back to article Stop the music! Booby-trapped song carjacked vehicles – security prof

The modern car's operating system is such a mess that researchers were once able to get complete control of a vehicle by playing a song laced with malicious code. Malware encoded in the track was executed after the file was loaded from a CD and processed by a buggy parser. "A car is a big distributed system with wheels …

  1. Ilsa Loving

    I hope so

    "Every manufacturer now either has remote update or will shortly announce it," he predicted. "The cost of not having it is just too great."

    I hope they do. Unfortunately I also fully expect them to miss the point and have a woefully insecure update mechanism in their rush to implement the "feature".

    1. joed

      Re: I hope so

      I'd rather had no remote access - for updates or malware alike. Since the CD exploit is barely a link to network code, keeping vehicle systems offline is the easy (and cheap) way out. And all this forced integration of data systems delivers little value to consumers but they end up paying for it. I have no idea why some car buyers fall for this - extra data service fees on top of 72-month payments, all this while far more capable smartphone is in their pocket.

    2. Steven Roper

      Re: I hope so

      And along with "remote update" you will also get the inevitable phone-home and profiling shit - which will tell the manufacturer how far and where you drive the car, your driving style (Are you a leadfoot? Watch your insurance go through the roof when the car manufacturer sells that info to the insurance companies!) which shops you drive past regularly (which said shops will gladly pay to find out) and even where you work, live and play. As to the privacy protections on said data, well... need I say more?

  2. Kevin 6

    My god some of the stupidity

    "Part of the problem is that late-model cars now have to have a government-mandated OBD-II port (typically under the steering wheel above the pedals) and once you get access to that, the car's network is entirely open to you, Savage said."

    You know what else getting physical access to a server in a company means all its data is available to you. OMG STOP THE PRESSES

    I'll admit the booby trapped music is worrying(well not to me as I drive a late 90's vehicle with an aftermarket stereo that only has power ;)), but the OBDII port isn't as much as if they have that much access to the vehicle they can do anything they want.

    1. DavCrav

      "You know what else getting physical access to a server in a company means all its data is available to you. OMG STOP THE PRESSES"

      I couldn't tell whether they meant physical access, or the very existence of the port that connected to everything meant that gave a vector to hop around the car.

    2. Destroy All Monsters Silver badge
      Holmes

      The stupidity is you

      Because, yeah, if I plug my laptop into this company network, I can instantly become root on the fileserver, configure the firewall and peruse the CEO's e-mail.

      Happens all the time. Great stuff!

      1. Kevin 6

        Re: The stupidity is you

        I said PHYSICAL access to the server sherlock or don't you know how to read.

        This is pretty much the same as to access the OBDII port as you need to have 100% physical access to it (which involves breaking into the vehicle), the software to use it, and if the vehicles I've accessed the OBDII port on are anything to go off you also have to have the car on to use it so that would involve hot wiring it. At this point unless you stole the owners keys you have done some physical damage to the vehicle that would make the person suspect something.

        So at this point for your plugging in the laptop to be similar that would also assume you broke into the server room, broke/reset the login passwords via some method, and at that point yes you would have access to the CEO's e-mail. But at that point seeing your entry will be detected why not just take the server, and run like you already will have the car on so just go.

        1. Dave 126 Silver badge

          Re: The stupidity is you

          @Kevin

          From the article:

          [After playing the Trojan .WMA] "Further commands to remote control the vehicle could then be received via the car's builtin cellular connection."

          So, the attacker doesn't need physical access to the car, they 'just' need to socially engineer the owner into playing the CD.

          1. Kevin 6

            Re: The stupidity is you

            @Dave 126

            From last section my original post

            "I'll admit the booby trapped music is worrying(well not to me as I drive a late 90's vehicle with an aftermarket stereo that only has power ;)), but the OBDII port isn't as much as if they have that much access to the vehicle they can do anything they want."

            My comment was more on what sounds like blaming of the standard of the OBDII port as some super insecure attack vector as they said "once you get access to that, the cars network is entirely open to you".

            I agree completely on the WMA issue, and in all honesty find it absolutely stupid a radio can talk to the rest of the vehicle in these modern cars.

            1. Lysenko

              blaming of the standard of the OBDII port

              The port is a red herring. If you understand CANBus[*] you can tap into the control loom pretty much anywhere and hijack the control protocol.

              [*] CANBus is basically RS485 with a bit of CDMA baked into the chipset.

        2. Anonymous Coward
          Anonymous Coward

          Stick this in your pipe 'Sherlock'

          The OBD port within a specified distance from the steering wheel isn't the only place you can get onto the CAN bus *NETWORK*, that's just the 'official' way, if you've a mind to, you can find CAN bus wiring in all sorts of places that are easily accessible from outside the car with no visible damage (or no damage at all), some of them are also 'official' manufacturer access points designed for technician use.

          So, that's like having your servers in an unlocked cabinet on the outside of your building, open to the public.

          But, Occam's razor here, if I were stealing high value cars for profit, I'd haul them into a covered truck/van marked up as something innocuous like 'specialist vehicle logistics' or with dealership/manufacturer logo and hack away at the systems in the privacy of my own Faraday caged premises

        3. Anonymous Coward
          Anonymous Coward

          Re: The stupidity is you

          the vehicles I've accessed the OBDII port on are anything to go off you also have to have the car on to use it so that would involve hot wiring it. At this point unless you stole the owners keys you have done some physical damage to the vehicle that would make the person suspect something.

          OBD ports have a permanent live, and one popular way to steal high-end cars is to plug a laptop into the OBD port and reprogram a spare key to be accepted by the car as valid. At that point you effectively do have the owner's keys, and can just drive off. There's a growing market selling physical lockable OBD covers for such cars.

    3. Voland's right hand Silver badge

      Exactly

      The problem is that there is ONE MORE OBD port and in most recent cars it is wired to the infotainment unit. That was fine while the infotainment unit was your typical prehistoric POS which also showed some numbers about fuel consumption, etc (hello GM). It became a problem after idiots connected it to the Internet with no security whatsoever.

  3. Destroy All Monsters Silver badge

    Cowboy design in the physical space

    "Basically, give me 18 seconds of playtime and we can insert the attack code"

    A bad case of "Snowcrash", indeed.

  4. Anonymous Coward
    Anonymous Coward

    What was the song?

    Ticket to ride? Drive my Car?

    The Cars Drive?

    Passenger?

    Can someone please own up for connecting the audio system in a way that allows data to go the other way? I've not seen anything that idiotic since someone asked how far is it to drive from Miami to Florida.

    1. tfewster
      Devil

      Any song by System of a Down?

      At least, it should be capable of blocking the low speed/non-critical/insecure network link; I really don't want my ABS disabled just because the network is busy handling a complex piece of music

      Apropos, the Christine icon -------->

  5. channel extended
    Big Brother

    OBDII

    Oh Bloody Deity Instant Infection.

  6. Anonymous Coward
    Anonymous Coward

    Possible Assassination Vector?

    wonder if there are any 1980's BMW's in Auto Trader?

  7. Anonymous Coward
    Anonymous Coward

    'Here in my car, it's a safe place to be, i can lock all my doors.....

    ....oh wait a minute!

    1. Dave 126 Silver badge

      Re: 'Here in my car, it's a safe place to be, i can lock all my doors.....

      Gary Numan is probably safe... he used a Mellatron keyboard, a splendidly analogue (and not networked) way of doing what people would now do digitally.

      Each key was linked to a coiled length of magnetic tape, and playing the note pulled the tape across a head. Maximum 'sample' size was eight seconds, after which (or after releasing the key) you could hear the tape being rapidly wound back into its spool, if you held your ear near by.

      1. John Tserkezis

        Re: 'Here in my car, it's a safe place to be, i can lock all my doors.....

        "he used a Mellatron keyboard"

        Some time back, I had the pleasure of seeing one of those things running full steam with the cover off.

        It really was a mighty sight to see the engineering of the day doing what would have been otherwise impossble in the day.

  8. M7S

    Let's hope the song wasn't

    "Don't stop me now"

  9. thesykes

    why?

    "Vehicles typically run two main networks: a high-speed one for engine, brakes and transmission systems, and a lower-speed version running secondary functions like entertainment and climate control.

    But the two networks have to talk to each other...."

    Why do they?

    1. Anonymous Coward
      Anonymous Coward

      Re: why?

      Even if one were to accept that the fast and slow networks do have genuine reason for interconnection, further questions still need asking:

      . What kind of functions should be permissible across this interconnect?

      . What kind of data should be allowed to pass across this interconnect?

      . What kind of authentication should be required (in the end systems and by the interconnect)?

      . What kind of access modes and access controls should be required (end systems and interconnect)?

      . What kind of interoperable and verifiable protocols should be mandated? [<-edit]

      Y'know, all the usual stuff that you'd find in a half decent multi-tasking multi-user OS.

      It's not rocket science, it's been understood since the 1980s, it just seems to have been forgotten (or deliberately omitted) somewhere along the way. In the early days vendors could probably argue there wasn't the need and there wasn't the compute power. Neither claim holds water in the era of the Internet of Tat where a $5 embedded computer (e.g. something akin to Pi Zero) has rather more power than a 1980s VAX.

      1. Mage Silver badge

        Re: why? it's been understood since the 1980s,

        Actually the 1970s, or maybe earlier.

        1. Anonymous Coward
          Anonymous Coward

          Re: why? it's been understood since the 1980s,

          "Actually the 1970s, or maybe earlier."

          I know that too, but I figured some of the less experienced folk round here might find it hard to believe that there were computers (and Trustworthy Computing) before x86 and Microsoft.

    2. Anonymous Coward
      Anonymous Coward

      Re: why?

      They talk because it made something easier, or someone thought "this could be useful someday".

      The engineers designing cars never considered that they'd be remotely accessible someday. The guy that said "hey let's allow your smartphone to be able to control your car's entertainment system" never considered (or even knew) that it might have a path to everything.

      They need to include a firewall that blocks everything, and only lets through very specific things that have a good reason and have a well defined API (so no buffer overflows, malformed requests, or kids named drop tables find their way in)

      The problem is, wouldn't it be nice if instead of plugging into the ODB port you could access that data dynamically with a smartphone app via Bluetooth? That's fine, so long as you can only read it - require plugging in for any writes, even a simple "clear fault code".

      1. Dave 126 Silver badge

        Re: why?

        iWhat DougS said.

        CANBus's two speeds were traditionally Drivetrain and Infotainment/VAC. The Drivetrain ran at a higher frequency, and the Infotainment at a lower frequency. It runs on a twisted pair of wires, with ground being through the power supply to each module.

        It's a packet-based system, with priority. All modules (NXP, Bosh, Whoever) can send and receive, and be either sensors and/or actuators. The high speed version will only run if both wires in the twisted pair are good, the low speed version is tolerant of a fault in either wire.

        If you break down, you can still listen to the radio and wind the windows down whilst waiting for the recovery vehicle. So far, so good. Very good, in fact.

        Further commands to remote control the vehicle could then be received via the car's built in cellular connection.

        Very good, as long as you don't fit a digital wireless receiver to the vehicle's physical network.

        I can't think of any reason why a car stereo needs to communicate to the drivetrain. But:

        It's not just a bloody stereo these days; it's used to control drivetrain features, such as Sport / Eco modes...

        (Not my old van, the £50 Lidl Stereo that plays SD Cards and USB sticks is still working and van doesn't have any built in Sat Nav or cellular radio. Actually TBH, recently it sounds like the capacitors in my stereo are on their way out, but must have got 5 years out of it.)

        1. Phil O'Sophical Silver badge

          Re: why?

          I can't think of any reason why a car stereo needs to communicate to the drivetrain.

          The usual reasons are:

          - increase volume with speed.

          - block viewing video (DVDs) when moving (handbrake off).

          - switch on reversing camera display & parking radar when reverse gear is engaged

          etc.

          all of which require only one-way comms, car to stereo. The problem is that it's a bus and inherently two-way at a physical level. The software in the stereo might be designed to make it a client device only, but that's the software that was rewritten by the hack so it could become a bus master.

      2. DropBear

        Re: why?

        "That's fine, so long as you can only read it"

        Great idea, as long as you don't mind that anyone able to pwn your smartphone anyone can know exactly where you are, where you're headed, how fast, etc... (hey, the on-board satnav needs that stuff...)

    3. Wensleydale Cheese
      Unhappy

      Re: why?

      But the two networks have to talk to each other....

      Why do they?

      It probably started with a very simple concept such as dimming the radio display when you switched the lights on. Feature creep will have done the rest.

    4. Murphy's Lawyer

      Re: why?

      Because the US librarian of Congress decreed that the system controlling the car could be independently inspected under the Digital Millennium Copyright exemption list, but the entertainment system could not because the Entertainment Industry must be protected forever.

      At which point the manufacturers merged the systems and told the testers that because nobody could tell where the system boundaries were they faced five years in the slammer if they tried to find out if the car was programmed to lie about its emissions.

  10. Anonymous Coward
    Anonymous Coward

    Bury your head in the sand and it will all go away

    The mentality of pretending these security issues have not existed for 20 years a disgrace. The same applies to all Windows O/Ss. There was no intent by any of the parties involved to build secure networks. They thought that they were so smart that the criminals would never be able to hack the O/Ss or networks. As we see daily with Windoze, it's one of the most insecure O/Ss in the world despite any claims to the contrary. Now just stop for a moment and consider that autonomous vehicle (AV) builders are using the same mentality as the folks who delivered Windows and car systems with zero security systems. How many people will die as a result of improper programming and hacking of AVs? To me allowing these insecure devices to be sold when any reasonable person would understand the security issues, is criminal and those who do sell these insecure products should be held fully accountable for deceiving consumers.

    1. Phil O'Sophical Silver badge

      Re: Bury your head in the sand and it will all go away

      They thought that they were so smart that the criminals would never be able to hack the O/Ss or networks.

      No, it just never occurred to them that anyone would want to do so.

      I meet this every day, trying to persuade programmers to write secure code:

      "But why would anybody want to hack this?"

      "To show that they can."

      "That's silly, I don't need to protect against that."

      or

      "There's a race condition between creating that file and setting the protection on it."

      "Oh, but no-one would put the effort into getting into that window, it's tiny."

      People are, by and large, too nice and too honest. They concentrate on the clever features, and simply never think of how or why a malicious user would try and misuse the code to do something it wasn't designed for.

      1. djack

        Re: Bury your head in the sand and it will all go away

        "But why would anybody want to hack this?"

        Yeah, I encounter that attitude all too often. My usual response is to point out that somewhere nearby there will likely be a bus stop with any glass panels smashed up. I admit I can't understand why people do that and then expand that people do nonsensical things for no sensible reason. At that point, realisation dawns in the other party.

        It doesn't really help as nine times out of ten, they won't fix it anyways.

        1. Anonymous Coward
          Anonymous Coward

          Re: Bury your head in the sand and it will all go away

          It doesn't really help as nine times out of ten, they won't fix it anyways.

          They will if they want me to let their changes into the product...

  11. Anonymous Coward
    Anonymous Coward

    "But the two networks have to talk to each other"

    Why?

    I don't want the thing that's managing my engine and brakes to be talking to anything but the hardware it's controlling.

    1. Duncan Macdonald

      Diagnostics and audio

      The OBD port has to get diagnostic info from the engine and braking system but also gets information from other parts (air con, air bags, instrument panel, power steering, sat nav, lights, audio etc) (see the picture in the article).

      The audio system in many cars gets information about the speed to adjust the volume - this implies a link between the control systems and the entertainment system. In some cars the sat nay display is turned into a rear parking assist when in reverse gear - this also implies a link.

      A decent firewall that only allowed predefined messages to pass to the control systems would be fairly cheap to implement on a per vehicle basis - but by the time that you are building 9.8 million vehicles in a year (GM) even $5 each is a lot of money.

      1. Dave 126 Silver badge

        Re: Diagnostics and audio

        You don't need a firewall, you just need to use *listen-only* modules where appropriate. After all, the store needs to listen to the network to get engine speed, but the stereo doest need to transmit anything.

        1. Phil O'Sophical Silver badge

          Re: Diagnostics and audio

          you just need to use *listen-only* modules

          It's a bus, which implies data transfer must be acknowledged. The stereo may start out as a protocol client, unable to initiate transfers, but the physical hardware has to be two-way. Once you rewrite the driver in the stereo via the hacked song you can make it a bus master and have it send commands as well as acks

          1. Chairo

            Re: Diagnostics and audio

            It's a bus, which implies data transfer must be acknowledged.

            Actually the CAN bus it is pretty much a network, similar to ethernet with a different physical layer. It can carry various different protocols and every controller can listen and send frames as he desires. There is a collision detection. No need for a busmaster or a token. Some protocols have a handshake (tester communication, for example), some don't. For the usual information exchange between controllers the information is just sent and received periodically over standard frames. If you are lucky there is a rolling counter to tell you, if the sender is still alive, but most frames don't even have this basic measure. Generally it is designed as a "trusted bus". Meaning the control units trust that each controller in the system has it's own self-monitoring and the information send over the CAN is sane and validated by default.

            Not exactly what you should or would connect to the internet, right?

      2. Stuart Castle Silver badge

        Re: Diagnostics and audio

        "A decent firewall that only allowed predefined messages to pass to the control systems would be fairly cheap to implement on a per vehicle basis - but by the time that you are building 9.8 million vehicles in a year (GM) even $5 each is a lot of money."

        It's $49,000,000 which is a lot of money, but factor in that GM is a multi billion dollar company, and they will be expecting to earn at least $15,000 per car, that $5 per car starts to look like chicken feed. Especially if it saves lives.

    2. John Tserkezis

      "I don't want the thing that's managing my engine and brakes to be talking to anything but the hardware it's controlling."

      You forget the "modern" vehicles with brakes, accelleration, direction which all need to to talk to their host satnav and cruise control systems, at the very least, for configuration purposes.

    3. Chairo

      "But the two networks have to talk to each other"

      Why?

      Legal requirement. As soon as some controller can be reprogrammed in the field, it must answer to some standard OBD protocol items. As most sensors contain microcontrollers, nowadays, there must be a gateway to the OBD connector if the sensor can be reprogrammed. One of the reasons is that it allows to check easily, if someone messed around with the calibration dataset. One of the OBD services requests a checksum over the dataset area, which is calculated on the fly. You can find all this stuff in ISO15031, btw.

      1. Adam 52 Silver badge

        None of those answers explains "why". You can have an ODB port for both without connecting them. You can do speed sensing with isolated sensors or a read-only proxy. It's just bad design. And calls for remote update are just going to make it worse, because they will get cracked - if not now but sometime in the 40 year life of the vehicle unless we want a world where cars get replaced as often as phones.

        1. Chairo

          You can have an ODB port for both without connecting them.

          Interesting. How do you do that, given, that you have only one physical connector?

          You build in a second connector underneath the first one for the 2nd bus? Not sure if this is possible from a legal point of view.

          In any case, the best solution to have something not hacked remotely is not to connect it to the internet. No need for constantly updating everything if it just works and it is not connected to the ugly sewerage system that people call the internet.

  12. Anonymous Coward
    Linux

    Just use firewalls and intrusion detection systems ..

    "When asked why car builders didn't take a leaf out of the IT industry's playbook and just use firewalls and intrusion detection systems".

    Because they are next to useless if the core OS is defective. Besides, it's difficult to consult the logs when the car is barreling down the motorway at 100kmh. Did no one at the design stage ask the question as to whether these automobile systems could be hacked?

    "The answer, the prof said, was that cars had to have automatic wireless software updates to fix problems as they are discovered"

    You want to put wifi access on a car operating system that's already defective?

    1. Dave 126 Silver badge

      Re: Just use firewalls and intrusion detection systems ..

      >Did no one at the design stage ask the question as to whether these automobile systems could be hacked?

      They had no need to ask that when they designed CANBus, because no one was in the habit of connecting it to anything that received wireless data. It's a sound system.

      What is daft building a vehicle that includes a module that can both talk to the drivetrain and receive wireless data.

    2. Wensleydale Cheese

      Re: Just use firewalls and intrusion detection systems ..

      "The answer, the prof said, was that cars had to have automatic wireless software updates to fix problems as they are discovered"

      Why wireless when there's a physical port you can plug a cable into?

      And we've seen how automatic software updates can bork systems.

  13. allthecoolshortnamesweretaken

    "The answer, the prof said, was that cars had to have automatic wireless software updates to fix problems as they are discovered."

    Like that couldn't be hacked as well - and if it is, full access to everything. And if this happens to a self driving car it will practically steal itself. Computer Aided Car Heist.

    1. allthecoolshortnamesweretaken

      Bootnote: I still think it's an ill-chosen name for a conference.

      Come on, I can't be the only one who reads it as unisex enema at first every bloody time.

  14. JeffyPoooh
    Pint

    Maybe coder drones could learn how to write code...

    Audio bits out the port heading towards the speakers. Metadata song data bits out the port heading towards the display. Any other strange bits straight to null. A wee little bit of sanity checks on the way by. Some trivial buffer overflow protection.

    It's not a very long list.

    Some noobies will inevitably reply, 'Oh, you don't understand...' Puh!

    1. Kevin 6
      Coat

      Re: Maybe coder drones could learn how to write code...

      You just don't understand how else would they introduce these idiotic potentially dangerous security flaws other then poor coding, and stupidly interconnected hardware(that really shouldn't be connected) designs?

  15. Anonymous Coward
    Mushroom

    WMA

    Wow, Microsoft somehow managed to create an audio format that allows embedding executable code? Only they could be that stupid!

    1. Dave 126 Silver badge

      Re: WMA

      I dunno, I reckon Sony's Sonic Stage could have given them a run for their money on the idiot stakes.

      But hey, they're tamed beasts these days, if not reformed characters. Sony's proprietary sillines now looks like a cute idiosyncrasy these days, now that they're in a more humble must-try-harder market position.

      I can't even be bothered to curse Microsoft these days either, since Windows 7 doesn't do anything too stupid (as opposed to Vista, XP, 2K Me 98, 95).

    2. John Tserkezis

      Re: WMA

      "Wow, Microsoft somehow managed to create an audio format that allows embedding executable code? Only they could be that stupid!"

      That's only the begining. Within a Windows system, if you create a bullshit codec that doesn't exit, and conveniently add where this mythical codec can be found, Windows will look it up for you, install the codec and carry on.

      That leaves malware crafted files to automagically load malware without bothering to ask you first.

      Microsoft will never, ever, fucking ever, fix this fault, you'll only see this malware on pirate sites, and MS can't be ever seen as protecting pirates from themselves.

    3. Phil O'Sophical Silver badge

      Re: WMA

      Only they could be that stupid!

      Not at all. Adobe and Android have both provided multimedia code where insufficient bounds checking on data allowed code corruption of the application, and execution of arbitrary code. Nothing at all to do with the audio format, just a bug in the implementation of the program which proceses the audio data.

  16. Anonymous Coward
    Anonymous Coward

    "Every manufacturer now either has remote update or will shortly announce it," he predicted. "The cost of not having it is just too great."

    Is this message getting through to many device makers?

    Are our smartmeters, smartentertainmentsstems, smartwatches etc. all going to be updateable? Or is it just going to be an IoT of static boxes that were created by 1 programmer on the basis of requriements made by several others, with some programmer-suggested security voluntarily implemented? Updateable with hardcoded password? Accidentally leaking all WiFi-passwords to anyone?

    1. xybyrgy

      @ac

      Some good, mostly bad, of course - until someday somebody important's offspring is kidnapped with the aid of insecure IoT...

  17. GrumpyKiwi

    Question: Who still listens to CD's in their car? It's been at least 7 years since I last had a CD in any car, it's all been via the phone and Bluetooth or a clapped out old iPod and an AUX port.

    1. Charles 9

      I do since the tape deck is worn out, there's no AUX port, and it's the stock 6-CD changer deck and I can't be asked to plunk down the few hundred it'll take to replace it as it's double-height.

    2. Adam 52 Silver badge

      Those of us with CD collections and an irrational desire to stay within the law?

    3. MJI Silver badge

      Me, 6 disc changer

      It works, why change?

    4. Roland6 Silver badge

      I do!

      But then CD/radio's were standard in cars when I purchased mine and I don't see much point in messing around, given the car will be replaced in a year or so. Also Car CD players, like home VHS video players have a very simple level of functionality, enabling them to be operated by toddlers...

      Whilst my children are no longer toddlers, they are now able to operate the car radio without my assistance, whilst they are still coming to terms with mobile phones, iPods etc.

      1. Martin an gof Silver badge

        Easy to operate

        We also use CDs for all the reasons mentioned. Also the fact that if you bung a CD in, you have a good idea in your head which 12 or 15 tracks are on the disc and with column-mounted controls you don't have to take your eyes off the road nor your hands off the wheel to skip forward three tracks to that particularly funny bit in the middle of Qikiqtarjuaq. This cannot be said of media players whose interfaces usually require quite a lot of taking eyes off the road to navigate the 793 tracks you've ripped.

        The players in our cars don't have AUX ports as standard, but it turns out there's an ISO connector on the back, and a three-fingured button combination to enable it, so now I've screwed a jack socket into the glove box the children can plug in their Sansa MP3 players if they really want to.

        M.

  18. Fraggle850

    Automatic firmware updates

    I can envisage a 'patch Tuesday' scenario when an update borks a load of cars. I'll stick to old (unconnected) bangers, ta very much.

    1. Charles 9

      Re: Automatic firmware updates

      You're screwed either way. Either they pwn you via the unpatched exploit or they pwn you via an evil update. And for all you know, there's a wireless connection to that bus and you don't even know it or have the capability to remove it.

  19. Anonymous Coward
    Anonymous Coward

    Missed opportunity Exploit by CD

    Use it as a mechanism to deploy your firmware updates. I suppose there is too much to be made by having your car tattle on your habits, over the air, wirelessly. Too many after sales revenue opportunities.

    Oh look they're due for a service, send them a cheap service offer. Oh look their speeding, the plods will pay for that information. Oh look they have kids, weights in the back seats, car cleaning services. Oh look their parked outside a stripjoint. Blackmail!

  20. Anonymous Coward
    Anonymous Coward

    OBD worries

    Regarding those people who deny the importance of the OBD connector: there is/was a rather infamous exploit of the OBD connector in high-end BMWs. A thief could e.g. smash a window, then insert a specific module into the accessible OBD port which would then establish itself as a spare key. If you can do that within 60 seconds, you can drive off with an X6 without triggering the alarm...

    That problem was _slightly_ complicated by the fact that there was a dead zone in the interior space monitoring of the alarm system which covered a window as well as the OBD connector.

    OTA update: since all cars now are to be mandatory equipped with a telematics unit for emergency calls, that infrastructure is already in place. Formerly, it used to be a CD - which might explain that there must be a connection between the CD reader and the operating system. So even if the audio player was closed and secure, anybody who knows how to create an update CD could still hijack the system.

    And yes, the car manufacturers are well aware of the related problems, and are improving the IT security of their in-car systems. But one of the problems is taht cars have a much longer lifecycle than other IT systems. Just imagine what would happen if a car manufacturer would enforce the same update cycle as, let's say, a Major Software manufacturer, i.e. all cars which were built more than 10 years ago wouldn't be supported any more....

    1. Anonymous Coward
      Anonymous Coward

      Re: OBD worries

      "one of the problems is taht cars have a much longer lifecycle than other IT systems"

      Vehicles (not just cars) have a much longer lifecycle than the >>typical modern IT department<< can cope with.

      There used to be (maybe still are) people out there whose systems were secure and had lifetimes measured in decades. E.g. plenty of computer based control systems that have been out there for decades and are still working, but as they don't need any expertise from Agile DevOps Puppets etc and don't have massive bodgets for upgrades etc, they're of no interest to anyone except the businesses they support.

      Even hardware obsolescence is no problem for some of these systems - software like SIMH provides an environment that can be set up to emulate lots of different systems, and quite a few people have implemented FPGA-based emulations of things that software can't reliably emulate.

      People (typically, beancounters and shiny MBAs) have chosen to forget How To Do The Job Properly.

    2. Roland6 Silver badge

      Re: OBD worries

      Just imagine what would happen if a car manufacturer would enforce the same update cycle as, let's say, a Major Software manufacturer, i.e. all cars which were built more than 10 years ago wouldn't be supported any more....

      That's one of the reasons I have an aversion to driverless cars, as we can expect their lifecycle and hence build quality to be largely determined by the software update cycle...

      .

  21. Rich 11

    Really?

    since no party in the world has access to all of a car's source code.

    I can think of several parties who have likely gone to the trouble of gathering all that code.

  22. Ali Um Bongo

    The Pwn Arranger

    The only computer technology in my 20+ year old diesel van, is my phone in my pocket.

    Strangely the van seems to be able to manage just fine, without need of an operating system or internet connectivity. As do my similarly technologically-challenged TV, fridge, washing machine, lightbulbs.... etc.

    It's a shame such Luddism means I miss out on all the fun of having to harden things like my toaster and egg cups against cyber-intrusion but, whatcha gonna do?

    1. Martin an gof Silver badge

      Re: The Pwn Arranger

      Assuming Europe... 20 years ago my Diesel car had electronically-controlled injection, a computer of sorts. Your TV, unless very old, most certainly does have a computer - what do you think generates the onscreen indications when you change channels or volume and call up Teletext (not that you can actually receive Teletext these days)? How do you think "auto tuning" works, or the decoding of NICAM stereo? I'll grant the 'fridge because fortunately computers in these are still rare, but if it has an electronic thermostat rather than a mechanical (e.g. bi-metal) one, there's a computer of sorts there somewhere. Washing machines have not been purely mechanical for a long while now but I'll definitely allow you light bulbs. A toaster with a browning sensor rather than a simple timer?

      The key thing though is that while these probably all have computers (microcontrollers) and possibly operating systems, at the moment very, very few of these things have any kind of connectivity and so, so long as they do the job required, there's no need for securing them or updating them. A clever thermostat may need a small micro for scheduling purposes, but why does it need to be connected to the internet?

      Luddism is not actually a bad thing!

      M.

  23. theOtherJT Silver badge

    Translation:

    "A firewall is not going to do it, the architecture is too complex and cost really counts to these guys"

    "A firewall would totally do it, but they much prefer profit margin to building safe products."

    ...which has always been par for the course with auto makers.

  24. Francis Vaughan

    Scale

    One of the problems with criticisms of the design of the car systems is that it doesn't fit the mindset of the car engineers, and places a model over the car that actually doesn't exist in computers either.

    Last I saw your average PC was just about as open a trainwreck as the cars we are criticising. There are a huge number of separate processors, many interconnection buses, and zero security. A PC typically has a number of high speed buses (SATA for a start) talking to subsystems with their own embedded operating systems. Then there are the slow buses for trivial stuff (USB 1.1 devices) and faster USB for things like WiFi and Bluetooth. Every one of these device controllers has embedded processors, many with subvertable hardware, and known attack vectors.

    I don't hear pious moaning that it should be trivial to add firewalls to all the buses inside a PC. Yet it is essentially the same problem. There are hacks that can pwn a hard disk drive (many of which run say three separate ARM processors and a full multitasking OS). Not to mention hacks that can subvert your ethernet controller or WiFi controller to take over your PC. We all know not to plug an unknown USB device into a PC - but I bet that is a rule more observed in the breach. It isn't trivial autorun exploits we have to defend against now.

    Yes, car system security is a big deal. But don't pretend that somehow the mainstream computer industry has trod these tracks long ago and it is the car engineers that are dolts. Everything is built to a price, and when there isn't a clear driver for change, change doesn't happen.

    The care taken in car system where the issues are understood makes the mainstream computer industry look like a bunch of idiots blindly walking into walls. These are hard real time systems, and they are tested and simulated to clock edge and instruction boundary precision. But like so many stories of security in the history of computing, nobody even thought it was an issue. (Like the Morris worm, when the first message that went out had the point that was along the lines of - "we all knew this was possible, we just didn't think anyone would be stupid enough to do it.")

  25. JaitcH
    Happy

    My trusty 2 and 4 wheeled chariots, of recent manufacture, are hack-proof

    networks using hydraulic oil-based technology for brakes and transmission systems, and stranded wire-cable for the engine control plus electronic ignition activated by a metallic bar with serrations in the edges.

    Entertainment are SD memory players that plug into permanently mounted amplifiers and speakers.

    And should the battery fail, there are auxiliary foot-powered starter mechanisms.

  26. Petrea Mitchell
    Thumb Up

    Coming soon: Ring

    With a little more technological advancement, it's only a matter of time until someone can create a DVD with a virus that haunts you for seven days...

  27. Aaron 10

    Remote updates

    Unfortunately, the laws in the US prohibit the automaker from having remote upgrade access. Why? It would violate the dealership maintenance laws in place. These laws were originally designed to protect consumers from predatory manufacturers looking to gouge them with expensive repairs. The law put dealerships in place to do the repairs and work as the middle man between the customer and the manufacturer.

    Unfortunately, the dealerships became the ones gouging the customer. The situation is worse than ever and many groups (including the FTC) are trying to get the laws changed.

    These same laws are being used to prevent Tesla from opening stores and/or selling cars in specific US states, such as Texas and Michigan, since Tesla does not have dealerships.

    Remote updates won't be available to any US manufacturer that has dealerships anytime soon... until the laws mandating dealerships go away, which ain't anytime soon.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like