Mechanic computers used to pwn cars in new model-agnostic attack Hacker Craig Smith has designed an attack whereby a car bearing malicious code could infect computers used in mechanics' workshops. The workshop computers emerge capable of infecting nearly any other vehicle that arrives for service. Smith's attack is a significant improvement on his proof-of-concept first brewed during 2015 …
Through Open Garages Smith has been warning car makers that they need to open up the software running vehicles to allow owners to modify their cars.
Errr, no. Car makers need to open up the firmware in order that it can be inspected for bugs that will be found out one way or another anyhow. I'm not so sure owners should be modifying control systems. I mean, what could possibly go wrong when downlit Nova Dwayne decides to supe up his control system with firmware he got of the internets, innit?
... as long as they can't go on the public roads until they have undergone and passed all the regulatory tests any "new" car model has to pass. Because script kiddies playing with daddy's car looks very dangerous to me... and while mechanical mods requires skills, tools, and money - firmware changes are far too easy and cheap.
Anyway, unapproved changes should of course void any warranty, as they can shorten the life of many mechanical components. Insurances also may want to know if the car has been modified, and act accordingly.
If you want to modify your car, you have to accept the responsibility that comes with it.
Somehow you just know this is going to be the tip of a very large iceberg of vulnerabilities that manufacturers do bugger all about resolving and sooner or later some serious car "accidents" will result at the hands of hackers, kids in basements or terrorists. It's one thing if your family computer "crashes" but an entirely different matter if your family car crashes.
I'm on the lookout for a new (second hand) car and I'd really like to buy one that doesn't have a computer running the show; but doubt such a car exists any more. I neither need nor want most of the high-tech wizardry and crap that comes with most modern cars.
You can protect your own car - at a cost. Fill up the diagnostic port with epoxy resin and the garages computers will not be able to connect to it. However this means that any faults too difficult for a mechanic to diagnose or fix without computer assistance will not be fixable. (And some cars need to be told that they have been serviced or they go into limp-home mode.)
Which way do you want your car to fail - hacked or unrepairable !!!
... faults too difficult for a mechanic to diagnose or fix without computer assistance will not be fixable.
That's all faults today. The whole work flow in a garage runs around the diagnostic tools. Ff the wheels fall off the car, the mechanic will simply not be able to diagnose and fix the faults without going through the diagnostics!
- because - pressure sensors!
"That's all faults today. The whole work flow in a garage runs around the diagnostic tools. Ff the wheels fall off the car, the mechanic will simply not be able to diagnose and fix the faults without going through the diagnostics!
- because - pressure sensors!"
I agree to that. I had an issue with a car and took it to the local dealers and told them what was wrong and how to fix it. They put a computer on it and decided that it needed new calipers all round. I told them no, it is a known issue with the B6 and it is computer related and not the calipers. In the end I had to pay 200 Euros for nothing.
I took the car home, disconnected the battery, shorted the cables and the computer rebooted. Problem gone innit.
Sooo, I would put it to you that a lot of these people are not mechanics but fitters and do not have a clue.
@Andy Non: You'd be looking for a pre-1995'sih car then. Good luck with that. You'd need two to have a spare.
In general, the tech on vehicles is actually obsoleting them pretty quick, MUCH faster than the mechanicals wear out. My father had a a few 1950's Studebaker trucks he sold recently. No computers in there, and they were surprisingly serviceable for vehicles in their 60's and relatively easy to get parts for since the Mfg hasn't existed in ~60 years. This is in contrast to my 2003 F150 truck which appears to have been prematurely EOL'd for parts by Ford in the mid 2000's. While its needed very little repairs (rat eating wiring harness and ethanol congealing in and burning up a fuel pump), had to go to a junkyard for the wiring harness only 4 years after buying the truck...
Cars need to be running signed code for any critical system. I know that will piss off the open source uber alles crowd who will think it is all an evil conspiracy to stop people from hacking their engine computers to improve performance or whatever. And yeah, I doubt carmakers (especially those who sell turbo models) will shed a tear about the modder community being sidelined. But it is simply too big of a risk to allow cars to run any old software, and allow that software to control their engine speed, braking and other life critical systems.
Nevermind this attack, simply targeting a virus at the computers used in service stations (by hacking the websites they download their updates from) could plant rogue software in many thousands of cars. Pick a day for maximum chaos (like 4th of July in the US) to cause the cars to run at wide open throttle once they exceed 60 mph and ignore the brakes and you'll kill plenty of people on the busy roads that day - bonus points for newer cars where you can also ignore the transmission (for automatics) and start/stop button for keyless models.
Social media would spread the panic, after you hear about a bunch of accidents and word gets out that the cars may have been hacked, suddenly everyone is afraid to drive wondering if their car is affected or if there is another stage to the attack. The whole country would be paralyzed, with many people effectively stranded hundreds of miles from home.
> I assume it would 'auto toggle' under a certain set of conditions
Not auto toggle. Auto toggle off. There is an important difference. There should be no way to activate writeable mode without physically moving a switch.
There are heaps of ways to auto switch off, from a simple timer to hooking it up to the ignition key removal to locking the doors to immediately doing it when whatever JSON or whatever writes the binary image then restarts the computer.
A toggle switch would only protect against drive-by firmware updates which I would hope are impossible already. It wouldn't protect against a dealership unwittingly distributing hacker created firmware.
Are you sure the firmware is currently signed? If it is, how do people reprogram their engine computers to use more turbo boost, remove the speed limiter (typically cars that are not sold with tires rated for the top speed the car is capable of are prevented from reaching their actual max speed) and so forth?
There's no need for independent verification of the signatures. The automaker has the private key and signs the updates, the cars all have the public key which does the checking. If code would fail an 'independent' check it would also fail to install on the car.
They'd probably want to provision multiple private and public keys. They use one and keep the others locked up tightly, and if the private key they're using ever leaks or they think it may have, they grab another one from the safe and use it to sign a new firmware update which revokes the compromised key.
> It wouldn't protect against a dealership unwittingly distributing hacker created firmware.
You're right if the dealer intended to flash the firmware, but if they were only intending on reading the reports from the computer to work out why whatever warning light was flashing then there would be no need to write anything.
There's a distinction between firmware and tune. Most systems will have one firmware and multiple tunes, basically they will use the same system on different models of vehicle and so the tune is selected for the vehicle. They generally modify the tune, rather than the firmware.
Both have signatures, but the signatures need to be capable of being updated, as the systems sometimes need updates, the firmware generally checks the signatures at runtime to check for memory corruption among other things.
How they get around this I do not know.
1. The software doesn't "compromise of" anything. It "comprises" things, and those things may well compromise something.
2. That website you link towards the end is https://www.iamthecavalry.org/. A "calvary" is something else entirely - https://en.wikipedia.org/wiki/Calvary.
If you can use an infected car to infect the Mechanic Computer, which then infects other cars... Would it be possible for a clever bit of malware then be able to pass itself on to the iGadgets and 'Droids that are plugged into modern cars' dashes?
And is it conceivable that this could be used as a vector to someone's work or home PC?
It's turning into a bad CSI plot out there IRL.
I might have an old and outdated phone, but it doesn't weigh >1500kg and isn't going to decide to head off at 20m/s without my input. When we're talking about this as an attack, it is about immediate, individual deaths and/or injuries.
PCs and phones are important, nay essential, for the modern world. But to remain alive to enjoy this world, you need to avoid having cars hit you.
Sure theoretically it could infect attached phones if an exploit for those phones was known, but so could an infected computer. Much easier to infect a computer with malware than a car, and a lot more phones are connected to computers than cars so it doesn't seem worth the bother to try to infect cars as a way station to infecting phones!
Smith is also a member of the I Am The Calvary group of hackers
Do they specialise in religious equipment?
:)
We just had an article about how TP-Link isn't going to allow modding routers because of the FCC. And there was a recent debacle with VW and emissions. I can already mod my car's firmware with a handheld programmer, adding 'performance' or 'economy' tuning to the ECU, or tweak parameters enough to kill my engine or transmission if I'm not careful. And there are totally customizable ECUs for people that add aftermarket toys like superchargers to their cars.
So only now people are clamoring for Open Source software on cars? On the one hand, it will give more transparency and customization. (which could be argued is already there in the enthusiast community) On the other, the last thing we need is the average moron that doesn't understand how a light switch works downloading unapproved "hacks" for their cars allowing terrible emissions, defeating safety features, etc. And no, we don't need the whole thing malfunctioning at 80MPH, wreaking havoc, because of a poorly-programmed mod. There needs to be a middle ground for sure, and signed code might be a good start.
....follwing traditional mainframe practices manufacturers sell one engine which can provide a wide range of performance options enabled by a simple "fix" but costing the customer a significant amount of money.
A simple "ramdom" function which flips the switch and sends out low performace cars with more "oomph" and high performance cars with boy but no racer would provide endless amusement and could be quite hard to track down.
Especially when the slowed car gets taken to a different garage to fix the problem.
Reminds me of the good old days when a dropped EDS (exchangeable disc, not the firm) could be progressively walked round the drives to try and diagnose the fault, damaging each drive in turn and any undamaged disc packs used to cross check results.
Have to agree. Separate systems that are unrelated probably should be air-gapped, or at least fire-walled properly. Definitely the Onstar type systems should have incredibly limited access to anything on the vehicle. Firewall things off like you do any other network these days. Air-gap the "radio" with Internet access built in for Pandora and such from anything else... For getting diags remotely, put a R/O Diags computer (aka a syslog server in effect) in the DMZ that communicates with the outside world and gets data PUSHED to it from disparate systems, but do not allow it to initiate communications into the internal car network.
BAN CANBUS in cars! :) Its time has come and gone. We need something with more than a slight hint of security in it nowadays.
Maybe the hack of the diagnostic computers will morf into the machines that do the emissions checks. It would be nice if you rolled up to a smog test, and it said "passed" just as you turn on the ignition. Please, please provide a proof of concept on this one, and I'll drive my vehicle around to several testing stations just to make sure it is working.
Not that vehicle makers haven't dome part of this already.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
