Slashdot Mirror
Remote Control of a Car, With No Phone Or Network Connection Required
Albanach writes: Following on from this week's Wired report showing the remote control of a Jeep using a cell phone, security researchers claim to have achieved a similar result using just the car radio. Using off the shelf components to create a fake radio station, the researchers sent signals using the DAB digital radio standard used in Europe and the Asia Pacific region. After taking control of the car's entertainment system it was possible to gain control of vital car systems such as the brakes. In the wild, such an exploit could allow widespread simultaneous deployment of a hack affecting huge numbers of vehicles.
"Car infotainment systems can allow drivers to see vehicle status updates, play music and videos, view maps and in some cases run third-party apps" - and they also allow drivers to NOT SEE OTHER CARS, while they're trying to use a stupid touchscreen in a bloody CAR...
Why exactly is the entertainment system of a vehicle, devoloped by design to display "unknown" content, tied into critical systems? First airplanes and now cars. What the actual fuck are these people thinking?
Ever! One Big Ad orgy is it.
Same reason why they leave backdoor in encryption mechanisms.
We used to think the reason was incompetence, post Snowden we know these vulnerabilities are by design.
He believed an attack could be done via a DAB broadcast, but from the article, he doesn't seem to have tried on a real car.
That said, car companies do a lot of idiot stuff these days, like the trunk which opens automatically when you put your foot under the car and you are nearby. This is just a big gift for thieves, just wait for tourists with a car full of stuff to leave their car, stand in the vicinity and put your foot under the car when they leave but they are still near enough to allow the trunk to open...
I gave up with the idea of an useful sig...
WTF are the ass clowns who produce this shit thinking ? Have they been in a cave for the last 30 years ?
All these so called "smart devices" seem to have been programmed by 5 year old children who have never considered that malicious people might try to crack/exploit their systems.
10 minutes after the "Internet Of Things" is in place the world is going to descend into chaos as every script kiddie on the planet starts fucking around with stuff and exploiting every single one of the devices. Probably just by using the default admin password which will be printed on the box.
Honestly I can't believe how truly abysmal the state of most modern programming is. Piss poor code running on umpteen frameworks (mostly just adding bloat) and every bit of it seemingly written without the FIRST THOUGHT to security. Fucking fifth rate crap the lot of it.
You can take all your smart TVs, smart cars, smart fridges etc. and stick them right up your arse. None of this shit is coming into my house ever. Morons....
"Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.
Once an infotainment system had been compromised, he said, an attacker could potentially use it as a way to control more critical systems, including steering and braking."
Well, yeah.
Normally it's not that easy. Sure, the car stereo sits on a can bus with nice information (ACC, backing signals to turn on the back camera, speed information so the volume can be automatically adjusted, etc). But it's not on the vital CAN bus (at least not on most cars).
But yes, it's an entrance point. So is the 3g/wifi receiver in the stereo, or the bluetooth connection to the handsfree that it can do.
But you would have to:
1. crack an entrance point to the stereo (any of the above)
2. control the stereo CAN transmitter (if it has one)
3. using that CAN to crack an entrance point to another system that talks to a vital CAN bus
4. control that system enough to transmit CAN on the vital bus
5. and then use this system to send bad messages to brakes or steering
and all cars use different firmware with different security holes and different CPUs.
But with enough research you could probably crack a specific vulnerable car model.
Cracking modern airplanes seems easier, actually.
If you own an american muscle car, the only way you'll know your engine is powerful enough for your manly image is if they add engine sounds to the cabin. They *have* to have a link to the ECS of they won't know how much manliness to tell you you're creating with your throttle.
Is it just my observation, or are there way too many stupid people in the world?
i did this back in 1988. but all i could figure out was how to make Ford vehicles drop out of speed control. no entertainment system was involved.
now we need to go OSS in diesel cars
The UK's Society of Motor Manufacturers and Traders has responded by saying that car companies "invest billions of pounds to keep vehicles secure as possible"
s/invest/waste/
oh wait...
s/possible/crap/
now we need to go OSS in diesel cars
Car electronics are safe like work IT systems are safe. No one competent would design the systems with a shared set of credentials, with an easily cracked master control system, with low security systems granted bus access and with privileged commands going over the common bus without protection, because we "trust the people we work with".
Unfortunately, this is rarely completely true in a large IT environment. There's often a set of vulnerabilities, which can be closed but require time and resources not allocated in the current quarter or even ever enabled. They're checked off on the security checklist, but the checklist is crafted to avoid the real problems, or personnel simply lie outright: this is at the core of many companies compliance with the FIPS guidelines. Those kinds of gaps help pay my salary: I often help close them and reduce the danger of them while they're being fixed.
For car systems, there are various "buses" in use now. A casual search shows more than 10 distinct "vehicle bus" standards in use, and trying to secure and reliably use all of them consistently and safely _in terms of security_ is barely feasible, much less likely in the high urgency car market. The components also have to be extremely robust, low quiescent power, and not too expensive per unit, which adds other limitations and slows closing known security or newly discovered security holes.
So I'm afraid that real security risks of the systems are to be expected. And they're quite unlikely to be fixed quickly when discovered, because it could involve replacing core components of the system and causing a _much_ higher rate of upgrade induced failures.
Why exactly is the entertainment system of a vehicle, devoloped by design to display "unknown" content, tied into critical systems? First airplanes and now cars. What the actual fuck are these people thinking?
I work in the auto industry running a company that manufactures electronic wiring products. I can tell you exactly what they were thinking.
Nothing. They weren't thinking about it at all.
Auto makers have never had to deal with security much beyond ignition and door locks and car alarms. The concept of hardening the internal system of a car against malicious hackers is really something they've never really had to deal. The fact that there are asshats out there who will do malicious things simply hasn't been an issue for them until now. It's more ignorance than incompetence. Their electronics experience is more embedded systems than consumer electronics and they've built their companies accordingly.
I do think it is dawning on them but its going to take some years before they get their house in order. It will require some significant organizational restructuring and changes in development and engineering. I think you'll likely see some hacking incidents and some sizable lawsuits along the way. They will almost certainly have to get handed some very expensive lessons before they get religion about doing security properly.
Beancounters.
The summary here on /. reads
"After taking control of the car's entertainment system it was possible to gain control of vital car systems such as the brakes"
Actually reading the article you find nothing of the sort happened. The article merely states
"Once an infotainment system had been compromised, he said, an attacker could potentially use it as a way to control more critical systems, including steering and braking."
This hack consisted solely of causing text like "LOLZ I RULZ" appear on the radio display.
Thank you samzenpus for giving this topic the attention it most certainly does not deserve.
{insert your favorite company here} Firewall for Cars!!! Followed by Cyberlock for Cars. Yes for only $300 (in bitcoin) you can drive your car again
Beancounters.
Nope. I'm both an engineer and an accountant and I'm in the industry. I can assure you that the beancounters had close to zero input on these design decisions and that is pretty much routine. Most of the beancounters aren't engineers and aren't really in a position to challenge the engineers on design decisions. These systems were designed by engineers and I can tell you with near 100% certainty that the design engineers had no background in security because I deal with engineers like this routinely in my day job. Basically the beancounters don't get involved much beyond helping to set the budget and keeping people to it but they rarely get involved in the mundane design decisions of exactly how the product will be built.
Let me give you an example from my own company about how little input the beancounters have. My company makes wire harnesses and one of our products goes into a series of SUVs from GM and is used across several brands. We make two versions that are identical except for one part. The reason we use two parts instead of one is because the engineers at Chevy couldn't be bothered to talk to the engineers at Buick to make a common hole size. This raised cost and added a part number for no reason at all. The beancounters didn't get involved and never said a word.
But it gets worse. The same product uses connectors on each end. The engineers could have used common, off-the-shelf, already-in-production connectors but instead they decided to custom design the connectors on both ends. As a result they more than doubled the unit cost of each connector and instead of having a part that could be purchased with zero lead time from any distributor, we have a 16 week lead time, continual part shortages and have to buy over 50,000 units at a time (we use about 1,000/day) to get the pricing we get. So we end up selling them the product for probably 30% more than was necessary because of stupid design decisions. The beancounters never said a word about any of this foolishness either.
Details or it's fake. Too many of these claims lately have nothing, not even a glimmer of details to prove they did anything, and all the demos are with a car that has been prepped for the demonstration.
Even the Jeep one was a very scripted demo with a LOT of work done before hand to the vehicle. A lot of the ECM programming forums were calling shenanigans on the claims and the reporting was so bad that it is not clear that the car did not have something fitted to make it possible.
These guys need to release details or it's all just theatrics.
Do not look at laser with remaining good eye.
they were thinking : one CAN bus should be enough for everything
It's more expensive to put one for critical tasks and one for non-critical tasks
Greed, as often, is the root of catastrophes.
Is Punk Rock gonna make a comeback?
I wish I had a million mod points. Security is *hard*.
The essence of a secure system is one which doesn't connect to any systems which have a lower security threshold.
Need Geek Rock? Try The Franchise!
If their goal is to try to kill you in a convoluted way they could just climb under your car with a set of pliers and cut through a couple of your brake lines.
Where you might be spotted, leave evidence, not be able to control the timing... With this attack you could do your dirty deed completely remotely, completely unseen, no evidence whatsoever, at the precise time of your choosing.
If their goal is to break into your car they can smash a window.
Making lots of noise, setting off the alarm, having a broken window... With this attack the alarm can be disarmed and doors can be unlocked and the thief removes your possessions in complete silence. If they are stealing the whole car, they don't have to worry about repairing a broken window, or even a broken steering column.
If their goal is to steal your car they can do this with a flat bed truck, or just break into your house and steal the keys when you are asleep.
See above. This attack would make stealing the car far easier, stealthier, cheaper and less risky than any of your suggested methods.
There are endless ways people can cause havoc in our modern world. Fortunately a surprisingly large majority of people don't bother engaging in this sort of gratuitous destruction.
Thankfully that's been generally true so far. But, will it continue if the risk of being caught is eliminated, the physical ease of it is trivial, and the cost of it is negligible? History shows us that if the tools are readily available, their use will increase.
People already work hard to steal cars. It's a large and lucrative "industry". Why would you think that car thieves wouldn't enjoy making their work far easier for the price of a laptop and some cheap electronics. The software needed to do it will be available off the internet within a year. Script kiddies will be able to do it just for kicks with no real technical acumen.
These vulnerabilities are a huge deal, despite your myopic view.
that radio controlled vehicles were invented before cellphones, or even before the internet
Incompetence is ignorance when you can hire someone competent and aware.
That is an argument from hindsight. It's easy to see the problem in the rear view mirror. How do you propose they go about hiring someone "competent and aware" when they don't know about the existence problem in the first place? It's REALLY easy to armchair quarterback this and it's pretty unfair. The real question is what they will do going forward because the leadership damn well ought to be aware of it now. If they continue with business as usual THEN it is fair to say they are incompetent.
They hired incompetent, ignorant idiots.
Untrue and unfair. The problem is that they hired good people people to do the wrong task because they didn't know any better. I assure you that the people they hired were by and large competent at what they were hired for. I work with many of these engineers. They aren't stupid. They aren't incompetent. They ARE naive about computer security and how to design systems with that in mind.
It's a problem they will likely deal with effectively in due time but there are going to be some painful lessons learned along the way. Companies that have made their money cutting metal don't become advanced IT operations overnight.
If this is a true direct takeover where no driver interaction is required, then it should be an "OH SH*T" moment for car-makers and will likely result in an "urgent/car is unsafe to drive" recall.
If it's a "social engineering" feat AND the car can be driven without the user touch-screen, then it will still result in a recall but customers will be warned to not use the touch-screen while driving (sorry customer, no radio for you until you come in for the repair).
Personally, I think it's great that this is being researched and publicized. Customers will start to demand that it be "impossible - enforced in hardware" for a car to be taken over in this manner.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
http://whowhatwhy.org/2015/07/...
Our original report described anomalies of the crash and surrounding events that suggest cutting-edge foul playâ"that an external hacker could have taken control of Hastingsâ(TM)s car in order to kill him. If this sounds too futuristic, a series of recent technical revelations has proven that âoecar hackingâ is entirely possible. The latest just appeared this week.
"If any question why we died, Tell them because our fathers lied."
about your ex-wife's car crash. "Sir, I assure you I was no where near my wife at the time of the crash. I was in a bar on 3rd street with friends."
I reeeeeeeally hope some jackass either bricks or low speed crashes or stalls out a massive amount of cars in the middle of rush hour so Congress can showboat in front of the media and do something about it. Right now most congressmen don't even know cars have computers.
Don't computerize the simple mechanical parts of a car. Just DON'T. You're collective playlists aren't worth the inevitable police and attacker control and surveillance of our cars.
No, you and you, you can't outsmart them. You can't be God King of Koding and Do It Right. There is always a way, if you permit freaking Turning machines to control your vehicle, for someone to take control.
A machine, a successful, elegant device that occupies the lowest possible fail state, is one that has as few moving parts as possible. Any turing box, by which I mean a programmable computer, that connects in is a complete failure of design if it is not utterly necessary. Brakes, steering, locks. and acceleration have been mechanical systems for over a century and a half. No need to interface hundreds of computers, sensors, and telematic holes into something that already WORKS.
The UK's Society of Motor Manufacturers and Traders has responded by saying that car companies "invest billions of pounds to keep vehicles secure as possible".
The Society of Motor Manufacturers and Traders is lying.
when the radio station plays thrash metal, the cars all speed up; when it plays a ballad they all slow down. everybody knows that.
Star Trek transporters are just 3d printers.