Hackers Remotely Cut a Corvette's Brakes

In related news.... by Anonymous Coward · 2015-08-11 08:41 · Score: 5, Funny

The NSA demonstrated a clever hack where they attached a small device to the underside of a Pontiac Grand Prix, remotely pushed a button, and the car blew up! General Motors says this is not a serious security breach and the vulnerability is not limited to their vehicles. They will not issue a recall.

Re:In related news.... by PRMan · 2015-08-11 08:54 · Score: 1

The difference here is that they hacked the most popular dongle that car modders use to send information to their smart phones. So this IS a remote hack of something the owner already has installed. But it's not GM that's at fault but some low-end company that makes ODB-II dongles.

--
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Re:In related news.... by Anonymous Coward · 2015-08-11 09:02 · Score: 0

you said " dongle "
heh heh...
Re:In related news.... by Anonymous Coward · 2015-08-11 09:05 · Score: 0

you said " dongle " heh heh...
Ewww.. Put that away!
Re:In related news.... by Penguinisto · 2015-08-11 09:19 · Score: 2

Well, yes and no.
In all seriousness, this is no different than a physical breach. If you have the means to bust into the car, you have the means to do whatever the hell you want to it while you're in there. There is honestly not much you can do to prevent it given the architecture of ODB-II (doubly so given the mass of insurance company 'monitor-me-for-a-discount' dongles out there).
This is no different than sneaking into a server room and plugging a wifi-enabled keylogger into the server's USB port, FFS (and IMHO the server room hack would be just as near-undetectable in most cases, given all those nooks and crannies in and about a server rack - not to mention the sloppiness of most cabling jobs...)

--
Quo usque tandem abutere, Nimbus, patientia nostra?
Re:In related news.... by Anonymous Coward · 2015-08-11 09:49 · Score: 0

Surprise! When I attach a remote control device to your cars control systems, I can manipulate your car! From the article, they modified the in-car rig.... this isn't terribly surreptitious and questionable to call it a hack. They used the device to expected things in expected ways. That's what it's designed to do.
From the specs, the device in question has a gsm modem built in and is designed to accept command via that interface (SMS or TCP/IP) and a cpu that looks a lot like what's in a Raspberry PI / beagleboard. For the "hack" to work, you have to know the devices cellular address (yes Virginia, a GSM modem means it has a phone number/sim card or equivalent associated).
Re:In related news.... by Anonymous Coward · 2015-08-11 10:29 · Score: 0

CIA, not NSA, you tinfoil hatted dumbass.
Re:In related news.... by hawguy · 2015-08-11 10:35 · Score: 1

Surprise! When I attach a remote control device to your cars control systems, I can manipulate your car! From the article, they modified the in-car rig.... this isn't terribly surreptitious and questionable to call it a hack. They used the device to expected things in expected ways. That's what it's designed to do.
From the specs, the device in question has a gsm modem built in and is designed to accept command via that interface (SMS or TCP/IP) and a cpu that looks a lot like what's in a Raspberry PI / beagleboard. For the "hack" to work, you have to know the devices cellular address (yes Virginia, a GSM modem means it has a phone number/sim card or equivalent associated).
Wouldn't the hacker be expected to know the phone number of the GSM device he plugged into your car? It's not like someone is going around and plugging these devices in cars, just waiting for some hacker to stumble across the phone number. Someone that wants to target your car will plug it into your car, and they'll know the phone number of the device.
Re:In related news.... by Anonymous Coward · 2015-08-11 11:17 · Score: 0

IT IS NOT a hack. it's a fucking Bluetooth ODB-II interface that is designed to do what they are doing.
Let me guess, you are an uber hacker that hack your computer every morning by using a Keyboard and a mouse. OOOOOOH L33T!!!!
Re:In related news.... by Anonymous Coward · 2015-08-11 12:40 · Score: 0

This breach is of no use to the NSA \CIA as only Americans drive that piece of shit and the Cia cant operate Domestically and the NSA need a court rubber stamp first . Oh wait ....
Re:In related news.... by SydShamino · 2015-08-11 17:21 · Score: 1

Are these always somewhere under the driver's dash? Are there cars where they are relatively easy to access from the passenger's side?
I'm wondering if a front-seat Uber passenger could "tie their shoes" and install one while welcomed into a car.

--
It doesn't hurt to be nice.
Re: In related news.... by Anonymous Coward · 2015-08-11 20:40 · Score: 0

Probably not. RHD cars often have some things on the wrong side (beyond the steering wheel) like the lever to open the bonnet.
Re:In related news.... by parkinglot777 · 2015-08-12 02:51 · Score: 1

I'm wondering if a front-seat Uber passenger could "tie their shoes" and install one while welcomed into a car.
And that still need physical access to the car regardless their interior design layout...
Re:In related news.... by lott11 · 2015-08-12 18:10 · Score: 1

Ho boy how little you know your vehicles. There are 3 simple ways of hacking any new car, first is it was state using the OBD2 port. The second is to use the satellite cars radio then talk to the BCM. And last is to use the on-star monitoring system, just block the system for 10 seconds and send diagnostic pulse. That will make the module send the ID of the On-star module also the vehicle ID. With that you have control of the car, just press on-star the bottom and ask the person on the other end to start your car. How do I now this I was a ASE mechanic for GM, KIA Chrysler,Suzuki, Mazda, and a few others. With that you can have nice day.

We are rapidly getting to a point where it's... by Etcetera · 2015-08-11 08:44 · Score: 1, Insightful

... unethical to be releasing detailed information on an exploit.

It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.

The cost-benefit analysis going into the value judgement of a release of more details for hacks is VERY different from the analysis of some HTTP flaw or kernel bug. Actual lives are at risk, and the ability of your work to be used to cause accidents and kill people by remote control changes things.

--
Hire a Linux system administrator, systems engineer,

Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:02 · Score: 1

It depends. If it's a software fix, and manufactures have been given plenty of time to patch, releasing the exploit may be the only way to motivate all the players to action (manufacturers to release a fix, and people to be more careful about where they buy). But if it's a hardware flaw that will take more time and money to roll out and nobody has been notified, then that leaves a large window where it's just not possible to fix before it's used by a real attacker.
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:08 · Score: 0

> At the moment, no one is actively *doing* this
How do you know that?
At least this way companies are made to take action, unlike when it's reported to them and they say "it's not a real problem".
Re:We are rapidly getting to a point where it's... by ArhcAngel · 2015-08-11 09:12 · Score: 3, Informative

Oh, there are people doing it they just have the law on their side.

--
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:27 · Score: 1

Actual lives are at risk either way and the exact time when these things should be pressed. When they aren't wide spread or commonplace. So steps can be put into place to prevent this sort of thing from ever happening or at least make it significantly harder to pull off. Plus lets face it without some level of public outrage do you really think most companies are going to lift a finger when it is going to cost them money when they don't absolutely have to?
Re:We are rapidly getting to a point where it's... by Penguinisto · 2015-08-11 09:28 · Score: 1

Damn. Things like that make me doubly glad that I pay cash for all of my vehicles. I can only imagine how much easier it is to hack a car remotely which has one of those little beasties installed...

--
Quo usque tandem abutere, Nimbus, patientia nostra?
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:28 · Score: 0

At the moment, no one is actively *doing* this or using this exploit.
Michael Hastings would disagree with you, but he's, you know, dead.
Re:We are rapidly getting to a point where it's... by NatasRevol · 2015-08-11 09:31 · Score: 1

Unless the exploit is in an Oracle environment. They don't care about exploits.

--
There are two types of people in the world: Those who crave closure
Re:We are rapidly getting to a point where it's... by Etcetera · 2015-08-11 09:34 · Score: 0

Pressed, yes. More pressure = call your Congressman.
When "more pressure" = "demonstrate to script kiddies how to easily kill people", the value judgement changes.

--
Hire a Linux system administrator, systems engineer,
Re:We are rapidly getting to a point where it's... by tlhIngan · 2015-08-11 09:46 · Score: 2

It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.
This exploit is unlike the Chevy exploit - in that to remotely use it, you had to get into the car in the first place. Well, if you're already in the car, then all bets are off.
It's like saying Linux is vulnerable because you can install a keylogger ... by first getting access to the PC. Well, if you have access to the PC already, then installing a keylogger is just one of the many things you can do. Nevermind that software security is bunk once you have physical access.
Or perhaps houses are vulnerable because you can install all sorts of surveillance equipment in them... once you get inside. You can even install remote controlled lighting to freak out the homeowner.
Now, maybe the OBD-II dongle is defective, which is a fair point, but it goes less against the car manufacturer and more against the dongle manufacturer for making it so easy to break into.
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:55 · Score: 1

It's just a remote starter kill switch. It is separate from the vehicle itself, though it might take advantage of power supplied at the OBD connector. The only hack possible is to turn off power to the starter.
Companies also have to pay to have them and use them. They banks save them for their worst ~~victims~~ customers.
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 09:59 · Score: 0

Who do you think your congressman is more inclined to listen to, a "security researcher" with concerns about technology said congressman likely doesn't understand the first thing about... Or the big company who assures said congressman that there is no problem and even if said congressman does start looking into it how many lobbyists do you think it will take to put a prompt stop to that?
This is the kind of problem that doesn't get solved unless you have people demanding answers on mass.
Re:We are rapidly getting to a point where it's... by Etcetera · 2015-08-11 10:58 · Score: 1

This is the kind of problem that doesn't get solved unless you have people demanding answers on mass.
Absolutely correct.
If your answer to "How do we get people demanding answers en masse?" is "demonstrate to unethical 12 year olds how to easily kill people", then allowing the aforementioned dead people as a cause for more action, then you should probably re-evaluate your ethics.
Find another way besides treating "Crashing a car" the same way you treat "crashing a computer"
Frankly, I'd put this more along the lines of the folks who DoS'd 911 PNAPs. The fact that its possible doesn't excuse your doing it, and doesn't excuse intentional efforts to make it easier for others to do so.

--
Hire a Linux system administrator, systems engineer,
Re:We are rapidly getting to a point where it's... by Etcetera · 2015-08-11 11:00 · Score: 1

It seems to me that it is similar to a whistle-blower, than the security through obscurity model of not releasing the information.
I question your ability to know that no one is actively doing this. Proving a negative is difficult at best.
I'm all for whistle-blowing. But if sufficient results are not achieved, the response should be *more whistle-blowing*... NOT releasing the information.
The latter may (may!) be ethically justified in other situations; not here.

--
Hire a Linux system administrator, systems engineer,
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 11:52 · Score: 0

Whistle-blowing is releasing information. Without it, your consolation prize is a hat made of tinfoil and a ruined reputation.
Re:We are rapidly getting to a point where it's... by rthille · 2015-08-11 12:18 · Score: 1

Or "more pressure" == "hack congress critter's teen's car"

--
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Re:We are rapidly getting to a point where it's... by Fire_Wraith · 2015-08-11 13:31 · Score: 1

The thing is though, even if the car's internal network isn't currently attached to the internet/mobile access, it WILL be soon enough. That's the way the trends are going - because the world is getting more interconnected. As good as it would be for security, we're not going to be able to keep the connectivity genie stuffed in the bottle. Some executive is going to want it, some engineer is going to make it happen, and some car buyer is going to eagerly pay for it.

So what can we do? Well, for one, we can make it so that the internal networks and nodes of the car/airplane/industrial control/home appliances/etc aren't solely reliant on that single failsafe of an air gap. We can build them such that they don't get totally hosed the moment anyone so much as crosses that barrier.

This is where research like this can play a very important role, because it highlights that those things aren't secure - and if we fix them now, or even establish patterns so that the companies are ready to deal with this, then so much the better. Tesla already has a bug bounty program for instance, but they're ahead of the curve - we need all the car companies to get to that level of maturity, or at least having published policies stating they won't threaten to sue security researchers that come to them.
Re:We are rapidly getting to a point where it's... by Etcetera · 2015-08-11 14:02 · Score: 1

Whistle-blowing is releasing information. Without it, your consolation prize is a hat made of tinfoil and a ruined reputation.
Whistle-blowing is releasing information about the internal process, and *PERHAPS* demonstrating it opaquely. Not releasing the exploit itself.
Releasing an exploit down the road may be ethical for a generic security issue or bug. Not when lives are on the line.

--
Hire a Linux system administrator, systems engineer,
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 18:46 · Score: 0

Yes, actual lives are at risk, if manufacturers keep making cars that way. It's not like they haven't been warned about the dangers of their ways in the past. That didn't faze them. If you don't put the pressure on them now, they'll keep making the situation worse, with more people driving cars that are even more easily hackable, because the more you connect to the system, the more possible points of entry there are. Cars have been hacked through the frickin radio! If you think you should not publish security vulnerabilities now, will you publish when even more people will drive hackable cars in the future?
Also, without published research in this area would accident investigators even know what to look for? How do you know that no one is doing this? How many accidents weren't really accidents?
Re:We are rapidly getting to a point where it's... by kwbauer · 2015-08-11 19:28 · Score: 1

And we should also hold manufacturers accountable because they build cars in such a way that it is possible to drive them with worn out tires and bolt stuff on to them that might cause a problem. We all know that making car bodies out of materials that the common person can drill through or weld or glue onto is just asking for trouble.
Re:We are rapidly getting to a point where it's... by Anonymous Coward · 2015-08-11 23:48 · Score: 0

Even a software patch requires the cars to be recalled to a dealership. Only very few car models have the ability to receive over-the-air software updates. I doubt that the costs of such a recall would be much different from one where hardware has to be swapped. The costs of the parts are often considerably less than the time that gets billed.

OK, but... by cyn1c77 · 2015-08-11 08:45 · Score: 5, Insightful

Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.

Re:OK, but... by digsbo · 2015-08-11 08:52 · Score: 1

You can't remove a bomb (or its fragments) after killing the driver in an explosion. I don't know how hard it would be to leave no traceable evidence you cut the brakes with a dongle, but I'm guessing it's a concern.
Re:OK, but... by PRMan · 2015-08-11 08:55 · Score: 2

But in this case they hacked a popular ODB-II dongle that many car modders already have installed.

--
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Re:OK, but... by NotQuiteReal · 2015-08-11 08:58 · Score: 1

That's why I had a trunk monkey installed. It stops those kind of shenanigans.

--
This issue is a bit more complicated than you think.
Re:OK, but... by FreeUser · 2015-08-11 09:06 · Score: 1

Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.
Or cut the break lines.

--
The Future of Human Evolution: Autonomy
Re:OK, but... by Anonymous Coward · 2015-08-11 09:20 · Score: 0

Or simply send the target what appears to be a legitimate insurance tracking dongle with a "free trial offer" and promise to let them know exactly how much they can save. Then you let them plug the dongle into their car for you. Which is only nominally more work than the traditional method of spreading malware by simply dropping a USB drive in a parking lot and waiting for some rube to plug it into their home/work computer.
Re:OK, but... by omnichad · 2015-08-11 09:27 · Score: 1

no traceable evidence

The dongle is the physical evidence. If you physically put it there. If you didn't provide it, it'll be awfully hard to figure out the phone number of the device to perform the attack.
Re:OK, but... by Penguinisto · 2015-08-11 09:31 · Score: 1

I'm thinking it'd be pretty damned hard to remove the device in the limited time between crash and haul-away by the cops, unless you're directly following the guy on a lonely, remote, deserted road (otherwise, it's going to look real suspicious if someone sees you just walk up, reach into the vehicle, and leave without even trying to render aid to the victim...)

--
Quo usque tandem abutere, Nimbus, patientia nostra?
Re:OK, but... by digsbo · 2015-08-11 09:35 · Score: 1

Get there and get it out...assuming you control the dongle, you cut the breaks via SMS, you should beat the cops to the scene? Seems risky. I don't really think it's an issue, but I see how some might.
Re:OK, but... by vux984 · 2015-08-11 09:40 · Score: 1

Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.
"just as easily" ? ORLY.
From their FAQ:
"We provide the Metromile Pulse, our OBD-II device, to our per-mile insurance customers. If you are interested in per-mile insurance, please learn more here."
https://www.metromile.com/
Please describe how and where my victims unwittingly order a remotely controlled bomb and install it in their cars for me?
Lets keep this in perspective indeed. Thousands of people using metromile insurance receive and install this dongle in their cars. None of them are strapping C4 attached to a cellphone under the hood... although it seems they might as well be if they sign up to Metromile per-mile insurance.
Re:OK, but... by Anonymous Coward · 2015-08-11 09:51 · Score: 0

people watch movies... and understand explosions. Put a weird dongle in there and no one will think anything about it. VCR's are still confusing to people.
Re:OK, but... by Anonymous Coward · 2015-08-11 10:16 · Score: 0

I hear Amazon has everything from A->Z
Re:OK, but... by Anonymous Coward · 2015-08-11 10:22 · Score: 1

well presumably you will want to be nearby to time your attack for greatest effect, and then you can be first on the scene! get in there,help the driver, pocket the device, call the cops.
Re:OK, but... by Spy+Handler · 2015-08-11 10:25 · Score: 1

Furthermore, TFS boldly claims "Hackers remotely cut brakes...". Well duh, if you have physical access to your target and attach your own device to it (which is what these guys did), of course you can do whatever to it. I can remotely shove a gerbil up Bush's butt if I am given physical access to him and I'm allowed to attach my device on him.
The challenge is to remotely hack something that you have no physical access to and/or without attaching anything to it.
Re:OK, but... by ChumpusRex2003 · 2015-08-11 10:48 · Score: 1

True. But these dongles are in widespread use (e.g. by insurance companies selling insurance on a per-mile basis, or high risk policies for younger drivers; fleet managers who wish to track the movements and driving style of the their vehicles, etc.)

Because these dongles are intended to be accessible over cellular networks, any defects in authentication or validation of query data can be troublesome. In this case, these dongles intended to monitor driving behavior and forward it to an authorised viewer, appear to blindly forward data received over a cellular network to the vehicle's internal network.
Re:OK, but... by Anonymous Coward · 2015-08-11 11:34 · Score: 0

"I just reached in to pull the emergency brake, so the car wouldn't roll away while we were helping that poor soul."
Re:OK, but... by Anonymous Coward · 2015-08-11 13:05 · Score: 0

... except they did it on a Corvette that already comes with a much, much better system as an option for telemetry monitoring.
They should have gone after a Cruze or a Focus.
Re:OK, but... by fermion · 2015-08-11 14:23 · Score: 1

The real overreaction here is the what how would this be useful in killing or maiming someone that do have easier or more effective alternatives. In reality, attaching one of these does not necessarily require physical access. Insurance companies are promoting drivers to use these in their cars so they can get data to raise rates. It would be easy enough to substitute a more malicious dongle for the less malicious dongle. The driver would voluntarily place the device and not know any better. In any case, the real insecurity here is a driver keeping and ODB-II device in their car semi-permantly. I have such a dongle for diagnostics, and I certainly do not keep it attached while driving except in certain circumstances. The real insecurity here is firms like insurance companies promoting unsafe products.

--
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Re:OK, but... by kwbauer · 2015-08-11 19:34 · Score: 1

So, the blame would be on the insurance company or dongle manufacturer for allowing unauthorized access to the dongle then. Either way, the auto manufacturer is not at fault as they did not provide the attack vector.
Re:OK, but... by AmiMoJo · 2015-08-11 23:43 · Score: 1

Modders use Bluetooth enabled dongles (which might be hackable), but these things have a cellular modem in them. They are used by fleet management systems and insurance companies. Fleets monitor their drivers to check that they are driving efficiently and not wasting fuel. Insurance companies use them both to spy on the driver (with the offer of a potentially lower premium) and to gather evidence in the event of an accident (e.g. proving that their driver had come to a complete stop before the collision).
That they are hackable via SMS does not surprise me. SMS messages have to be parsed, and parsers on embedded systems tend not to be very robust.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:OK, but... by Patricia · 2015-08-12 04:44 · Score: 1

Agreed, physical access = owned.
Another sensational article that makes it sound like people across the internet can kill you in your car. *sigh*
But these might actually already be in a car. Insurance companies, uber, etc.. give them out. People voluntarily install them.
The cautionary tale here is 'don't plug crap people give you into your car's electronics'

first by Anonymous Coward · 2015-08-11 08:46 · Score: 0

haha

I know it's not the entire point but... by Anonymous Coward · 2015-08-11 08:47 · Score: 1

Once the researchers' dongle is attached

Can we have a bit less sensationalism around this articles about "This hack can happen once you get access to the physical sytem!!!!1111!!!!!"?

It's can still be an interesting tech read but I can also cut breaks with a set of 99 cent snips from Radio Shack.

Re:I know it's not the entire point but... by bobbied · 2015-08-11 08:49 · Score: 1

Once the researchers' dongle is attached It's can still be an interesting tech read but I can also cut breaks with a set of 99 cent snips from Radio Shack.
Not any more.. Radio Shack has gone the way of Comp USA and Circuit City....

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Re:I know it's not the entire point but... by Noah+Haders · 2015-08-11 08:54 · Score: 1

yes but you can't snip the brakes when the vehicle is going 75 MPH on the freeway...
Re: I know it's not the entire point but... by Anonymous Coward · 2015-08-11 09:23 · Score: 0

Radio shack doesn't carry snips anymore... if you need a crap Verizon phone though....
Re:I know it's not the entire point but... by omnichad · 2015-08-11 09:29 · Score: 1

Comp USA and Circuit City opened up locations inside of Sprint stores?
Re:I know it's not the entire point but... by dunkindave · 2015-08-11 09:45 · Score: 1

yes but you can't snip the brakes when the vehicle is going 75 MPH on the freeway...
With a small remotely operated tube cutter, yes. (two actually due to dual-cylinder brake systems) Same as this device, other than one device versus two. The difference is to access the ODB-II requires getting into the vehicle without the owner knowing, while attaching a tube cutter only requires access to the underside of the vehicle. The latter is actually easier. In both cases pressing the emergency brake (ever wonder why it is called that?) would activate the rear brakes unless that physical cable were also cut.
Re:I know it's not the entire point but... by drinkypoo · 2015-08-11 09:50 · Score: 1

The difference is to access the ODB-II requires getting into the vehicle without the owner knowing,

That depends on the vehicle. Some can be raised up, crawled beneath, and the harness accessed. Some, you can't get to it from there. Once you get there you only need three lines for OBD-II.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:I know it's not the entire point but... by dunkindave · 2015-08-11 09:55 · Score: 1

The difference is to access the ODB-II requires getting into the vehicle without the owner knowing,
That depends on the vehicle. Some can be raised up, crawled beneath, and the harness accessed. Some, you can't get to it from there. Once you get there you only need three lines for OBD-II.
That is the CAN bus, not the ODB-II, but you are right, and I didn't want to spend the time explaining it, that accessing the CAN bus will probably yield the same capabilities. The CAN bus runs to a lot of components like the transmission and is often also exposed on the car's underside.
Re:I know it's not the entire point but... by drinkypoo · 2015-08-11 10:08 · Score: 1

That is the CAN bus, not the ODB-II
First, How is that you feel qualified to speak on this subject when you don't even know the difference between the second coming of Ol' Dirty Bastard, and On-Board Diagnostics?
Second, CAN is a protocol which is used with OBD-II. It is also used for communications between modules. Getting onto any bus on which the PCM speaks is sufficient for making an attack against the powertrain. OBD-II can also use ISO 9141-2 or the J1850 standard. CAN is fastest, but most expensive.
Third, if the PCM is located under the hood, which it often is, then the diagnostic line (whether it's a CAN line like it usually is on modern cars, or one of the other protocols used with OBD-II) may well run through an exposed harness under the hood.
For example, in the Audi A8, the E-Box which contains the PCM, TCM and so on is right up against the firewall and there's a very short bit of harness with the diagnostic line in which doesn't get exposed. And in my particular vehicle, a very early 1997 A8 Quattro, the ABS controller is located inside up under the dashboard, so that diagnostic line (in my case a K-line, not CAN) is also inaccessible. But since there's only one diagnostic line which literally goes to all the modules, in the cars which immediately follow mine (starting in late 1997) which have the ABS controller located directly on the ABS module under the hood, it's relatively easy to access the bus — upon which live the PCM, TCM, ABS, and SRS. I think those vehicles actually have a gateway between the powertrain (which includes the ABS in modern vehicles) and SRS, and the infotainment bus, which includes the steering wheel controls. Some of the details of cars which are not mine are a bit hazy.
TL;DR: You don't know what you're on about, and sometimes a sensitive wire is accessible from beneath the hood, even if you can't raise it.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:I know it's not the entire point but... by fisted · 2015-08-11 10:08 · Score: 1

You don't seriously think the handbrake is an "emergency brake", right? Good grief, please be kidding.

--
CLI paste? paste.pr0.tips!
Re:I know it's not the entire point but... by dunkindave · 2015-08-11 10:28 · Score: 1

That is the CAN bus, not the ODB-II
First, How is that you feel qualified to speak on this subject when you don't even know the difference between the second coming of Ol' Dirty Bastard, and On-Board Diagnostics?
The linked article explicitly spelled out the ODB-II, so I addressed that. The article said "The device that the UCSD researchers exploited for those attacks was a so-called OBD2 dongle"

Second, CAN is a protocol which is used with OBD-II. It is also used for communications between modules. Getting onto any bus on which the PCM speaks is sufficient for making an attack against the powertrain.
Which is why I said "accessing the CAN bus will probably yield the same capabilities."

Third, if the PCM is located under the hood, which it often is, then the diagnostic line (whether it's a CAN line like it usually is on modern cars, or one of the other protocols used with OBD-II) may well run through an exposed harness under the hood.
If you are going to break into the engine compartment, then it isn't that different than breaking into the car.

For example, in the Audi A8, the E-Box which contains the PCM, TCM and so on is right up against the firewall and there's a very short bit of harness with the diagnostic line in which doesn't get exposed. And in my particular vehicle, a very early 1997 A8 Quattro, the ABS controller is located inside up under the dashboard, so that diagnostic line (in my case a K-line, not CAN) is also inaccessible. But since there's only one diagnostic line which literally goes to all the modules, in the cars which immediately follow mine (starting in late 1997) which have the ABS controller located directly on the ABS module under the hood, it's relatively easy to access the bus — upon which live the PCM, TCM, ABS, and SRS. I think those vehicles actually have a gateway between the powertrain (which includes the ABS in modern vehicles) and SRS, and the infotainment bus, which includes the steering wheel controls. Some of the details of cars which are not mine are a bit hazy.
TL;DR: You don't know what you're on about, and sometimes a sensitive wire is accessible from beneath the hood, even if you can't raise it.
What sensitive wire is under the hood isn't that big of a problem, unless it is at the bottom of the compartment and easily accessible from underneath, because breaking into under the hood is almost the same as breaking into the car's interior. Climbing under a car and accessing directly exposed wires via a harness is a different matter, and what I was talking about. I never mentioned breaking into the hood-protected area to get to the bus.
Re:I know it's not the entire point but... by dunkindave · 2015-08-11 10:45 · Score: 2

You don't seriously think the handbrake is an "emergency brake", right? Good grief, please be kidding.
It isn't a handbrake in my vehicle since it is on the floor, and such systems were originally put in place to provide a backup braking system in case the hydraulic system failed, especially since hydraulic braking systems used to be single-cylinder systems and were only mandated to use dual master cylinders starting in 1976. They were later adapted to provide a backup parking brake to supplement the vehicle being left in gear, and are now often also referred to as a parking brake.

So yes, I think of it as an "emergency brake". But then ideas like yours is why most people never think to use it when their regular brakes fail, just like they don't think to turn off the ignition if the throttle sticks.
Re:I know it's not the entire point but... by bobbied · 2015-08-11 11:06 · Score: 1

Bankruptcy has taken all three... Sprint just purchased some of Radio Shack's stores so they could keep selling cell phones from them.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Re:I know it's not the entire point but... by PopeRatzo · 2015-08-11 11:39 · Score: 1

You don't seriously think the handbrake is an "emergency brake", right?

On my '72 Toyota, it was the only brake.

--
You are welcome on my lawn.
Re:I know it's not the entire point but... by Noah+Haders · 2015-08-11 12:27 · Score: 1

the article correctly says OBD, but your post says ODB. see the difference?
Re:I know it's not the entire point but... by Anonymous Coward · 2015-08-11 13:12 · Score: 0

It's a typo. So what?
Re:I know it's not the entire point but... by Anonymous Coward · 2015-08-11 13:15 · Score: 0

It's called a handbrake because it's usually activated with one's hand.
Re: I know it's not the entire point but... by Anonymous Coward · 2015-08-11 13:23 · Score: 0

New crossbow hack cuts brakes of vehicles at highway speeds!
Re:I know it's not the entire point but... by Bing+Tsher+E · 2015-08-11 14:24 · Score: 1

The Sprint/Radio Shack store a few miles from me here sells wire cutters, soldering irons, and even Arduinos.
Re:I know it's not the entire point but... by Noah+Haders · 2015-08-11 15:57 · Score: 1

hence drinkypoo's snarky comment about are you referring to the onboard diagnostics unit or ol dirty bastard? I thought it was pretty funny.
Re:I know it's not the entire point but... by Anonymous Coward · 2015-08-11 16:59 · Score: 0

>The linked article explicitly spelled out the ODB-II, so I addressed that. The article said "The device that the UCSD researchers exploited for those attacks was a so-called OBD2 dongle"
I think you just whooshed yourself...
Re:I know it's not the entire point but... by fisted · 2015-08-12 02:08 · Score: 1

It isn't a handbrake in my vehicle since it is on the floor
Fair enough

and such systems were originally put in place to provide a backup braking system in case the hydraulic system failed
Today I learned. That's some pretty poor design then, especially considering that it usually brakes only the rear wheels. If you're vaguely familiar with driving physics, or if you have ever tried to actually brake with the handbrake, then you'll have realized that it is essentially useless as an ersatz brake.
If you're going at a reasonably high speed, and attempt to brake that way, you'll notice it doesn't brake well. So you pull it harder, and then you lose traction on the rear wheels, which, again, if you're familiar with driving physics, you know the outcome of (Hint: it is often worse than shifting up and coasting to a stop, or grinding against a guard rail).
In fact, parking on a steep slope and deliberately breaking traction on the rear wheels is all I ever use it for (the latter not on public roads, of course)
A well-designed emergency brake would a) attack the front wheels, or all wheels, and b) provide (mechanical) force amplification.

and are now often also referred to as a parking brake
IIRC the correct term is "locking brake", in Germany anyway.

But then ideas like yours is why most people never think to use it when their regular brakes fail just like they don't think to turn off the ignition if the throttle sticks.
You seem to have seen too many bad movies.

--
CLI paste? paste.pr0.tips!
Re:I know it's not the entire point but... by bobbied · 2015-08-12 03:38 · Score: 1

The Sprint/Radio Shack store a few miles from me here sells wire cutters, soldering irons, and even Arduinos.
Have you been there lately? Like in the last few weeks? The bankruptcy liquidation sales just ended last month or so around here. I didn't figure Sprint would want to continue selling the electronics trinkets, just cell phones and accessories... But hey, I've not seen a remaining Radio Shack/Sprint store myself, all the local stores closed.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101

Less impressive than the other hacks by Anonymous Coward · 2015-08-11 08:47 · Score: 1

If it requires physical access to put in the magical dongle then I'm less impressed with this hack compared to the truly remote hacks we've seen on other vehicles.

I could also cut the breaklines with a $5 tool with physical access to the vehicle. Not to mention the number of car bombs I could get from the mob!

Misleading Attention Grabbers by monkeyxpress · 2015-08-11 08:50 · Score: 4, Informative

This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers. What they likely meant by 'disabled the brakes' is that they disabled the ABS or brake assist module. While troubling, these components are all designed with mechanical overrides for if the electronics goes hey-wire, so this is really scare mongering.

We have known for years about CAN bus insecurity and how you can control indicators and wipers once you get physical access. There was even a model of car where you could just snap a wing mirror off and plug directly into the CAN system through the exposed mirror connector. These people haven't done anything new and are just being intentionally sensationalist to get attention.

Re:Misleading Attention Grabbers by 0123456 · 2015-08-11 09:03 · Score: 4, Informative

You realize that ABS cuts the brakes, right? So, if you can take over the ABS controller, you can stop the car from braking?
There's no way in hell a device attached to the bus connector under the steering wheel should be allowed to do such a thing.
Re:Misleading Attention Grabbers by WoodburyMan · 2015-08-11 09:09 · Score: 2

Likewise, power steering or power brakes can be disabled via the same method most likely. Especially if they're in electronic parking assist vehicles which typically have electric power steering vs hydraulic. At high speeds power brakes being cut can be dangerous, power steering not so much, more dangerous at lower speeds. This is why I will never buy a keyless entry car, and prefer manual transmissions, and prefer all driving assistance but ABS to be off. I had traction control nearly kill me once when it tried to correct and reduced engine power after I had already corrected myself. That being said as well. Someone could just as easily PHYSICALLY clip your brake lines, and they don't even need access to the inside of the vehicle. Or if you live in the Northern US just drive in the winter for 3-5 years and the new chemical treatment they use on the roads in the winter. Already had two family members vehicles, only 6 years old, have lines MELTED through by this stuff, one went while driving.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 09:11 · Score: 1

Are you sure? Even with the power "off" you can typically brake your car - though it will take a bit more effort.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 09:11 · Score: 0

It is my understanding they can stop the brake vacuum, which means the brake pedal becomes nearly unusable, which is maybe the same method the ABS system uses. So yeah, it is dangerous.
Re:Misleading Attention Grabbers by monkeyxpress · 2015-08-11 09:41 · Score: 5, Interesting

It can't. The ABS module is designed to be mechanically failsafe. Have a look at a design. The system can only modulate the pressure in the brake line. It does not have any ability to vent to the reservoir or lock out the pedal connection (the isolation valve is just for pedal feel). All it can do is dump a tiny amount of fluid into a small internal reservoir and then pump it back into the line. If the system fails, whether due to a stuck valve, electronics going crazy, or just loss of power, the worst you'll get is a pedal that moves a bit further and no ABS. Even if you could flash the firmware in the controller through the CAN bus (which you normally can't) to get full control of all the valves and pumps you can't 'cut the brakes'.
Re: Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 10:48 · Score: 0

Theres still people that think their manhood is questioned with ABS and traction control. Those are people that were never in an emergency situation and still believe you have 10 seconds to react to a situation. ABS is better than you in 99.9% of everyday real situations on real roads in the real world. We can all talk about that one time on ice you think you you'd be better.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 13:20 · Score: 0

Likewise, power steering or power brakes can be disabled via the same method most likely.
Servo assist works because of the vacuum produced at the intake side of the engine. Electronics don't come into it.
Re:Misleading Attention Grabbers by StefanSavage · 2015-08-11 15:05 · Score: 4, Informative

Sorry, I have contrary empirical evidence. On multiple different cars we have manipulated appropriate ECUs with the effect that you can push on the brake pedal with no impact on forward velocity (see autosec.org and also the paper this post refers to). I'll personally attest that it is so and that no matter how hard you step on the pedal that nothing is happening wrt braking. I believe that Charlie and Chris also accomplished the same thing with the vehicles they addressed in the first and most recent presentations.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 16:25 · Score: 0

Computer scientists at WSU disagree with you over the capability of getting a GM ABS controller to disable driver input on the brake pedal; from http://www.autosec.org/pubs/cars-oakland2010.pdf

Over a range of experiments, both in the lab and in road tests, we
demonstrate the ability to adversarially control a wide range
of automotive functions and completely ignore driver input—
including disabling the brakes, selectively braking individual
wheels on demand, stopping the engine, and so on.
How you ask?

For example, we are able to forcibly and
completely disengage the brakes while driving, making it
difficult for the driver to stop. Conversely, we are able to
forcibly activate the brakes, lurching the driver forward and
causing the car to stop suddenly.
......

Noncompliant Access Control: Device Overrides. Recall
that the DeviceControl service is used to override the
state of components. However, ECUs are expected to reject
unsafe DeviceControl override requests, such as releasing
the brakes when the car is in motion (an example mentioned
in the standard). Some of these unsafe overrides are needed
for testing during the manufacturing process, so those can be
enabled by authenticating with the DeviceControl key. However,
we found during our experiments that certain unsafe
device control operations succeeded without authenticating;
we summarize these in Tables II, V-A, and IV.

Brakes. Our fuzzing of the Electronic Brake Control
Module (see Table IV) allowed us to discover how to lock
individual brakes and sets of brakes, notably without needing
to unlock the EBCM with its DeviceControl key. In one case,
we sent a random packet which not only engaged the front
left brake, but locked it resistant to manual override even
through a power cycle and battery removal. To remedy this,
we had to resort to continued fuzzing to find a packet that
would reverse this effect. Surprisingly, also without needing
to unlock the EBCM, we were also able to release the brakes
and prevent them from being enabled, even with car’s wheels
spinning at 40 MPH while on jack stands.

Even at speeds of up to 40 MPH on the runway, the attack
packets had their intended effect, whether it was honking the
horn, killing the engine, preventing the car from restarting,
or blasting the heat. Most dramatic were the effects of DeviceControl
packets to the Electronic Brake Control Module
(EBCM) — the full effect of which we had previously not
been able to observe. In particular, we were able to release
the brakes and actually prevent our driver from braking; no
amount of pressure on the brake pedal was able to activate
the brakes. Even though we expected this effect, reversed it
quickly, and had a safety mechanism in place, it was still a
frightening experience for our driver. With another packet,
we were able to instantaneously lock the brakes unevenly;
this could have been dangerous at higher speeds. We sent
the same packet when the car was stationary (but still on
the closed road course), which prevented us from moving it
at all even by flooring the accelerator while in first gear.
This is probably why the term "deathtrap" was banned at GM.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 16:30 · Score: 0

This sounds quite interesting.
Got any specific links to documentation?
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 20:47 · Score: 0

This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers..
https://en.wikipedia.org/wiki/Electronically_controlled_brake
https://en.wikipedia.org/wiki/Sensotronic_Brake_Control
Re:Misleading Attention Grabbers by tinkerton · 2015-08-11 20:53 · Score: 1

With everyone contradicting each other I can't follow what the central idea is. Isn't it so that if you can make the ABS think the wheels are slipping you can make it interrupt the brakes? So a hack that activates ABS (rather than disable it) could override the driver?
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-11 23:54 · Score: 0

This is *very* frightening. Brakes need to be the last thing that fails in a car. This has been done right for decades. Why do they stop doing that now?
Re:Misleading Attention Grabbers by jittles · 2015-08-12 00:16 · Score: 1

This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers.
This is actually no longer true and I was surprised when I learned this a few weeks ago. Apparently Porsche no longer physically connects the brake pedal to the master cylinder in certain model cars. In fact, if you search for parts for Porsche's you'll see that, as of 2012, the only car that still has a brake pedal physically connected to the master cylinder is the GT3. I was pretty shocked and appalled to hear this since the e-brake on the car is a switch. That means that a total failure of the computer system on the car could also result in you being completely unable to apply any braking whatsoever.
Re:Misleading Attention Grabbers by Anonymous Coward · 2015-08-12 00:36 · Score: 0

ABS works by detecting which wheel is no longer turning.
When, during braking, a wheel is determined to be either slowing down too quickly or not turning at all, the ABS activates.
It isolates that wheel's brake hydraulics from the rest of the system (i.e. the brake pedal) and pulses the hydraulics to that brake. The hope is that the wheel will start turning faster (matching the speed of the other wheels) giving you the ability to turn the car.
The key to the operation is to release pressure on the wheel's brake.
So.... if you can interfere with the ABS software, or reprogram the ABS, you might be able to isolate some or all wheels from the brake pedal.
Re: Misleading Attention Grabbers by rhazz · 2015-08-12 02:03 · Score: 1

ABS can fail in dangerous ways in my (anecdotal) experience. My first and only car has a failed ABS system, apparently from salt wearing away at the poorly designed connectors (2007 Yaris). In addition to slippery situations, the ABS would partially engage when braking if I happened to go over a sewer cover or a minor pot hole. In all situations it wouldn't properly engage though, so any time it activated it just reduced my braking to about 20% effectiveness. In was very unpredictable. I am a careful driver and this usually only happened when slowing down for a red light in snowy conditions - however the stopping distance with and without ABS was like 40ft versus 10 ft. It was like this when I purchased it, but having no experience with ABS I just assumed that was what ABS did. I asked people and they would just say that yeah, that's how ABS works - less power but more traction. One particularly bad winter it happened often enough that I feared driving with any snow on the ground, so I pulled the fuse to disable it. I brought it to the service shop and asked the techs to look at it - yeah it was a common problem with this model in Canada, but there was no recall. $1200 to fix but would probably fail again after a few winters. I left the fuse out and never looked back.
I personally don't care about the whole manliness thing, but I sure as hell feel safer with my ABS is disabled. Knowing that it can fail like that leaves me with very little trust for it in general.

Anything goes . . . by Anonymous Coward · 2015-08-11 08:51 · Score: 1

. . . when you "plug a gadget into the car".

Some cars have been hacked with a special crafted music CD. You can perhaps trick someone to insert a CD, but nobody plugs a strange contraption into a hard-to-find plug under the dashboard.

Once you get into the car's wiring, you can always disable stuff. Even old computerless cars could be disabled by short circuiting the starter cables.

Re:Anything goes . . . by Anonymous Coward · 2015-08-11 19:07 · Score: 0

The module they used was an off-the-shelf part that is used by thousands of cars used for tracking locations of fleets, i.e taxis, busses, delvery fans and armoured vehicles.

My Battlestar Galactica security plan is working by He+Who+Has+No+Name · 2015-08-11 08:51 · Score: 4, Funny

...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

It doesn't even have power windows.

Hack that wirelessly, bitches.

Hello, Dave, I'm hoping today will be a good day by WillAffleckUW · 2015-08-11 08:51 · Score: 1

Would you like to have the brakes go out as we round this steep hill, or after we get to the bottom near the lake?

--
-- Tigger warning: This post may contain tiggers! --

I wouldn't call it a "hack"... by Anonymous Coward · 2015-08-11 08:53 · Score: 0

It's not a "hack"....it's a "break-in" if they need physical access to the car. A malicious person could easily just cut the brake lines and accomplish the same thing.

A lot easier to crawl under it by Anonymous Coward · 2015-08-11 08:59 · Score: 0

and cut them for sure even if only a little, maybe make it look like crappy road damage.

Re:A lot easier to crawl under it by Anonymous Coward · 2015-08-11 09:14 · Score: 0

and cut them for sure even if only a little, maybe make it look like crappy road damage.
Just "hit" the rubber part of the brake line on one front wheel with something from the road...
Re:A lot easier to crawl under it by kyrsjo · 2015-08-11 10:13 · Score: 1

There is a reason why there is more than one hydraulic circuit...

You misunderstand. by Anonymous Coward · 2015-08-11 09:05 · Score: 1

Yes, this requires an additional hardware dongle to be attached to the car.

However, the attackers did not create these dongles. These dongles are ALREADY THERE in many cars. These are devices that driver fleet managers use to track how their drivers are performing. Think FedEx vans and delivery trucks. They're also already in use by some insurance companies, who offer discounts for safe driving or infrequent use. Nobody's talking about breaking into cars and physically attaching a device that wasn't there before.

Re:You misunderstand. by PAjamian · 2015-08-11 09:13 · Score: 2

Yep, FedEX vans ... or armoured van fleets?
A practical application of this for criminals would be to use it to stop and rob an armoured van.

--
Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
Re:You misunderstand. by Anonymous Coward · 2015-08-11 09:20 · Score: 0

> However, the attackers did not create these dongles. These dongles are ALREADY THERE in many cars.
ODB Dongles yes, one that can be used for this attack no.
Re:You misunderstand. by StefanSavage · 2015-08-11 15:07 · Score: 1

FWIW, we're aware of thousands of these dongles on the road today.

It's not remote by Anonymous Coward · 2015-08-11 09:05 · Score: 0

It's not remote. They had to first install a radio into the car to receive their commands, and interface it with the car's computer.

What's surprising about that?

Here, I can remotely cut the breaks of ANY car using a pair of industrial-grade cutters connected to a solenoid, which is operated by a raspberry pi connected to a cell phone. I simply shell in and power the solenoid which causes the cutters to sever the break cable.

Is this really that advanced? It would have been interesting if the car could have been hacked remotely, but that isn't what they did.

Re:My Battlestar Galactica security plan is workin by bobbied · 2015-08-11 09:10 · Score: 1

...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

It doesn't even have power windows.

Hack that wirelessly,

Well, to improve things, get yourself an older diesel powered vehicle and then not even the spark ignition stuff is necessary....

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101

Re:My Battlestar Galactica security plan is workin by He+Who+Has+No+Name · 2015-08-11 09:17 · Score: 1

Considered, but the 4.0L inline 6 is way more durable than the diesels that came in that model.

For true EMP scenarios, I have a Siberian Husky dogsled team.

This needs attention by Anonymous Coward · 2015-08-11 09:23 · Score: 0

Maybe it SHOULD get more attention if these problems have existed for years and we've done absolutely nothing about it.

We are now plugging in IoT devices to the CAN bus. Insurance companies are doing it. Automakers are doing it. The CAN bus is now vulnerable to attacks from the cloud, and just because your car doesn't do it yet, doesn't mean it's not coming.

What should be sensational is that we've known about these problems for the better part of a decade and nobody has done anything about it.

Re:My Battlestar Galactica security plan is workin by godrik · 2015-08-11 09:31 · Score: 1

In the spirit of this "hack", a rocket launcher could be used to blow up the car wirelessly.

Insurance Irony by mungewell · 2015-08-11 09:32 · Score: 1

It seems that some devices like this are provided by the insurance industry to their clients.... and the Charlie Miller write up confirms that there are CAN-BUS commands to lock and unlock the doors. Wonder if these would make an 'interesting" insurance claim?

You plugged what in to the cars can bus? by Anonymous Coward · 2015-08-11 09:33 · Score: 0

If you plug anything in to the canbus you deserve everything you get. it gives direct unfiltered access to most of the cars subsystems.

And by the description of what they are saying they are just activating the test routines on the ABS ECU. For fucks sake. I can do that with a laptop and my knocked off copy of Peugeot planet. It specifically says in the ABS test functions that this will only work below 10mph. Its a function designed to test the cars ABS system. Go over 10mph and the ECU automatically disconnects the test routines. So they have just accessed these ABS test routines via a dongle instead of the manufactures diagnostic software.

This is barely a hack. This is using a diagnostic connector and activating diagnostic functions and calling it a hack on the cars systems.

Re:You plugged what in to the cars can bus? by stabiesoft · 2015-08-11 09:44 · Score: 1

I thought you could even reflash the transmission shift algorithm, reprogram the PCM for a "tune" to name a few. Yep, once you are connected to the OBDII, you are in. That is what is was designed for, so call me surprised when I find out people are doing that with it.
Re:You plugged what in to the cars can bus? by Anonymous Coward · 2015-08-11 10:01 · Score: 0

Yes exactly, how ever it does respect the immobiliser so you can't just smash the window and jack in via the ODBII connector. You need to turn the key. So other reports of being able to lock and unlock the doors, when inside the car with the ignition key turned, just like the button on the dash are simply shocking. I mean who would have thought that.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 09:37 · Score: 0

Ironically, the BSG "hacking" seem to involve -- somehow -- any networked computer system, not just wireless ones. Somehow, the Cylons could easily remotely hack any two computers connected by a cable, even remotely, but could not remotely hack individual computers...

Still trying to figure that one out.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 09:39 · Score: 0

Dumbass - you won't have any fuel when they hack the oil companies.

I've got a horse.

So what? by Anonymous Coward · 2015-08-11 09:45 · Score: 0

If you drive a Corvette you don't really use the brakes much anyway, so who cares?

Disabled, not cut by wonkey_monkey · 2015-08-11 10:06 · Score: 1

Hackers Remotely Cut a Corvette's Brakes

Yes, I know, it's a metaphor, but it not a particularly good one in the context. They remotely disabled the brakes. Nothing was physically cut.

Not that it's entirely inconceivable that someone will one day find a way to cause physical internal damage to a car remotely...

--
systemd is Roko's Basilisk.

Re:Disabled, not cut by AHuxley · 2015-08-11 14:26 · Score: 1

Re "Nothing was physically cut."
In the past any good investigator might notice physical tampering.
That would give courts, police more powers and ensure journalists kept asking questions.
If the story can be altered to difficult conditions, a fast powerful car, a driver who was distracted... and no signs of any other issues

--
Domestic spying is now "Benign Information Gathering"

See the problem is. by negativeduck · 2015-08-11 10:12 · Score: 1

This is yet another fear based article while it carries merit to it the wording and general presence indicates that there is a vulnerability that can cause you to loose control of your vehicle. It wasn't triggered by the car driving next to you without first getting access to the vehicle physically, and it could possibly be exploited by a another vendors third party plugin.

Yet this is the same type of article that helps to fuel the auto industry in it's goal WRT the DMCA. They maintain that allowing anyone access to the ECU and the on-board networks of the vehicle creates a major security risk. This is all true but but this form of "MASS" presentation "Remotely cut the brakes!" helps to stifle the claims that the automakers are only trying to protect a future revenue stream. But gives them even more ammunition to lock odb-II and begin making it so you can access nothing in the vehicle.

Comment removed by account_deleted · 2015-08-11 10:17 · Score: 1

Comment removed based on user account deletion

Comment removed by account_deleted · 2015-08-11 10:23 · Score: 1

Comment removed based on user account deletion

Comment removed by account_deleted · 2015-08-11 10:29 · Score: 1

Comment removed based on user account deletion

Comment removed by account_deleted · 2015-08-11 10:32 · Score: 1

Comment removed based on user account deletion

Many off roaders by future+assassin · 2015-08-11 10:49 · Score: 1

have ABS kill switches to disable ABS when going off road/mud/slippery roads besides that even if ABS fails the brakes still will work fine, who in their right mind would design it so the brakes fail if the ABS module/pump fails?

--
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 10:59 · Score: 0

Most vehicals had computers by the early 80's. You want to trade that '92 Chrysler in on an actual Jeep, 70's vintage if you want "new."

Re:My Battlestar Galactica security plan is workin by bobbied · 2015-08-11 11:01 · Score: 0

LOL... Hope it happens in the winter then....

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101

More Bullshit "hacking" by Lumpy · 2015-08-11 11:15 · Score: 3, Informative

Can we stop with these fake "researchers" that make claims that are stupid as hell?

They did not hack anything, they compromised the car by having physical access and sent service code activation commands.

Basically if there is a smelly guy wearing a trenchcoat under your dash, you might be hacked.

--
Do not look at laser with remaining good eye.

Re:More Bullshit "hacking" by Anonymous Coward · 2015-08-11 14:32 · Score: 1

Can we stop with armchair experts spouting off without even reading the article? The whole point is that they didn't need a custom dongle - they hacked the one the insurance company gives you for a bill-by-the-mile plan.
Re:More Bullshit "hacking" by Anonymous Coward · 2015-08-11 17:17 · Score: 0

No. They took advantage of an accessory that is being pushed by insurance companies. The scenario isn't that the bad guy sticks a dongle on your car. The scenario is that the bad guy takes advantage of the dongle you've already installed.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 11:59 · Score: 0

A college girl in the least amount of clothing necessary to not be arrested would do the trick.

Nope. by Anonymous Coward · 2015-08-11 12:02 · Score: 0

They didn't disable the ABS. They activate the ABS. They cause the ABS to think that it is skidding as it would on gravel. The ABS then does its job and reduces braking to allow the wheels to regain traction. But, by continuing to feed the ABS with skid type input the car is slow to stop. Rather than braking hard when they slam on the brakes, the ABS kicks in and they keep coasting along.

None the less, this hack is no feat as they had physical access to the CAN bus. The guys with the Chrysler cars on Sprint cellular networks, those guys perfomed a feat. A scary and highly effective feat.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 12:06 · Score: 0

Sorry, ISIS already has a patent on that.

Re: We are rapidly getting to a point where it's.. by Anonymous Coward · 2015-08-11 13:16 · Score: 0

The fact someone uses a computer to kill doesn't nullify any existing murder laws. How about you quit jumping to extremes? Acting like kids can do this even provided precompiled attack tools is stupid considering they probably don't know how to identify a vulnerable target anyways.
This particular attack is bogus by the way. It requires you to install an ODB remote control unit with shit security in your car. And then you'd have to advertise you have that unit or else nobody would know.
And no we will never be at a point where disclosure of bugs will be unethical. It's unethical to sell us something and claim it's secure when it is not. So talking about it could never be unethical. In fact, since it puts people in danger, it would be unethical to not talk about it.
You, quit playing devil's advocate. This is not a game. It's not funny, cute or insightful in any way Mr. Thought Police.

Mod Parent up by Anonymous Coward · 2015-08-11 13:30 · Score: 0

Someone mod parent up. Thank you.

So if I read this right, the black hat really only needs to find a car that has the insecure dongle provided by a company and installed by the user.

Re:My Battlestar Galactica security plan is workin by mjwx · 2015-08-11 13:35 · Score: 1

...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

It doesn't even have power windows.

Hack that wirelessly, bitches.

The brakes on a Jeep will fail on their own, no need to hack them.

--
Calling someone a "hater" only means you can not rationally rebut their argument.

Oh, c'mon by hyperar · 2015-08-11 14:15 · Score: 1

How on earth is "...using a small gadget that plugs into modern dashboards." even considered remote?

News flash by hyperar · 2015-08-11 14:16 · Score: 1

Apparently if you have physical access to a car you can do stuff to it... More news at 11.

Nike Free Running 2015 Pas Cher France by zhenyubao · 2015-08-11 14:21 · Score: 1

timberland Homme NIKE 2010 National Youth (U12/U14/U16) Jiangmen Grand Prix tennis tournaments was February 22 to April 4 to start, has successfully concluded more than two hundred from all over young players After qualifying, Zheng Xuansai the gradual flame, 32 players come to the fore in the points rankings, won the race in September to participate in the final qualification. NIKE 2010 National Youth (U12/U14/U16) Wuhan Grand Prix tennis tournaments was March 22 to May 4 to start, is currently in full swing, and the brightest young players active Wholesale Nike Shoes flame, in the constantly improve the technical and tactical combat, and fully stimulate their own potential. It is understood that China NIKE National Youth (U12/U14/U16) tennis tournaments is NJT-Nike Junior Tour (the NIKE International Youth Tour) part. Development so far in 1997, NJT events in 24 countries have carried out a great influence. Federer, Nadal, Moya, Maria Sharapova and other top tennis players have also participated in the youth, NJT, shining in their NJT tournaments, including the performance has attracted a lot of attention, including Nikeyes ? and gradually to the world, and become the top tennis star. Since 2004, the event was introduced into China since the Chinese nike tn pas cher Tennis Association strong support of the reserve in the junior tennis talents played a big role. Promote the domestic Discount Nike Shoes development of the overall level of youth tennis, so we see more stars of the future.

Once again by tompaulco · 2015-08-11 14:26 · Score: 1

Once again, there is no reason for these systems to be accepting any kind of input from anything other than the drive controls. Any car that does is broken and needs to be recalled. I suppose that means every car currently being manufactured, but that is not my fault or my problem.

--
If you are not allowed to question your government then the government has answered your question.

In related news. by Budgreen · 2015-08-11 14:51 · Score: 1

I just plugged a tech II scan tool into my OBD port and now have full control over all the systems in my vehicle.

so.. basically, they just sent the right commands and got a reaction without paying a few grand to do it right.

--
The greatest right given is the right to be wrong...

Re:My Battlestar Galactica security plan is workin by drinkypoo · 2015-08-11 14:56 · Score: 1

A 1992 Jeep certainly has a PCM, I don't know if it's got any diagnostic link but I suspect it does. However, the link is probably very limited, it might be able to do stuff like adjust fuel delivery or timing but that's probably about it. So even if someone could interface to it remotely, all they could do is ruin your catalyst.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-11 15:41 · Score: 0

I drive a steam engine. The local municipal complains about the congestion and road damage I cause, but, hack that, Cylons.

Re:My Battlestar Galactica security plan is workin by He+Who+Has+No+Name · 2015-08-11 16:01 · Score: 1

I'm saving for a '44 Willys. You know... an actual ACTUAL GP.

Re:My Battlestar Galactica security plan is workin by KGIII · 2015-08-11 16:41 · Score: 1

You know they train them in the summer, right? They even sometimes just use the sled in the dirt or on leaves and whatnot. I have seen a neighbor that has them pulling an old WWII era Jeep. They have wheeled sleds that they pull. In the case of the Jeep I assume he has it running and they only pull partially. I do not imagine they are pulling the whole vehicle's weight. Dog sled teams are not all that uncommon up my way. Hell, one of my other "neighbors" (a loosely applied term here) is an Iditerode (spelling?) racer. I believe she has won it a couple of times.

--
"So long and thanks for all the fish."

Drive a '94 Volvo 240 by Anonymous Coward · 2015-08-11 16:50 · Score: 0

For this, and many other reasons, I drive a 1994 Volvo 240DL sedan.

Re:Drive a '94 Volvo 240 by hyperar · 2015-08-12 02:30 · Score: 1

Ha, i still can cut your brakes if i got physical access to your car.

Re:Hello, Dave, I'm hoping today will be a good da by Anonymous Coward · 2015-08-11 17:19 · Score: 0

https://www.youtube.com/watch?...

News to me by Anonymous Coward · 2015-08-11 19:39 · Score: 0

I didn't know Corvettes had brakes.

Re:My Battlestar Galactica security plan is workin by AmiMoJo · 2015-08-11 23:49 · Score: 1

They hacked devices that many fleets and some individuals install at the request of insurance companies. They don't need physical access to the car, the victim willingly fits the hackable device.

What they do need is the phone number to send malicious text messages to. Getting that could be tricky... The operators of these devices will have databases that could be stolen. They could war-dial by sending "ping" messages in bulk to sequential numbers, perhaps, but there are a lot of numbers. If they find one there might be a few adjacent numbers that are also exploitable, but IME the types of SIMs used in these devices don't end up with sequential blocks of numbers very often.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC

NewsFlash: No Security Without Physical Security by Anonymous Coward · 2015-08-12 00:19 · Score: 0

TFS is basically saying that having physical access to a machine makes it hackable.

Duh. Thank you, Captain Obvious.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-12 00:32 · Score: 0

...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

It doesn't even have power windows.

Hack that wirelessly, bitches.

Uh, you might want to go easy on those bitches who are busy now whipping out a linear amp to start fucking with your fuel injectors.

It's hilarious that people think car hacking was a concept born out of Y2K or some shit.

DAMMIT, FLO! by Anonymous Coward · 2015-08-12 04:29 · Score: 0

Now I need to file a claim!

In the immortal words of John Carmack by azav · 2015-08-12 04:36 · Score: 1

From an email to a friend of mine around 1996,

"Failure in brakes.dll" - John Carmack

--
- Zav - Imagine a Beowulf cluster of insensitive clods...

Re:My Battlestar Galactica security plan is workin by silverhalide · 2015-08-12 06:55 · Score: 1

You don't need a hacker to disable a Jeep's transmission, it does that on its own every few thousand miles.

Re:My Battlestar Galactica security plan is workin by Anonymous Coward · 2015-08-12 14:55 · Score: 0

ah, the rare and elusive better idea

Slashdot Mirror

Hackers Remotely Cut a Corvette's Brakes

161 comments