Coming Soon: Malware For Your Car
#1
Posted 24 June 2013 - 20:07
Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.
You can kill someone and leave no trace. It'll look like an accident.
Advertisement
#2
Posted 24 June 2013 - 20:22
Off Topic:
ty for using prism for reading my dirty talk on facebook btw. I wonder if i could make it in a magazine with dirty stories. Only NSA knows i guess.
Edited by MatsNorway, 24 June 2013 - 20:29.
#3
Posted 24 June 2013 - 20:40
Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.http://www.autosec.o...oakland2010.pdf
Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.
You can kill someone and leave no trace. It'll look like an accident.
When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.
#4
Posted 24 June 2013 - 20:57
#5
Posted 24 June 2013 - 21:22
#6
Posted 24 June 2013 - 22:10
#7
Posted 24 June 2013 - 22:50
#8
Posted 25 June 2013 - 00:24
Or take over the dot matrix signs on the motorways and post rude messages.
Happened recently here in NSW Downunder - thankfully, the messages posted were only humorous
#9
Posted 25 June 2013 - 01:56
When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't.
How are you going to know if it is connected to the Internet or not, short of Faraday cages?
These days the kit required to connect to a cellular network and thus the Internet is tiny, easily hidden, cheap and requires minimal power. It could be there the whole time, and you would probably never know.
Re: the 'cheap' part - Amazon's cellular-network-capable Kindles show that is certainly possible to arrive at a deal with cellular network operators to provide network access at very minimal cost, and without it being associated directly with the owner of the device. The car manufacturers could easily do what Amazon does, without telling anyone. And if the car manufacturers can access it, so can anyone wearing a black hat.
#10
Posted 25 June 2013 - 02:27
#11
Posted 01 July 2013 - 14:23
#12
Posted 04 July 2013 - 06:23
oh my god, car chase would be so boring from now if police have special hacking devices
so as an example of something that police could use in a car chase, or on your parked car,
HopeRF RFM12B-S2 433Mhz radio by indigoid, on Flickr
Cheap as chips, alleged range of up to a few hundred metres - ok, pretty short really, but given the tiny size... and hiding a one-ended wire (antenna) in a car shouldn't be difficult
I bought a bunch of these to use in a wireless sensor network. Pretty neat little gadgets
#13
Posted 19 July 2013 - 03:01
link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently
can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?
#14
Posted 19 July 2013 - 04:26
#15
Posted 19 July 2013 - 05:37
#16
Posted 19 July 2013 - 15:49
I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.
#17
Posted 19 July 2013 - 16:25
I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.
That's a very good question.
#18
Posted 19 July 2013 - 20:08
Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.http://www.huffingto..._n_3492339.html
link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently
can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?
Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.
#19
Posted 19 July 2013 - 23:00
Advertisement
#20
Posted 20 July 2013 - 00:55
The question wasn't "was he killed" but "is that possible". All tinfoil aside, it's been clearly demonstrated by a handful of car/computer nerds that the answer is clearly yes. In a drive-by-wire / electronic throttle with stability control platform, the canbus would give you tremendous control over the vehicle's speed and large inputs into it's direction. I'm not sure you could override a driver's braking input, but as we've discussed here numerous times, a functional brake pedal is no deterrent to destroying ones brakes and ending up a fireball on the side of the highway somewhere.Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.
Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.
#21
Posted 20 July 2013 - 14:42
The crash was at 4.30am. That tells you what you need to know.If you see the accident scene, you will momentarily question whether you're turning into a conspiracy theorist. Dude went out Hollywood style.
#22
Posted 20 July 2013 - 14:56
But seriously, fireball and everything.
#23
Posted 20 July 2013 - 17:30
#24
Posted 20 July 2013 - 20:57
Just out of interest, are there any sort of statistics for how often a crashed car catches fire? It is AFAIK a fairly rare occurrence. In the real world that is - if you believe Hollywood, you will know that driving a black Mercedes over a cliff edge will immediately cause it to explode, even before it hits anything.No witnesses
But seriously, fireball and everything.
#25
Posted 20 July 2013 - 21:20
But.
A+ for effort, whatever the cause.
http://cdn01.dailyca...stingscrash.jpg
http://s11.postimg.o...tings_Crash.jpg
#26
Posted 20 July 2013 - 23:12
Edited by saudoso, 20 July 2013 - 23:13.
#27
Posted 21 July 2013 - 03:43
#28
Posted 21 July 2013 - 23:34
ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).
#29
Posted 22 July 2013 - 03:56
Nav needs to talk to vehicle speed and SWA and Ay so it can use dead reckoning when it loses the GPS signal (car parks, tunnels) and for lane detection. ESC needs those channels as well.
ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).
I thought it would be a more pedestrian reason, so that DVD playback could be disabled when the car moves off from a stop.
#30
Posted 26 July 2013 - 10:10
"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."
So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.
#31
Posted 26 July 2013 - 11:07
#32
Posted 26 July 2013 - 16:07
"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."
So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.
In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.
Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.
#33
Posted 26 July 2013 - 20:40
In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.
Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.
FWIW Bluetooth 4.0 has a range of up to 100 metres.
#35
Posted 27 July 2013 - 14:17
Not hacked at all? Toyota refered to it as an aggressive hack. You missed the point absolutely and entirely. The initial talk linked above shows how the canbus systems can be penetrated remotely, and activate responses not requested by the driver. They said quite clearly that their focus was in determining if and how one could breachthe system, not what could be done once in there. The only thing they claimed to have done was apply the brakes.
"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."
So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.
This second DARPA-funded team went to work determining not how to get on the system - that's already done - but what could be done once the canbus is penetrated. So what can they do? Apply throttle, apply brakes, disable power steering, disable brakes, hijack the steering entirely through the auto-parking feature, mess with the speedo, the GPS and god knows what else.
That the second team did it wired to a diag port means only that they didn't focus on wireless penetration - that's already been proven.
http://www.forbes.co...he-wheel-video/
Edited by Canuck, 27 July 2013 - 14:23.
#36
Posted 27 July 2013 - 18:16
There's a point?? I thought this was the black helicopters/Roswell/Area 51/9-11/Mafia killed JFK thread. You mean you people are serious about this? Jeez. things are worse than I thought.You missed the point absolutely and entirely.
Watch my lips (or fingers). T-H-I-S I-S A N-O-N-S-T-O-R-Y. Al Quaeda or the NSA isn't going to take over your cars I-Pod and make you listen to Jay-Z tracks, or turn off your aircon even when it is over 35 degrees.
#37
Posted 27 July 2013 - 19:27
Is your complete denial of the landscape of possibilities afforded by insecure computers wherever they may be located due to old-age clouding your ability to see the potential, your fear of what might happen if you accept the new reality as reality or just plain stubbornness because you didn't see it first? The potential available is almost limitless, especially if you remove rational reason for why one might exploit these opportunities. Ever heard the term script kiddies? People don't need a reason other than to see an effect. How amusing to kill the S-Class in the middle of an intersection at rush hour, maybe honk the horn, lock the doors, start and stop lurching along. Look - the fat rich guy is my puppet!
I trust you're not in charge of security anywhere.
#38
Posted 27 July 2013 - 22:56
Kinda sorta related
http://www.guardian....ling-codes-cars
Censorship to protect car companies who should have been more careful is pathetic, shortsighted and irresponsible. I hope it gets "accidentally" leaked.
This decision certainly isn't protecting the general populace. The folks with serious black hats on either already know the secrets or will know soon anyway, regardless of the court's whimsy.
Advertisement
#40
Posted 12 August 2013 - 13:04
#41
Posted 12 August 2013 - 17:55
Yet another of these 'Oh gosh, really??' studies demonstrating, at doubtless great expense to someone, things that we already knew. Of course you can corrupt GPS signals. It doesn't need the U. of Texas to tell us that. But distorting GPS signals is hardly the same as gaining control of a vehicle and over-riding the driver/helmsman. It certainly isn't hacking into the control systems, so once again this is irrelevant to this issue.Ha - demonstrated previously on a UAV. That's not a concern either, I mean who would bother hacking a UAV? Or a billionaire's yacht?
Yes, you could fool my satnav this way, but if you think I am therefore going to drive into a wall or over a cliff, think again (although it would work for some idiots who prove it daily by driving into rivers, onto railways and up dead-ends because they believe 100% in their satnavs.) You could do the same with analogue methods by turning road signs round!
Edited by BRG, 12 August 2013 - 17:56.
#42
Posted 12 August 2013 - 19:00
Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.
When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.
Your car may be connected to Bluetooth already. Remote sensing of tyre pressures is done by wireless technology, so if you can hack the link between wi-fi valve caps and the car's CPU you can effectively control it remotely; not very remote, but remote enough to be invisible, say in a following car. No cars have very robust anti-virus or anti-malware protection if they have any at all. This is not pie-in-the-sky, universities have demonstrated it.
#43
Posted 13 August 2013 - 17:27
You were sounding quite convincing until this part.This is not pie-in-the-sky, universities have demonstrated it.
#44
Posted 13 August 2013 - 20:51
It will happen over and over again. People start adding wireless capacity to devices and can never forsee what the devious minds can come with.
CDMA anyone?
#45
Posted 13 August 2013 - 21:30
You were sounding quite convincing until this part.
You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work. As more and more equipment uses wireless technology; cardiac pacemakers, central heating, the CPUs of cars and even your fridge/freezer, more and more gadgets are open to hacking. If your car has Bluetooth built in, it is a gateway to your car's central processing unit and is unprotected.
#46
Posted 14 August 2013 - 20:21
But none of them have actually demonstrated it. So far we have a wild theory. Someone has plugged a laptop into the diagnostics and affected various things. Duh, that's what diagnostics ports are there for. Someone else has distorted GPS signals. Duh, the UK did that to Luftwaffe navigation beams in WW2. No one has proved that they can externally control or influence the controls of a car remotely by Bluetooth/wi-fi/internet or whatever. So until someone does, I call BS on this whole conspiracy theory.You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work.
The world is a dangerous place. If I wanted to do harm to you via your car, two minutes with a pair of side-cutters on your brake lines would do the trick a lot more certainly than some airy fairy attempt to take remote control using your i-phone.
#47
Posted 15 August 2013 - 01:53
And what conspiracy theory? Nobody, even in my tinfoil hat is calling conspiracy. These demonstrations show clear opportunity that jacking a car's control system is completely feasible. That's it. If it's feasible, I believe there are active research programs by government funded agencies. Like DARPA. Who funded the 2nd demo's research.
#48
Posted 15 August 2013 - 01:56
#49
Posted 15 August 2013 - 09:53
You FINALLY got there...anyone worried is clearly paranoid.
I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."
So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.
Now I will leave you guys to compare tinfoil hats.
Edited by BRG, 15 August 2013 - 11:16.
#50
Posted 15 August 2013 - 13:12