back to article Now car hackers can bust in through your motor's DAB RADIO

Car brakes and other critical systems can be hacked via car infotainment systems, security researchers at NCC Group have revealed. The ingenious hack, demonstrated in an off-road environment, works by sending attack data via digital audio broadcasting (DAB) radio signals. This is similar to a hack that allowed security …

  1. Chairo
    Joke

    but fortunately no-one dies when a system gets hacked.

    The sysadmin will be hanged of course.

    1. e^iπ+1=0

      Old School

      This is when I feel happy that I have an old fashioned car - in fact one that the top gear show failed to destroy - an early 90s Hilux.

      These days none of the crims can be bothered to break in with a bent paperclip.

    2. JCitizen
      Megaphone

      I've been warning about this since 2009

      And people thought I was crazy. So now they wake up!

  2. Pen-y-gors Silver badge

    WTF?

    In what strange alternate universe would anyone think that connecting the car radio to the brakes was a good idea?

    1. AndrueC Silver badge
      Unhappy

      Re: WTF?

      I assume it's down to the use of a universal communications bus. In some cars the infotainment 'has' to have some communication with the critical components so that it can do things like adjust the volume according to engine RPM. For a given value of 'has' perhaps :)

      Ideally they wouldn't be on the same bus. It ought to be possible to retrieve that information using a dedicated communication link that only returns a number. But of course that's an extra bit of dedicated electronic gubbins. It's likely cheaper just to stick everything on the bus and let components talk amongst themselves. Car manufacturers will do anything to shave pennies of build cost.

    2. Anonymous Coward
      Anonymous Coward

      Re: WTF?

      I suspect its because your 'auto braking' or whatever its called ties into the display, your radio ties into the display, so there is an attack path

      1. Joerg

        Re: WTF?

        Only someone insane would design and code things to work that way.

        It seems that these systems were built by design to be hacked.

    3. Anonymous Coward
      Anonymous Coward

      Scotty Knows Best

      "The more they overthink the plumbing, the easier it is to stop up the drain"

    4. 8Ace

      Re: WTF?

      It's probably the fact that that most cars use a CAN type bus to exchange message between different systems. For example most car music systems offer speed depended volume to cover road noise so there's one connection. The nice display on these Infotainment systems are great for systems messages too so it now must exchange info with other systems handling brakes (wear, ABS), engine (temp, ECU issues etc.).

      Once you have access to that common bus you have the opportunity to send "trusted" messages between most systems in the car.

      1. Anonymous Coward
        Anonymous Coward

        Re: WTF?

        > It's probably the fact that that most cars use a CAN type bus to exchange message between different systems.

        My 15 year old Peugeot had two such canbus networks (or was it vanbus?). One for the critical stuff and a "comfort" bus for the fripperies. As far as I know the critical bus wasn't physically capable of receiving data from the comfort bus (I think it could send).

        I kind of assumed this was standard practice and am a little bewildered that it's not...

      2. Mpeler
        Pint

        Re: WTF?

        @ 8Ace " ...The nice display on these Infotainment systems are great for systems messages too ...."

        Maybe they hired away some of the people responsible for that M$ Office GUI mess known as "the ribbon".

        The more eye candy, the more problems....

        One has to wonder, however, just how much automation is necessary. Safety, yes, eye-candy gobbledegook, no.

        (Overly) smart cars lead to stupid drivers. An example of this would be people who rely too much on the parking-system sensors - sometimes it pays to watch where you're going.

    5. Meerkatjie

      Re: WTF?

      Indeed - all critical systems should be separated from the fluff systems. If I decide to go to some bloated map service on my onboard gps I wouldn't want my brakes to stop responding until the service finally responds.

  3. MrXavia
    Facepalm

    Surely the infotainment system would be separate from the drive systems?

    There should be no way to feedback from the DAB/Radio/Display in to the control systems!

    Its just bad design if its done any other way...

    the worst case should be a way to mess with the display, not the operation.

    1. Phil O'Sophical Silver badge

      Need to apply basic secure design principles.

      Surely the infotainment system would be separate from the drive systems?

      One problem is that entertainment systems like TVs, or SatNav units, need some info from the drive systems. For example front TV screens must be disabled if the car is moving, certain SatNav features can only be used when the handbrake is on, selecting reverse gear can trigger rear camera display on the infotainment screen, etc. It should not be possible to send information in the opposite direction, but that is what these hacks are doing.

      Since it's a bus it's hard to make the bus itself one-way, but this sort of hack suggests that:

      - No-one bothers to make the infotainment system secure because "who cares if someone breaks the MP3 player", forgetting that such a system can, when hacked, send data to the bus.

      - The serious flaw seems to be that senstive systems like brakes accept commands from all devices on the bus.

      All those sensitive subsystems should have a firewall, and a whitelist of bus clients from which they will accept a specific list of control operations,. Any anomalies, such as commands from unexpected sources, apparent address conflicts, etc. should immediately trigger a lockdown and fallback to a safety mode, perhaps a shutdown of all non-essential devices. You'll never be able to guarantee that a device with an external connection cannot be hacked, but you should be able to have the other devices protect themselves a lot better. It seems that few manufacturers bother to do so (some do, apparently).

      1. AndyS

        Re: Need to apply basic secure design principles.

        I worked for a few years developing new drivetrain components, so let me chime in.

        Firstly, the address from which a CAN signal is sent can be spoofed. The engine we were using, as is standard, would only accept commands from a limited number of places, including up to a maximum of 2 transmission controllers (with allowable source addresses hard-coded into the engine ECU). Once we knew that, we simply told our component to pretend to be the second transmission. Bingo. Complete control over the engine.

        Secondly, the messages that control a drivetrain are completely standardised. Once you understand it ( see https://en.wikipedia.org/wiki/SAE_J1939 ), you can figure out pretty much how to make the engine, gearbox etc do anything you want it to. If you have a compromised node in the powertrain CAN system, I don't think there is any way currently to protect against it.

        From this point of view, separation of the essential (powertrain) systems from non-essential (infotainment, radios, lights, HEVAC etc) systems on separate CANs, with a carefully designed translator between them, strikes me as the only sensible way forward.

        Now on heavy vehicles, this is already done, as there are so many components, from different manufacturers, each with their own complete ECUs that a single CAN would be too crowded (there are probably dozens of other attack vectors though, as there are so many programmable ECUs around). But in cars, where the engine, gearbox and other functions are often run from one super-ECU, and so less communication is required between them, there is more room to put other things on that CAN. So it's technically feasible to only have one CAN, and of course it's cheaper.

        Once exploits like this become more public, and especially if they are used in the wild, I would expect the security of these systems to increase massively.

        1. DaLo

          Re: Need to apply basic secure design principles.

          But there is no reason to need to have the infotainment system on the CAN bus in the first place. It only needs to receive signals (such as speed, climate control etc) and then adjust volume or display the relevant screen.

          Therefore it would just require an interpreter on the CAN bus which receives signals on the CAN bus and sends them to the infotainment system. All data is sent broadcast style with no need for an ack or allow of any data to flow back (as long as L1 is sound then everything above that is not possible in the other direction).

          Any wireless signals would then be handled directly by the infotainment unit (GPS, DAB, 3G etc) and not bother the CAN bus.

          However my prediction for a future attack vector - Government/Insurance mandated speed limiting based on GPS location. GPS spoofing hack slows every vehicle on the [fast moving motorway] to the lowest speed available in the system.

          1. dwarhya

            Re: Need to apply basic secure design principles.

            In my car, you can change the mode that the car is using via the infotainment system (between ECO, normal and sport) which changes how the steering, accelerator and suspension behave. Without this connection via CANBUS to the ECU, I cannot think how this system would work

            Disclaimer: Definitely no expert on this subject :)

        2. annodomini2 Bronze badge

          Re: Need to apply basic secure design principles.

          Couple of things:

          1. J1939 is used mainly on trucks and heavy vehicles, cars tend to run a variation of CANopen, usually with a customer specific protocol.

          2. Cars tend to have separate ECU's rather than a monolithic brain, some OEM's are investigating this approach, but it is not in general use, generally as the various sub-systems are supplied by different manufacturers.

          3. Most run multiple ETHERNET/FLEXRAY/CAN-FD/CAN/LIN buses for various tasks.

          The question mark is over the programming mechanisms, given some modern vehicles offer OTA updates, via the infotainment systems, this is probably the primary weak spot.

        3. Phil O'Sophical Silver badge

          @ AndyS Re: Need to apply basic secure design principles.

          Good points. As far as

          If you have a compromised node in the powertrain CAN system, I don't think there is any way currently to protect against it.

          would the standard allow for a handshake with key exchange, perhaps on each total battery-off power cycle? If so you should be able to ensure that you only ever accept a confirmed device as, say, a transmission controller. Any other device popping up later on the bus with that address but not the agreed key would be ignored.

          Not foolproof, if you could make your compromised device get recognised as that valid controller at power-on, but it would then need to fully implement all the functions of the device it was spoofing as well, or you'd not get very far.

          1. Anonymous Coward
            Anonymous Coward

            Re: @ AndyS Need to apply basic secure design principles.

            @Phile:

            Not sure that'd help. Adding a device to the CAN means you've got physical access, in which case you could cut the brake line, spray oil on the disks etc. etc. anyway.

            Isn't the problem under discussion that of allowing devices with external links to post data onto the CAN. As others have said the solution of having two CANs with a one way send only link seems the obvious solution and I thought at least some manufacturers did exactly that.

            Personally I'd like to see an end to running apps in cars as it seems to me that it's becoming more and more of a distraction... but that's another story.

        4. Anonymous Coward
          Anonymous Coward

          Re: Need to apply basic secure design principles.

          Thank you Andy, for sharing some actual knowledge, rather than frankly useless speculation and little rants.

          To the know-it-alls: it's easy to criticise someone else's job when you've never done it or know anything about the constraints they have to work with. But you knew that already, of course.

  4. Lionel Baden

    and people really want

    Cars that drive themselves ?

    Terrorists wet dream I would of thought, how many cars on the road at any one time? OK lets just put every single one on full acceleration. Job done country is absolutely completely crippled.

    closer to this story, how good is the security at radio stations? take over station quietly, please play this track from blah blah.

    1. MrXavia

      Re: and people really want

      I was thinking that if you can mess with the emergency auto braking, then you can probably mess with the cruise control, steering, central locking... Very scary...

      1. annodomini2 Bronze badge

        Re: and people really want

        It's the self park systems that's really changed the game, as they have the steering systems control inputs available on the CAN bus.

    2. Elmer Phud Silver badge

      Re: and people really want

      " Job done country is absolutely completely crippled."

      This is easily avoided with a new car accessory.

      The older style vinyl rain covers are now wired with a fine alloy mesh -- tin-foil hats just got bigger!

    3. G.Y.

      WOBW Re: and people really want

      A remotely -hackable car is the worst of both worlds. Distracted driver can kill, hacked computer can kill.

      If the driver is in control, he, and no other thing, should be.

      If some other thing is in control, let that thing (or its owner) be 100% responsible.

  5. Mongo

    Yet again poor design and great hacking reveals me as a muppet

    As the designated geek, over the years I've answered many a question from family worried by the latest laughable Hollywood depiction of computers and hacking. Some top misses from my back-catalogue...

    No, you won't get infected just by opening a mail...

    Just looking at a picture? I think that's quite safe...

    That's a PDF, so it's much safer than a Word file because it doesn't run macros...

    A proud legacy of overconfidence ... So clearly my next triumph will be:

    Hacked just by driving a new car? No, there was only a single vulnerability but thanks to the good fundamental design of the car's data bus it was swiftly fixed and in the meantime was easily avoided by switching off RDS traffic reports...

    My best hope is that the aggressive bluetooth scanning by trojan on my phone interferes too much with the car radio (I got rid of the trojan last week but the worm on my smart TV reinfected it, and the rooted smart meter on my house is blocking my attempts to download a clean TV image...)

    1. Graham Marsden
      Meh

      @Mongo - Re: Yet again poor design and great hacking reveals me as a muppet

      The real muppets are the ones whose poor programing practices allowed such things to happen in the first place!

      1. John H Woods Silver badge

        Re: @Mongo - Yet again poor design and great hacking reveals me as a muppet

        "The real muppets are the ones whose poor programing practices allowed such things to happen in the first place!" -- Graham Marsden

        I disagree, they are merely inexperienced graduates and/or other noobs. Or, quite often, they have already raised concerns only to have them airily dismissed. The real muppets are those who actually have the power to make decisions (which, in practice, always means budget controllers) on hiring, testing, and quality control.

        Even a single, highly experienced and or qualified software/security engineer attached to one or more of these teams would make a difference in quality. The difference that 1st level management see is a 1% increase in their budget, so they demur. But even these managers are relatively blameless: they know that, whatever they say, those above them see only $ signs, and that if they are seen to increase their budget by 1% they are automatically regarded as failing, as no justification would be understood (to be honest, even given an audience) by higher management.

        This status quo will continue until those at the top suffer financially or legally. They cannot be allowed to continue to micromanage budgets all the way down and then shrug their shoulders at the almost inevitable consequences.

        1. Anonymous Coward
          Anonymous Coward

          Re: @Mongo - Yet again poor design and great hacking reveals me as a muppet

          "This status quo will continue until those at the top suffer financially or legally. They cannot be allowed to continue to micromanage budgets all the way down and then shrug their shoulders at the almost inevitable consequences."

          Except being at the top automatically shields you from blame. Either you can scapegoat someone or you can bribe the government to look the other way. As a last resort, you can take your ill-gotten gains and then vanish out of the reach of extradition.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Mongo - Yet again poor design and great hacking reveals me as a muppet

            "This status quo will continue until those at the top suffer financially or legally."

            Amen to that.

            In one job, when I started, none of the computers had antivirus installed. When I questioned this, the boss told me "We've never had a virus, so why bother". Then we got a virus.

            The same will happen with various dubious security practices at the company, lack of redundancy or backup on critical systems etc. eventually, all of which I had raised and been told they were not important (with recorded and backed up email threads to prove it when it happened).

            Eventually, they may realise that the IT techs who point out these problems are not just trying to spend their money, but are trying to save them from a future catastrophe.

  6. Scott Broukell
    Meh

    Ha!

    The only 'Entertainment' systems in my car are a somewhat dog-eared copy of "Eye Spy Lorries and Motor Cars", a rather tatty box of wax crayons and a Woolworths foolscap writing pad (price 3d).

    1. Anonymous Coward
      Anonymous Coward

      Re: Ha!

      Yes, we know - we've seen them through your mobile phone's camera.

      ...and please get rid of that half-eaten Texan bar in the door pocket - it looks gross.

      1. Toastan Buttar
        Flame

        Re: Texan Bar

        "Now just hold on there, Black Hat Eagle. You wouldn't fire a car driver 'til he'd finished his Texan Bar, would you?"

  7. 0laf Silver badge

    TBH

    I'm waiting on the first crypto locker attack on a car now.

    It's going to be far more profitable to disable someone's car and demand a payment to release it than to kill them. Killing them tends to make people take action as well.

    If I just skim off $500 from a few thousand people I'll probably make a fair bit of profit and the law won't bother for a while.

    I'll be the one without an Android power ICE in the future.

    If you really want to scare people just imaging a future where self driving cars are commonplace (which they will be). And I hack your car to ignore stop signs or red lights or just program it think the destination is 10m west of whatever you put in. again I doubt that would happen too much since there probably isn't much money to be gained from it.

    1. John H Woods Silver badge

      Re: TBH

      "the destination is 10m west of whatever you put in" -- Olaf

      <pedant_mode>I think I'm quite capable of walking 10 metres in an easterly direction when I get there</pedant_mode>

      1. Blane Bramble

        Re: TBH

        Not if there is a substantial obstacle 10m West (wall, lake, large drop, etc.) of your destination.

        1. John H Woods Silver badge

          Re: TBH

          Olaf > the destination is 10m west of whatever you put in

          Me >> <pedant_mode>I think I'm quite capable of walking 10 metres in an easterly direction when I get there</pedant_mode>

          BlaneBramble >>> Not if there is a substantial obstacle 10m West (wall, lake, large drop, etc.) of your destination."

          Well, when I'm driving the car myself, I have an additional gadget that warns me of obstacles unknown to the satnav, aka Mk I Eyeball; self-driving cars have radar / lidar. But my original comment was just a poor attempt at humour, I knew that 'm' meant miles in this context.

          Olaf's point, though - that someone could quietly reprogram your satnav, is quite an interesting one - especially combined with control over speed, doors etc (or a self driving car), it could certainly facilitate carjacking or abduction.

          1. Anonymous Coward
            Anonymous Coward

            Re: TBH

            > it could certainly facilitate carjacking or abduction.

            From personal experience, nothing facilitates carjacking or abduction like an AK47 pointed in your general direction by some ghat crazed bastard. :-(

            You keep daydreaming about Hollywoodian first-world aesthetically attractive but utterly impractical misdeed scenarios.

      2. This post has been deleted by its author

  8. Richard Wharram

    CAN Bus

    Vehicles use the CAN Bus or variations of. Its behaviour is that a client on the bus broadcasts to all other clients on the bus, providing the bus is currently free or only a lower priority broadcast is underway. Its up to other clients to look at the message and decide if they want to do anything with it.

    To be honest it's a great design for the scenarios it was intended for. However, integrating it with the public internet provides some very specific design challenges that perhaps it isn't best suited for. All devices on the bus are trusted by default. Anything on a public network should be untrusted by default.

    1. Mpeler
      Paris Hilton

      Re: CAN Bus

      Firesign Theater saw this coming, years ago, with their album,

      "I Think We're All Bozos On This Bus".

      Al Yankovic did too, with "Another One Rides The Bus".

      Hmmm... Early INFOtainment. (And really good, too).

      Apparently the Porsche Panamera uses (or used - article is from 2010) SIX CAN buses for various systems, and has gateway ECUs. There's a PDF at http://vector.com/portal/medien/cmc/press/PND/

      CANoe_Porsche_PETRA_ATZ_201011_PressArticle_EN.pdf

      with more info. (You'll need to splice the two halves of the URL together, somehow it wouldn't fit here).

      I would think they could have a "software" firewall to go with the hardware firewall they already have.

      Having said that, the "drive" toward self-driving cars (and government control thereof?) makes problems like this more and more likely...

      Paris, Prosecco, and Porsches...

  9. Anonymous Coward
    Anonymous Coward

    go on, try to hack my system. I dare you!

    the DAB radio in my Car only broadcasts FM that is picked up by the FM Radio in my old Swedish Tank.

    I really would like someone to come up with a way to take control my 'the tank' using a DAB broadcast.

    Back to the real topic. If a car has an attack vector via the Radio, can we be 100% sure that this was not put there at the behest of a Three Letter Agency (or 4 in the case of the UK)?

    we can't. So lets wait for the jolly car makers to issue a recall so that they can fix it. No recall then either it is not a problem in reality or the TLA's have said No.

    Aren't wet Friday's great for conspiracy theories!!!

    1. Aoyagi Aichou
      Headmaster

      Re: go on, try to hack my system. I dare you!

      Like any other day, they're also good for not denoting your plurals with apostrophes.

      1. jzl

        Re: go on, try to hack my system. I dare you!

        And for learning the surprisingly easy rules of capitalisation in English.

    2. Anonymous Coward
      Anonymous Coward

      Re: go on, try to hack my system. I dare you!

      it could explain some car crashes...

      like this

  10. nematoad Silver badge
    Unhappy

    Glad to be in the slow lane.

    I adore my 1998 Mini Cooper S and having seen all this about "connected cars" and "infotainment" (ugh) as vectors for hacking has made me love it even more.

    The thing I enjoy most about it is the fact that it's all about the driving. Fast responsive steering, excellent performance ( I still don't know how fast it goes as the speedo only goes up to 110 mph) and the sheer joy of the handling. So to see worries that the brakes, accelerator, airbag etc. could be tampered with in more modern cars does mean that I am grateful that I have a simple, uncomplicated little car instead of one of these "travelling computers" that seem to be in vogue at the moment.

    OK, a Mini is not for everyone but I do think that the marketeers at the car makers have got too strong a hold on things and are pushing "shiny" at the expense of safety. Too many features, not enough thinking things through.

    It may be a bad thing when a PC or laptop gets hacked but at least in most cases it won't be travelling down the motorway at 70mph when it does.

    1. werdsmith Silver badge

      Re: Glad to be in the slow lane.

      My old car doesn't have any of this connected stuff, but if someone wants to cause damage to it then it's easy enough. Vulnerabilities range from concrete blocks lobbed off bridges to nails in tyres.

      1. Anonymous Coward
        Anonymous Coward

        Re: Glad to be in the slow lane.

        "My old car doesn't have any of this connected stuff, but if someone wants to cause damage to it then it's easy enough. Vulnerabilities range from concrete blocks lobbed off bridges to nails in tyres."

        Sure, but try doing it from ten miles away where you can hightail it before the police even know you hacked a car and caused it to crash (oh, BTW, this kind of hacking leaves very little to work with in terms of evidence, too, since you can work from a hotspot to cover your tracks).

  11. Anonymous Coward
    Anonymous Coward

    If it weren't for the fact you need something like a computer to stabilize the car and improve its fuel efficiency, I would think someone would've come along and demanded all motive systems be purely mechanical since no one's been able to hack a gear or mechanical linkage.

    1. ganymede io device

      Mechanical hack

      Bananas up the exhaust pipe - it worked for Eddie Murphy in Beverly Hills Cop.

      1. Richard Wharram

        Re: Mechanical hack

        Is that a euphemism?

    2. nematoad Silver badge

      ... you need something like a computer to stabilize the car and improve its fuel efficiency"

      Stabilise the car? Hold on, this isn't a fly-by-wire fighter jet you know. Those are deliberately made unstable so as to increase their manouverability and cannot, in most cases, be flown without a computer intermediary.

      But a car? That should be stable, have all wheels firmly connected to the ground and be able to go around corners in safety. Unless of course it's a Reliant Robin.

      As to fuel efficiency, I don't know, that must surely depend on the driving style of the driver and road conditions. Maybe an engine ECU will help but fuel efficiency must be seen as a moving target.

      1. Neil Alexander

        Re: "this isn't a fly-by-wire fighter jet you know"

        In modern cars, it is very much drive-by-wire, especially in cars where stability control (ESC) is standard, or have any optional features along the lines of cruise control (or the adaptive variant), adjustable speed limiter, lane keeping assistance or any number of other features that modify the throttle, brake or steering input in any way.

        Not to mention that ABS is computer-controlled, as are TCS and TVC (on cars that have them), and so are plenty of other safety features (whether you realise the car is doing them or not). Sure, you don't need these things because these systems are technically non-essential - you could own a car that has none of them - but if I'm about to be involved in a potential accident, then I welcome all the computerised help I can get to minimise the impact.

        Finally, a number of parameters to actually keep the engine itself functional are typically regulated by a computer too - things like idle revs, fuel/air mixture and operating temperature. That's partly why modern engines are so smooth and actually work properly in extreme cold, extreme warm, etc.

  12. jzl

    Beats

    This is so the radio can automatically tap the brakes in time to the music.

    1. Mike Lewis

      Re: Beats

      It makes headbanging easier.

  13. David Roberts Silver badge

    DAB Radio?

    What nobody seems to have mentioned so far is that the DAB radio is unlikely to be a discreet component.

    Mobile phones have had music players and radios integrated for decades.

    So, isn't it likely that there is one big tablet computer acting as the central console which can do everything from playing tunes to changing profiles from economy to sport?

    Which in turn needs access to all major components? Including turning off stability control which messes with throttle and braking. What about the collision avoidance systems?

    So policing the bus a little better may well make no difference at all. Full access is required by the central computer. This computer should be at the heart of the security design.

  14. Alan Denman

    Just buy a OneBrake4All?

    Good job few operate a TV in their car.

  15. Unicornpiss Silver badge
    Meh

    Not unexpected...

    But what people fail to realize with the Jeep hack is that they had to rewrite the firmware first to allow this to happen. Still, it is a vulnerability and "infotainment" systems should be firewalled from the rest of the CAN bus (or whatever networking strategy each automaker is using)

    Another problem is that with increasing complexity, you're always going to have vulnerabilities that no one could have foreseen. It's up to the automakers to acknowledge faults and patch them, the same as any computer hardware or software purveyor. At least Fiat-Chrysler is working with the white hats that came up with the exploit and a patch has been produced.

    I remember on one of my first cars, which had no electronics other than the radio, there was a combination of switches you could turn on that would create an unintended ground path and cause the wipers to stutter across the windshield in time with the turn signals. And this was a pretty simple purely electromechanical system with an unexpected flaw. What do you expect with millions of lines of code to debug on a modern vehicle?

  16. earl grey Silver badge
    Mushroom

    yes, yes, but....

    If you don't let your underpowered measly little engine talk to the radio and broadcast those nice rumbly sounds as if you've got a real motor under your bonnet... it just HAS to talk to the radio; even when it's turned off...yeah, that's the ticket.

    Oh, and some of the new vehicles that will stop for anything in front of them...they're already all set up to assist carjackers and kidnappers... just walk in front...car stops. simples..

  17. John Styles

    As I have said before:

    1. You can't trust computers

    2. Everything is a computer

    3. Run!!!!!

    Surely if you had described this scenario to someone 30 (say) years ago, you would have been a prime candidate for a visit to the men in white coats. I am still a tiny bit dubious.

    With my previous car which had a 3rd party ISO DAB radio, the local Skoda dealer blamed the EMS warning I was getting on the car radio sending errors to the bus. I didn't actually believe them at the time (and still don't, but maybe, just maybe, I was wrong) - I went to another garage who fixed it without blaming the car radio.

  18. Nameless Dread
    Big Brother

    ... a visit to the men in white coats. ...

    @ John Styles

    Nah - THEY come to YOU.

  19. John Brown (no body) Silver badge
    Joke

    Steganography?

    I can't see hiding the code steganographically in the source recording working in the UK. DAB transmissions are so badly degraded to low bitrates/converted to mono at the point of transmission I don't think actual code/data would survive intact.

    1. Mpeler
      Holmes

      Re: Steganography?

      DAB? You mean "Something For The Weekend" (column). Maybe the BOFH will also show up on the CAN bus (CAN'T bus?)...

      Digital Radio is also being foisted upon us over in Germany, and the, erm, takeup has been less than enthusiastic. AM was brilliant for emergency transmissions, camping and travelling (due to the better DX possibilities), and, though relatively low fidelity, the reception slowly got worse, as opposed to dropping off as if it were the victim of a steep notch filter.

      How in the world are we going to use our Phillips EE8 and EE20 Radio Kits if there's no AM anymore, sigh...

  20. Dieter Haussmann

    This is REALLY bad design. Most cars have a gateway with multiple LINBUS, CANBUS, MOSTBUS etc.. e.g. comfortCAN and PowertrainCAN and there is no possibility of passing actual CAN commands between the two.

    1. Anonymous Coward
      Anonymous Coward

      But people have tight wallets these days, and doing that kind of design can be costly enough that people don't buy it. What's good is a security design that no one can afford?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019