back to article McAfee puts Barnaby Jack on car-jacking hackers' case

McAfee has put together an elite team of researchers to investigate how to go about protecting car systems from next-generation hacking attacks. Members of the team include Barnaby Jack, the security researcher best known for demonstrating ways that crooks can force ATMs to spit out cash and for highlighting security …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Fixed.

    "No such attacks will ever take place in the real world but car manufacturers and auto industry associations are already aware of the possible risk."

    Fixed it for ya! (Gratis, too!)

    1. Graham Bartlett
      Boffin

      Re: Fixed.

      Dead right.

      All theoretical attacks WITHOUT EXCEPTION need physical access to the vehicle's CAN bus. There are so many other ways you can sabotage a car, even without getting inside the car (hint: wheelnuts), that this is utterly pointless. For precisely this reason of safety, a wireless CAN bus is not going to happen. Sure a wireless sensor network in a car may come about sometime, but it's not here yet, and only an idiot would assume that the automotive engineering industry wouldn't think about security.

      Even then, all modern ECUs are designed to cross-check sensors and reject anything which looks bogus. If the vehicle speed sensors are reporting values which are not physically possible given the engine RPM and gearbox output shaft RPM, all modern ECUs will flag up the speed sensors as faulty and ignore them. I'm sure you may be able to find ECUs which don't do every cross-check they possibly could, but the investment in time and effort to make this happen with a car you already have sat in your garage is ludicrous.

      1. Arthur 1

        Re: Fixed.

        @Graham: not true. Remote exploitation through the onstar cellular modem and through bluetooth have both been demonstrated

      2. Eddy Ito

        Re: Fixed.

        One minor problem, TPMS sensors are already wireless. NTN has demonstrated wireless ABS sensors. The industry is moving to something more like a wireless version of CAN, quite possibly because it doesn't make much sense to have miles of copper control wire inside an automobile when the same can be done with a single loop providing Vcc, the chassis providing ground and wireless for data and control. Compare that with the typical CAN bus or USB having Vcc, gnd, data hi & data low.

        As in the linked article, it's already possible to fool TPMS going down the road at over 40 mph and it wouldn't be hard to get someone to pull over while the attacker plays "good Samaritan" and ultimately steals the "disabled" car. Now imagine the attacker is a bit more aggressive and can tap into the brakes as well so he doesn't really need to play the con game. Many cars are already throttle by wire and I don't think it will be long before those wires go away. Of course the upside to all this is the mechanic will be able to diagnose your car without having to get grease on the seats. I call it an upside because for most people cars are already too complex to perform any serious repairs yourself.

      3. jake Silver badge

        @Graham Bartlett (was: Re: Fixed.)

        I think you'll find that Ford's "Sync" APIM has access to both high & medium speed CAN busses, and also has Bluetooth connectivity. It runs "Windows Auto". Joy.

        Also, see my post from nearly two and a half years ago:

        http://forums.theregister.co.uk/post/716293

        No, I didn't try hacking into his car. At my age, I need to be paid for that kinda work ... As a side-note, ask me why I collect & restore 1960s Ford muscle-cars, and late-60s/early-70s Datsuns ...

      4. Allan George Dyer

        Re: Fixed.

        So, Graham Bartlett, why is the automotive engineering industry more likely to think about security than, for example, the ones who made rlogin, rsh and rcp transmit passwords in the clear, or the ones who made Macro Viruses viable by including auto-execute macros, or the ones who decided it would be a really cool idea to have your OS autorun stuff from any junk media you plug in, or the Siemens SCADA engineers who not only designed equipment with well-known default passwords, but made software that failed if you changed them?

        I guess these must be different engineers, working for companies that value security highly. Good thing Siemens isn't building automotive systems... oh, wait!

      5. Anonymous Coward
        Anonymous Coward

        Re: Fixed.

        "all modern ECUs will flag up the speed sensors as faulty and ignore them."

        I suggest you search on Ford VSS, MAF's and throtlle control issues to see how wrong that is.

        Hint search for car speedo drops to zero / loss of power / cutting out at low revs.

        1. Graham Bartlett

          Re: Fixed.

          OK, "should". Sure, I've seen some which don't. Still, I think that with physical access to the car, I can figure out easier ways to make it lose power...

  2. ElNumbre
    Unhappy

    Updates and Service Packs

    Id like to see how they intend to address the patching of in-car systems when exploits are detected.

    If its anything like today, you'll have to drive to your vehicle manufacturers stealership, hand over a briefcase full of used notes, disappear for a few days, then hope that they've managed to find the update cd.

    Or, more likely, you'll only be protected if you pay a subscription fee where they can use the built in 3G modem to download it, but only whilst you continue to pay the 'protection fee'.

    How long will it be until McAfee resellers start offering car software support 'because we wouldn't want anything bad to happen, like your brakes failing'.

  3. Anonymous Coward
    Anonymous Coward

    It's tyre not tire

    As in "tyre blowout", or a puncture if you're an English speaker.

    1. fridaynightsmoke
      FAIL

      Blowout != puncture

      A puncture is a slow loss of tyre pressure, via a small (i.e punctured) hole.

      A blowout is a sudden loss of tyre pressure (and often pieces of tyre) via a big gaping hole.

      1. fatchap
        FAIL

        Re: Blowout != puncture

        To puncture is to make a hole in something. The size does not matter. A blowout is a type of puncture.

    2. ItsNotMe
      Devil

      Re: It's tyre not tire

      Not on the LEFT side of the pond.

      1. Anonymous Coward
        Happy

        Re: It's tyre not tire

        But on the RIGHT side of the pond it is.

  4. Britt Johnston
    Pirate

    Driver-free cars

    Once Google's vision becomes accepted, we will have herds of carbots that on Zero-Day are all reprogrammed to drive to their pick-up point.

    1. Rob Carriere

      As has been foretold...

      Roger Zelazny, "Auto-da-Fé", 1967.

  5. Anonymous Coward
    Anonymous Coward

    Do Intel (owners of McAfee, right?) do much business in vehicles these days?

    Or are vehicles mostly using PPC and ARM, where performance per watt is in the land of reality rather than ridiculousness, thus allowing sensible cooling arrangements?

    http://www.theregister.co.uk/2011/03/15/intel_mcafee_deal/

    1. Graham Bartlett

      Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?

      The amount of business they do is a round number, for sure. Namely zero.

      You'll find a few WinCE thingys in satnavs, radios and other in-car entertainment stuff. Even then though, it's mostly ARM. And since none of this stuff ever gets to talk on the engine/transmission CAN bus, they physically can't get to anything safety-related.

      1. jake Silver badge

        Re: Do Intel (owners of McAfee, right?) do much business in vehicles these days?

        Uh ... Graham, at least with Ford's "Sync", the "entertainment" system does have access to the vehicle management system, through a central computer that controls both. The central computer (called the "APIM" by Ford) runs Windows Auto. No, it's not Intel. Yes, it's ARM. But it's still MS-Windows.

  6. Dan Paul
    Devil

    McAfee?????????? Please God no!!!!!

    <SARCASM> Really, McAfee? This will be the death of the automobile as we know it. Might as well get a new bicycle now before the price goes up. Norton wouldn't be any better.

    First, the car will take over ten minutes to start because their antivirus is such a miserable resource hog, then it will only allow you to drive it to the dealer because it will need an update about everytime you start it. Next, driving it anywhere near another vehicle will cause both vehicles to temporarily shut down while they scan each other for viruses. During scanning or updating the vehicle will lock the doors and windows and turn off all other functions. For your own safety, you will not be able to leave the vehicle until the scan or update is done. Unfortunately, the update will corrupt the master boot record so the vehicle is locked in an endless cycle of update and reboot. The end result is that millions will die from being locked in their cars.

    Tree hugging carbon credit junkies will finally get their wish as millions die and the rest are forced to walk everywhere. 40% of the remainder die of heart attacks because they now had to walk. The overwhelming unbalance in favor of the remaining unwashed hippies finally tips the vote in favor of wind energy. All regular power plants are shutdown and those who know how to run them are killed for crimes against the enviroment. Unfortunately, a cold snap happens and the winter temps dip below -10 F for two months and the rest of humanity outside of the equatorial regions freezes to death.<SARCASM>

  7. Neil Barnes Silver badge
    Flame

    I don't know why they're bothering.

    The Microsoft supplied system on my car is quite capable of crashing on its own...

    1. Anonymous Coward
      Anonymous Coward

      Re: I don't know why they're bothering.

      "The Microsoft supplied system on my car is quite capable of crashing on its own..."

      Have you been playing video games on it?

  8. Thomas 18
    Happy

    Vehicle Security

    Simple route to car security: replace all Wi-fi, NFC,bluetooth etc with a single USB port next to the stereo. Then put a massive padlock on the door and paint it chrome (the car, not the padlock).

    How many more sentences do I need for a funding proposal?

    1. JimmyPage Silver badge

      Re: Vehicle Security

      You'll need an environmental impact assessment. And an equal opportunities policy.

      1. Anonymous Coward
        Anonymous Coward

        Re: Vehicle Security

        "You'll need an environmental impact assessment. And an equal opportunities policy."

        Ha ha! So very true. A few weeks ago after an item on the local news section of BBC News site I read the proposal by Bristol counci to introduce 20mph limits over most of the city in the next few years. And there were several pages at the end covering an environmental impact assessment (20mph seen as being positive to the environment) and an impact assessment of the effect of the policy on non-white people, women, gay people and transgendered people (impact seen as being neutral with possible slight positive effect)

  9. NozeDive

    Car hacking?

    What we need to focus on is how to make the computers LIE and report no faults and emissions within tolerance. Where's Kevin Mitnick when you need him?

    1. Dan Paul
      Devil

      Re: Car hacking? Who needs Kevin Mitnick when you have a canbus adapter & software?

      The guy up near the top of the thread talking about CANbus is your first clue. CANbus is a common industrial automation protocol used in almost every auto today. Check http://www.canbushack.com/blog/index.php for some interesting info.

    2. jake Silver badge

      Re: Car hacking?

      Mitnick wasn't a hacker. He was a (crappy) "social engineer". He is, and was, a putz.

      Why would you want your car to lie to you when it's broken?

  10. Bob AMG
    Mushroom

    Its been done, via FM radio

    http://www.youtube.com/watch?v=metkEeZvHTg

    Thats a TED talk about it.

  11. Fred Flintstone Gold badge

    "No one's tried to hack a vehicle's system yet" - what??

    Huh?

    Maybe I misunderstood this article, but the guys at the Center for Automotive Embedded Systems Security (http://www.autosec.org) have demonstrated remote car hacking years ago. They presented a paper called "Experimental Security Analysis of a Modern Automobile" in 2010, so I would not call this new.

    They have done such entertaining things as killing the brakes of a car..

    1. Anonymous Coward
      Mushroom

      Re: "No one's tried to hack a vehicle's system yet" - what??

      Don't kill the brakes, kill the driver. Or, if you're feeling really evil, only kill the back-seat passengers.

  12. dylan 4

    If only...

    ...somebody would hack my '11 Subaru, the UI for the factory satnav and stereo is so pitiful that it's remarkable its routing smarts are even worse.

  13. Anonymous Coward
    Anonymous Coward

    "only an idiot would assume that the ... industry wouldn't think about "

    Who knows what really went on with the relatively recent Toyota recalls where something accelerator-related was replaced?

    The story I've heard is that the accelerator position sensor used some kind of rheostat (aka potentiometer) and that there was a loss of contact between slider and track (and hence loss of position info) from time to time. The "fix" was to make the "slider" push harder on the track of the potentiometer.

    What kind of idiot would be so idiotic as to ignore fifty years of reliable low cost medium resolution position-sensing history (Gray codes, optical sensors, etc)?

    Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?

    1. Neil Barnes Silver badge

      Re: "only an idiot would assume that the ... industry wouldn't think about "

      >> Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?

      Yes. They're called accountants.

  14. RykE

    When Gadgets Betray Us

    A good read on the topic is 'When Gadgets Betray us' by Robert Vamosi... truly informative and entertaining

    http://whengadgetsbetrayus.com/

This topic is closed for new posts.