Knight Rider highlighted this exact problem way back in the 80's. The Hoff really was a visionary!
Computer scientists have carried out one of the first detailed security analyses of the security implications of increased use of computer systems in cars, finding systems surprisingly easy to hack or disrupt. A research paper from academics at the University of Washington and the University of California, San Diego, evaluates …
Knight Rider highlighted this exact problem way back in the 80's. The Hoff really was a visionary!
Aaaaugh! We're all going to d... er, wait.
Granted, such thing CAN (theoretically) be done. The question is WHY? For what purpose would this be done, other than a plot device in a (also theoretical, it would seem) future Bond film?
So far as I can tell, the only useful bit of information here is corroborating evidence that the vehicle computer(s) CAN cause weird and unpredictable things. Are you listening, Toyota? Floor mats, my arse. "It's the computer, stupid"
Because they can. That's enough. Kids throw objects off bridges to hit the vehicles beneath just because they can. Similarly minded people will attack car systems for the same reason
It would also be of interest to the police as they could remotely disable a car (this won't affect the UK where that mandatory requirement has already been proposed).
Also, consider the carnage and disruption a ne'erdowell could cause if they set out to "attack" a city in such a way.
I also wonder is some OSs are more secure than others in such applications. Anyone know?
Nosireee that's just a fantasy.
I think'll I'll be looking into this standardised service port. Sounds interesting.
The researchers should have included this "warning" while they were at it:
Your home computer is at risk if someone breaks in and installs malware on it.
The advantage here has to be that it's easier to make it appear like an accident if the sabotage is done to the software.
The cops will just think that you took the corner too fast and crashed.
I think that dear Tim has a point, but it's the same that all practitioners of ``computer security research'' share: It's easy to break into systems that never were designed with security in mind. That includes the most widely used desktop eye cand... er, warm body entertainment software.
Though like with various SCADA systems that are increasingly attached to the wider internet in an insecure fashion, cars are ever more networked. If people haven't managed to scribble on the dashboard via the bluetooth carkit, then that doesn't make these findings purely theoretical.
To put it in perspective, however: It never was very hard for a dedicated attacker to sabotage a car and turn it into the owner's coffin. There has always been an interest in such, and now it's out in the open that you can do it electronically, too.
This won't affect most people too much as that sort of attack by nature is something likely targeted at one specific person. Altough I'm sure there'll be former-east-block ne'er-do-wells who'll figure out how to hold some upmarket brand cars ransom over the remote maintenance features. That'd be somewhat novel.
Looking forward, I expect this to rear its ugly head again so about when car-to-car communication becomes ubiquitous. You know, systems that'll let the car in front of you warn your car to start braking NOW because in ten miliseconds it'll start braking to avoid colliding with an upcoming traffic jam. Because these systems clearly are not secured in any way, driving trough a bad neighbourhood might get an extra dimension as it could give your car viruses like it ran windows.
for a Neal Stephenson novel.
"What they don't consider is how this access might be obtained in the first place, as they openly state in the research paper."
In other words, this research is, as stated by Ken Tindell at the end of the article, absolutely nothing new. All they've proven is that full control of a system allows you to fully control that system. One equals one. Imagine that.
with the current usage of the on board telemetry systems by police and insurance co.
Id hack my own car to keep it from being able to record that info - or delete it in case of an air bag deployment.
In the US they are talking about a bigger black box - think airliner style - and Id want to hack that too.
Additionally, while my current vehicle is older (pre 2000), there are still a few things Id like to turn off. And in new cars... the sheer number of stupid things they are installing....
Cant start the car in gear (problematic if you have a stick and a dead battery), auto lock the door when the car moves, auto 'driving lights', etc etc etc
Id LOVE to be able to hack the car and get access to turn these on/off at **MY** choosing.
Sorted out the 'not starting in Park' problem on one vehicle lately just by bending a metal bracket.
The door locks and auto lights? Every time I buy a car my autosparky goes round and removes those and a couple of other inconveniences (along with installing a better interior light etc.)
The black box stuff can't be much harder.
What you want to do will likely become a federal offense (perhaps covered by the DMCA) in a short time. Especially after a number of unexplained crashes... Oh, wait...
Mines the one with law book and communications protocol manual in the in the pocket.
Why is it that, as soon as they start to make things reasonably reliable, they have to start adding new useless gimmicks / 'safety features' that just represent more ways for the thing to break down?
I've push started / hill started / roll started cars with tired batteries literally hundreds of times. And driven 300 miles home on the battery (with a dead alternator) in daylight - you'd never make it with the headlights on (or, I suspect, with the drain of all the 'modern' electronic gadgetry). Even if the computer didn't sense something 'wrong' and stop the car dead.
I've just heard that running out of gas (which does no damage on an old car) will bugger the fuel pump on a new one unless you switch off quick because the pump relies on fuel flow to cool it...
It seems that old cars were just far more fault-tolerant than 'modern' cars are. There's a question I ask about all new gadgets, which is - "If it fails, does it leave you worse off than if it was never fitted?" If so, then it better have some stupendously huge advantages when it's working or I don't want it on my car.
I agree with you there.
On one diesel car I had, the pulley came off the alternator so the battery wasn't charging. I still drove several hundred miles, went climbing and camping for the weekend and drove home no problem. (I did buy a spare battery en route just in case)
My last diesel car, however, didn't even manage 40 miles when a pulley wheel delaminated and the belt came off. All the electronics drained the battery in 30 minutes.
...you don't need a battery to run the engine.
But what's this about auto-locking doors when the car moves? How insane is that? In a crash there's always a chance the door will jam and not let you out. If the door is locked, that chance is significantly higher.
I can see fly-by-wire cars becoming commonplace. No linkage between steering column and front wheels but a bunch of wires and some servos. Now imagine a critical electrical failure at 80mph.
Only current supply needed is voltage to hold the stop solenoid open when running. Total current less than 1 amp
Some REALLY old diesels don't even need that. They have an "Engine Stop " lever, which cuts the fuel when you tug on it.
New diesel car, well thats a 20 bar fuel pump, and all the associated electrikeries if its a common rail unit.
Guess thats why I drive an older diseasel
"But what's this about auto-locking doors when the car moves? How insane is that?"
The most benign reason for auto-lock is preventing theft: someone opening the door and taking your jacket or the driver's handbag while you're waiting for the lights to change. I think it's also a mandatory facility if you're rich or famous enough to require Kidnap & Ransom (K&R) insurance.
And it stops the kids from falling out if you forgot to engage the child locks..
I've been hacking car and motorcycle systems (analog and digital) for over 40 years, from cam timing, lift & duration to carb jetting and exhaust tuning to reprogramming EEPROMs for better performance (the sports cars) or economy (the tow rigs). Using the various wireless links for similar purposes isn't exactly rocket science. Whether or not they will be used for nefarious purposes is left as a thought experiment for the reader.
The sky is blue, Water is Wet, and dogs can lick their arses.
With full access to any computer system, and the ability to dismantle it, security is going to be nigh on impossible. Now if they had discovered a hack via bluetooth or by spoofing out the remote security plipper I'd be worried.
Also the hacking of odometers that are supposedly secure is also old hat. Some manufacturers even have procedures to "Wipe off" delivery mileage before sale.
If this can be translated into low cost tools to allow non dealer mechanics the ability to repair vehicles without requiring a visit to a main dealer to get components "coded up" I'll be all for it
Didn't the BOFH do this a couple of weeks ago?
AFTER I submitted my "who the @#$% would want to do that?" the article gets updated to say the same thing. Ah, well.
Ms. Bee, eye-rolling heavy sigh icon?
"It's highly theoretical because the challenges of hacking a car are vastly more than hacking a banking system. I just can't see anyone bothering."
With the exception of every security force (public or private) on the face of this dusty little ball of rock? I guarantee you in the game of "spy vs. spy" the ability to selectively (and untraceably) cause your target’s vehicle to enter into a short argument with a semi is exceptionally attractive. For that matter, private “security forces” (such as the multi-squillion dollar mercenary corps the US uses,) will be exceptionally interested in this ability. You could probably extend that to almost any unscrupulous lobbyist working for any sufficiently cash-flush corporation.
News flash to “Independent security expert Ken Tindell:” there is an entire other world of exceptionally high stakes, unbelievably high money and ridiculous power-over-millions that gets played beyond the purview of the general public every single day. It’s not a conspiracy theory or an exaggeration; most regular folks in first or second world nations honestly have no idea whatsoever how cheap life really is. Go ask survivors of third-world genocides about this, or corner a few spies, “private security personnel” or “tactical specialists” in the employ of the large defence contractors.
Or hey, grow up on a military base. You learn right quick what the value of a life is, and it isn’t much. This research is very, very important because this research can be weaponised with the right knowledge, money, and power. Exactly the things that the people who care enough to actually weaponise it have.
Does Aunt Tilly have to worry about it on a day to day basis? Probably not...John youngpunk isn’t going to be able to pull that one off, no matter how smart he is, or how dark his basement. If, however, Aunt Tilly’s onstar happens to be easily compromisable, and there is a “target” one lane over...If you think Aunt Tilly isn’t an “acceptable loss” to the kind of sociopaths we give this power to, you live in a fantasy world.
With the sheer amount of computing power in modern cars, I'm surprised the study seems to be the first of its kind.
Even Hollywood has noticed that cars (planes, ships, spacecraft...) are prone to hijacking via digital and certainly, if there's will, there is way.
What shocks me though, is the completely ignorant stance of Ken Tindell, a man who is supposedly in the loop.
Given the minimal amount of public peer review (WEP anyone?) these systems obviously receive, it is the proverbial timebomb sitting in your garage and waiting for someone with vested interest and sufficient resources to stop by and light the fuse. Or disable your brakes.
I have to agree. Ken Tindell's attitude is a bit worrying.
It looks as though it's a bit too easy to inject a signal into a car's internal network which messes with safety-critical systems.
It used to be that running out of fuel stopped your engine, and there might be some hassles getting air out of the fuel lines. But that was it. I know of a recent case where the effects of running out of fuel included damaging a sensor in the engine control system. Fixing the fuel gauge was cheap. Replacing the sensor was not. Sabotaging a fuel gauge isn't as trivial as it once was.
Is the thinking on what parts of the system are worth the effort of protecting a bit out of date?
A "researcher" puffing up his own study of the bleeding obvious to get his name in the paper ... reminds me, where's captain cyborg ?
This would provide the perfect way to kill someone because the car manufacturers would spend millions to prove it couldn't be hacked even if it could because the truth would destroy the public's confidence in the manufacturer. After all how many people would be interested in acquiring a program that with a little hardware skill could allow you to cause your ex's (insert type here) vehicle to crash and if you're luck kill them.
I agree with quartzie!
The security weaknesses of the ARPANET were presumably believed to be theoretical at the time, now look at the mess we're in! System designers need to be forward thinking and they need to take care of these issues now, before it's too late.
That chappy saying he dose not know why someone would want to even bother hacking a car - hmm I'm no expert but off the top off my head...
Covert suvalence, use the cars gps system to track that special loved/hated one in your life.
Fraud (knock back the milage a few thousand miles before flogging),
Kill people (Wanna bump off your spouse while they are on the road, there's an illegal back-door app for that)
Insurance scam - maybe on board systems would of recorded the force of impact in a small crash you recently had proving that there's no way you've sustained whiplash - better log in and change those readings so you don't get found out as an insurance cheat then!
Make a nerd-tastic full size remote control car - easy-ish to do now using lots of mechanical hardware - imagine being able to do this with just software and an iPad for the remote - you would need to do a lot of hacking of the car for this geekgasmic hobby project
Play a joke on someone - imagine hacking your mates car so that the stereo system only ever played YMCA or Britney Spears. and at full volume!
There's 6 reasons off the top of my head why people might want to hack cars. Maybe they are a bit far fetched but they all seem like possibilities to me, if not now them in five or ten years time.
Why always kill and maim?
Car theft is big business. It's unlikely that all systems turn off when the car does so here's a nice simple list
export car for cash.
Some systems should not be that complex that they cannot be understood.
(who can probably actually afford well paid staff to prevent the physical access to said vehicle and the fancy gadgets to block remote access) and the one person who hits on the best bang for the pound/buck option gets largely ignored.
Spot on I say.
With the development of these findings, one could flash the system of the car to allow it to receive commands - if they could send commands to the brakes, or engine managemet by simply playing with the packets, then surely, given time you could have a remote shutdown of the vehicle itself.
All you naysayers need only imagine a simple scenario.
High value diplomatic/economic/political (less likely) target, known to have his or her vehicle regularly serviced or valeted. Valet is replaced with assassin. Assassin compromises the car's system.
Team in a car trailing the targets car remotely deactivates the cars engine. Bad times ensue.
Or more worryingly, team in car activates one front brake on the motorway, target car wildly out of control crashes into central median, or some other obstacle, making it look like an accident.
I realise this is all highly conceptual and probably unfeasible, but the possibilities raise serious questions - our computers are all packed full with AV and anti-malware, why not at least put a little bit of security into cars? Just a wee bit. A teensy amount...
Engine kill, possible and I believe may have been implemented by GM
Screwing with brakes: Nope They are hard plumbed hydraulics designed to work simply and mechanically, so in the case of electronic fluffery going awol you still have a piston/liquid/piston there. The Toymota Pious has a two stage brake.
First few mm of push switches on engine braking. Hit the pedal a little harder and the hydraulics take over.
Same with steering A mechanical connection is required. Power assistance is just that Assistance.
I have driven a vehicle where the power steering belt failed (It assisted both steering and brakes) Yes it was hard work but perfectly able to steer and stop.
"Independent security expert Ken Tindell has:"
Obviously not seen Terminator 3.
And if you don't get it, you better see it soon. Your life depends on it now.
Next they'll be doing this to aircraft using the 1553 databus such as the new C130-J Hercules, and they'll panic everybody (or try to) by saying that the Hercules will lost control and fly into the ground.
Two words come to mind: teacup, storm.
Well, I suppose they've got to come some conclusions and justify their research.
..Ken Tindell is..
No-one would bother? Might be a bit easier than stealing passports, if you want to kill someone- once you have the toolset working as a bottled pwnage set.
I read one part of the claim as being that by putting dodgy data onto the car network, various processors would act on that data. Obviously one would expect the subsystems to handle properly-formed data packets, but it sounds a bit like the error-checking is a bit lacking. Remember the death ping that would crash devices on a computer network? It sounds like that sort of thing.
Of course, I could be reading it wrong. However, check that your local garage mechanic isn't called Norman and doesn't have an aged psychopathic mother, lest you find an extra little box attached to your car network giving it random extra commands as you approach the road along the cliff edge.
I'm sure that Toyota will turn this to there advantage, oh hackers f*cked the brakes up.
Surely you'd have to break into the car to do this though, a) activating the alarm and b) alerting someone??
Not a lot interesting here...be more fun if you could hack the steering....
But wait! Aircraft are vehicles, and they have fly-by-wire steering... So put out a story suggesting that EvilTerroristsWho HateOurLiberty(tm) could take control of an airliner from a cave in Bora Bora, and you have your broadsheet coverage.
Or trains...no steering, but you ought to be able to derail one by taking a corner too fast. Or ships...or Blow-Out Preventers at the bottom of the Gulf of Mexico....
I got a fancy ex-Discovery engine transplanted into my "traditional" (uncomputerized) Landy, and it had an electronic module on the fuel solenoid, to check that it hadn't been transplanted into a different vehicle (e.g. all Discovery doors present, etc etc)... so the installation guy used his sophisticated security expertise to hack it by melting the electronics with a blowtorch, prying the resulting blob out with a crowbar, and making a direct connection to what it was meant to be guarding. He probably upgraded its reliability by doing so, too!
...isn't packet injection something they put on fast cars?
*From someone who used to drive a reliant robin
After spending a wodge of cash this weekend at a garage, it's harder than it sounds to hack some cars. After about 3 different car interface tools, we ended up using old school continuity testing to find the problem. Eventually it turns out to be the driver in the ECU burnt itself out. The ECU blamed the engine of course because it's not clever enough to understand it's own internals are faulty.
So, "black box" type solutions may be easy to confuse.
From a quick read of the research paper, it seems that all the hacking was done by injecting extra CAN packets on the car network, no code was actually changed on any of the ECUs. So to actually "hack" the car you have to have another deviced attached to it.
I don't think that it would be worth the effort for anybody to hack a car, there are much easier way to do similar kind of damage.
demonstrated the sort of stuff you could do with this. Anyone remember the bit where the Penguin's lackeys install a doohickey in the batmobile that lets him control it from an arcade driving game? The key, of course, was their being able to get access to the car in the first place, despite its high tech unfolding armour that was supposed to prevent sabotage. Sadly, modern civilian cars are not so well protected...
"And it stops the kids from falling out if you forgot to engage the child locks.."
Surely Darwin would suggest that if you're too stupid to set the child locks then your offspring are probably surplus to requirements anyway?
They should have got in John Andrews, he can fit an entire GNU/Linux distro in less than half of that.