back to article Five Totally Believable Things Car Makers Must Do To Thwart Hackers

Car manufacturers are urged to implement a five-step program to improve their motors' computer security defenses. Today's rides are PCs on wheels and thus vulnerable to all sorts of potential hacks – such as the ones documented by Charlie Miller and Chris Valasek in their paper A Survey of Remote Automotive Attack Surfaces, …

  1. Robert Helpmann??
    Childcatcher

    We will all be driving $25.00 cars that get 1,000 miles to the gallon

    Oh, God! I just realized that car manufacturers are working to make the joke about Microsoft making cars come true, except someone else will be opening and closing all the windows. It looks as though there will be some security positions opening in the automotive industry soon.

    1. LaeMing
      Meh

      Re: We will all be driving $25.00 cars that get 1,000 miles to the gallon

      That crash at least once a day!

      1. Anonymous Coward
        Coat

        Re: We will all be driving $25.00 cars that get 1,000 miles to the gallon

        So, will that be a Red (Wind)Screen of Death?

  2. Roger Stenning
    Devil

    God luck hacking my wagon...

    I drive a Series 3 Land Rover :-D

    1. Ho Ho Hipster

      Re: God luck hacking my wagon...

      >I drive a Series 3 Land Rover :-D

      I admire your bravery.

      1. Roger Stenning

        Re: God luck hacking my wagon...

        Bravery has nothing to do with it: It's instant revenge if some idiot is dumb enough to crash into it - they'll ALWAYS come off worse ;-)

        1. the spectacularly refined chap

          Re: God luck hacking my wagon...

          Bravery has nothing to do with it: It's instant revenge if some idiot is dumb enough to crash into it - they'll ALWAYS come off worse ;-)

          Yup. Thin aluminium bodywork is renowned for its structural strength. Coupled with the high CofG, soft suspension and general propensity to roll over I'd feel safer in a Reliant Robin - that has the same basic characteristics but at least it is light enough that a passing pedestrian can upright the ruins and get you out.

          1. Roger Stenning

            Re: God luck hacking my wagon...

            Yes, the panels are aly, but I think you must be thinking of the range rover. Series landies have a pronounced steel welded chassis, and are no more unstable than any other MTV on the roads. As a result of their height off the deck compared to the majority of other cars on the road, other cars are more likely to hit the chassis than the bodywork, and thus come off worst. As to the suspension on a series wagon, they have a rather hard suspension through the use of leaf springs, hence the so-called 'land rover backside' after a long drive ;-)

            Hmm. Reliant Robin. Painted yellow, I trust? ;-)

        2. Bloakey1

          Re: God luck hacking my wagon...

          "Bravery has nothing to do with it: It's instant revenge if some idiot is dumb enough to crash into it - they'll ALWAYS come off worse ;-)"

          Hmmmm, heard on a military comms net many moons ago "Rolled the rover over, over". These damn things flip at a moments notice in my experience.

          1. A Twig

            Re: God luck hacking my wagon...

            A squaddie can roll anything... as evidenced by the many photos on this page (scroll down for the better ones):

            http://www.nmbva.co.uk/REME%20photos.htm

            1. Roger Stenning

              Re: God luck hacking my wagon...

              "A squaddie can roll anything... as evidenced by the many photos on this page (scroll down for the better ones):

              http://www.nmbva.co.uk/REME%20photos.htm"

              Yeah, in the days of national service, those were. I've seen some rather more spectacularly messy ones myself, though not, thankfully, with Landies.

          2. Roger Stenning

            Re: God luck hacking my wagon...

            "Hmmmm, heard on a military comms net many moons ago "Rolled the rover over, over". These damn things flip at a moments notice in my experience."

            As I mentioned earlier, Land Rovers are no more unstable than any other MTV. If you allow stupidity to overcome common sense and training then yes, you can do terminally stupid things to gain a Darwin Award for yourself. The trick to keeping yourself and your vehicle in single pieces is to maintain proper control of the vehicle, drive within your limits, and also within the limits of the place where you are driving, as it is, indeed, with any other form of motorised transport.

            Oh, and I've heard that one on the batphone too ;-)

            1. Bloakey1

              Re: God luck hacking my wagon...

              <snip>

              But they are a bit more difficult to drive, Range Rovers are top heavy as well so I used to sport an armoured Land Cruiser.

              "Oh, and I've heard that one on the batphone too ;-)"

              I will raise you an ANPRC 10 for your A41 ;)

              1. Roger Stenning

                Re: God luck hacking my wagon...

                "I will raise you an ANPRC 10 for your A41 ;)"

                LOL! Already have a UK/PRC-320 thanks ;-)

      2. big_D Silver badge
        Facepalm

        Re: God luck hacking my wagon...

        I worked with a guy with an old Land Rover in the late 80s, he came up from Somerset each week.

        His brother looked at the thing one weekend and noted that the fixing points where the body was bolted to the chasis were all cracked and the whole thing was corroding. He told his brother that he should take his wife's car, she could drive the Land Rover.

        Such a caring brother, eh?

    2. Yet Another Anonymous coward Silver badge

      Re: God luck hacking my wagon...

      But if you were to load a malicious paper roll into the onboard player-piano couldn't it be compromised ?

    3. Anonymous Coward
      Anonymous Coward

      Re: God luck hacking my wagon...

      "Allegedly" you can jump start it without even having access to the inside by removing "one of the front bulbs" and applying enough electrickery, so not that difficult... :)

      1. Roger Stenning

        Re: God luck hacking my wagon...

        ""Allegedly" you can jump start it without even having access to the inside by removing "one of the front bulbs" and applying enough electrickery, so not that difficult... :)"

        AFAIK, that's an urban myth. Interesting way to go about frying oneself, mind ;-)

  3. JCitizen
    Coffee/keyboard

    You could die, and nobody would know!!

    It has been proven already by several studies and even videos made by researchers I've seen on 60 minutes, that vehicles can be totally controlled and even kill you! Imagine going along at 70 mph, and some cracker issues a command that orders the auto park to activate!!! Maybe you can catch my drift??

    The highway patrol or whatever flavor of gendarme in your community wouldn't have a clue! The obituary would list the "accident" as "lost control of vehicle" - end of story!

    1. Bloakey1

      Re: You could die, and nobody would know!!

      Are you suggesting that a small vehicle with a hardened ramp, err cough, I mean rear hatchback would not do the job?

      A pissed driver is said to work wonders as well, perhaps a windows driver?

  4. bazza Silver badge

    Accident investigation

    Understanding why an accident has occurred is going to become a whole lot more difficult. The police and their expert investigators are pretty good at diagnosing mechanical causes of accidents. They're not going to stand a chance when it comes to investigating a hack attack on a car. A good hack attack would leave no log entries anyway.

    The manufacturers aren't going to want accidents investigated properly in case they are held liable for a poor design that is easy to hack in the first place. They're not interested now, and I doubt their attitude will change. [true example: A friend's car set off its own airbags whilst driving down the motorway. Despite that she was able to keep control and get off the road. Complaints to the manufacturer went utterly unanswered. Had she lost control and been killed, consider the scene that the police would find: a crashed car, airbags deployed, and a corpse. Nothing would have pointed to the true timeline of events, and it would likely have been blamed on driver error. No one knows how many times this has happened]

    Which all means that drivers are going to find it very difficult to persuade either the authorities or the manufacturers or the insurers that the cause of a crash was some external hack. The driver will likely get the blame, especially if they are killed in the accident. The only way to get something done would be if hack attacks happen too many times to be ignored. By which time it will be too late for a lot of people.

    Laughable Features

    On the whole I think we'd be better off without such levels of comms and automation in cars. The one that makes me laugh the most is "remote shutdown and tracking of a stolen vehicle". It's going to be easier to nick the cars in the first place via the inevitable flaws in the software. And all the thief needs is a 3G jammer to stop you tracking and stopping the car.

    1. Pascal Monett Silver badge

      Re: "A good hack attack would leave no log entries anyway"

      A properly designed system would log everything that happened, with parameters explaining why. Disrupting that trace would be demonstration enough that a hack took place.

      The real challenge, I think, is putting all that log data somewhere that is not much at risk of getting wet or damaged in the event of a crash.

      Silly me, here I am talking about a properly designed system in this day and age. I forgot all about marketing deadlines and managerial mismanagement.

      1. annodomini2

        Re: "A good hack attack would leave no log entries anyway"

        The issue is cost.

        Automotive engineering is solely focussed on cost.

        If they can save a penny on a car they will.

        Adding £2+ to an ECU will make the cost conscious PHB's baulk at the thought.

        The safety is purely a legal requirement and then it's subjective as to whether or not they have actually met the requirement.

  5. Anonymous Coward
    Anonymous Coward

    The biggest problem...

    Is the car industry suffer really badly from the "not invented here" syndrome.

    It takes them many years to acknowledge they have a problem, another load to evaluate what can be done to solve it, followed by the adoption of a modified version of what's done else where only to finally accept that others did already have a better solution a long time ago...

  6. namke

    Attack Vectors != vulnerabilities

    Interesting quote from an article on forbes regarding this:

    "A study released at Black Hat this week by security researchers Chris Valasek and Charlie Miller explored the “attack surface”, or hackability, of 24 different vehicles. The Infinity Q50, which Valasek owns, and the Jeep Cherokee, which Miller drives, did not fare well due to the number of attack surfaces they had. The researchers weren’t able to remotely hack any of the cars, though." (my emphasis).

    The paper can be read here

    It's an area which I am tangentially involved in, so I find this stuff quite interesting from a professional point of view too :-)

    1. Cliff

      Re: Attack Vectors != vulnerabilities

      One group of people can't break something therefore no groups of people can break it. We've seen just how true that's been over generations of software and operating systems.

      1. namke

        Re: Attack Vectors != vulnerabilities

        Yep, I realise that - although having read the paper, they supplied no evidence that attacks were even possible. Simply having an ECU bridging two buses does not automatically mean that there is an attack there; comms peripherals may be set up only to read frames from the bus etc. (and many embedded processors are very restrictive about re-programming peripherals, such as forbidding configuration except after reset. Executing code from RAM may also be disallowed, either due to processor architecture or MMU/MPU configuration). All 'best practice' stuff (at the absolute, very least, follow MISRA).

        Still, best practices can be skipped - see Toyota for example! (Also http://ht.ly/tU5AM)

        1. An ominous cow heard

          Re: Attack Vectors != vulnerabilities

          That EDN article (actually series of articles, with reader comments) on Toyota vs Barr should be compulsory reading for:

          * anyone involved in the business of safety critical embedded software

          * anyone affected (or likely to be) by safety critical embedded software

          * anyone thinking about buying a Toyota

          * anyone wondering what happened to the days when Toyota were a leading light of the engineering industry (e.g. Toyota Practical Problem Solving, etc)

          That's quite a few people.

          http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences

    2. Bloakey1

      Re: Attack Vectors != vulnerabilities

      <snip>

      "It's an area which I am tangentially involved in, so I find this stuff quite interesting from a professional point of view too :-)"

      I also find that if I need to get tangentially involved, a professional is the best and most discrete attack vector to employ. Having said that, a cold bath is said to work wonders.

  7. RainForestGuppy

    Why would you hack a car?

    Rather than the whole crashing at speed thing, I thing the biggest motive for hacking a car could be Fraud.

    In the UK there is an 'industry' around fraudsters being paid to have low speed impacts with innocent people on roundabouts/intersections etc, they then give the details of the person that paid them, Who then puts in a claim for whiplash, anxiety, etc against the victim's insurance company (usually using an ambulance chasing 'legal' firm).

    Imagine if you could could now control the innocent victims car and force it to slam on the brakes at your command, whilst your GoPro camera on the dash records everything. "Sorry mate, you slammed on the brakes, I've got it on camera. I'll tell you what give me £500 and we won't go through the insurance company".

  8. bonkers

    It's serious Jim...

    I've had a fair bit to do with "infotainment" systems. The vehicle manufacturers don't really get hackability, even simple measures like reducing the attack surface are rejected in favour of functionality. One project demanded compatibility with over 60 varieties of photo/AV/container formats. Another response is simply "what can they do with it anyway", as though it would stop at mere annoyance. If there is a way to hack into the system there will be ways to monetise it, we just haven't seen them yet, though I could suggest ransomware, bogus service demands, premium phone services, contagion into connected smartphones, just as a kick-off.

    As Charlie Cox would say, it's a nightmare in a bubble-car.

  9. Anonymous Coward
    Anonymous Coward

    Security

    My wife got home in her new car yesterday, and clicked the "close" button on the key fob. The car locked...

    ... and one of the motorized garage doors opened.

    Now I have to spend my weekend working out which I can reprogram, but I'm not impressed with the security of either. Does Peugeot really use the same code set as a cheap garage door motor?

    1. Anonymous Coward
      Anonymous Coward

      Re: Security

      "Does Peugeot really use the same code set as a cheap garage door motor?"

      Give me one good reason why they shouldn't. One acceptable to management beancounters, that is.

  10. DocJames

    In an underground car park

    my dad once joked "lets see who else's car we can open".

    The car next to ours opened. Whoops.

  11. Henry Wertz 1 Gold badge

    Physical separation

    To me, physical separation is the best way to go. Don't get me wrong, the rest is also important, but these systems should usually be totally separated.

    If you have to connect them, very restrictive firewall. Remote diagnostics? Read-only access to the engine parameters. Some auto park system or whatever that requires "write" capability to steer or break? The firewall should allow only traffic from the CPU responsible for auto-park, and only the type of traffic the auto-park system actually uses. Most current exploits involve unusual traffic types, coming from ports and devices the traffic would normally never come from. Oh and do make sure the firewall is secure, obviously it is not useful if an attacker can just change firewall rules then pass their traffic through.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like