Remote Control of a Car, With No Phone Or Network Connection Required

Albanach writes: Following on from this week's Wired report showing the remote control of a Jeep using a cell phone, security researchers claim to have achieved a similar result using just the car radio. Using off the shelf components to create a fake radio station, the researchers sent signals using the DAB digital radio standard used in Europe and the Asia Pacific region. After taking control of the car's entertainment system it was possible to gain control of vital car systems such as the brakes. In the wild, such an exploit could allow widespread simultaneous deployment of a hack affecting huge numbers of vehicles.

Re:Why??

It is probably tied into the CAN bus to respond to nifty steering wheel buttons.. but indeed. wtf.

He didn't prove any flaw (yet)

[Nikademus]

He believed an attack could be done via a DAB broadcast, but from the article, he doesn't seem to have tried on a real car.

That said, car companies do a lot of idiot stuff these days, like the trunk which opens automatically when you put your foot under the car and you are nearby. This is just a big gift for thieves, just wait for tourists with a car full of stuff to leave their car, stand in the vicinity and put your foot under the car when they leave but they are still near enough to allow the trunk to open...

Re:I Don't Listen to Radio

[DanJ_UK]

Umm, no. I worked on the last iteration of the BBC website, specifically on advertising for the news site. If you browse the website from outside you are redirected to bbc.com which is the same site with commercial advertising for international users.

Re:potentially

[drinkypoo]

Um, no. You can clear codes but it's not a hard reset.

Um, no. That's not what I'm talking about. I can see why you didn't log in: You don't know what the fuck you're talking about, and don't want anyone to associate that fact with your identity. But if you had been following Slashdot for more than a couple days, you'd have seen that we discussed here in the past in one of these OBD-II discussions that researchers had presented at DEFCON some various facts... including that most PCMs will take a reset (not a clear codes, an actual reboot request) without a login, and they will do it when the vehicle is in motion.

That's why every manufacturer has a procedure that includes disconnecting a battery terminal to reset the computer.

You really think that Bosch or Hitachi or whoever is making your PCM actually cycles power to them during programming? Why would they do that? They simply implement an OBD-II command which will reset the PCM in software, so they don't have to do that shit. Then they don't take it out, and most of them don't bother to set a password. That will be changing as they wake up to the idea that security is a thing and that they will be held financially responsible when they fail at it.

Anyway, I can't find a discussion where we explicitly discussed this here on Slashdot, although I remember participating, but here is a PDF link from 2010 (which I found on hackaday) where it is revealed that simple fuzz testing was enough to find two ways to shut down the vehicle while in motion, and one way to disable the vehicle such that it would not function until reset; or to lock individual brakes or sets of brakes, all without login.

The truth is that the automotive industry has willfully created this situation by simply pretending that there isn't even a security issue at play, and refusing to hire or even consult the experts in the field. Now they are caught flat-footed and people are pretending that this is reasonable. Car companies have been outright bragging about computerization all along. Now it's time to see that they've actually been doing it wrong the whole time.