Jump to content


Photo
- - - - -

Coming Soon: Malware For Your Car


  • Please log in to reply
65 replies to this topic

#1 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 24 June 2013 - 20:07

http://www.autosec.o...oakland2010.pdf

Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.

You can kill someone and leave no trace. It'll look like an accident.

Advertisement

#2 MatsNorway

MatsNorway
  • Member

  • 2,057 posts
  • Joined: December 09

Posted 24 June 2013 - 20:22

CIA and NSAs dream.

Off Topic:
ty for using prism for reading my dirty talk on facebook btw. I wonder if i could make it in a magazine with dirty stories. Only NSA knows i guess.

Edited by MatsNorway, 24 June 2013 - 20:29.


#3 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 24 June 2013 - 20:40

http://www.autosec.o...oakland2010.pdf

Read this. It is now more than possible, as in not even terribly difficult it seems, to inject malware into essentially any modern car and take control of the vehicle completely out of the driver's hands while it's rolling. Think about that.

You can kill someone and leave no trace. It'll look like an accident.

Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.

#4 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 24 June 2013 - 20:57

I understand, won't happen to me, what's the big deal? Right? But a car doesn't need internet connectivity to be affected. Also, my home computer does not control a couple of self powered ton of steel, glass and rubber capable of exceeding 100 mph. With me inside.

#5 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 24 June 2013 - 21:22

For those whom a technical paper is perhaps a little dry, here is a good video of a talk that covers much of the same ground. There are more attack surfaces and potential malware injection vectors on an average car than you might expect.



#6 CSquared

CSquared
  • Member

  • 621 posts
  • Joined: December 09

Posted 24 June 2013 - 22:10

This is news?

#7 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 24 June 2013 - 22:50

That a car can be externally totally controlled via malware introduced via an mp3 song on satellite radio or bluetooth at distance? Was to me. I mean knowing it's theoretically possible is one thing; knowing it's been tried and it works is another.

#8 275 GTB-4

275 GTB-4
  • Member

  • 6,931 posts
  • Joined: February 03

Posted 25 June 2013 - 00:24

Or take over the dot matrix signs on the motorways and post rude messages.


Happened recently here in NSW Downunder - thankfully, the messages posted were only humorous :wave:

#9 indigoid

indigoid
  • Member

  • 382 posts
  • Joined: March 04

Posted 25 June 2013 - 01:56

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't.


How are you going to know if it is connected to the Internet or not, short of Faraday cages?

These days the kit required to connect to a cellular network and thus the Internet is tiny, easily hidden, cheap and requires minimal power. It could be there the whole time, and you would probably never know.

Re: the 'cheap' part - Amazon's cellular-network-capable Kindles show that is certainly possible to arrive at a deal with cellular network operators to provide network access at very minimal cost, and without it being associated directly with the owner of the device. The car manufacturers could easily do what Amazon does, without telling anyone. And if the car manufacturers can access it, so can anyone wearing a black hat.

#10 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 25 June 2013 - 02:27

I'm with you Desmo - I'm astounded. I suppose not altogether surprised given a) the level of micro controller use in vehicles and b) our lack of thought in general about the security of those micros in that application. I found the stealth aspect remarkable - forced Bluetooth pairing that didn't show up in the paired devices list and couldn't be un-paired in the normal fashion - completely unknown to the vehicle's owner, that then allowed them complete access to the canbus and the ability to control anything controlled on the bus. Amazing and terrifying at the same time.

#11 Powersteer

Powersteer
  • Member

  • 2,460 posts
  • Joined: September 00

Posted 01 July 2013 - 14:23

oh my god, car chase would be so boring from now if police have special hacking devices

:cool:

#12 indigoid

indigoid
  • Member

  • 382 posts
  • Joined: March 04

Posted 04 July 2013 - 06:23

oh my god, car chase would be so boring from now if police have special hacking devices


so as an example of something that police could use in a car chase, or on your parked car,

Posted Image
HopeRF RFM12B-S2 433Mhz radio by indigoid, on Flickr

Cheap as chips, alleged range of up to a few hundred metres - ok, pretty short really, but given the tiny size... and hiding a one-ended wire (antenna) in a car shouldn't be difficult

I bought a bunch of these to use in a wireless sensor network. Pretty neat little gadgets

#13 ray b

ray b
  • Member

  • 2,565 posts
  • Joined: January 01

Posted 19 July 2013 - 03:01

http://www.huffingto..._n_3492339.html

link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently

can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?

#14 Greg Locock

Greg Locock
  • Member

  • 4,510 posts
  • Joined: March 03

Posted 19 July 2013 - 04:26

I think there have been proof of concept demonstrations, whether actual or theoretical I am not sure.

#15 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 19 July 2013 - 05:37

See linked articles in my opening post. It appears to be completely feasible--and not even terribly challenging-- to murder someone almost untraceably using malware infection of modern cars. In light of recent disclosures it seems quite possible the NSA backdoor may in fact already be baked into the cars' software. One has to wonder what, if indeed any, protections are in place in the cars used by high level politicians, surveillance state bigwigs, military brass, oligarchs and other Very Serious People. If I suspected someone with deep resources might be out to get me I sure as heck wouldn't be driving a late model car today, you are a sitting duck in one.

#16 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 19 July 2013 - 15:49

I don't think they need a back door necessarily. If a couple of hackers with limited time and resources can pull it off, a dedicated team of VSP (very smart people) with government backing could likely, very quickly, find exploits for a large number of vehicles - especially considering the nature of cross-platform component usage. Likely targets for exploits would be NAV units like On-Star that are almost invariably firmware-identical across large numbers of vehicles.

I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.

#17 saudoso

saudoso
  • Member

  • 4,633 posts
  • Joined: March 04

Posted 19 July 2013 - 16:25

I haven't yet figured out though why my entertainment / NAV package needs to be on the same canbus as my ESC and engine management system.


That's a very good question.

#18 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 19 July 2013 - 20:08

http://www.huffingto..._n_3492339.html

link claims the rolling stone writer michael hastings cars crash could have been controlled by others
this is a well known writer who exposed the USA afgan general's mistress story recently

can cars be crashed [ in this case a 2013 250 M-B] by hacking drive by wire systems ?

Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.

Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.

#19 Ross Stonefeld

Ross Stonefeld
  • Member

  • 57,281 posts
  • Joined: August 99

Posted 19 July 2013 - 23:00

If you see the accident scene, you will momentarily question whether you're turning into a conspiracy theorist. Dude went out Hollywood style.

Advertisement

#20 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 20 July 2013 - 00:55

Yes. But only in very badly scripted Hollywood B-movies. Probably starring Steven Seagal.

Now, if you will excuse me, I am off to wrap my car in tin foil to stop me being controlled by aliens.

The question wasn't "was he killed" but "is that possible". All tinfoil aside, it's been clearly demonstrated by a handful of car/computer nerds that the answer is clearly yes. In a drive-by-wire / electronic throttle with stability control platform, the canbus would give you tremendous control over the vehicle's speed and large inputs into it's direction. I'm not sure you could override a driver's braking input, but as we've discussed here numerous times, a functional brake pedal is no deterrent to destroying ones brakes and ending up a fireball on the side of the highway somewhere.

#21 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 20 July 2013 - 14:42

If you see the accident scene, you will momentarily question whether you're turning into a conspiracy theorist. Dude went out Hollywood style.

The crash was at 4.30am. That tells you what you need to know.

#22 Ross Stonefeld

Ross Stonefeld
  • Member

  • 57,281 posts
  • Joined: August 99

Posted 20 July 2013 - 14:56

No witnesses :p

But seriously, fireball and everything.

#23 MatsNorway

MatsNorway
  • Member

  • 2,057 posts
  • Joined: December 09

Posted 20 July 2013 - 17:30

Would not surprise me one bit. I heard about that journalist and then saw the thread here. Had a slight giggle of it.

#24 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 20 July 2013 - 20:57

No witnesses :p

But seriously, fireball and everything.

Just out of interest, are there any sort of statistics for how often a crashed car catches fire? It is AFAIK a fairly rare occurrence. In the real world that is - if you believe Hollywood, you will know that driving a black Mercedes over a cliff edge will immediately cause it to explode, even before it hits anything.

#25 Ross Stonefeld

Ross Stonefeld
  • Member

  • 57,281 posts
  • Joined: August 99

Posted 20 July 2013 - 21:20

Granted I don't see many road accident results, and maybe this is within the extremes given the speeds involved and that they aren't carbon monocoques or anything.

But.

A+ for effort, whatever the cause.

http://cdn01.dailyca...stingscrash.jpg

http://s11.postimg.o...tings_Crash.jpg

#26 saudoso

saudoso
  • Member

  • 4,633 posts
  • Joined: March 04

Posted 20 July 2013 - 23:12

I see a lot of embraced light posts and trees around here, some pretty serious sh!t. Never saw anything in flames like that.

Edited by saudoso, 20 July 2013 - 23:13.


#27 desmo

desmo
  • Tech Forum Host

  • 12,988 posts
  • Joined: January 00

Posted 21 July 2013 - 03:43

I was walking my dog about 100 meters my house and heard this screaming engine noise like 10,000 rpm then a big thud. A Ferrari had stuffed it into a stone wall at probably 100+ mph and it already was a ball of flame when I arrived on the scene. The passenger apparently survived the burns if only just, I never thought anyone could emerge from that conflagration alive. Pretty horrible looking at a car you can see has two people in it being burned alive.

#28 Greg Locock

Greg Locock
  • Member

  • 4,510 posts
  • Joined: March 03

Posted 21 July 2013 - 23:34

Nav needs to talk to vehicle speed and SWA and Ay so it can use dead reckoning when it loses the GPS signal (car parks, tunnels) and for lane detection. ESC needs those channels as well.

ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).





#29 pugfan

pugfan
  • Member

  • 174 posts
  • Joined: August 09

Posted 22 July 2013 - 03:56

Nav needs to talk to vehicle speed and SWA and Ay so it can use dead reckoning when it loses the GPS signal (car parks, tunnels) and for lane detection. ESC needs those channels as well.

ESC can apply the brakes independently of the driver, ABS can disable them, and EPAS could fight the driver's control of the steering wheel, although a sufficiently determined driver could probably still steer the vehicle (you wouldn't, you'd let go).


I thought it would be a more pedestrian reason, so that DVD playback could be disabled when the car moves off from a stop.

#30 Regazzoni

Regazzoni
  • Member

  • 902 posts
  • Joined: January 10

Posted 26 July 2013 - 09:27

http://www.bbc.co.uk...nology-23443215

#31 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 26 July 2013 - 10:10

http://www.bbc.co.uk...nology-23443215


"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."


So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.

#32 Ross Stonefeld

Ross Stonefeld
  • Member

  • 57,281 posts
  • Joined: August 99

Posted 26 July 2013 - 11:07

Thanks. You just spoiled the opening scene of the next James Bond.

#33 saudoso

saudoso
  • Member

  • 4,633 posts
  • Joined: March 04

Posted 26 July 2013 - 16:07


"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."


So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.


In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.

Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.

#34 Fondles

Fondles
  • Member

  • 50 posts
  • Joined: July 11

Posted 26 July 2013 - 20:40

In fact there is a 2" Bluetooth interface that goes in that connector which is going to be unnoticed by most of people. Costs $25 and can accessed from any PC or android phone.

Whoever is willing to do such a thing can very well come with some Bluetooth on steroids to make it work from a bigger distances. But there would be proof of foul play left on the car.


FWIW Bluetooth 4.0 has a range of up to 100 metres.

#35 Ross Stonefeld

Ross Stonefeld
  • Member

  • 57,281 posts
  • Joined: August 99

Posted 27 July 2013 - 00:43

Kinda sorta related

http://www.guardian....ling-codes-cars

#36 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 27 July 2013 - 14:17


"The researchers used cables to connect the devices to the vehicles' electronic control units (ECUs) via the on-board diagnostics port (also used by mechanics to identify faults)..."


So NOT in fact hacked at all. Of course you can control the car using that method. It wouldn't work for servicing if you couldn't access the ECU. But I doubt if anyone is going to run alongside your car, plug cables into your diagnostics, take control and crash the car, all without you noticing.

Not hacked at all? Toyota refered to it as an aggressive hack. You missed the point absolutely and entirely. The initial talk linked above shows how the canbus systems can be penetrated remotely, and activate responses not requested by the driver. They said quite clearly that their focus was in determining if and how one could breachthe system, not what could be done once in there. The only thing they claimed to have done was apply the brakes.

This second DARPA-funded team went to work determining not how to get on the system - that's already done - but what could be done once the canbus is penetrated. So what can they do? Apply throttle, apply brakes, disable power steering, disable brakes, hijack the steering entirely through the auto-parking feature, mess with the speedo, the GPS and god knows what else.

That the second team did it wired to a diag port means only that they didn't focus on wireless penetration - that's already been proven.
http://www.forbes.co...he-wheel-video/

Edited by Canuck, 27 July 2013 - 14:23.


#37 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 27 July 2013 - 18:16

You missed the point absolutely and entirely.

There's a point?? I thought this was the black helicopters/Roswell/Area 51/9-11/Mafia killed JFK thread. You mean you people are serious about this? Jeez. things are worse than I thought.

Watch my lips (or fingers). T-H-I-S I-S A N-O-N-S-T-O-R-Y. Al Quaeda or the NSA isn't going to take over your cars I-Pod and make you listen to Jay-Z tracks, or turn off your aircon even when it is over 35 degrees.

#38 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 27 July 2013 - 19:27

Yes - because these are the only people attacking your home PC. I mean, why would anyone write a virus to attack your PC? That's stupid. It would never happen. Only tinfoil hat lunatics could imagine complete strangers writing malicious code for no reason other than to see what happens. Certainly there's no possible means to monetize these bugs because the PC virus people sure haven't.

Is your complete denial of the landscape of possibilities afforded by insecure computers wherever they may be located due to old-age clouding your ability to see the potential, your fear of what might happen if you accept the new reality as reality or just plain stubbornness because you didn't see it first? The potential available is almost limitless, especially if you remove rational reason for why one might exploit these opportunities. Ever heard the term script kiddies? People don't need a reason other than to see an effect. How amusing to kill the S-Class in the middle of an intersection at rush hour, maybe honk the horn, lock the doors, start and stop lurching along. Look - the fat rich guy is my puppet!

I trust you're not in charge of security anywhere.

#39 indigoid

indigoid
  • Member

  • 382 posts
  • Joined: March 04

Posted 27 July 2013 - 22:56

Kinda sorta related

http://www.guardian....ling-codes-cars


Censorship to protect car companies who should have been more careful is pathetic, shortsighted and irresponsible. I hope it gets "accidentally" leaked.

This decision certainly isn't protecting the general populace. The folks with serious black hats on either already know the secrets or will know soon anyway, regardless of the court's whimsy.

Advertisement

#40 Tony Matthews

Tony Matthews
  • Member

  • 17,499 posts
  • Joined: September 08

Posted 12 August 2013 - 09:58

http://www.gizmag.co...07e010-89800598

#41 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 12 August 2013 - 13:04

Ha - demonstrated previously on a UAV. That's not a concern either, I mean who would bother hacking a UAV? Or a billionaire's yacht?

#42 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 12 August 2013 - 17:55

Ha - demonstrated previously on a UAV. That's not a concern either, I mean who would bother hacking a UAV? Or a billionaire's yacht?

Yet another of these 'Oh gosh, really??' studies demonstrating, at doubtless great expense to someone, things that we already knew. Of course you can corrupt GPS signals. It doesn't need the U. of Texas to tell us that. But distorting GPS signals is hardly the same as gaining control of a vehicle and over-riding the driver/helmsman. It certainly isn't hacking into the control systems, so once again this is irrelevant to this issue.

Yes, you could fool my satnav this way, but if you think I am therefore going to drive into a wall or over a cliff, think again (although it would work for some idiots who prove it daily by driving into rivers, onto railways and up dead-ends because they believe 100% in their satnavs.) You could do the same with analogue methods by turning road signs round!

Edited by BRG, 12 August 2013 - 17:56.


#43 Bloggsworth

Bloggsworth
  • Member

  • 7,469 posts
  • Joined: April 07

Posted 12 August 2013 - 19:00

Well, blow me. Some academics have concluded that you can hack into a computer and take it over! Who'd have ever thought it? If we'd only known, we would have all got ourselves security software to prevent it. Oh, wait a minute, I seem to have been paying Kaspersky for something.

When my car is connected to the Internet, then I might worry - a really tiny amount. Whilst it remains entirely self contained, I won't. I worry rather more (still not a lot) that hackers might subvert the traffic lights control system and cause gridlock. Or take over the dot matrix signs on the motorways and post rude messages.


Your car may be connected to Bluetooth already. Remote sensing of tyre pressures is done by wireless technology, so if you can hack the link between wi-fi valve caps and the car's CPU you can effectively control it remotely; not very remote, but remote enough to be invisible, say in a following car. No cars have very robust anti-virus or anti-malware protection if they have any at all. This is not pie-in-the-sky, universities have demonstrated it.

#44 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 13 August 2013 - 17:27

This is not pie-in-the-sky, universities have demonstrated it.

You were sounding quite convincing until this part.

#45 saudoso

saudoso
  • Member

  • 4,633 posts
  • Joined: March 04

Posted 13 August 2013 - 20:51

The other day there where news of one of those fancy japanese toilets being subject to hacking. Things like flusing or running the wash jets remotelly.

It will happen over and over again. People start adding wireless capacity to devices and can never forsee what the devious minds can come with.

CDMA anyone?

#46 Bloggsworth

Bloggsworth
  • Member

  • 7,469 posts
  • Joined: April 07

Posted 13 August 2013 - 21:30

You were sounding quite convincing until this part.


You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work. As more and more equipment uses wireless technology; cardiac pacemakers, central heating, the CPUs of cars and even your fridge/freezer, more and more gadgets are open to hacking. If your car has Bluetooth built in, it is a gateway to your car's central processing unit and is unprotected.

#47 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 14 August 2013 - 20:21

You are perfectly at liberty to bury your head in the sand if you want to, but don't imply that I am walking around with tinfoil on my head. Universities are in the forefront of investigating what can and can't be hacked, it is very important work.

But none of them have actually demonstrated it. So far we have a wild theory. Someone has plugged a laptop into the diagnostics and affected various things. Duh, that's what diagnostics ports are there for. Someone else has distorted GPS signals. Duh, the UK did that to Luftwaffe navigation beams in WW2. No one has proved that they can externally control or influence the controls of a car remotely by Bluetooth/wi-fi/internet or whatever. So until someone does, I call BS on this whole conspiracy theory.

The world is a dangerous place. If I wanted to do harm to you via your car, two minutes with a pair of side-cutters on your brake lines would do the trick a lot more certainly than some airy fairy attempt to take remote control using your i-phone.

#48 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 15 August 2013 - 01:53

Jesus...you really did fail to follow the first link didn't you? Remotely hacking the car via Bluetooth is exactly what they did. With an Android phone.

And what conspiracy theory? Nobody, even in my tinfoil hat is calling conspiracy. These demonstrations show clear opportunity that jacking a car's control system is completely feasible. That's it. If it's feasible, I believe there are active research programs by government funded agencies. Like DARPA. Who funded the 2nd demo's research.

#49 Canuck

Canuck
  • Member

  • 1,654 posts
  • Joined: March 05

Posted 15 August 2013 - 01:56

Heh. group A showed that they could break down the vault door and group b showed they could open the safety deposit boxes, but group a and b haven't shown it together so the contents of the safety deposit boxes are safe and anyone worried is clearly paranoid.

#50 BRG

BRG
  • Member

  • 11,579 posts
  • Joined: September 99

Posted 15 August 2013 - 09:53

anyone worried is clearly paranoid.

You FINALLY got there... :wave:

I think that YOU should re-read the original paper. It does not even mention Android phones. What it does say, referring to the test on a moving car, is "The experimented-on car was controlled via a laptop running CARSHARK and connected to the CAN bus via the OBD-II port. We in turn controlled this laptop remotely via a wireless link to another laptop in the chase car. To maintain the wireless connection between the laptops, we drove the chase car parallel to the experimented on car.."

So unless you find a strange laptop that has appeared overnight in your car and is connected to the car by some suspicious cables, you are pretty well safe.

Now I will leave you guys to compare tinfoil hats.

Edited by BRG, 15 August 2013 - 11:16.