Wait, Now I Need Security Software For My Car, Too?
from the trojan-brakes? dept
Remember a few months ago when a disgruntled ex-employee from a car dealer was able to login to the dealer's computer system and remotely disable over 100 cars? And, of course, there have been concerns over the ability to use systems like OnStar to remotely disable cars as well, with concerns about what would happen if malicious hackers were able to get their hands on the controls. Now, to add to those concerns, some researchers are reporting that modern day car computing is vulnerable to malicious hacks that could put drivers in danger.The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry....Happy driving, everyone...
The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.
The researchers asked what could happen if a hacker could gain access to the network of a car, said Tadayoshi Kohno, a University of Washington computer scientist. He said the research teams were able to demonstrate their ability to circumvent a wide variety of systems critical to the safety of drivers and passengers.
They also demonstrated what they described as "composite attacks" that showed their ability to insert malicious software and then erase any evidence of tampering after a crash.
The researchers were able to activate dozens of functions and almost all of them while the car was in motion.
To be fair, the researchers admit that they did not look at what kinds of "defense" the car might have to block such attacks, but they do point out that those developing car computing systems probably don't have as much experience or concern in the security realm. For the most part, this sounds like it's not a problem that anyone's going to face in the short-term. If anything, I'm guessing we'll have a lot more moral panic stories about what will happen before any reports of something bad actually happening. However, at some point, it seems likely that these sorts of stories will pass over from the hypothetical into the real world, and at that point, I'll be looking for a car that runs on open source software.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Custom patches or mod chips for cars?
[ link to this | view in thread ]
The big question
[ link to this | view in thread ]
reminds me of this
[ link to this | view in thread ]
Re: reminds me of this
[ link to this | view in thread ]
[ link to this | view in thread ]
Large airplanes fly-by-wire.
[ link to this | view in thread ]
I picture Shia Lebouf as the supporting actor, I think he does a great frustrated and misunderstood scene.
[ link to this | view in thread ]
To be fair:
[ link to this | view in thread ]
Nope
Or the 1971 Nova 6 I used to own.
Now the 62 Nova II wagon I had was cool.
None of those cars had any sort of software problem.
[ link to this | view in thread ]
Re: Custom patches or mod chips for cars?
[ link to this | view in thread ]
(incidentally, it also happens to reduce your max speed to 30 mph)
[ link to this | view in thread ]
Re: To be fair:
The need for physical access to the car and to the network of a car was stated. The diagnostics port in particular was not. The team that demonstrated this used the diagnostics port, as is reported in other articles on the subject. I doubt that the diagnostics port is the only point of access which would allow such manipulations.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Custom patches or mod chips for cars?
Legal - Sometimes.
Per the Clean Air Act, its against Federal Law to tamper with the emission control devices in cars for a certain number of years. Your ECU is part of the emissions control system. Removing a speed limiter is probably a different story, however I don't believe I know of any of the plug-in tuners that carry the CARB or Federal OK #'s.
[ link to this | view in thread ]
Re: Re: To be fair:
[ link to this | view in thread ]
Re: Re: Re: Custom patches or mod chips for cars?
'Chipping' a car simply changes a few strings of engine timing code to apply a performance based map for air to fuel ratio in the car... most easily chipped cars are ones that are already running a forced induction application.
As far as 'hacking' a cars ECU, it's not like taking out a computer on the internet, you need physical access to the vehicle... except OnStar type vehicles.... for now. Once cellphone connectivity comes standard with cars then the ECU will be able to be remotely attacked.
(insert sarcasm) I'm so glad the the auto industry is finally realizing that this potential threat could soon become a very real issue and much sooner then they think.
[ link to this | view in thread ]
Aha!
[ link to this | view in thread ]
Security
[ link to this | view in thread ]
Re: Custom patches or mod chips for cars?
[ link to this | view in thread ]
Re: The big question
[ link to this | view in thread ]
Re: Aha!
[ link to this | view in thread ]
Re: Custom patches or mod chips for cars?
[ link to this | view in thread ]
Re: Nope
[ link to this | view in thread ]
Re: The big question
[ link to this | view in thread ]
Re: Re: reminds me of this
[ link to this | view in thread ]
Re: Large airplanes fly-by-wire.
[ link to this | view in thread ]
Re: Security
Also, if you ever allow anyone else to drive your car (mechanic, valet, or even a 'friend'), you have just allowed someone to connect to your cars computer...but you didn't know it, so does that also make you a dumbass?
Come on, be nice. If the car makers do not take steps to protect consumers NOW, as the software develops the protection will be more difficult to program in later and that is the point I took from the article.
[ link to this | view in thread ]
hmmmm .....
It would be funny to have every car in a state start blowing their horns, flash their lights, turn on the windsheild wipers at the same time, randomly unlock and lock the doors, and pop the trunk. Or in the case of cars with user based self adjusting seats ... squish!!!
yeah I know improbable because of the different OS's and versions used on the CPU's. It would be funny though.
[ link to this | view in thread ]
Possible Bright Side
[ link to this | view in thread ]
This reminds me of....
http://www.snopes.com/humor/jokes/autos.asp
[ link to this | view in thread ]
Re: This reminds me of....
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Custom patches or mod chips for cars?
[ link to this | view in thread ]
Re: Possible Bright Side
Seriously, I've been wishing for such capabilities for years. Instead I've been faking it by standing on the lawn pointing a hairdryer at booming shitboxes on wheels, but that just makes them slow down. :(
[ link to this | view in thread ]
Re: Possible Bright Side
[ link to this | view in thread ]
I think you should just format your engine and re - install the operating system on it. Make sure you do all the patch updates afterwords.
[ link to this | view in thread ]