words ... "Do not network the ships computers"
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
>> dangerous test on public road
I'd still rather have them do THIS when the systems aren't too popular than have some random swatter roll a minivan with 5 kids because he mistyped the IP address of the guy who just beat his speedrun. (Where "THIS" is a controlled test.)
i was hoping car accidents in the future would be much more interesting.
Anons need not reply. Questions end with a question mark.
They did not ship a defective unit. The unit was shipped worked fine. The problem was it was exploitable, which is not a defect, it is a lack of foresight.
Any sufficient level of incompetence is indistinguishable from malice.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Doesn't it matter what it takes to make this exploit work? For instance, if you have to physically access the vehicle and do something in order to enable the remote exploit. There is a widely know physical exploit called cutting the brake lines, but manufacturers are in no way responsible for creating hard to access and cut brake lines.
These articles often are vague on the implementation requirements to achieve the exploit. That matters, IMHO.
With that said, standard control architecture practices should keep the key controls like steering, braking, acceleration, etc separate from the data monitoring and other systems, and where you can't separate entirely there are methods to manage that as well.
As I felt with their first video, these "security researchers" play with the steering on a car moving 40mph on a public road. Now they've gone and done this. Playing with the driving controls on a 2 ton vehicle moving at 70 mph on a busy road.
Excellant points. They could have made just as powerful a statement in a safe environment instead of running a test on an open road where they would endanger the driver and others if something went wrong. Expecting someone "not to panic" when they find themselves slowing down with no escape route and a semi on their tail is stupid at best and criminal at worst.
They had the ear of some powerful Senators. You want to get things done? Find a safe place to show what you can do, such as a parking lot where the owner will offer to cordon it off while you run your demonstration. Offer to put one of them in the Jeep with the journalist. Partner with a University that has access to a test track.The got a grant and appear to have the credentials to be taken seriously, use them. A stunt like this could very well result in a backlash and articles condemning them for putting people at risk; rather than focusing on the real issues they bring up.
Frankly, I'm surprised the automakers use the same bus for vehicle control and the entertainment systems that are linked to the internet.It would seem at a minimum it should be air gapped for security and access to the control systems limited to the diagnostic connector. I'm guessing it was cheaper to use 1 bus to carry all the signals with no real thought that someone might exploit the weakness. Oddly enough BMW coders (who change vehicle orders in cars to activate additional features) have apparently been remotely updating the coding for a number of years. Granted, the person doing the update needed information from the owner to do so but the vulnerability would still be there; I say apparently because I have not used a remote coding service but done updates via the OBDC and software myself through a wired connection.
I'm a consultant - I convert gibberish into cash-flow.
Like medical device manufacturers, they seem to be in lala land compared to most fields that use computers when it comes to security. The worst part is that if the federal government mandates security standards, the most likely outcome is that they will likely only target a few bright lines tests and the standards will never keep pace with the evolving threat models.
It also works with foreign cars, as long as they are modern like the Mercedes C250 Coupé
It just goes to show that connected systems aren't ready to take on risky endeavors. Unfortunately, most companies keep including more and more connected things, and I'm sure that FCA isn't alone in being completely unprepared for the lawsuits and drop in sales that will result in not taking security seriously. As with any connected system, if there is a way to communicate out, there is the potential for a way to communicate in. In this case, it's lucky that the flaws were discovered and shared by more benign hackers. Others might be much more malicious, especially when the company was initially dismissive of security flaws.
That's why I prefer to sacrifice the convenience of being connected in order to know that someone else isn't watching me at home or potentially going to take control of something that can kill me. My smartphone is security hole enough, but those games won't play themselves!
But anyone sane on the planet would rather have them sit a car in a large, private, open space and demonstrate that they can control all of the controls without endangering anyone's life, especially people who didn't sign up to have their life endangered and were just driving down a public road.
So you're saying it had a defect (the ability to exploit it), but it wasn't defective?
In general, companies don't tend to know about significant defects when they actually ship the item. That doesn't mean that they're not defects.
It makes them criminals and they should go to jail.
Proof of concept would involve a test car in a safe area.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
"STILL the automakers shipped defective product...is the problem."
Chrysler has been doing this for years. Perfect example is the head-gasket on the Neon. They produced an upgrade repair but NEVER upgraded the product.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Quite possibly the funniest suggestion evAr.
- Dan
The Uconnect system is one buggy piece of software. Most of my interactions with the system is working around bugs. It updates without you knowing about it in the middle of the night over the Satellite system. It is very order dependent on things working correctly (even though running an automobile isn't that order dependent. The fact that there are remote issues doesn't surprise me all that much. I had a day where the tire system when bonkers and was reporting all sorts of surprising things. Then it stopped. I have had the car not start in a particular order. I have accidentally had the car started and instead of turning off, grind the starter. And because it is all software driven, there is nothing to do but wait. It is also tied into the Media system and bluetooth where I have a lot of interactions that just do not seem to work all that well. But I have been well trained on how to get it to work, until the fix a bug or add a new one, and my workflows have to change.
You know, doing it in a real world setting and demonstrating it is a hell of a lot better than continuing to believe the lie these companies have done an adequate job at security.
And, once again, we see that consumer electronics are almost completely incompetent at any semblance of security.
Which is pretty damned unbelievable if you ask me.
In fact, it sounds like some pretty epic incompetence at security, and reaffirms that corporations need to be held to MUCH higher standards of liability with all of their computers, instead of just saying "oops, we didn't know".
Lost at C:>. Found at C.
I don't consider exploits to be defective. Defects require no outside "help"
This would be the same as saying the Twin Towers were defective because the couldn't withstand airplane crashing into it (extreme example).
To me, defective is something that breaks all on its own.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I'm safe. All of my vehicles pre-date Firefox.
No, he is saying it is NOT A DEFECT. The cars are not designed to stop criminal actions. Is it a 'defect' that the windows can be 'exploited' by not being bullet-proof? Is it a defect that the body is not armored? Is it a defect that brake lines can be cut? Is it a defect that the car can be towed away by a criminal?
They aren't vague, it's the defined system by which the car connects to the internet, Uconnect. They accessed that over the internet from 10 miles away and controlled the car. This is no different than them using a buffer overflow exploit to gain remote access to a web server.
It's a perfect example of why encryption back doors are a fools errand. I'm sure it would be nice to stop a criminal who stole your car by turning off the engine...but that opens up the ability to remotely turn off the engine that could be used by anyone gaining the appropriate access. You can't make remote connections 'secure', only levels of security that come with risks.
People in cars cause accidents....accidents in cars cause people
Not an issue, just patch it... It doesn't take that long, nor is it that hard...
On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website that didn’t offer any details or acknowledge Miller and Valasek’s research. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” reads a statement a Chrysler spokesperson sent to WIRED. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”
You can be sure any new vehicles will have the fix too.... Nothing to see here, move along...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
That depends entirely on whether the item was designed to withstand people attacking it.
A bomb shelter is defective if someone drops a bomb on it (at the designed distance and explosive power) and it collapses.
A skyscraper is defective if it was designed to withstand a plane impact and it does not.
A car is defective if it was designed to withstand people trying to hack it, and it doesn't.
A car's design is defective if it was not designed to withstand people trying to hack it.
Straw man. There's no reason these exploits couldn't have been executed in a parking lot (where, in fact, the rest of the test was performed). They would hold the same impact without endangering the public.
This is the same reasons that dangerous medical research is performed in negative room pressure clean-rooms and vehicle safety crash tests are performed in controlled environments and not with vehicles on the interstate. You don't expose uninformed, uninvolved, and non-consenting members of the public when performing dangerous work.
As it was, he stalled out on a bridge in heavy traffic and managed to get to safety. It's not much of a stretch to imagine a worse scenario - there he is in a tight turn in heavy traffic when his vehicle is compromised. Imagine he hits a minivan with 5 kids that then rolls. Now it's not a story of a dedicated journalist and two edgy security researchers - it's a story of murder, or at least manslaughter, and all three are complicit.
Mine has locks.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
And then the jury yawns loudly. By doing the test on the highway, everyone who sees the video can suddenly relate.
Meanwhile, putting it in neutral wasn't THAT dangerous. Cars suddenly quit running on the highway every day and most can't be fixed just by turning it off and then on again.
That is what is known as a design defect.
If they're already driving a Chrysler by choice, I'm pretty sure that there's nothing more you could do to them that will make things any worse.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
A car is defective if it was designed to withstand people trying to hack it, and it doesn't.
I think what he's getting at is that the car wasn't designed to withstand people trying to hack it. i.e. security wasn't even a consideration in the design.
I had looked awhile back at a new corvette and last I heard you could NOT get the fscking OnStar system out of the car....
So, wondering if this is another "feature" that isn't optional....
Why is it so hard to get a car without it being fucking connected to everything? I just want performance, and nice looks...I drive a car, I'm not trying to do a spreadsheet while driving for God's sake.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
The locks are a convenience feature and not actual security.
The best part of this is that because they are exploiting a Chrysler product, even the vulnerabilities will prove to be unreliable
-- Long Time Jeep Wrangler Owner in therapy
A car's design is defective if it was not designed to withstand people trying to hack it.
Why? Just because you said so? Since when it is a manufacturers responsibility to protect against criminal actions involving his product?
You can't quantify the level of risk by losing control of a vehicle, because you don't have the data. Neither do they. But there IS a level of risk by simply being on a public road with other cars, and that risk DOES rise with distractions, let alone malfunctions affecting braking, acceleration, or steering. Moreover, they were trying to demonstrate how dangerous the hack can be, so on the one hand, they're implicitly admitting that they put the author and the public at risk, but on the other side of their mouth, they're trying to say there was nothing life-threatening? Sorry, I don't buy it. That was willful negligence. It was irresponsible and reckless, and the "only way to get attention" argument doesn't stick when you fail to escalate in a responsible and methodical manner and skip right to the nuclear option. That was the problem with Snowden, and that's the problem with these characters.
https://www.eff.org/https-everywhere
The locks are a convenience feature and not actual security.
This is Not true at all, the government has laws on vehicle security, intended to slow the rate of auto theft.
Automobile locks in the US MUST be certified their security.
See: "The Anti-Car Theft Act of 1992", "The Anti-Car Theft Improvements Act of 1996"
Your insurance company would refuse to offer theft insurance on your car if it was easy to steal.
Why? Just because you said so? Since when it is a manufacturers responsibility to protect against criminal actions involving his product?
Crashing your vehicle into another is a violation of the traffic laws, and yet our automakers spend billions and billions of dollars to protect their customers from these criminal actions.
If the "car" part of the car were completely disconnected from any "outside" communication, the problem would go away.
Now, there are times where allowing outside control of the car is useful, such as remote-start of the heating and A/C systems so the car isn't an icebox or oven when you get in, and (perhaps) a remote-slowdown or remote-prevent-engine-start command as part of an anti-theft-system, but if you are going to do this, you have to do it right and you have to assume that even if you do it right, someone will be able to defeat your security. You have to ask yourself, as a manufacturer, is it really worth it to allow my customers the conveniences of remote-control in exchange for the small but very real risk that an adversary could exploit it to kill my customer or someone else?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I remember thinking in the 90s "no one would be stupid enough to put safety critical computer systems on a network at all..."
And, here we are.
If someone gave me a blank sheet of paper and asked me to sketch out the system for a car's braking controller, I'd slap down a CPLD or microcontroller, and have it use some locked firmware to read the various sensors and send out the control signals.
Oh, they want networking? I'd isolate or use the inherent properties of a CPLD/FPGA programmed in combinatorial logic style (you can program a CPLD/FPGA to act like a microcontroller instead which is vulnerable)
In combinatorial logic style, all the processing is through various gates, and is a boolean combination of flip flops and logic gates. So, say they want the ability to read(but not alter) the current state of the vehicle's brakes. A tiny communication processor (a low pin count PIC is one choice) would receive from the vehicle's CAN bus the command to give the vehicle's brake state. The communication processor would toggle high an outpin pin connected to an input pin on the microcontroller/CPLD that actually controls the brakes. That high pin state would mean that every few control loop cycles, the microcontroller/CPLD would blast out the current state on a serial output pin.
Note that there's no opportunity for a hacker who got into that communication processor to do any worse than toggle a pin on and off. No effect on the steering/braking.
Ok, maybe now we want to be able to change the "style" of steering and braking. So now there's a finite set of legal states that are stylistically desirable. That's when you'd isolate with the inherent property of an FPGA/CPLD state machine to not be capable of any other states BUT the states you defined. (there's no global memory and no stack, so nothing a hacker can do to affect the machine's behavior)
The fact that they demonstrated vulnerabilities and then showed automakers multiple ways how to avoid such things (#1 firewall or separate networks; #2 technology to detect and kill anomalous signals)
Or, I don't know, how about not hooking up the car's controls to any network at all? Why is that even a thing?
The finance and insurance companies, and of course, the vast array of law enforcement agencies LOVE being able to locate your vehicle. To opt out, you're stuck with pretty basic cars - and nothing from GM.
At least they're assholes in the public interest. Is what they did borderline criminal? I'll leave that up to public opinion. But what they've done is justify the fears that many may have had, that what they've seen in movies and television shows isn't fiction but reality. They're not be the heroes we need, but perhaps they're the heroes we deserve. Be thankful at least that no one was injured, and that the truth about this was revealed.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
See subject: Rootkit drivers that can peer into all memory (which is how/why your keyboard works for everything for instance, FAST, & consistently, across all ring 3/usermode/rpl3 applications, right outta ring 0/kernelmode/rpl 0).
APK
P.S.=> Just a fact... apk
So, you are certain that they connected to a particular car that they had not accessed at all in any other way prior to hacking? I don't think it is clear at all on that part.
There is a corollary:
Any sufficient level or malice is indistinguishable from incompetence.
The "nuclear option would have been to disable the brakes. They didn't do that on the highway. They can only mess with the steering in reverse. Do you claim the jeep was reversing down the highway or would you like to retract that one?
They DID mess with the brakes at low speed NOT on a public road (picture looked like the edge of a parking lot).
Laptops have had hardware power switches for their transceivers for a long time now, if autos are going to have wireless access to their systems then why the hell isn't there a kill switch for that transceiver so the owner of the vehicle can turn it off?
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
This is how the FBI/CIA killed Michael Hastings
The video states that there was nothing done to the vehicle prior to the test. It's an internet connected computer, it has a specific address. Whether that's done via hacking the Uconnect servers that then relay commands to the car or by connecting directly to the car is really besides the point.
Obviously the former is much easier to close, but since the 'fix' is a USB delivered patch me thinks they are directly connecting to the vehicle.
People in cars cause accidents....accidents in cars cause people
StikyPad made a good point. Doing the test on public roads did nothing to reinforce the actual issue.
As far as I know this whole may just be a montage to get a few more views but it does make them look irresponsible.
Do you want autonomous cars or driverless cars? Do you want it cheap? What they are probably doing is trying to build in all the capabilities they can do now to see how well it works. Heck, they probably want to put the control/compute in the cloud somewhere where it can be cheap instead of onboard the car.
So, given the steering and brakes were NOT messed with, what part do you find so wildly dangerous?
Why does a car have a wireless system, and why is this wireless system accessible from outside the car?
If you are not allowed to question your government then the government has answered your question.
"You know, doing it in a real world setting and demonstrating it is a hell of a lot better than continuing to believe the lie these companies have done an adequate job at security."
No, it isn't, and that's a false choice. It is analogous to shooting a gun in crowded room, observing no one was hit, and then claiming it is a good way to show the police are not doing an adequate job of security. You'd better hope they don't pull this stunt again and cause the car's driver to lose control and wipe out half of your family so the other half can grieve.
Why is it so hard to get a car without it being fucking connected to everything?
Never mind that, why is it so hard to find fucking automotive engineers who have enough sense to keep the critical control buses and the frivolous entertainment/external communication buses separate and not connected to each other?
I don't know whether this is the result of bean counters doing the shit they do, or the hubris of engineers who think, "they won't hack MY system!", but whatever, auto makers need to give their heads a shake and get their shit together. The fact that the exploit outlined in the article is even possible, at all, is just criminal.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
And what if the random swatter T-boned you in your car?
Sorry, public roads are not for "testing". There's a reason why car ads all say "Professional drivers on a closed road" - because you can seriously injure someone else.
Hell, these security researchers not only put themselves at risk, their entire occupation, DEFCON and anyone else a decent lawyer can say was the cause of it (including GM).
Is it a problem? Yes, a serious one.
But you don't have to put the general public at risk to demonstrate it.
You can demonstrate the problem just fine in a closed controlled environment, like say a parking lot. In fact, it may even be more impressive, without scaring the crap out of the driver OR the drivers around him.
In fact, you can even demonstrate it without a driver - override the brakes so you keep the car stopped, have the driver get out, then drive around. A nice, safe, controlled manner that turns it from "security researchers who put everyone's lives at risk" to "security researchers demonstrate they can take over any GM vehicle...".
How you tell the story is just as much as important as what you tell. Do it the wrong way and the how can easily overpower the what.
They're just lucky nothing bad happened, because the message would be quite a bit different if someone got in an accident, and DEFCON would go from "security researchers meeting" to "hackers like Anonymous set to destroy the world" in the mind of the public.
If car manufacturers didn't care about security, they couldn't have installed locks or require keys to drive. Yes, lets just assume everyone in the world is trustworthy.
Why is it so hard to get a car without it being fucking connected to everything? I just want performance, and nice looks...I drive a car, I'm not trying to do a spreadsheet while driving for God's sake
A-frigging-men! I'm looking into a Hellcat. Now I just might look for a '70 and put the Hellcat drive train in that.
First, the nuclear option is a real-world test with unknowing participants -- the other drivers on the road -- which they did. A parking lot would have worked just as well.
Second, they disabled the transmission. Aside from the fact that acceleration is sometimes necessary to avoid accidents, any significant slowdown below normal speeds on a freeway increases the risk of a collision. Keep in mind that he had music blaring full blast and windshield wipers and fluid obscuring his view at the same time, and no exit strategy since he was on a bridge with no shoulder. That was incredibly irresponsible to put him in that situation.
https://www.eff.org/https-everywhere
You know, doing it in a real world setting and demonstrating it is a hell of a lot better than continuing to believe the lie these companies have done an adequate job at security.
Not if it goes wrong and completely innocent third parties pay the price, it's not.
I am struggling to believe that any rational and normally adjusted person would not see the deep ethical problems with the way this experiment seems to have been conducted, yet there are apparently multiple people in this thread defending it.
Auto technology is certainly an area that needs a lot more attention and probably heavyweight regulation and laws with real teeth to prevent profits taking priority over safety and privacy. But this isn't the way you do it. In fact, this is the way you get the grown-ups to treat you with contempt and want nothing to do with your research, lest they become contaminated by your methods themselves.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The vehicle was put into neutral. How is this any different than the loss of control of....running out of gas? Had this happen to me a couple weeks ago. I managed to merge from the left lane to an exit and eventually on the shoulder without rolling any vans.
If you are unable to deal with an issue such as this happening, you really shouldn't be a driver as this is a common enough occurrence that they teach you how to deal with it in drivers ed along with what do do when your gas pedal is stuck or breaks fail.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
OK, that helps. Thanks. I just brought it up because it gets overlooked often in these types of articles.
I guess I'll have to watch the vid, but cant' at work...., will be interesting to see how they knew the address of that particular car......did they find that specific car via owner account/name after hacking Uconnect?
I am not a security expert, but does it strike you as insane that a car apparently has a public IP address? Anyone whatsoever can just portscan your car and look for vulnerabilities. I just have no words.
Why? Just because you said so?
No, because people are obviously going to die.
Since when it is a manufacturers responsibility to protect against criminal actions involving his product?
Since the manufacturer was making a machine capable of causing serious injury or death and was well aware of the potential risks. At that point, as with any other legal concept of a duty of care, playing the innocent third party doesn't always cut it. I have no problem with passing regulations or laws to reflect that, because otherwise people are obviously going to die.
Even if the manufacturers get to keep their ability to wash their hands of it legally speaking, they should be required to advertise honestly and with full disclosure. Anyone buying one of these vehicles has to sign to say they've read a clear statement that the manufacturer is aware that anyone may take control of the vehicle from the driver and cause it to behave in unpredictable ways up to and including fatal accidents, the manufacturer has decided not to take any measures to prevent this from happening, and the driver uses the vehicle at their own risk and accepts full legal responsibility for any harm done with it whether or not it was under their control at the time as long as they are still alive to sue. That seems fair, but I don't imagine it would help sales.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
From the nature of the exploits being described:
They put this system on the CAN-BUS, which is used to control engine and control systems. There is NO REASON for an entertainment system to be on this bus. On-Star has the same issues. If you want these devices to have functionality that is on the CAN-BUS, it should be duplicated outside the CAN-BUS. Security researchers have been trying to explain this to the car industry for 10 years (at least) now, and the car industry keeps being willfully ignorant of the security implications of what they are doing. This is far past defect, it is more like intentionally dangerous and possibly malicious.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Nope. I do not.
At least not for me. Hmm...I was looking at the Vipers that do seem to have the Uconnect as standard package.
I'm wondering if you can disable this without killing functionality in the car?
Same question about onStar for a Corvette...can you kill it without killing the car, or, are these systems so integrated now that you can turn them off?
I wonder if you can at least kill the method it uses to "call home" at the very least..?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Exactly, the ECU, TCU, stability control computer (which is able to brake individual wheels to stop a skid) and the steering controller (for automatic parking or active lane control) should be on an entirely separate bus from the entertainment and convenience controllers.
I don't think the article is terribly vague on how they did it. They were able to rewrite the firmware in the head unit over Uconnects cellular connection to allow them to send CAN bus commands to the entire in-car network, which is connected to everything.
this link has some more technical details linky
People in cars cause accidents....accidents in cars cause people
I think the thing is that the mechanism that Chrysler has to update Uconnect firmware for end users is USB and they didn't have a routine setup from the factory to allow OTA updates of the firmware. Valasek and Miller have apparently figured out how to do this once they know the IP address of the target cellular modem in the vehicle. They mention that currently, they're only able to do this on the Sprint network with a Sprint phone connected to a laptop, since Uconnect is using Sprint's network.
FTA - "Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He’s using the burner phone as a Wi-Fi hot spot, scouring for targets using its thin 3G bandwidth.
A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Seeing the actual, mapped locations of these unwitting strangers’ vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.
When Miller and Valasek first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, confining its range to a few dozen yards. When they discovered the Uconnect’s cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn’t the limit. “When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then.”"
It is - when these types of exploits first started to be reported almost a decade ago, they did require physical access to the car (like, the laptop running the exploit had to be in the car), and that part was conveniently omitted from all of the mainstream media articles about it. I had to dig up the actual journal paper about it to find that detail.
It's safe to network the computers BUT you must install your own protection. DNS poisoning attacks can cause reckless traffic.
apk HOSTS editor for Android enables it to maintain name resolutions in memory with no DNS. Reducing network traffic and LESS TRAFFIC means safer roads.
P.S.=> HOSTS might crash your OS but not your car...
Did you watch the video?
Within the first 2 minutes I can see the following two things I consider dangerous:
- They reduced his visibility by activating the wipers and windshield washer
- They cut off the engine while he's on a busy highway
Here's a sample of what happens when you stop on the highway:
http://www.citynews.ca/2007/12...
Just recently there was an emergency vehicle with lights on that was hit while on the shoulder.
Like I said, cars stall on the highway all the time. Then they are freewheeling AND they lose power steering and brakes. People use the windshield washer all the time while in motion.
For real fun, try having your heater core burst at night while at speed. Still manageable.
That's not entirely true. I drive a honda civic and I have insurance. Civic is one of the most stolen cars on the road. Great gas mileage though. Seats could be more comfortable.
People voluntarily wash their windshield while driving all the time. They also drive in the rain, even heavy rain.
People's cars stall on the highway all the time. At no point was he in the situation your link talks about. Even if he had been on the shoulder, that too happens all the time and rarely leads to a problem.
but not my bloody car or airplane!
Chrysler seems focused on converting their customers into money streams.
This may seem neat and cool, but they seem to be loosing sight of the old fashioned fundamental of making useful products to make happy customers.
They are probably not the only ones.
I'd bet the wrong call to a Tesla could bring more spectacular results.
Having an actual, physical isolation switch seems fundamental.
It may have to be used sometimes for updates, but leaving it enabled seems begging for trouble.
Or, I don't know, how about not hooking up the car's controls to any network at all? Why is that even a thing?
The brake lights work better when they are connected to the network of wires that connects the front end of the car to the back end of the car.
There is NO REASON for an entertainment system to be on this bus.
My car has precisely one display on the dashboard, used to display all information, from radio frequency to fluid levels to outside temperature. I like having all of this information on one display. The only way to accomplish this is to have the entertainment system connected to the car's bus.
I'm going to strongly speculate that it's about cost. Why? Because almost everything in business is about cost. Why duplicate things when you can reuse? Why put the wires and routing for two or three networks into a vehicle when you can put in one and run all the devices over them?
And you'll see it elsewhere too. Those people with an IP routed, internet connected home security system - do you think that's on a separate network from their computer, their internet connected TV, etc? It probably isn't, either. I don't know that I'd call it hubris, so much as underestimating the lengths that some people can and will go to in order to attack the network and the devices on it.
And more importantly, not only do the designers have to accurately estimate the level of protections necessary for the network, but they also have to be able to sell that to the management, who approves the additional cost.
My understanding is that the best you can do is to find and cut off the antennae that OnStar uses.
Sleep your way to a whiter smile...date a dentist!
What do you consider "actual security" then?
Because there's almost nothing under the sun that will keep out the most determined attacker by itself. Even gigantic safes, vault doors, etc, have a rating based on the number of man hours it's expected to take to breach them. The idea is that you want one that's long enough for the Police/SWAT/QRF to have arrived before the bad guys can breach it.
The locks on your car doors, alarms, etc are meant to deter and delay the casual intruder, and also to an extent, to establish evidence of a break-in later.
But it doesn't have to be two-way.
Thanks - those are all good points. Except the 'underestimating the lengths' part. We have more than a decade's worth of news stories about people who have gone to great lengths to hack hardware and software - sometimes because they want additional features, sometimes out of malice, and sometimes just to prove a point. I figure by this time there's no excuse for underestimating what people will do. I think you hit the nail on the head when you suggested cost as the reason.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
None of those items are required to be on the CAN-bus. However, if they are CAN-bus sensors, there is no requirement for them to be on the same bus that controls the engine/steering/transmission/brakes/accelerator.
https://en.wikipedia.org/wiki/...
This is an operational communications bus used for the engine to comunicate to the computer. There are already several buses in a car, so it isn't like this hasn't been done before. There are also one way communications firewalls like the AC above me suggested could be used to partition the communications from a receive only device.
Do you use your entertainment system to control the cruise control or something?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Yeah, I just found out about the Hellcats yesterday and have looked into them today. I like the Hellcat Challenger, not so much the Charger, looks too much like a regular family car.
But wow...707 HP bone stock....in the $63K price range that is *BANG* for the buck for sure....
I am trying to calculate how many tires per gallon it gets.
Unfortunately, it comes with this unsecure system too and would have to be disabled....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
... on whether the FM radio receiver can be used - even indirectly - to send control instructions to the engine or other "car" parts of the car.
One hypothetical example of where this might be an issue is if the car's braking or accelerator systems were voice-activated. If this is the case and there isn't a sure-fire mechanism to prevent the radio's sound from being interpreted as commands from the driver, then, well, the implications are obvious and left as an exercise to the reader.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Absolutely. Cars should also be designed to be car-jack proof. It's irresponsible to design a car that anyone can walk up to and threaten you to let them take it.
You misspelled "Excellent"
How many people DID get hurt by this? I am willing to accept some risk so long as it is minimized. In this case? Yeah, it was a bit risky but nothing untoward happened. All is good in the end and nobody got hurt. I tend to not freak out until after someone gets hurt.
"So long and thanks for all the fish."
Something being a frequent occurrence does in no way make it any less dangerous. Your argumentation is ignorant and stupid at best, but looks more disingenuous which is worse. Someone with a four digit account should know better, did you buy it on ebay?
Don't worry, when you grow up you'll understand the nuances of what I wrote and it will all become clear to you.
Sir, I hope you some day start producing stuff with that attitude. You'll very soon find you'll spend the rest of your life living either in prison or a cardboard box.
to be fair, the "10 miles away" is arbitrary.
"anyone who knows the carâ(TM)s IP address gain access from anywhere in the country. âoeFrom an attackerâ(TM)s perspective, itâ(TM)s a super nice vulnerability,â Miller says."
though, I have to ask, why the car has a public facing IP in the first place? sounds like waste of ip. I assume it's provided cellular provider, which would make most of them sit behind.
still pretty shitty design though.
world was created 5 seconds before this post as it is.
The fact that the decade old exploits needed physical access is irrelevant to this exploit which the article/video clearly states and shows is NOT necessary.
the video even explains that the first time these guys did this to his car (years ago) they did need physical access - they were in the car with him while they did the hack. They use that point to explicitly note that this time they were miles away.
People in cars cause accidents....accidents in cars cause people
People voluntarily wash their windshield while driving all the time. They also drive in the rain, even heavy rain.
And they know its going to happen because they either initiate the action or anticipate it. In this case he didn't know it was going to happen.
People's cars stall on the highway all the time. At no point was he in the situation your link talks about. Even if he had been on the shoulder, that too happens all the time and rarely leads to a problem.
Would you say it's dangerous to have your car stall on the highway? The answer is yes.
So why would you intentionally put yourself or someone else in that position of danger?
Usually people like putting the odds of survival on their side. Test environments are there so we don't have to create unneeded danger.
Would you say it's dangerous to have your car stall on the highway? The answer is yes.
Quit trying to stuff words in my mouth. The answer is "not really".
So why would you intentionally put yourself or someone else in that position of danger?
Ask the author of TFA, he wasn't a random victim, he knew what they could do and that they would do it during his drive. He freely chose to drive the car for a demo. That includes washing the windshield and putting the transmission in neutral.
Quit trying to stuff words in my mouth. The answer is "not really".
So 1.8% of interstate accidents in Kentucky involved a stalled vehicle.
http://uknowledge.uky.edu/ktc_...
The link is old but it makes the point.
If you don't live close to a busy highway I can understand why you don't understand the danger of stalling on the road while cars are passing you at 75 MPH
Ask the author of TFA, he wasn't a random victim
Who said random? The blame is on all of them. There's a reason testing is done on isolated tracks.
So, 1.8% of an unlikely thing involves stalled cars on the side of the road. But he wasn't on the side of the road.
As someone who drives on the interstate, I frequently see cars on the side long enough to be tagged for impound with no evidence of being hit. I have never seen a car that was hit on the side of the road though I have heard of it.
There are dumb things you can do on the side of the road that can lead to fatalities like changing a tire with your butt sticking out into traffic, but that wasn't an issue here.
The police routinely pull people over to the side of the interstate.
So, 1.8% of an unlikely thing involves stalled cars
You didn't read the link did you? 1.8% of highway accidents are stalled vehicle which more often result in fatality. Where I travel there's an average 5 accidents per day. That would mean every 11 days there's an accident involving a stalled car. If you told me it's inconvenient to address the As someone who drives on the interstate, I frequently see cars on the side long enough to be tagged for impound with no evidence of being hit.
Maybe you travel a stretch that is less dangerous. City stretches tend to be more chaotic and law usually forces vehicles to accept the first tow.
The police routinely pull people over to the side of the interstate
Yes, and they follow a protocol to stay safe. They need to do this because highways are dangerous places to stop.
Even marked vehicles are in danger. 4-5 years ago 3 police officers with vehicles parked 2 feet from the line (on the shoulder) with their lights on got hit. This stretch of highway wasn't even chaotic and you could see for miles ahead.
More links to show you highway stopping dangers aren't a myth:
http://www.allenandallen.com/b...
https://www.aaafoundation.org/...
If you told me it's inconvenient to address the As someone who drives on the interstate, I frequently see cars on the side long enough to be tagged for impound with no evidence of being hit.
I don't even know what that was supposed to mean. Wanna try again?
good for them. I support them 100%
The system is needed so that law enforcement can remotely shut down the engine if the car is stolen. In other words, as Comey would say, "a front door with really big locks." However, law enforcement has a difficult time working with really big locks, so we make the big locks smaller, more like child-safety locks, so that officers are not inconvenienced and can't accuse the vendor of obstruction.
The funny thing is that the connected car stuff is planned to be used for the security-critical stuff in the cars, for example, exchange of situational awareness between cars to support assistance systems and the self-driving cars of the future that everyone is working towards.
If anything, cars are going to become even more hackable. This is definitely going to produce a new kind of murder weapon in the long run: a laptop with a high-gain RF radio in a safe distance and without any traces at the scene of the cime itself.
If you told me it's inconvenient to address the issue for a situation that occurs less than 1% of the time I'd agree but because there is no additional cost or inconvenience to do it on a closed circuit it's a no brainer. What they did (all of them) was add unneeded risk to an exercise that didn't gain anything by being done in a "non test" environment. That's the point the previous guy was trying to make and it was very valid.
Less than 1% is an understatement. You haven't even shown that it's more likely than a moose related fatality or a deer attack. (look up man killed by moose and see how many hits you get despite the extreme unlikelihood of the event).
Even when you do see a fatality related to a stalled car, it's a car that wouldn't re-start and where someone got out of the car.
I will point out that if we're down to the range of inconvenience being enough to justify a risk, we're already far away from the screeching about being extremely irresponsible that started this thread. It's very likely the author accepted a larger risk of an accident in the process of going to see Valasek and Miller than he did during the test.
Yep. Had the journalist been more skeptical and generally prudent, he would have insisted they do their wireless exploit from the back seat. (Oh, and not on the Interstate.)
Or at least, have one of them ride along, while the other did his thing remotely. And hope they were good friends.
Otherwise, you've got yourself a bizarre double-homicide that the forensics team on "CSI: Dogtown" (or "CSI: Creve Coeur" or ...) might not even recognize as a homicide. It would just be a vehicular murder-suicide to them.
There's no time like the present. Well, the past used to be.
You haven't even shown that it's more likely than a moose related fatality or a deer attack
The moose incident is not avoidable without major inconvenience. That was the point.
My brother in law who is a trucker has 2 on his record (1 000 000km driven). It's about where you live and when you travel. Up north moose / deer incidents are in weekly news during the summer. Drive at night and you increase your chances of hitting a moose by more than 10 fold. That's very comparable to the test they did. Don't do it and you don't increase chances of an accident and do it and it's an infinite % increase in change of accident.
It's very likely the author accepted a larger risk of an accident in the process of going to see Valasek and Miller than he did during the test
That's pretty obvious but it's not the case for the other people on the highway.
The point is simple. Don't do testing in an uncontrolled environment. It's easily avoided with no impact on the test itself.
Unneeded risk is just that, unneeded. There are a millions things you do daily to avoid even smaller % of danger and yet you roll your eyes at a completely avoidable scenario.
If you can admit to facts and common sense there's not much more to say here.
Your brother in law was killed by hitting a moose TWICE? Resilient fellow, isn't he? :-)
We all take 'unnecessary' risks daily. Is the food network horribly irresponsible for encouraging me to use a sharp knife? After all, if I just buy the frozen dinners I need not expose myself to the minuscule risk of a fatal injury. Some of those psychos even suggest a blender! I could order the frozen dinners online to avoid the risk of driving to the grocery store.
Your brother in law was killed by hitting a moose TWICE? Resilient fellow, isn't he? :-)
Wow... I don't need to say anymore. At least I know who I'm dealing with.