Feeds

back to article McAfee puts Barnaby Jack on car-jacking hackers' case

McAfee has put together an elite team of researchers to investigate how to go about protecting car systems from next-generation hacking attacks. Members of the team include Barnaby Jack, the security researcher best known for demonstrating ways that crooks can force ATMs to spit out cash and for highlighting security …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Fixed.

"No such attacks will ever take place in the real world but car manufacturers and auto industry associations are already aware of the possible risk."

Fixed it for ya! (Gratis, too!)

1
1
Boffin

Re: Fixed.

Dead right.

All theoretical attacks WITHOUT EXCEPTION need physical access to the vehicle's CAN bus. There are so many other ways you can sabotage a car, even without getting inside the car (hint: wheelnuts), that this is utterly pointless. For precisely this reason of safety, a wireless CAN bus is not going to happen. Sure a wireless sensor network in a car may come about sometime, but it's not here yet, and only an idiot would assume that the automotive engineering industry wouldn't think about security.

Even then, all modern ECUs are designed to cross-check sensors and reject anything which looks bogus. If the vehicle speed sensors are reporting values which are not physically possible given the engine RPM and gearbox output shaft RPM, all modern ECUs will flag up the speed sensors as faulty and ignore them. I'm sure you may be able to find ECUs which don't do every cross-check they possibly could, but the investment in time and effort to make this happen with a car you already have sat in your garage is ludicrous.

0
4

Re: Fixed.

@Graham: not true. Remote exploitation through the onstar cellular modem and through bluetooth have both been demonstrated

2
0
Silver badge

Re: Fixed.

One minor problem, TPMS sensors are already wireless. NTN has demonstrated wireless ABS sensors. The industry is moving to something more like a wireless version of CAN, quite possibly because it doesn't make much sense to have miles of copper control wire inside an automobile when the same can be done with a single loop providing Vcc, the chassis providing ground and wireless for data and control. Compare that with the typical CAN bus or USB having Vcc, gnd, data hi & data low.

As in the linked article, it's already possible to fool TPMS going down the road at over 40 mph and it wouldn't be hard to get someone to pull over while the attacker plays "good Samaritan" and ultimately steals the "disabled" car. Now imagine the attacker is a bit more aggressive and can tap into the brakes as well so he doesn't really need to play the con game. Many cars are already throttle by wire and I don't think it will be long before those wires go away. Of course the upside to all this is the mechanic will be able to diagnose your car without having to get grease on the seats. I call it an upside because for most people cars are already too complex to perform any serious repairs yourself.

1
0
Silver badge

@Graham Bartlett (was: Re: Fixed.)

I think you'll find that Ford's "Sync" APIM has access to both high & medium speed CAN busses, and also has Bluetooth connectivity. It runs "Windows Auto". Joy.

Also, see my post from nearly two and a half years ago:

http://forums.theregister.co.uk/post/716293

No, I didn't try hacking into his car. At my age, I need to be paid for that kinda work ... As a side-note, ask me why I collect & restore 1960s Ford muscle-cars, and late-60s/early-70s Datsuns ...

0
1
Bronze badge

Re: Fixed.

So, Graham Bartlett, why is the automotive engineering industry more likely to think about security than, for example, the ones who made rlogin, rsh and rcp transmit passwords in the clear, or the ones who made Macro Viruses viable by including auto-execute macros, or the ones who decided it would be a really cool idea to have your OS autorun stuff from any junk media you plug in, or the Siemens SCADA engineers who not only designed equipment with well-known default passwords, but made software that failed if you changed them?

I guess these must be different engineers, working for companies that value security highly. Good thing Siemens isn't building automotive systems... oh, wait!

0
0
Anonymous Coward

Re: Fixed.

"all modern ECUs will flag up the speed sensors as faulty and ignore them."

I suggest you search on Ford VSS, MAF's and throtlle control issues to see how wrong that is.

Hint search for car speedo drops to zero / loss of power / cutting out at low revs.

0
0

Re: Fixed.

OK, "should". Sure, I've seen some which don't. Still, I think that with physical access to the car, I can figure out easier ways to make it lose power...

1
0
Bronze badge
Unhappy

Updates and Service Packs

Id like to see how they intend to address the patching of in-car systems when exploits are detected.

If its anything like today, you'll have to drive to your vehicle manufacturers stealership, hand over a briefcase full of used notes, disappear for a few days, then hope that they've managed to find the update cd.

Or, more likely, you'll only be protected if you pay a subscription fee where they can use the built in 3G modem to download it, but only whilst you continue to pay the 'protection fee'.

How long will it be until McAfee resellers start offering car software support 'because we wouldn't want anything bad to happen, like your brakes failing'.

4
0
Anonymous Coward

It's tyre not tire

As in "tyre blowout", or a puncture if you're an English speaker.

5
0
FAIL

Blowout != puncture

A puncture is a slow loss of tyre pressure, via a small (i.e punctured) hole.

A blowout is a sudden loss of tyre pressure (and often pieces of tyre) via a big gaping hole.

1
0
Bronze badge
Devil

Re: It's tyre not tire

Not on the LEFT side of the pond.

0
0
FAIL

Re: Blowout != puncture

To puncture is to make a hole in something. The size does not matter. A blowout is a type of puncture.

0
0
Silver badge
Happy

Re: It's tyre not tire

But on the RIGHT side of the pond it is.

1
0
Pirate

Driver-free cars

Once Google's vision becomes accepted, we will have herds of carbots that on Zero-Day are all reprogrammed to drive to their pick-up point.

1
0

As has been foretold...

Roger Zelazny, "Auto-da-Fé", 1967.

1
0
Anonymous Coward

Do Intel (owners of McAfee, right?) do much business in vehicles these days?

Or are vehicles mostly using PPC and ARM, where performance per watt is in the land of reality rather than ridiculousness, thus allowing sensible cooling arrangements?

http://www.theregister.co.uk/2011/03/15/intel_mcafee_deal/

0
0

Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?

The amount of business they do is a round number, for sure. Namely zero.

You'll find a few WinCE thingys in satnavs, radios and other in-car entertainment stuff. Even then though, it's mostly ARM. And since none of this stuff ever gets to talk on the engine/transmission CAN bus, they physically can't get to anything safety-related.

1
0
Silver badge

Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?

Uh ... Graham, at least with Ford's "Sync", the "entertainment" system does have access to the vehicle management system, through a central computer that controls both. The central computer (called the "APIM" by Ford) runs Windows Auto. No, it's not Intel. Yes, it's ARM. But it's still MS-Windows.

0
1
Bronze badge
Devil

McAfee?????????? Please God no!!!!!

<SARCASM> Really, McAfee? This will be the death of the automobile as we know it. Might as well get a new bicycle now before the price goes up. Norton wouldn't be any better.

First, the car will take over ten minutes to start because their antivirus is such a miserable resource hog, then it will only allow you to drive it to the dealer because it will need an update about everytime you start it. Next, driving it anywhere near another vehicle will cause both vehicles to temporarily shut down while they scan each other for viruses. During scanning or updating the vehicle will lock the doors and windows and turn off all other functions. For your own safety, you will not be able to leave the vehicle until the scan or update is done. Unfortunately, the update will corrupt the master boot record so the vehicle is locked in an endless cycle of update and reboot. The end result is that millions will die from being locked in their cars.

Tree hugging carbon credit junkies will finally get their wish as millions die and the rest are forced to walk everywhere. 40% of the remainder die of heart attacks because they now had to walk. The overwhelming unbalance in favor of the remaining unwashed hippies finally tips the vote in favor of wind energy. All regular power plants are shutdown and those who know how to run them are killed for crimes against the enviroment. Unfortunately, a cold snap happens and the winter temps dip below -10 F for two months and the rest of humanity outside of the equatorial regions freezes to death.<SARCASM>

9
1
Silver badge
Flame

I don't know why they're bothering.

The Microsoft supplied system on my car is quite capable of crashing on its own...

2
0
Anonymous Coward

Re: I don't know why they're bothering.

"The Microsoft supplied system on my car is quite capable of crashing on its own..."

Have you been playing video games on it?

0
0
Happy

Vehicle Security

Simple route to car security: replace all Wi-fi, NFC,bluetooth etc with a single USB port next to the stereo. Then put a massive padlock on the door and paint it chrome (the car, not the padlock).

How many more sentences do I need for a funding proposal?

0
0
Silver badge

Re: Vehicle Security

You'll need an environmental impact assessment. And an equal opportunities policy.

0
0
Anonymous Coward

Re: Vehicle Security

"You'll need an environmental impact assessment. And an equal opportunities policy."

Ha ha! So very true. A few weeks ago after an item on the local news section of BBC News site I read the proposal by Bristol counci to introduce 20mph limits over most of the city in the next few years. And there were several pages at the end covering an environmental impact assessment (20mph seen as being positive to the environment) and an impact assessment of the effect of the policy on non-white people, women, gay people and transgendered people (impact seen as being neutral with possible slight positive effect)

0
0

Car hacking?

What we need to focus on is how to make the computers LIE and report no faults and emissions within tolerance. Where's Kevin Mitnick when you need him?

1
0
Bronze badge
Devil

Re: Car hacking? Who needs Kevin Mitnick when you have a canbus adapter & software?

The guy up near the top of the thread talking about CANbus is your first clue. CANbus is a common industrial automation protocol used in almost every auto today. Check http://www.canbushack.com/blog/index.php for some interesting info.

0
0
Silver badge

Re: Car hacking?

Mitnick wasn't a hacker. He was a (crappy) "social engineer". He is, and was, a putz.

Why would you want your car to lie to you when it's broken?

1
2
Mushroom

Its been done, via FM radio

http://www.youtube.com/watch?v=metkEeZvHTg

Thats a TED talk about it.

0
0
Gold badge

"No one's tried to hack a vehicle's system yet" - what??

Huh?

Maybe I misunderstood this article, but the guys at the Center for Automotive Embedded Systems Security (http://www.autosec.org) have demonstrated remote car hacking years ago. They presented a paper called "Experimental Security Analysis of a Modern Automobile" in 2010, so I would not call this new.

They have done such entertaining things as killing the brakes of a car..

0
0
Silver badge
Mushroom

Re: "No one's tried to hack a vehicle's system yet" - what??

Don't kill the brakes, kill the driver. Or, if you're feeling really evil, only kill the back-seat passengers.

0
1

If only...

...somebody would hack my '11 Subaru, the UI for the factory satnav and stereo is so pitiful that it's remarkable its routing smarts are even worse.

0
0
Anonymous Coward

"only an idiot would assume that the ... industry wouldn't think about "

Who knows what really went on with the relatively recent Toyota recalls where something accelerator-related was replaced?

The story I've heard is that the accelerator position sensor used some kind of rheostat (aka potentiometer) and that there was a loss of contact between slider and track (and hence loss of position info) from time to time. The "fix" was to make the "slider" push harder on the track of the potentiometer.

What kind of idiot would be so idiotic as to ignore fifty years of reliable low cost medium resolution position-sensing history (Gray codes, optical sensors, etc)?

Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?

0
0
Silver badge

Re: "only an idiot would assume that the ... industry wouldn't think about "

>> Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?

Yes. They're called accountants.

2
0

When Gadgets Betray Us

A good read on the topic is 'When Gadgets Betray us' by Robert Vamosi... truly informative and entertaining

http://whengadgetsbetrayus.com/

0
0
This topic is closed for new posts.