64 replies to this topic

[desmo]

http://www.autosec.o...oakland2010.pdf

Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.

You can kill someone and leave no trace. It'll look like an accident.

[MatsNorway]

CIA and NSAs dream.

Off Topic:
ty for using prism for reading my dirty talk on facebook btw. I wonder if i could make it in a magazine with dirty stories. Only NSA knows i guess.

Edited by MatsNorway, 24 June 2013 - 20:29.

[BRG]

http://www.autosec.o...oakland2010.pdf

Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.

You can kill someone and leave no trace. It'll look like an accident.

Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.

[desmo]

I understand, won't happen to me, what's the big deal? Right? But a car doesn't need internet connectivity to be affected. Also, my home computer does not control a couple of self powered ton of steel, glass and rubber capable of exceeding 100 mph. With me inside.

[desmo]

For those whom a technical paper is perhaps a little dry, here is a good video of a talk that covers much of the same ground. There are more attack surfaces and potential malware injection vectors on an average car than you might expect.

[CSquared]

This is news?

[desmo]

That a car can be externally totally controlled via malware introduced via an mp3 song on satellite radio or bluetooth at distance? Was to me. I mean knowing it's theoretically possible is one thing; knowing it's been tried and it works is another.

[275 GTB-4]

Or take over the dot matrix signs on the motorways and post rude messages.

Happened recently here in NSW Downunder - thankfully, the messages posted were only humorous

[indigoid]

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't.

How are you going to know if it is connected to the Internet or not, short of Faraday cages?

These days the kit required to connect to a cellular network and thus the Internet is tiny, easily hidden, cheap and requires minimal power. It could be there the whole time, and you would probably never know.

Re: the 'cheap' part - Amazon's cellular-network-capable Kindles show that is certainly possible to arrive at a deal with cellular network operators to provide network access at very minimal cost, and without it being associated directly with the owner of the device. The car manufacturers could easily do what Amazon does, without telling anyone. And if the car manufacturers can access it, so can anyone wearing a black hat.

[Canuck]

I'm with you Desmo - I'm astounded. I suppose not altogether surprised given a) the level of micro controller use in vehicles and b) our lack of thought in general about the security of those micros in that application. I found the stealth aspect remarkable - forced Bluetooth pairing that didn't show up in the paired devices list and couldn't be un-paired in the normal fashion - completely unknown to the vehicle's owner, that then allowed them complete access to the canbus and the ability to control anything controlled on the bus. Amazing and terrifying at the same time.

[Powersteer]

oh my god, car chase would be so boring from now if police have special hacking devices

[indigoid]

oh my god, car chase would be so boring from now if police have special hacking devices

so as an example of something that police could use in a car chase, or on your parked car,


HopeRF RFM12B-S2 433Mhz radio by indigoid, on Flickr

Cheap as chips, alleged range of up to a few hundred metres - ok, pretty short really, but given the tiny size... and hiding a one-ended wire (antenna) in a car shouldn't be difficult

I bought a bunch of these to use in a wireless sensor network. Pretty neat little gadgets

[ray b]

http://www.huffingto..._n_3492339.html

link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently

can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?

[Greg Locock]

I think there have been proof of concept demonstrations, whether actual or theoretical I am not sure.

[desmo]

See linked articles in my opening post. It appears to be completely feasible--and not even terribly challenging-- to murder someone almost untraceably using malware infection of modern cars. In light of recent disclosures it seems quite possible the NSA backdoor may in fact already be baked into the cars' software. One has to wonder what, if indeed any, protections are in place in the cars used by high level politicians, surveillance state bigwigs, military brass, oligarchs and other Very Serious People. If I suspected someone with deep resources might be out to get me I sure as heck wouldn't be driving a late model car today, you are a sitting duck in one.

[Canuck]

I don't think they need a back door necessarily. If a couple of hackers with limited time and resources can pull it off, a dedicated team of VSP (very smart people) with government backing could likely, very quickly, find exploits for a large number of vehicles - especially considering the nature of cross-platform component usage. Likely targets for exploits would be NAV units like On-Star that are almost invariably firmware-identical across large numbers of vehicles.

I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.

[saudoso]

I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.

That's a very good question.

[BRG]

http://www.huffingto..._n_3492339.html

link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently

can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?

Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.

Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.

[Ross Stonefeld]

If you see the accident scene, you will momentarily question whether you're turning into a conspiracy theorist. Dude went out Hollywood style.

[Canuck]

Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.

Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.

The question wasn't "was he killed" but "is that possible". All tinfoil aside, it's been clearly demonstrated by a handful of car/computer nerds that the answer is clearly yes. In a drive-by-wire / electronic throttle with stability control platform, the canbus would give you tremendous control over the vehicle's speed and large inputs into it's direction. I'm not sure you could override a driver's braking input, but as we've discussed here numerous times, a functional brake pedal is no deterrent to destroying ones brakes and ending up a fireball on the side of the highway somewhere.

[BRG]

If you see the accident scene, you will momentarily question whether you're turning into a conspiracy theorist. Dude went out Hollywood style.

The crash was at 4.30am. That tells you what you need to know.

[Ross Stonefeld]

No witnesses

But seriously, fireball and everything.

[MatsNorway]

Would not surprise me one bit. I heard about that journalist and then saw the thread here. Had a slight giggle of it.

[BRG]

No witnesses

But seriously, fireball and everything.

Just out of interest, are there any sort of statistics for how often a crashed car catches fire? It is AFAIK a fairly rare occurrence. In the real world that is - if you believe Hollywood, you will know that driving a black Mercedes over a cliff edge will immediately cause it to explode, even before it hits anything.

[Ross Stonefeld]

Granted I don't see many road accident results, and maybe this is within the extremes given the speeds involved and that they aren't carbon monocoques or anything.

But.

A+ for effort, whatever the cause.

http://cdn01.dailyca...stingscrash.jpg

http://s11.postimg.o...tings_Crash.jpg

[saudoso]

I see a lot of embraced light posts and trees around here, some pretty serious sh!t. Never saw anything in flames like that.

Edited by saudoso, 20 July 2013 - 23:13.

[desmo]

I was walking my dog about 100 meters my house and heard this screaming engine noise like 10,000 rpm then a big thud. A Ferrari had stuffed it into a stone wall at probably 100+ mph and it already was a ball of flame when I arrived on the scene. The passenger apparently survived the burns if only just, I never thought anyone could emerge from that conflagration alive. Pretty horrible looking at a car you can see has two people in it being burned alive.

[Greg Locock]

Nav needs to talk to vehicle speed and SWA and Ay so it can use dead reckoning when it loses the GPS signal (car parks, tunnels) and for lane detection. ESC needs those channels as well.

ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).

[pugfan]

Nav needs to talk to vehicle speed and SWA and Ay so it can use dead reckoning when it loses the GPS signal (car parks, tunnels) and for lane detection. ESC needs those channels as well.

ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).

I thought it would be a more pedestrian reason, so that DVD playback could be disabled when the car moves off from a stop.

[BRG]

http://www.bbc.co.uk...nology-23443215

"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."

So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.

[Ross Stonefeld]

Thanks. You just spoiled the opening scene of the next James Bond.

[saudoso]

"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."

So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.

In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.

Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.

[Fondles]

In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.

Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.

FWIW Bluetooth 4.0 has a range of up to 100 metres.

[Ross Stonefeld]

Kinda sorta related

http://www.guardian....ling-codes-cars

[Canuck]

"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."

So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.

Not hacked at all? Toyota refered to it as an aggressive hack. You missed the point absolutely and entirely. The initial talk linked above shows how the canbus systems can be penetrated remotely, and activate responses not requested by the driver. They said quite clearly that their focus was in determining if and how one could breachthe system, not what could be done once in there. The only thing they claimed to have done was apply the brakes.

This second DARPA-funded team went to work determining not how to get on the system - that's already done - but what could be done once the canbus is penetrated. So what can they do? Apply throttle, apply brakes, disable power steering, disable brakes, hijack the steering entirely through the auto-parking feature, mess with the speedo, the GPS and god knows what else.

That the second team did it wired to a diag port means only that they didn't focus on wireless penetration - that's already been proven.
http://www.forbes.co...he-wheel-video/

Edited by Canuck, 27 July 2013 - 14:23.

[BRG]

You missed the point absolutely and entirely.

There's a point?? I thought this was the black helicopters/Roswell/Area 51/9-11/Mafia killed JFK thread. You mean you people are serious about this? Jeez. things are worse than I thought.

Watch my lips (or fingers). T-H-I-S I-S A N-O-N-S-T-O-R-Y. Al Quaeda or the NSA isn't going to take over your cars I-Pod and make you listen to Jay-Z tracks, or turn off your aircon even when it is over 35 degrees.

[Canuck]

Yes - because these are the only people attacking your home PC. I mean, why would anyone write a virus to attack your PC? That's stupid. It would never happen. Only tinfoil hat lunatics could imagine complete strangers writing malicious code for no reason other than to see what happens. Certainly there's no possible means to monetize these bugs because the PC virus people sure haven't.

Is your complete denial of the landscape of possibilities afforded by insecure computers wherever they may be located due to old-age clouding your ability to see the potential, your fear of what might happen if you accept the new reality as reality or just plain stubbornness because you didn't see it first? The potential available is almost limitless, especially if you remove rational reason for why one might exploit these opportunities. Ever heard the term script kiddies? People don't need a reason other than to see an effect. How amusing to kill the S-Class in the middle of an intersection at rush hour, maybe honk the horn, lock the doors, start and stop lurching along. Look - the fat rich guy is my puppet!

I trust you're not in charge of security anywhere.

[indigoid]

Kinda sorta related

http://www.guardian....ling-codes-cars

Censorship to protect car companies who should have been more careful is pathetic, shortsighted and irresponsible. I hope it gets "accidentally" leaked.

This decision certainly isn't protecting the general populace. The folks with serious black hats on either already know the secrets or will know soon anyway, regardless of the court's whimsy.

[Tony Matthews]

http://www.gizmag.co...07e010-89800598

[Canuck]

Ha - demonstrated previously on a UAV. That's not a concern either, I mean who would bother hacking a UAV? Or a billionaire's yacht?

[BRG]

Ha - demonstrated previously on a UAV. That's not a concern either, I mean who would bother hacking a UAV? Or a billionaire's yacht?

Yet another of these 'Oh gosh, really??' studies demonstrating, at doubtless great expense to someone, things that we already knew. Of course you can corrupt GPS signals. It doesn't need the U. of Texas to tell us that. But distorting GPS signals is hardly the same as gaining control of a vehicle and over-riding the driver/helmsman. It certainly isn't hacking into the control systems, so once again this is irrelevant to this issue.

Yes, you could fool my satnav this way, but if you think I am therefore going to drive into a wall or over a cliff, think again (although it would work for some idiots who prove it daily by driving into rivers, onto railways and up dead-ends because they believe 100% in their satnavs.) You could do the same with analogue methods by turning road signs round!

Edited by BRG, 12 August 2013 - 17:56.

[Bloggsworth]

Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.

Your car may be connected to Bluetooth already. Remote sensing of tyre pressures is done by wireless technology, so if you can hack the link between wi-fi valve caps and the car's CPU you can effectively control it remotely; not very remote, but remote enough to be invisible, say in a following car. No cars have very robust anti-virus or anti-malware protection if they have any at all. This is not pie-in-the-sky, universities have demonstrated it.

[BRG]

This is not pie-in-the-sky, universities have demonstrated it.

You were sounding quite convincing until this part.

[saudoso]

The other day there where news of one of those fancy japanese toilets being subject to hacking. Things like flusing or running the wash jets remotelly.

It will happen over and over again. People start adding wireless capacity to devices and can never forsee what the devious minds can come with.

CDMA anyone?

[Bloggsworth]

You were sounding quite convincing until this part.

You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work. As more and more equipment uses wireless technology; cardiac pacemakers, central heating, the CPUs of cars and even your fridge/freezer, more and more gadgets are open to hacking. If your car has Bluetooth built in, it is a gateway to your car's central processing unit and is unprotected.

[BRG]

You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work.

But none of them have actually demonstrated it. So far we have a wild theory. Someone has plugged a laptop into the diagnostics and affected various things. Duh, that's what diagnostics ports are there for. Someone else has distorted GPS signals. Duh, the UK did that to Luftwaffe navigation beams in WW2. No one has proved that they can externally control or influence the controls of a car remotely by Bluetooth/wi-fi/internet or whatever. So until someone does, I call BS on this whole conspiracy theory.

The world is a dangerous place. If I wanted to do harm to you via your car, two minutes with a pair of side-cutters on your brake lines would do the trick a lot more certainly than some airy fairy attempt to take remote control using your i-phone.

[Canuck]

Jesus...you really did fail to follow the first link didn't you? Remotely hacking the car via Bluetooth is exactly what they did. With an Android phone.

And what conspiracy theory? Nobody, even in my tinfoil hat is calling conspiracy. These demonstrations show clear opportunity that jacking a car's control system is completely feasible. That's it. If it's feasible, I believe there are active research programs by government funded agencies. Like DARPA. Who funded the 2nd demo's research.

[Canuck]

Heh. group A showed that they could break down the vault door and group b showed they could open the safety deposit boxes, but group a and b haven't shown it together so the contents of the safety deposit boxes are safe and anyone worried is clearly paranoid.

[BRG]

anyone worried is clearly paranoid.

You FINALLY got there...

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.

Edited by BRG, 15 August 2013 - 11:16.

[desmo]

Read this pollyanna: http://www.autosec.o...enixsec2011.pdf Unless you really are bound and determined to keep your head buried in the sand or despise being proven wrong in which case, then don't. I probably should have linked to this paper first.