McAfee has put together an elite team of researchers to investigate how to go about protecting car systems from next-generation hacking attacks. Members of the team include Barnaby Jack, the security researcher best known for demonstrating ways that crooks can force ATMs to spit out cash and for highlighting security …
"No such attacks will ever take place in the real world but car manufacturers and auto industry associations are already aware of the possible risk."
Fixed it for ya! (Gratis, too!)
All theoretical attacks WITHOUT EXCEPTION need physical access to the vehicle's CAN bus. There are so many other ways you can sabotage a car, even without getting inside the car (hint: wheelnuts), that this is utterly pointless. For precisely this reason of safety, a wireless CAN bus is not going to happen. Sure a wireless sensor network in a car may come about sometime, but it's not here yet, and only an idiot would assume that the automotive engineering industry wouldn't think about security.
Even then, all modern ECUs are designed to cross-check sensors and reject anything which looks bogus. If the vehicle speed sensors are reporting values which are not physically possible given the engine RPM and gearbox output shaft RPM, all modern ECUs will flag up the speed sensors as faulty and ignore them. I'm sure you may be able to find ECUs which don't do every cross-check they possibly could, but the investment in time and effort to make this happen with a car you already have sat in your garage is ludicrous.
@Graham: not true. Remote exploitation through the onstar cellular modem and through bluetooth have both been demonstrated
One minor problem, TPMS sensors are already wireless. NTN has demonstrated wireless ABS sensors. The industry is moving to something more like a wireless version of CAN, quite possibly because it doesn't make much sense to have miles of copper control wire inside an automobile when the same can be done with a single loop providing Vcc, the chassis providing ground and wireless for data and control. Compare that with the typical CAN bus or USB having Vcc, gnd, data hi & data low.
As in the linked article, it's already possible to fool TPMS going down the road at over 40 mph and it wouldn't be hard to get someone to pull over while the attacker plays "good Samaritan" and ultimately steals the "disabled" car. Now imagine the attacker is a bit more aggressive and can tap into the brakes as well so he doesn't really need to play the con game. Many cars are already throttle by wire and I don't think it will be long before those wires go away. Of course the upside to all this is the mechanic will be able to diagnose your car without having to get grease on the seats. I call it an upside because for most people cars are already too complex to perform any serious repairs yourself.
@Graham Bartlett (was: Re: Fixed.)
I think you'll find that Ford's "Sync" APIM has access to both high & medium speed CAN busses, and also has Bluetooth connectivity. It runs "Windows Auto". Joy.
Also, see my post from nearly two and a half years ago:
No, I didn't try hacking into his car. At my age, I need to be paid for that kinda work ... As a side-note, ask me why I collect & restore 1960s Ford muscle-cars, and late-60s/early-70s Datsuns ...
So, Graham Bartlett, why is the automotive engineering industry more likely to think about security than, for example, the ones who made rlogin, rsh and rcp transmit passwords in the clear, or the ones who made Macro Viruses viable by including auto-execute macros, or the ones who decided it would be a really cool idea to have your OS autorun stuff from any junk media you plug in, or the Siemens SCADA engineers who not only designed equipment with well-known default passwords, but made software that failed if you changed them?
I guess these must be different engineers, working for companies that value security highly. Good thing Siemens isn't building automotive systems... oh, wait!
"all modern ECUs will flag up the speed sensors as faulty and ignore them."
I suggest you search on Ford VSS, MAF's and throtlle control issues to see how wrong that is.
Hint search for car speedo drops to zero / loss of power / cutting out at low revs.
OK, "should". Sure, I've seen some which don't. Still, I think that with physical access to the car, I can figure out easier ways to make it lose power...
Updates and Service Packs
Id like to see how they intend to address the patching of in-car systems when exploits are detected.
If its anything like today, you'll have to drive to your vehicle manufacturers stealership, hand over a briefcase full of used notes, disappear for a few days, then hope that they've managed to find the update cd.
Or, more likely, you'll only be protected if you pay a subscription fee where they can use the built in 3G modem to download it, but only whilst you continue to pay the 'protection fee'.
How long will it be until McAfee resellers start offering car software support 'because we wouldn't want anything bad to happen, like your brakes failing'.
It's tyre not tire
As in "tyre blowout", or a puncture if you're an English speaker.
Blowout != puncture
A puncture is a slow loss of tyre pressure, via a small (i.e punctured) hole.
A blowout is a sudden loss of tyre pressure (and often pieces of tyre) via a big gaping hole.
Re: It's tyre not tire
Not on the LEFT side of the pond.
Re: Blowout != puncture
To puncture is to make a hole in something. The size does not matter. A blowout is a type of puncture.
Re: It's tyre not tire
But on the RIGHT side of the pond it is.
Once Google's vision becomes accepted, we will have herds of carbots that on Zero-Day are all reprogrammed to drive to their pick-up point.
As has been foretold...
Roger Zelazny, "Auto-da-Fé", 1967.
Do Intel (owners of McAfee, right?) do much business in vehicles these days?
Or are vehicles mostly using PPC and ARM, where performance per watt is in the land of reality rather than ridiculousness, thus allowing sensible cooling arrangements?
Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?
The amount of business they do is a round number, for sure. Namely zero.
You'll find a few WinCE thingys in satnavs, radios and other in-car entertainment stuff. Even then though, it's mostly ARM. And since none of this stuff ever gets to talk on the engine/transmission CAN bus, they physically can't get to anything safety-related.
Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?
Uh ... Graham, at least with Ford's "Sync", the "entertainment" system does have access to the vehicle management system, through a central computer that controls both. The central computer (called the "APIM" by Ford) runs Windows Auto. No, it's not Intel. Yes, it's ARM. But it's still MS-Windows.
McAfee?????????? Please God no!!!!!
<SARCASM> Really, McAfee? This will be the death of the automobile as we know it. Might as well get a new bicycle now before the price goes up. Norton wouldn't be any better.
First, the car will take over ten minutes to start because their antivirus is such a miserable resource hog, then it will only allow you to drive it to the dealer because it will need an update about everytime you start it. Next, driving it anywhere near another vehicle will cause both vehicles to temporarily shut down while they scan each other for viruses. During scanning or updating the vehicle will lock the doors and windows and turn off all other functions. For your own safety, you will not be able to leave the vehicle until the scan or update is done. Unfortunately, the update will corrupt the master boot record so the vehicle is locked in an endless cycle of update and reboot. The end result is that millions will die from being locked in their cars.
Tree hugging carbon credit junkies will finally get their wish as millions die and the rest are forced to walk everywhere. 40% of the remainder die of heart attacks because they now had to walk. The overwhelming unbalance in favor of the remaining unwashed hippies finally tips the vote in favor of wind energy. All regular power plants are shutdown and those who know how to run them are killed for crimes against the enviroment. Unfortunately, a cold snap happens and the winter temps dip below -10 F for two months and the rest of humanity outside of the equatorial regions freezes to death.<SARCASM>
I don't know why they're bothering.
The Microsoft supplied system on my car is quite capable of crashing on its own...
Re: I don't know why they're bothering.
"The Microsoft supplied system on my car is quite capable of crashing on its own..."
Have you been playing video games on it?
Simple route to car security: replace all Wi-fi, NFC,bluetooth etc with a single USB port next to the stereo. Then put a massive padlock on the door and paint it chrome (the car, not the padlock).
How many more sentences do I need for a funding proposal?
Re: Vehicle Security
You'll need an environmental impact assessment. And an equal opportunities policy.
Re: Vehicle Security
"You'll need an environmental impact assessment. And an equal opportunities policy."
Ha ha! So very true. A few weeks ago after an item on the local news section of BBC News site I read the proposal by Bristol counci to introduce 20mph limits over most of the city in the next few years. And there were several pages at the end covering an environmental impact assessment (20mph seen as being positive to the environment) and an impact assessment of the effect of the policy on non-white people, women, gay people and transgendered people (impact seen as being neutral with possible slight positive effect)
What we need to focus on is how to make the computers LIE and report no faults and emissions within tolerance. Where's Kevin Mitnick when you need him?
Re: Car hacking? Who needs Kevin Mitnick when you have a canbus adapter & software?
The guy up near the top of the thread talking about CANbus is your first clue. CANbus is a common industrial automation protocol used in almost every auto today. Check http://www.canbushack.com/blog/index.php for some interesting info.
Re: Car hacking?
Mitnick wasn't a hacker. He was a (crappy) "social engineer". He is, and was, a putz.
Why would you want your car to lie to you when it's broken?
Its been done, via FM radio
Thats a TED talk about it.
"No one's tried to hack a vehicle's system yet" - what??
Maybe I misunderstood this article, but the guys at the Center for Automotive Embedded Systems Security (http://www.autosec.org) have demonstrated remote car hacking years ago. They presented a paper called "Experimental Security Analysis of a Modern Automobile" in 2010, so I would not call this new.
They have done such entertaining things as killing the brakes of a car..
Re: "No one's tried to hack a vehicle's system yet" - what??
Don't kill the brakes, kill the driver. Or, if you're feeling really evil, only kill the back-seat passengers.
...somebody would hack my '11 Subaru, the UI for the factory satnav and stereo is so pitiful that it's remarkable its routing smarts are even worse.
"only an idiot would assume that the ... industry wouldn't think about "
Who knows what really went on with the relatively recent Toyota recalls where something accelerator-related was replaced?
The story I've heard is that the accelerator position sensor used some kind of rheostat (aka potentiometer) and that there was a loss of contact between slider and track (and hence loss of position info) from time to time. The "fix" was to make the "slider" push harder on the track of the potentiometer.
What kind of idiot would be so idiotic as to ignore fifty years of reliable low cost medium resolution position-sensing history (Gray codes, optical sensors, etc)?
Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?
Re: "only an idiot would assume that the ... industry wouldn't think about "
>> Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?
Yes. They're called accountants.
When Gadgets Betray Us
A good read on the topic is 'When Gadgets Betray us' by Robert Vamosi... truly informative and entertaining
- Review Apple iPhone 6: Looking good, slim. How about... oh, your battery died
- Review + Vid Apple iPhone 6 Plus: What a waste of gorgeous pixel density
- +Comment EMC, HP blockbuster 'merger' shocker comes a cropper
- Moon landing was real and WE CAN PROVE IT, says Nvidia
- 46% of iThings slurp iOS 8: What part of this batt-draining update didn't you like?