Coming Soon: Malware For Your Car

The world is a dangerous place. If I wanted to do harm to you via your car, two minutes with a pair of side-cutters on your brake lines would do the trick a lot more certainly than some airy fairy attempt to take remote control using your i-phone.

Contrary to the wild imaginings of Hollywood, television producers and crime writers, no driver would fail to discover cut brakes long before their lack became life threatening (Unless of course you start your journey steeply downhill and you don't press the brake pedal at any time before you start off on your journey to infinity and beyond).

You FINALLY got there...

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.

And banks say that Chip & Pin is 100% secure... Today a laptop, tomorrow ? What needed a desktop 10 years ago can now be done on a mobile phone.

You FINALLY got there...

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.

Ah...yes - it is I that didn't read the first paper, thinking that the video Desmo linked to was from that paper. In that video they discuss forced bluetooth pairing to the entertainment system that left no history in the paired devices control and provided no means to remove. From that forced connection, they were able to access the CAN network and execute control commands. Perhaps you read the paper and didn't watch the video. The first video posted is the group A - remote CAN access via existing vehicle infrastructures such as bluetooth and sat radio.

Everything required for a surreptitious jacking of a vehicle's control system is there.

I probably should have linked to this paper first.

Ah, the familiar sound of people moving goalposts.

I'm less concerned--unconcerned really--with playing games and keeping score about who is the cleverer at polemics and more so with getting the facts correct by whatever means are necessary. The facts here are both unambiguous and irrefutable. You can worry about goalposts etc. as pleases you.

The research seems a bit flawed to me in regards to their methods for gaining access using Bluetooth and the telematics system. For the telematics system they say the telephone number is easy to ascertain with caller ID, which is fair enough, but why would the system be calling the hackers in the first place?
For the bluetooth method they had to forcefully break the PIN, but they admit that the PIN is renewed when the car is turned off and the average time to force the PIN is 10 hours so in reality forcefully breaking a PIN isn't as feasible as they make it seem, although still possible.

One method of gaining entry to corporate IT systems is to "accidentally drop" an attractive, infected USB stick in the parking lot with the idea that someone curious will pick it up and pop it into their company machine where it quietly goes to work. Using that same concept, one could drop a prepared cd or DVD with appropriate "attractive" labelling. They claimed that a normal-sounding audio file could hide a hack via the entertainment unit. Maybe the hack is just to make pairing the Bluetooth an at-will matter or it triggers the telematics to call the hackers, thus revealing the ID.

Some folks will do it simply because it's a challenge, like many other current hacks. I would imagine far more likely that the authorities will, with a non-disclosable, undiscussable order, use the telematics as they exist to listen to conversations of persons of interest while mapping the vehicle's every move.

Why is everyone ignoring the fact that wireless OBDII interfaces cost $20.00? No need to invent anything, just break in and plu the little bug there. No one will notice it under the dashboard.

Anyone who believes this is foil cap country should be asking themselves why Ford are introducing firewalls and why McAfee are writing anti-virus software for car systems? Try reading the article in today's Sunday Times, plenty of info there. If Richard Clarke, a former US government national security co-ordinator, expressed the view that the death of Michael Hastings had the hallmarks of a "car cyber-attack; and Professor Yoshi Khono of the University of Washington found that they could hack a cars computer system using a doctored music CD, and by using Bluetooth to access a car's entertainment system, and playing an audio file song down the phone line who are we to gainsay them. Before you think that unlikely, in a car in which the volume of the radio is controlled by the car's ECU, so that it plays louder as the car speeds up, there is a software connection between the audio system and the ECU which can be hacked...

Edited by Bloggsworth, 18 August 2013 - 11:54.

Why is everyone ignoring the fact that wireless OBDII interfaces cost $20.00? No need to invent anything, just break in and plu the little bug there. No one will notice it under the dashboard.

The OBD ports I am familiar with are fairly prominently mounted in the engine bay. I am not sure how big these wireless interfaces are, or how they could be hidden or disguised, but the first time the mechanic went looking for the port to plug in his gizmo ...

The OBD ports I am familiar with are fairly prominently mounted in the engine bay. I am not sure how big these wireless interfaces are, or how they could be hidden or disguised, but the first time the mechanic went looking for the port to plug in his gizmo ...

It could be hidden quite easily they are not much bigger than the plug. If you made a piggy back setup you could even leave a stock looking plug in the right spot for the technician to plug into.
I would guess that you could fit it in about 20 seconds.

This is what you buy for 20 bucks.



I'll not pretend to know OBDii at all but I can tell from first hand experience that this is read/write: I managed to switch off warning lights with ut.

Edited by saudoso, 19 August 2013 - 10:57.

oh my god, car chase would be so boring from now if police have special hacking devices

 

Especially when the bad guys arced up their countermeasure's and disabled all the following cop cars

so how old a car  is safe from both control and recording [speed+brake data] in a USA model

 

I like the air bags and ABS but not the recording some car do

and the wife will not like too old cars like my volvo 122

 

or does it vary by model refresh and not by year ?

How true it is I do not know. A computer nerd I know reckons that on many models he can hack the the cars main computer and either stop the engine or basically make the engine full rich or no ignition advance. Either of which halves the power. This is by remote control from a moderate distance.
Anyone remotely smart can do that with a lap top.