"hack into vulnerable cars simply by knowing the the vehicle's IP address"
Or just use a port scanner. A new take on war driving?
Other vehicles may be at risk from hacking following the Jeep Cherokee incident, according to one of the two researchers who pioneered the spectacular auto exploit. Renowned car security researchers Charlie Miller and Chris Valasek remotely hacked a Jeep Cherokee over a mobile network and found a way to control critical …
>The Uconnect system allows motorists to start their engines, unlock doors or flash their headlamps via their computer or the Uconnect Access smartphone app from anywhere
I cannot believe there isn't a huge e-mail archive somwhere within Fiat Chrysler of engineers pointing out how dangerous this could be and being successively overruled by ever higher echelons of management.
It was ever thus:
The greatest test of an engineer is not his technical ingenuity but his ability to persuade those in power who do not want to be persuaded and convince those for whom the evidence of their own eyes is anything but convincing.
Extract from "Plain Words" in The Engineer 2nd October 1959
what the fucking fuck? Why did ANYONE think it was a good idea to network CRITICAL SYSTEMS to an external app? I mean seriously? Someones head should roll, unfortunately it will be some poor tech whose idea it was originally (ignoring all the engineers who said it was bad but wanted to be paid).
Re email archive: probably not.
I expect the development of all of this was outsourced to some third party who near-sourced it to a bunch of poorly paid 22 year olds who've grown up thinking that being constantly connected to the internet is both a necessity and a right.
They wouldn't understand how dangerous putting everything on a single insecure, publicly accessible network is, because they live their lives doing just that.
"I cannot believe there isn't a huge e-mail archive ..."
Where have you worked? How easy would it be for your colleagues to find another job?
I am familiar with one household UK name company making safety critical stuff where the kind of discussions you envisage have gone on.
There is no email archive. The discussions, such as they were, were never formally recorded and were typicaly verbal, occasionally whiteboard. The discussions may as well never have taken place.
The management made it very clear what they want. Discussion is not welcome, dissent is not tolerated, there is no need (or place) for an email audit trail. Orders are orders, whether written or not. Don't like it, find another job.
See also: Charles Haddon Cave, Leadership and Culture, Lessons from the Nimrod Review
No, I'm not reassured, but the article is inaccurate. No, it's not a relief, but there is a measure of segregation that would prevent any random hacker from easily gaining access. I haven't seen this mentioned anywhere, but I know for other Sprint implementations over their CDMA and LTE networks, they use it as an extension of the MPLS service, so a general PAYG 3G/4G modem wouldn't even slightly help without a lot of social engineering to get the right authorizations in place.
Why does everything have to be wirelessly connected? Why do we constantly have to be "jacked in" 24 hours a day? Skynet won't be T2s coming down and wiping out humanity, we'll simply join every gadget we have to every other gadget on the planet and then slowly wipe each other out with disabled brakes, exploding laptops and all manner of other exploits in various gadgets!
[quote]Fiat Chrysler Automotive – manufacturers of the Jeep Cherokee – were aware of the hack before it was demonstrated and had already released firmware patches for vulnerable vehicles.[/quote]
Yes but if you keep quite about the problem how many cars are running the old firmware. A quick search shows that while the fix is relativity easy I can not see a recall to fix this problem.
[quote] “To FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorised remote hack into any FCA vehicle,” Fiat Chrysler said.[/quote]
They may as well have said "To FCA’s knowledge, no one is dead yet."
We seem to be currently going through a particularly daft period of digital evolution, where the common answer to the above question is "because we can".
My TV packed up recently after 7 years of service (not great, if you ask me), so off I went to John Lewis to pick up a new one. I returned home with a shiny new Sony number, and very nice it looks too, incredible picture quality. But there's just one problem - it runs Android. Yup, a TV now runs an OS. What they didn't explain in the shop is that it takes about 45 seconds to start up from cold.
Seriously, why? Who in their right mind thought it would be a good idea to make you wait for nearly a minute before a bloody TV has to boot up? And then once it's on you're bombarded with a completely crazy smorgasboard of an interface you have to navigate before it will allow you to watch a channel. And then when you do select a channel, it takes at minimum 10 seconds before you can see a live picture.
But hey, the picture quality is amazing.
It's the same with oscilloscopes.
In the old days we had to wait 30~60 seconds for the Cathode Ray Tube (CRT) to warm up, then with 1st-generation LCD products it was near instant-on, ... now we're back to waiting - this time for digital bootups. :-(
Must. Rebuild. OS. From. Scratch. Each. And. Every. Time.
Even the damn Hibernate algorithm is daft...
Must. Save. And. Reload. All 8GB of RAM. Image. Because I (the f'ing OS). Have. No. Idea. Which. Part. Is. In. Use.
When I'm King, coder drones will be very well paid. At least those very few remaining that don't have their heads installed on pikes at the city gates.
Hell man I had someone at work tell me yesterday how Samsung smart TVS listen in on you, a couple of months ago they were thinking I was daft/paranoid saying I wouldn't go near a smart TV if I could find a dumb equivalent.
Web 2.0 is boiling the frog for people on privacy, everything is now facebook connected whether it should be or not, and now its boiling the frog on the common sense of whether we need things connected, possibly tied in with the whole privacy thing again, how long before your movement stats are sold away?
Keep turning up at this supermarket car park, sure the rivals would like to know and start sending you vouchers. I am short on sleep and may be getting a bit ranty, but I wish the marketing people who keep thinking this is a good idea and those who keep wanting to monetise us, when they ahve already taken the money for the product as well, would just fuck off.
Have an upvote. Not nearly sweary enough but adequately, although in a slightly bland manner, reflects my feelings on the matter.
Neither of my cars even have ODB - well, the Sportrak does but it's an advanced photonic system used in WWII: You short a link on the diag connector and a little man in the dashboard flashes out the fault codes, if any, on an Aldis lamp cunningly disguised as an EML. I'm quite happy with that, knowing that all the bits that make them go, stop, turn and dodge Nissans are connected to the controls either physically or hydraulically and I can examine, verify and rectify any of them without a proprietary interface plugged into a high-end laptop with a very expensive version of the little man in my dashboard at the keyboard.
As for television and entertainment in general, now that Top Gear has gone ginger and they're allowing some fool to commit the ultimate sacrilege of remaking Dad's Army, I have a clear desk policy of fucks to give about televisions and similar nonsense.
It's all related, of course. Modern motoring and broadcasting are squarely aimed at the lowest common denominator because that's where the bulk of "civilisation" sits these days. Soon they won't be able to scratch their arse without a smartphone app to tell them how, measure the efficacy of the act on the irritated orifice in question and upload that metric to Twitter along with a little carefully chosen politically correct anecdote about the event just in case anyone thinks anus scarification is discriminatory or the result promotes competitiveness.
Bootnote: This commentard does not advise the unsupervised scratching of arses. This activity should only be undertaken under the advice of your family medical practitioner. If symptoms persist, please consult a healthcare professional.
@perlcat "That's reassuring. I had thought that the builders of trucks and airplanes were more sane than auto manufacturers. My faith in universal corporate stupidity has been restored! Now I can sleep at night. Wait a minute..."
As mentioned CANbus itself (or one of the many competing "industry standard" layers running on top of this like FieldBus and the like) is not secured. Security comes from the implementation. In aviation that security is actually pretty well thought out. There is the option of having uni-directional links. Ports will SEND specific data but will not accept any input data. This means interference and cross-communication between systems is minimized. Without physical access to the main programming ports (usually on the electronics deck below the cockpit, only accessible from there) you're not going to get anything done. And then even if you DO have access you probably won't get much done as security and tamper protection is actually a thing in the aviation world.
Unfortunately in the truck business the situation is not much better than in the car business. No-one in the industry has ever had to give a rats ass about security, they have never done it before so they are not going to start until forced to by the market or by the bodies piling up and the wrongful death suits flooding in.
CAN Bus is a great implementation given the age of the standard and the fact that it has to operate in an electrically horrible environment with as cheap as possible (e.g. as few a wires as possible and as little heavy duty shielding as possible - and often cheap wire as well). However as noted above, by other posters, it's not designed for security as it's just a relatively low level transport mechanism.
To implement security in a CAN bus network you don't connect anything remotely insecure to the CAN bus network; it's that simple and is a simple method of implementing security. Unfortunately in this instance some numpty brain dead fool decided that a good feature would be "remote start", "remote control of lights" or similar utility functions which while not bad as such, their implementation would have to be extremely well thought out. In this case it's very clear that the implementation wasn't thought out at all and a relatively direct connection between the public Internet and an internal CAN bus device was established, most likely for ease of development and cheapness of implementation. What should have happened is that the public Internet device was connected solely to the CAN bus through a dedicated communication route, i.e. communicating with a CAN IO module that simply fired specific messages across the CAN network in response to the IO signals. The worst that could happen in this case is that the specific remotely enabled functions could be triggered and no more however it's plain that the Internet connected device is directly connected to the CAN bus network and can therefore send whatever CAN network messages it wants. Such as an implementation is flexible (in case UConnect want to add interaction with other systems), cheap to develop, implement and support but utterly, fucking stupid.
There is no inherent security in CAN bus or Profi bus or RS485 or RS422 or USB or Token Ring, or Ethernet or any traditional industrial bus. The assumption was a separate system was used for any out of building communications. I've been pointing out the error in this since Token Ring and Ethernet and Internet arrived. With direct dialup connections we always configured that it hung up and rang back to pre-decided number for that account. That layer of security vanished with Internet.
But I can't see all that much advantage over a dealer version.
When you update the car firmware you also program the version number into the entertainment system - then it can notify you that there is new firmware available from your garage.
"“The controls needed to drive the car should be completely isolated from any external facing system, so no Bluetooth, no Wi-Fi, no 3G, no attack surface at all,"
But what even marginally-competent vehicle designer would ever think anything else? Why does it take a consultant?
I imagine the government must be behind this; only with clout of that power would a manufacturer risk their reputation by implementing something so obviously insane. Or should we, like Napoleon, be careful to "never ascribe to conspiracy that which is adequately explained by stupidity"?
I never gave the dealership my mobile number, just home landline
Last year I went to Birmingham during the only real bit of icy weather
at 5am, I got a text, warning of icy condition on the roads locally.
The text said my reg number and was from from a number I didn't know
I can only guess my car swipped my mobile number by bluetooth when connected to the handsfree system.
What concerns me is that nowhere is there any mention of a mobile connection from my car or anything about mobile numbers. when I called the number it just said "Incoming calls not supported"
You could be right but there are loads of other ways of matching up you to your mobile number.
For example, if you use Facebook or Google+, both of those are really, really keen for you to lodge your mobile number for "security reasons" - prove yourself to them, recovery codes etc. Nothing to do with linking you up. Chrome to Phone offers a similar hook up between your browser (and hence your PC and you) to your devices.
Even your home phone number provides a link to you, that after jumping an index or two via joined up big data will get your mobile number.
Combine that lot with GPS on your mobe plus bookmarks etc synching, bluetooth and wifi AP watching and you, along with the rest of us are pretty well pwned in a marketing sense.
'when I called the number it just said "Incoming calls not supported"'
Next time, bung the number into your search engine of choice. It might find the number listed on the relevant company's website, or maybe the search will lead you to one of the various sites dedicated to identifying the companies hiding behind non-geographic numbers (most especially those that make annoying sales calls).
Either way, there's a chance you'll be able to identify the company that owns the number, and from that work out how they got it. As gerdesj says, it might not be what you initially suspect.
Some lovely explanations there. Using Occam's Razor, it's more likely the the car Bliutooth, which reads and stores the phone book, will also get the phone number of the connected phone. Once the car goes in for service, they probably scrape all the data they can from the systems. No Internet required.
There doesn't seem to be any disclaimers on the service sheet you sign when taking the car in for service which allows them to read, store and use personal data from the car, nor is there any disclaimer that says they will update the on-board firmware which might change the car handling and not even tell you they did it to YOUR car. I wonder if the mechanics who do the firmware update even know what the fixes/changes are.
Stop paying the Bill is a good idea however my guess is that part of the Warranty conditions is that your car remains conneted (phoning home your driving details) 24/7/52. stop parying the bill or disable it and you are suddenly without any warranty.
I can't see why your car needs to be connect to the internet. I'm in the market for a new car so I will be grilling the salesman about the connectivity.
"...hide it in the lease..."
A lease should be based on the Time Value of Money equation, based on the explicitly disclosed terms, to the penny.
I've done car leases four times in years gone by, and the numbers have always checked out with a financial calculator.
Hiding extra charges in a lease would be called 'fraud'.
I'm not paying for 3G to Internet in my new Tesla Model S. Tesla pays. So I can't cancel.
It does have its uses, like free software upgrades every now and then, enabling cool new features.
But long before this story broke, I did have concerns about the system being hacked. On the Tesla, just about everything is electronic, so a hacker could have a field day.
Great question, but a better one is "why are the brakes connected to a computer that has a web interface?"
Every time I think I've seen the apogee of automobile stupidity some idiotic designer comes along with an extra solid fuel booster and a zippo.
That's called cheating. The Golden Rule of Security is if you get physical access, there is no security.
What should obviously be done is to totally separate the critical driving chips, bus and software from the infotainment part.
The only reason that this has not been done is to save $3 on another chip and maybe $20 on the associated infotainment hardware bus.
So, for less than $30 we have this stupid hacking nightmare.
Somebody deserves to be taken out behind the shed and shot.
"So, for less than $30 we have this stupid hacking nightmare."
What's the typical manufacturing run of a model before it changes significantly enough to change the bus? A million vehicles, all saving the the manufacturer $30 a pop while still keeping that price ending in the "magic" ...999.99
No doubt some Chrysler VP or other thought himself technically savvy and had a little "eureka" moment. At the very next board meeting he explained his idea. Then the head of marketing chimed in and decided it would be insanely awesome in commercials to have someone unlock a car's door and start the engine from her cell phone while her husband and his buddy watched. The marketing guy got the insane part right. Anyway, the decision was made by the board and the engineers were directed to make it so. No discussion of the merits of the scheme at the engineering level ever occurred.
Okay, so most of the bits about the hack I get. But I'm struggling with *why* the brakes are entirely electronic. Anyone know why?
I appreciate that shutting down systems might prevent ABS from working, and if the engine is shutdown, then I guess the brake servo won't work. But I can't understand brakes not working at all. Seems like a huge design issue, and potential liability to the manufacturer... and that alone, I would have hoped, would have prevented them from using such a system.
At least in the UK, and I would suspect (but can't confirm) in the States, there are two systems which *must* have a mechanical connection that works in all circumstances: the brakes and the steering.
That usually comes out as a direct shaft all the way from the steering wheel to the steering rack, and a hydraulic circuit from the pedal's master cylinder directly to the brake callipers - in fact, two independent circuits are mandated.
Steering is easy, although most people are surprised about just how much muscular effort is required to turn the wheel at low speeds with no power assistance in most front-engined cars, but I have a certain distaste for the idea of, for example, self-parking systems: that implies a servo system that's significantly more powerful and could have nasty consequences if the electronics decided to do something you didn't expect - they're a step away from a basic feedback-controlled system.
Brakes, on the other hand... an ABS system works by interrupting the pressure lines feeding the brake cylinders. An active traction system both interrupts and applies brake pressure independently of direct driver input. This is something with which I am not happy and I would much prefer to avoid driving a car so equipped - I've worked in electronics for far too long to expect things to work as designed forever.
The problem is that both systems are, for different reasons and for different people, necessary. The steering assistance is required for financial reasons: front wheel drive cars are cheaper to build but make the front of the car heavy; many people would find driving, and particularly low speed manoeuvring difficult without it (though I prefer a much heavier control feel than is generally available these days). Auto parking? Why? What happened to learned skills?
And the same really applies to skid/slip control systems: they're now on pretty much everything... and yet, a competent driver will never find himself in a position where either is required... so they're excess weight and excess cost and excess complexity, and encourage poor driving skills - because the brakes are like, magic, aren't they?
And yet... these critical systems are designed so they can be updated (good design) without a direct electrical connection (stupid beyond measure) even though there is a mandated electrical connection directly to them.
At least in the UK, and I would suspect (but can't confirm) in the States, there are two systems which *must* have a mechanical connection that works in all circumstances: the brakes and the steering.
That's not *strictly* true.
The steering requirement is that the steering continues to function within the (relaxed) maximum permissible input force after a complete failure of the electronic/electric system.
That doesn't actually *require* a direct physical connection, although I don't know of a way to meet the criterion above without one. But then I'm not a car designer.
I've no idea of the brake regulations - I've not looked them up, and I can't be arsed to do so today...
Infotainment systems are for the clueless and auto makers reap fortunes selling this garbage to the brain dead. Since almost no one in the auto business knows anything about auto security let alone Net security, it's no surprise at all that crims can unlock digital security systems, hack the vehicle's controls and more. Until all people responsible for these design defects are held accountable and punished for their negligence, insecure autos and IoT systems will be sold to the naïve.
Or robbers could exploit this to immobilize Police vehicles during a raid.
This scares the hell out of me because it could also be used against *any* vehicle with the vulnerability which doesen't just include the vehicle mentioned.
Many cars have DAB including mine (Hyu I10) and short of ripping out the in car audio system which is built into the frelling dashboard with a non standard interface so installing an aftermarket radio is not an option.
I dread to think what nasty hacks could be done on slightly older cars using a variant of side channel attacks ie inserting fake clock pulses into the DAB signal to mess with badly shielded onboard networks.
Did Fiat have the contract for Russia's new remote control medium tanks with the Playstation driving controls?
I could see where a drone tank could be useful around the house, varmints and such.*
*On a more serious note, just finished converting over to disc brakes on my 58 GMC stepside truck - those drum brakes.... well, the discs cut about 50'-75' off stopping distance off from 60mph to 0 panic brake. Helpful ;) I simply do not agree with the antilock brakes on my 08 GMC Canyon. I know and can predict responses to certain variables with regular old school brakes, antilocks not so much. There is a six inch strip of metal on the end of a bridge, right at the stop sign of a T intersection, if that fscker is wet, under normal braking pressure, they feel that wet metal strip, slide a bit, and activate. Most times you can get it stopped at the sign, sometimes you're in the intersection. Takes a different driving technique and I personally like to have control of my vehicle, not HAL.
No electronics to speak of on that 58, unless you count the capacitor on the distributor, my thought was a nice headless sound system to dock my smartphone into. Why duplicate functionality if you carry the damnably useful thing around anyway?
Sigh... Ya'll have a great day, I'm off to ghost a couple of backup primary IDE drives on an ancient KOMO router w/Windows 2000 and a sketchy WD 40GB IDE drive. Can't wait :|
Biting the hand that feeds IT © 1998–2019