Modern Cars Can Easily be Hacked

According to this this article, which itself is a summary of two recent research papers.

According to the article:

"...The researchers’ findings are not theoretical. They were able to attack a 2009 model sedan and render its brakes ineffective while a test driver was operating the car."

and

"...There turn out to be multiple pathways for car hackers. Diagnostic tools used by mechanics can give hackers laptop access to critical systems. If an attacker is able to get a music file preloaded with malware onto your iPod, just plugging it into a car’s USB port could give that attacker full access. Nearly all new cars now have two-way cellular capability necessary for such systems as GM’s On-Star that are purposely designed to faciliate access to all-important systems."

I find all this extremely fascinating. I haven't found a documented episode of a car being hacked "in the wild", but I suppose it's only a matter of time.

I've heard of this, but most of the purported hacks require very close range or direct physical access, either to perpetrate, to utilize, or both. It's hardly surprising — I've heard of people hacking the firmware of many common appliances; as long as something runs on an embedded software program, someone will find a way to break into it.

The question is whether it presents any significant threat. I imagine that if someone starts remotely disabling people's brakes, the NTSB (in America, or equivalents in other countries) will hear about it pretty quickly. If there's one agency that's been effective at compelling safety fixes in manufacturers, it's the NTSB.

...and quite a few garages offer re-mapping of cars' ECUs for additional performance, economy, or both. It is otherwise used for diagnosis of engine faults and use in maintenance.

In fact, software/machines to read the ECUs in some cars can brought (and used) by the general public.

So someone could offer an aftermarket firmware patch for your car that contains code to disable the brakes once you exceed 65 MPH or something. Yay free market!

edited 26th Jun '13 7:37:33 AM by Fighteer

Easily. But, remapping is mainly used to tune an engine, and equipment to read the ECU is expensive — in fact, the higher end stuff, where things can actually be changed, is (mostly) trade-only. See On-board diagnostics and OBD-II PIDs.

edited 26th Jun '13 8:08:20 AM by Greenmantle

I'm pretty sure that automotive brakes are a purely mechanical system rather than an electronic one, and those that are electronic, such as the parking brake in my dad's car, are designed to fail safe, meaning that when you disengage them it turns on an electromagnet that pulls the brakes off. If it fails, the magnet disengages and the brakes are applied.

This is another problem of "Everythings On Line". A website (now dead) talked about how stupid it was to put things on line: Can I crash your car with a bad map? Burn you house down because your toaster is on line?

While the option to mess with RAM chips and engine settings has been around for a while, I suspect that wireless access to care can make somethings easier.

Personally I don't see this as a problem unless companies leave Onstar like systems unsecured. A lot of people don't know that car alarm codes are standard. Many car thieves have the keyfobs of the major makers and (using a scanner) can decode and hack car alarms into silence. Mostly thanks to some lazy programming.

It's like luggage. Samsonite locks are though, but the keys are standard (and now the US TSA has a skeleton key) and so they can be opened with a little work. Or if some SOB singes for the master key.

I'd disable the cell phone access and wireless access to the engine. A "hacker" messing with my care would be more likely to steal it than mess with the brakes. If they wanna mess with my care, I want the forkers to actually have to break in as opposed to tricking the onboard navigation system.

I just use my phone anyways.

Or just get something that they can't hack into electronically...

This starts to force you to ask the question: why go to all this effort to crash someone's car or make them drive off-course when there's no profit in it? Criminals aren't out to commit wanton mayhem for the sake of being dicks; they want money. To that end, they're far more likely to focus on "hacks" that let them steal cars easily.

Terrorists might try to hack cars to cause chaos and death, but the first time there's a proven incident, you can bet that regulators and manufacturers will rush to patch things.

I would imagine that law enforcement will be very interested in this. A terrorist would be more interested in hacking a very large number of moving vehicles at once.

By the way, brakes are not simply mechanical anymore, at least not on all models. Neither is acceleration. The only thing that isn't under electronic control is the steering.

And since they are developing self-steering cars, even that wont last. At some point in the future, it should become possible to take control of the car, lock in the passengers, and direct it to another destination.

There's a saying in the US Army:

"Locks keep honest people honest."

Some idiot will try to crash a car, and I'm sure some Al Queada branch is trying to see if they can do bad things with all our Beeping Computers. But for the most part, security systems and codes keep most Playful Hackers at bay.

Why does my car need to be online anyway? Is it so had to put a key in an ignition? There are some luxury car brands with RFID keys that open AND start if you get the key hear the car. Boys and their toys.

I like that computers in cars are hackable, you can download settings for your care to boot mileages, get more horsepower etc. Trade with friends, make your own.

Here's the rub: while systems you plug into are secure, what about wireless? Are companies taking steps to secure their on-board systems? "Trust us it's secure" is right up there is "The check's in the mail" and "You may already be a winner" as phrases that don't mean anything.

Hopefully car-markers are taking steps. If consumers take matters into their own hands, they shouldn't void the warranty nor incur the wrath of car-makers. It's not our fault they made a crappy security system.

Like that Doctor Who episode, "The Sontaran Stratagem"? When they start trying to sell you Atmos pollution control devices, watch out!

edited 26th Jun '13 8:49:37 AM by Fighteer

Right. The police only want sysadmin control of all vehicles operated in the US for public safety reasons...

Remotely? Good fucking luck.

You have to be familiar with the software architecture of the vehicle you're hacking first, and most people aren't. I mean theoretically, I suppose it's possible, but not likely, and not hard to protect against if it isn't already.

From this page (an FAQ list for the two research papers I linked to):

"...The primary direct interface to the computers in a U.S. automobile is the federally-mandated On-Board Diagnostics (OBD-II) port. It is under the dash in virtually all modern vehicles and provides direct and standard access to internal automotive networks. In many cars a range of wireless devices are also attached to these networks, as can be some after-market products (e.g., entertainment units). In the experiments described in our May 2010 paper "Experimental Security Analysis of a Modern Automobile," we connected our equipment to the OBD-II port. We explore a number of other communications channels in our August 2011 paper "Comprehensive Experimental Analyses of Automotive Attack Surfaces", including long- and short-range wireless communications, the networked diagnostic tools used by automobile mechanics and the car's CD player."

I have a friend who works for Jaguar-Land Rover Corporate, and his specialty is their onboard software and how it interacts with mobile devices. I frequently lament many of the features for reasons similar to this(namely the fact that most JLR vehicles don't turn on with a key in the ignition anymore, they use a fob. The key can only manually open doors.) He generally agrees, but says that these luxury features are what their customer base wants, which is why they have them put in.

Personally, I'm ok with someone having to plug into a port in my vehicle as a vulnerability. Diagnostic tools like that are very useful, I own one that I plug into my car. However, I won't be buying any cars with wi-fi anytime soon.

Saw this on CNN the other day, and it seems relevant. It appears some sort of "mystery box" is allowing criminals to unlock cars and disable their alarms with ease.

edited 26th Jun '13 2:25:06 PM by Wulf

I'd like to know the process behind how a FOB unlocks a car remotely, it obviously radiates something in every direction, so it must be some sort of frequency that is somehow unique to the car.

Knowing that is the key to knowing how it is they do what they do, odds are they aren't remotely hacking into the car on the fly since it's just a little box, and the fact that it works on multiple models by multiple makes means that it isn't based on the software, it's based on the unlocking mechanism for the car itself.

Which means somehow it is spoofing the remote unlock feature in the fob, my theory is it's a device that knows enough about the band that most cars function on and the process used in remote unlocking to "brute force" the car by rapidly emitting pulses until the right one works.

I read through this... There has to be a way, someone figured it out and started selling these things. The way it's going to get figured out probably isn't through dual theory though, we aren't going to figure it out behind criminals and develop appropriate countermeasures. Someone is going to have to get arrested, and they're going to tell the cops where they got it, and that will eventually lead to the creator of this device or organization that developed them.

I highly doubt it's based on the actual software in the car, it's got to be spoofing instead of hacking. Having a pre-written script on that box which can automatically hack any of several different makes and models of cars is just too much of a jump. You would have to have the combined knowledge of people from several different parts of the auto industry, people who sign confidentiality agreements and are paid a lot of money.

edited 26th Jun '13 2:42:40 PM by Barkey

Welp, that's made sure I only ever buy old enough to have mechanical locks and starters, or at the very least no keyless entry and go.

edited 26th Jun '13 3:19:13 PM by Deadbeatloser22

The solution to this issue is to not keep valuable shit in your car, and if you have to, put it in the trunk where it isn't visible.

I'm just as worried about them nicking the actual car. Otherwise I wouldn't have made mention of keyless start.

edited 26th Jun '13 3:31:20 PM by Deadbeatloser22

That doesn't really make it any worse than it already is. Most cars up until recently don't have alarms, at least in my experience. Shattering the window is all the same, or slim-jimming it. Then you still have to be able to hot-wire the car to steal it.

I suppose a device like this which can send a spoofed command code to unlock the car could also spoof the code to start the ignition, but none of the thieves have stolen the cars, only what was inside of them.

Which is strange in and of itself, because all you have to know that is different in the process is the ID code on the action itself, to which ignition and unlock are not so different. It just makes me ponder why they don't steal the car with it.

Newer cars have a chip in the key that locks out the ignition unless the chip completes the circuit and does the hokey pokey and secret knock to start the car. I don't like keyless entry and remote start because that's too many wireless eggs in one basket.

However, given all the pretty, shinny toys most cars have, a thief could break in and make enough (between Ipods, GPS, fancy stereo & speakers, valuables) to make it worth trying. Even if the motor is bricked, without the alarm crooks can nick the tires and rims as well.

edited 26th Jun '13 4:40:59 PM by TairaMai

I don't like keyless entry and remote start because that's too many wireless eggs in one basket.

The thing is that I think this is the future, simply due to cost and convenience. I predict that eventually cars will be used primarily in a "cloud" model with providers owning numerous self driving cars stationed around town which people can rent on demand. It's just way more efficient that way.

I'm pretty sure the car is itself is more valuable than most of everything else I own put together.