It’s 2017 and Hayes AT modem commands can hack luxury cars

Re: The one domain where IoT shit cannot linger long

A lot of the problem here, I think, is re-using chipsets intended for cheap, disposable things in a vehicle, where the expected life can exceed 20 years instead of 2. But there isn't a great solution -- it's not really practical for every carmaker to develop their own cellular chipset in-house, and if they tried it would quite likely be worse than what the baseband chipset manufacturers already have.

Re: Missing words

In the Uk they are done through the DVLA to the registered owner - ie the Takata airbag recall got my 2008 car recalled late last year. But even with that central register its a still problem, and even more so in the IoT world where things never get patches even from large well known manufacturers

More Like AT+WTF???

Re: The Hayes modem command set.

From what I can tell from some SonyEricsson developer guides the AT command set is also used between phones and Bluetooth devices to set up indicator updates (charge, signal strength, etc.) even pop-up a notice on your phone when a device's battery is going flat, among other things like currently playing media file information.

I have also read documentation on SMS sending devices which use AT commands, hell even 802.11 "wifi" modems communicate with the host computer via AT commands and the chips are being used to make wireless interfaces for old computers like the Commodore 64. Have to wonder if these would be susceptible to the old "+++ATH0" trick we used to knock people off-line in the old dial-up days*: imagine including a reference to http://theregister.com/+++ath0.jpg in a web page.

Considering that my old SE phone works with the latest 2017 in-car media computers, none of this surprises me but is rather interesting. Makes me wonder if there are any other devices which use the AT command set which may be vulnerable to buffer mishandling of commands or results (AIO and fax machines, in-car computers over Bluetooth, computer fax modems, regular old modems, alarm systems or critical monitoring systems with cellular modems, and so on.)

* that is, against modems which did not implement the Hayes standard escape wait time before entering command mode.

Re: Old Vunerabilty

Probably because it took that long for someone to realize the same cellular chip used in the 3G/3GS was also used in some cars.

Re: "In IT terms a 2009 product is close to end-of-life" - Does not compute!

"Love to know the rationale for this statement; having worked on IT 'products' with an intended operational life measured in decades..."

Try sticking Windows 7 on this year's Ultrabooks and let us know how you get on. You've worked on products with a intended operational life measured in decades - but most businesses now work with hardware with an intended operational life measured in single-digit numbers of years.. The key word in each case is "intended."

Re: "In IT terms a 2009 product is close to end-of-life" - Does not compute!

In IT EOL is used to indicate it is no longer supported, practical to use or generally available.

"My 1980's Hayes modem (RS232C DB25 connection) probably has many more years of life in it, but I'm pushed to find uses for it"

Hence it is regarded as EOL. You can't update it, you need special adapters to connect to it, the drivers may no longer be available for it. Doesn't mean it is physically broken or impossible to use.

Forced upgrades or replacements to perfectly good hardware or software due to it being declared EOL is a regular occurrence for anyone working in IT.

Re: EOL

Could be, but I suspect it's more likely they don't want to have to go through the bother of testing each new build against hardware that's not been in production for at least a decade, and hasn't been supported by new Windows releases for even longer. Not to mention having to turn off later optimizations at compile time, or compromise performance on current systems. You have to have a cutoff somewhere, and often stuff out on the skinny tail of the bell curve just isn't worth the effort.

Re: EOL @Mike 16

I'm currently running Ubuntu on laptops from before 2009, and they still work just fine.

The only real problem I'm having is that most videos from places like YouTube tax the processor a bit, but avoiding video, things work OK.

There is a lowest-spec that us usable, and I would say that 2GHz processor, 2GB memory and some graphics assist is currently where it is at the moment for x86 processors, especially if you run Linux. I actually have a desktop with a 2.13GHz Pentium Dual Core (the last Pentium before the Core processors came along), with 2GB of memory and a Nvidia GeForce 720 on-board graphics which is perfectly usable running Windows 7.

Strangely, ARM devices appear to be able to work just as well or better at much slower clock speeds!

Re: EOL

Which suppliers are dropping support for 486 chips?

Microsoft dropped support for them with Windows 2000 and ME

Apple never supported them, they were using PowerPC chips back then

Re: I missed something

That is left to the imagination of the reader or anyone with the motivation to try it.

Re: Physical access

I suppose one thing would be the next take-down of half the Internet could be done by cars instead of IP cameras.

But, imagine if you will, suddenly making a bunch of cars of a particular model shut down at the same time, or they activate the braking system all at once on various Interstates. Obviously that all depends upon what additional systems can be accessed, but if car designers take the TJX or Target approach that nothing bad can happen inside a protected network, well, there are all sorts of shenanigans which can ensue.

While the espionage angle of killing a journalist of political staffer without traces of foul play may sound outlandish, maybe taking that a little further in realizing in its most useful mode car is a ton and a-half missile. And I am not talking about the back seat on a hill top. Since we are becoming more and more dependent upon technologies like lane keeping, blind-spot monitoring, object avoidance and, eventually, self-driving, the uses for taking over a system using the defects in a modem are pretty evident.

For that matter, I wonder what happens if we start sending malformed GPS signals to cars with built-in navigation. Even the car I am driving right now (not while typing this, mind you) without navigation can use the built-in GPS to set the clock, and when paired with my phone it can place an emergency call including my GPS coordinates in the event of an incapacitating accident. So, what about mishandling malformed GPS input when the unit is receiving an updated almanac?

Anyway, that is just thinking about another vector into a potentially unprotected system, but gaining access to a car's systems, even "non-critical" ones like oil pressure or temperature sensing, speed indication, hood release, and so on could cause a great deal of mischief.

Re: The car companies are criminal

>My BMW was stolen a few nights ago - less than 30 seconds to unlock and 4-5 seconds from the guys arse hitting the drivers seat to the engine starting.

Sometimes the old methods are the best methods...

Years back most cars didn't have an alarm fitted and could be unlocked in a matter of seconds, so if you wanted your car to be where you left it, you fitted a Krooklok or Stoplock...

Not saying the car companies don't carry some blame (for just how insecure keyless cars are), just that sometimes you do have to exercise some responsibility and take matters into your own hands...