Design Con 2015
Breaking News
News & Analysis

How Hackers Can Take Control Over Your Car

Attacking scenarios
7/8/2013 07:52 PM EDT
71 comments
NO RATINGS
1 saves
< Previous Page 2 / 2
More Related Links
View Comments: Threaded | Newest First | Oldest First
junko.yoshida
User Rank
Blogger
Cyber security for cars?
junko.yoshida   7/8/2013 9:26:31 PM
NO RATINGS
I happen to believe cyber security risks for car are real.

Bloomberg reported in May that car hacking is prompting new efforts by National High Trafic Safety Administration, auto regulator. 

http://www.bloomberg.com/news/2013-05-15/car-hacking-threat-prompts-new-effort-by-auto-regulator.html

Regulation is one thing but industry collaboration is another. Tell us what you are doing about this.

mcgrathdylan
User Rank
Blogger
Re: Cyber security for cars?
mcgrathdylan   7/9/2013 12:57:02 AM
NO RATINGS
Isn't it kind of taken on faith by now that anything can be hacked? Trust no one.

Rob12340
User Rank
Rookie
Re: Cyber security for cars?
Rob12340   7/9/2013 2:46:55 PM
NO RATINGS
Yet more scare mongering by the media, but I wasn't expecting it to be EE Times.

There is already basic Networking in cars, since many Sat-Nav systems in modern cars incorporate a 2G or 3G GPRS data Modems in order to pick up information about conjestion and map updates and provide e-Call functions. However, the Sat-Nav is designed to be an isolated system within a car and can't influence other systems no matter how much you changed its software by hacking. The next step for Sat-Navs is to provide 4G services in the car, so your passengers can use the Web via a WiFi/WiFi Direct link inside the car. This Network would essentially be isolated from critical systems, or some critical systems could send information to this Network about the status of the vehicle to be sent over GPRS to your car dealer. Through simple programming of the critical systems it would be extremely easy to stop any attempt to allow the Network to alter the critical systems firmware (no write access), so the Network remains isolated inside the car.

Car 'critical systems' don't run Windows 7 or 8...or Linux...which a 15 year old could hack....car manufacturers have a lot more sense !

fmotta
User Rank
Freelancer
Re: Cyber security for cars?
fmotta   7/10/2013 1:09:23 PM
NO RATINGS
There is a difference between fear mongering and information.This is not fear mongering in my mind. 

Fear mongering generally has a goal to do more than inform and often tends toward a specific action.  I see none of this in this article and, amongst those posts I have read I have not seen anyone press toward either of these goals.

I remember when I stood up in a conference stating the obvious data capture that was beginning for the internet data over 10 years ago and people saying I was paranoid and fear mongering... All I did was notice the architectural trend in devices and methods used for the purposes of providing broadband data.  Some things were not needed to just do what was stated within the above board product descriptions nor "future proofing". Wait! That is now (more) common knowledge.

I think it is addressed to the wrong audience and that the average EE would already know all this.  There is no exciting new science or technology that an EE would have to acquire to discrern this situation intuitively.  After all, I did not go search for a way to do the reverse engineering I needed to do for the fob replacement. I just used the obvious tools to address the obvious need.  It was nothing very earth shattering, believe me.

Clark Chamberlin
User Rank
Rookie
Re: Cyber security for cars?
Clark Chamberlin   7/10/2013 3:52:11 PM
NO RATINGS
I can absolutely see cyber security for cars becoming more and more of an issue as technology advances - this article is right on the money.

I think one issue in a hacker's favor is the lack of consumers educated on the topic. When will car consumers decide that application security on their vehicles is a major concern? When will car makers see a need to leverage the cyber security of their products?

A huge issue right now is that automobile manufacturers don't need to put much effort into creating less vulnerable vehicles. I believe it won't become a priority until someone gets hacked and seriously hurt or killed. Time will only tell. One step in the right direction is when information is presented in a way that  appeals more to the general population. It's not fear mongering, it's key way of educating consumers about a real problem (because there is one). One infographic I particularly like is this one by Boston based company, Veracode:  http://www.veracode.com/blog/2013/04/the-future-of-cars-connected-vehicles-infographic/ 

 

fmotta
User Rank
Freelancer
Re: Cyber security for cars?
fmotta   7/10/2013 4:57:41 PM
NO RATINGS
Part of the problem I see is that the security issues are less interesting and more difficult to address.  And, they impede progress of a desired feature/marketing buzz.

 

So, we will end up with a 3rd party selling a crappy "solution" like norton virus (yes I intentionally omitted their 'anti' as my name is more correct than theirs).  These 3rd party things will attempt to do white-box, generalized, reusable solutions and then we will be installing applications on our cars and suddenly the car will fail to work (as have at least 5 PCs that I know have accepted the most recent norton updates).

 

Duane Benson
User Rank
Blogger
Re: Cyber security for cars?
Duane Benson   7/16/2013 5:57:42 PM
NO RATINGS
The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.

Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.

fmotta
User Rank
Freelancer
Re: Cyber security for cars?
fmotta   7/16/2013 6:08:51 PM
NO RATINGS
I agree that the EE/SWE needs to be aware of safety/security.  But, when management/marketing push a feature/product despite the insight what the worker (Engineer) warns/suggests then the best that can happen is "meet the deadline and functionality" as they are told.

The need is for the general public to push Marketing to make safety/security part of the product spec so that the Engineer can be justified to do things right.

junko.yoshida
User Rank
Blogger
Re: Cyber security for cars?
junko.yoshida   7/18/2013 8:36:09 AM
NO RATINGS
I couldn't agree with you more, Duane. There is always that aspect: engineers are aware of potential vulnerabilities but there is that inevitable marketing force, asking engineers to get the products out sooner.  

I am not here to blame anyone, but I would love to have open conversation on this topic within the industry (and consumers).

Jerrysc
User Rank
Manager
Re: Cyber security for cars?
Jerrysc   7/10/2013 10:09:22 AM
NO RATINGS
Some people died here recently of carbon monoxide poisoning because their car was running in the attached garage. It had key fob start. Accident, malfunction, or murder? And how do you shut off the ignition in a car with a start/stop pushbutton if it doesnt want to shut off? What about the secret back doors and possible malware in pre-engineered chips? So called safety automation of what should be driver activity provides more opportunity and incentive for the driver to engage in diversive activities, and enables inherently unsafe drivers to be on the road. Cars need to have a simple foolproof means of allowing the driver to regain total control when necessary.

Tom Murphy
User Rank
Blogger
Re: Cyber security for cars?
Tom Murphy   7/10/2013 11:40:19 AM
NO RATINGS
With Google working on cars that drive themselves and increasing use of network devices in cars, it's only a matter of time before cars crash due to bad data, electrical interference, or malicious intent.  Security on a desktop computer may be important, but security for your dashboard will be a life-and-death matter.  Until that little wrinkle is straightened out, I'll happily continue to use the tried-and-true key-in-ignition security system.

Worldpowerlabs
User Rank
Rookie
Re: Cyber security for cars?
Worldpowerlabs   7/10/2013 12:29:41 PM
NO RATINGS
Yet another reason why I like my "old" (1997 and 1999) vehicles.  Real throttle cables; no automatic braking schemes; NO bluetooth integration (no iPod nonsense, either.  Both *can* play cassettes, though.); windows and rear lighting are not on a CANbus network....

 

 

Tom Murphy
User Rank
Blogger
Re: Cyber security for cars?
Tom Murphy   7/10/2013 1:09:13 PM
NO RATINGS
Krisi, WorldPower:  You're right on!  When I was a kid in the 60s, my dad bought a new car without power windows. I asked why. He said it was because he had never seen a car with power windows that didn't have problems with them. That was before cars had any computers. Today, they have hundreds.  Of course, over the years, power windows became more reliable.  But with the unrestrained growth of technology in cars, we now have cars that people don't know how to operate all the tools, and tools that are more prone to failure, perhaps triggering other problems.  The cost is driving up cars to the point where most average folks have to lease instead of buy.   Is this progress?

Yes, computer driven fuel injection improves mileage. Dandy. Let's do the things that make sense and leave out the bells and whistles that we don't need.  Really, we can drive our own cars if the alternative raises even the slightest risk of losing control of it. Right?

Etmax
User Rank
Rookie
Re: Cyber security for cars?
Etmax   7/29/2013 12:23:34 AM
NO RATINGS
Dear Junko,

Thanks for the link to the researchers report. I read through it in detail and most of what they are saying relates to getting a CD into the car, and accessing the OBD-II port to make code changes. Later in the article they mention bluetooth cellular and RDS as attack vectors but it's not entirely clear (to me) whether these attack vectors only become available after the previous physical access. If the physical access is not necessary then the car they chose is difnitely hackable in the fashion I didn't believe possible, where as if the physical access is necessary then it is essentially as I had suspected. and I put this in the "brake line" category.

The thought of corrupting an OBD-II pass thru or even compromising the PC used in the workshop are certainly realistic and not precursors I had entertained as part of "hacking", but if we add that to the mix then short of not allowing dealers reprogramming access, I don't see the hacking problem going away. And that I believe will never happen without a government directive because it is too convenient and represents too much of a cost savings to them (dealer and vehicle manufacturer).

junko.yoshida
User Rank
Blogger
Re: Cyber security for cars?
junko.yoshida   7/29/2013 10:30:58 AM
NO RATINGS
Hi, Etmax. I believe you are right. For attack scenarios using bluetooth cellular does require the previous physical access, if I understood it correctly. 

Aside from the debate over how easy or difficult it is to gain the previous physical access to a car that is to be attacked (and I agree, it would be difficult), it still boggles my mind how easy bluetooth pairing was done in that attack test scenario.

I agree thaqt accessing the OBD-II is an age-old problem, which is hard to solve.

Bert22306
User Rank
CEO
Unconvinced
Bert22306   7/8/2013 9:28:13 PM
NO RATINGS
Count me among those who aren't hyperventilating just yet.

The easiest way to investigate these scary stories is not so much to list all the systems that CAN be breached, but to look at the critical systems first. Ignore all the non-critical systems. They get listed just for the sake of the oooh-aaah effect.

Most cars still use vacuum-assisted hydraulic brakes with dual-redundant hydraulics. Can that be hacked? Most cars also use a mechanical steering column, even if the power assist may in some cases now be electric. Can that mechanical column be hacked?

The only thing I'd worry about here is throttle. While the brakes of any car can easily overpower the engine, if the throttle is wide open, you will lose most of the vacuum assist. So a remote attack to the throttle would be the most important one to defend against, as far as I can tell. A good defense there is to shut off the engine. If the car has a key ignition switch, being careful not to turn the key all the way and lock the steering column.

I agree that the OBD system is the most obvious path to mischief. If you make life easy for engine diagnostics, including emissions testing, there's your attack vector. Still, brake and steering control are independent.

junko.yoshida
User Rank
Blogger
Re: Unconvinced
junko.yoshida   7/8/2013 9:37:47 PM
NO RATINGS
Prioritizing what's most urgent is always a good idea.

For those who are still unconvinced, take a look at the technical paper quoted in this story, written by researchers of Univ. of Washington and Univ. os Calif. - San Diego.

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

LarryM99
User Rank
CEO
Re: Unconvinced
LarryM99   7/8/2013 10:34:57 PM
NO RATINGS
The attack surface is increasing. Check out this article from a recent Wired magazine about a drive-by-wire car. http://www.wired.com/autopia/2013/05/al_drivebywire/

When I was at Northrop I was given training on the hacking process. It is surprisingly (at least to me) disciplined and codified into a set of procedures. The key is to look at systems differently. Most normal people (norps) think in terms of variations of typical use models while hackers will tend to turn them upside down. Even most engineers tend to not be good at creatively misusing systems. A good test engineer is probably the closest "normal engineer" to being a white-hat hacker, since they probe the limits of systems.

That being said, hackers are not omniscient. The hacks that were done to support this paper required extraordinary physical access to the vehicles and were not necessarily robust. They would have been tough to do on a moving car. Right now the wide-area access is relatively limited, but that will increase.

The best safeguards are the simplest. The little LED on your webcam is the best indicator if there is a hacker watching you through it, since it is a simple physical connection. An "off" switch (physical, not soft) pretty much guarantees that a device is not accessible. The more complex a system is the more vulnerable it is.

David.Proffer
User Rank
Rookie
Re: Unconvinced
David.Proffer   7/8/2013 11:11:10 PM
NO RATINGS
Good points Larry. 

To your point 'The little LED on your webcam is the best indicator if there is a hacker watching you through':

A 'funny' event I recently had that may show a growing weakness in the 'I'm on' light:

I was staying at a hotel recently and upon coming out of the shower I looked up to see a blue LED glowing behind the grill of the bathrooms ceiling exhaust fan. Being the paranoid inquisitive tech guy I am, I of course popped the cover off and had a look. There was a small black plastic square device with a blue LED glowing in one corner. I took a few photos of it and the name plate tag of the exhaust fan. Five minutes of 'googling' found that the unit contains a humidity sensor with dual color LED to indicate what function the fan is operating in!

From the manual 'This product also incorporates a dual color (blue and amber) LED indicator to show if it is running at humidity sensor mode or full speed mode.'

http://www.ventingdirect.com/delta-electronics-vfb25ach-breez-80-cfm-humidity-sensor-exhaust-fan-less-than-0-3-sone/p1121978

I just wonder the prudence of this major hotel chain installing these blue LED equiped humidity sensors in all of their guest bathroom ceiling?

And of course, switching my 'white hat' to my 'black hat' wondering how quickly I could build a remote transmitting video and audio device to mimic this humidity sensor and LED!

 

LarryM99
User Rank
CEO
Re: Unconvinced
LarryM99   7/8/2013 11:34:43 PM
NO RATINGS
Not bad, but keep in mind that the LED = "video on" association only works for commercial webcams. Build one yourself and you have the option of not following that standard!

It does bring up the dark side the current Arduino and Arm wave of innovation. It used to be that it took an engineer to build a system up from components. Now any reasonably smart person can assemble what you have described from $50 worth of parts - no soldering iron required.

Duane Benson
User Rank
Blogger
Re: Unconvinced
Duane Benson   7/9/2013 5:37:32 PM
NO RATINGS
The LEDs in many (if not all) web cams are under software control and can be disabled. Not all webcams have LEDs indicating their status. I can think of at least four different laptops that don't have LEDs.

fmotta
User Rank
Freelancer
Re: Unconvinced
fmotta   7/10/2013 8:55:26 PM
NO RATINGS
Duane,

    The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device).  The Microphone as well.  I am not hiding anything.  I am just not broadcasting it either.

   The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip.  That "update" included capture of data if the device is a keyboard HID.  The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.


   IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC.  If a vehicle has internet access and a known OS then the next step is inevitable.

 

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 12:28:32 AM
NO RATINGS
Or just desolder the LED from the commercial one, if you have physical access no problem, do it when you re-flash the MCU via OBD-II.


Re Arduino, I wonder how long before we need virus checkers for out Arduinos :-)

 

David.Proffer
User Rank
Rookie
Re: Unconvinced
David.Proffer   7/8/2013 10:52:58 PM
Bert I hope you are able to continue to drive that 1975 AMC Pacer you own for a long time :-)

Because, bad news, cars that are sold today are far more integrated across all systems that I think you are aware. I took a 30 second review of the systems that you can have on the 2013 Mercedes C250 that the journalist Michael Hastings was driving when he was killed last month in Los Angeles. There are at least 20 more attack vectors and active break, steering and accelerator connections available in this car than were available in the 2011 hack that Junko cited. The possibilities to take over this car are astronomical!

https://plus.google.com/u/0/111718018022624143076/posts/KR7n78oj58H

In the case of the Mercedes C250 2013 and your points:

1) Brake system - software controlled with at least 4 non-brake system that I count that can active any single or combo of brakes.

2) Steering column - the least hackable control in the car that I found, I could only find control that 'alerts the driver by vibrating the steering wheel' HOWEVER, the Mercedes 'Active Lane Keeping Assist' will 'If the driver continues to drift, it can apply the brake to a single rear wheel to help guide the car back into its lane.' That is as good as steering. Think about how steering could easly be overridden by wheel braking combos...

3) Throttle - I could not confirm it, but if the throttle is not fully 'control by wire' it is still fully controllable by software.

4) Shut off the engine, bad news again, more and more cars today do not require a physical key to be inserted to enable the car. In the C250, 'A leap in ease and efficiency pioneered by Mercedes-Benz, KEYLESS-GO lets you unlock, start and drive away without removing the SmartKey from your pocket or purse.'

5) 'Still, brake and steering control are independent.' Unfortunately not. And less each year. Brakes crossed the threshold several years ago and steering by wire is in more and more cars each year. There are multiple cars today we parking assist, this is steering fully under software control.

Killing someone by inserting software into anyone of a number systems in cars today to 100% possible. As I stated in my analysis of the tragic death of Mr Hasting, I doubt we have forensics resources available today to draw a conclusion. And worse, the ability to defend ones car against a possible attack is nil today.

 

Bert22306
User Rank
CEO
Re: Unconvinced
Bert22306   7/9/2013 3:47:35 PM
NO RATINGS
FUD consists of telling partial facts for dramatic effect. The vast majority of cars are still designed as I described, but more importantly, those (still) few that do integrate functions, e.g. to coax the driver back into his lane, do so in a way that these automatic safety features can be overridden with driver input. If a brake is applied to "steer" the car, or the wheel is nudged, these actions do NOT eliminate driver input. These actions do NOT take away the driver's ability to turn the wheel or apply the brakes.

Of course, they could be designed stupidly, but on a case by case basis, they aren't. It's a bit like making a big whoop about cruise control. A little late for that, because it's been around way too long to be good FUD fodder any longer. The cruise control won't get away from you, if you either cancel it using the switch or apply the brakes.

There are ways to design such controls safely. And that is, the manual override is USUALLY designed as an override, although priority is given to reduce kinetic energy. So yes, a safety feature that Mercedes offers will cause the brakes to be applied when an inattenbtive driver is about to stike an obstacle. Or, when this applies, local control is designed to override remote control. It is probably true, though, that drivers need to be made aware of these safety features, how they might misbehave, and actions to take when they do misbehave.

Then again, hydraulic brake lines can rupture, mechanical steering gear can seize up, tires can be punctured, and drivers fall asleep at the wheel.

Bert22306
User Rank
CEO
Re: Unconvinced
Bert22306   7/9/2013 4:20:24 PM
NO RATINGS
Oh, I forgot to add this. One article talks about how a malicious mechanic can input viruses or such through the OBD-II connector. No doubt, attack vectors of that sort may well exist. But why pretend that this is a new phenomenon?

Incompetent mechanics, never mind malicious ones, never mind the amateur backyard mechanic, can far more easily fail to bleed the brake lines properly. So that when the driver least expects it, the brakes won't work. As easy as it is to NOT bleed brake lines properly, there aren't any safeguards against it.

And it's not necessary to point out that sabotage hardly requires electronic intervention.

bk11
User Rank
Manager
Re: Unconvinced
bk11   7/9/2013 5:43:22 PM
NO RATINGS
Maybe not a reason to hyperventilate, but you should also worry about the brakes, and not just the throttle.  An earlier paper by this same group (2010, www.autosec.org) details successful efforts to breach a car remotely, and attaining a significant level of control.  This includes disabling or applying the brakes, applying the throttle, etc.

It's easy to envision controlling the throttle via cruise control, but how do you disable hydraulic brakes? ABS!  In full pulse mode, the ABS system essentially renders the brakes inoperable.  Case in point - a failed wheel speed sensor on my truck caused the ABS to engage when I slowed below 5MPH, making it nearly impossible to stop the truck.  GM even issued a recall due to this condition. 

This wasn't hacking, of course, but it demonstrates how a system designed to increase safety can actually cause a vehicle to become unsafe due to failure or tampering.

As far as applying the brakes, many traction control systems and all yaw control systems allow the computer to do this.  Even the ignition key can be overridden by telematics systems such as OnStar, or even remote-start systems.  Mechanical steering systems might not be hackable, but that may be the only control you still have.

Bert22306
User Rank
CEO
Re: Unconvinced
Bert22306   7/9/2013 6:31:44 PM
NO RATINGS
Yes, I had thought of the ABS example. It bears closer inspection. The correct way to implement such safety features is via a tight closed loop, between the braking system and the wheel sensors, where the system fails safe (sensor failure does not incapacitate the brakes).

This is what I'm getting at, though. It's certainly possible to design an ABS system to be hackable or just plain dangerous. So you don't do this. The ABS feedback loop remains hardwired, EVEN IF you have sensors in the system that announce faults, i.e. one-way monitoring signals only.

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 1:04:24 AM
NO RATINGS
Hi Bert, in fact fails safe modes for all sensors are part of the design criteria for intelligent car modules. That sad fact of the matter is that more and more car design is being done in countries where most engineers don't drive a car :-) I worked for this unnamed automotive electronics manufacturer that moved design of an OEM program to Singapore where car ownership is at maybe 12% according to Wikipedia and when I was there only 1/2 the engineers had cars and none tinkered with them, essential to fully understanding things (I believe). In any case the issues that arose from that program were many. On my car the throttle position sensor had an intermittent fault and the only thing that was noticable was the car's inability to accelerate fast from a standstill. This was obiously missed on the ABS system mentioned resulting in the recall. I read the article that Junko referred to, and they put a lot less effort into it than professional crime gangs do into Windows exploits, but a hacker having OBD-II access to a car in my opinion is the same as giving your computer to the hacker to do as he sees fit, and is therefore indefensible. I.e as you say the same as cutting brake lines.

krisi
User Rank
CEO
Re: Unconvinced
krisi   7/10/2013 11:45:52 AM
NO RATINGS
Not sure I understand all these attempts to make cars very electronic...so far I see that this leads to very expensive servicing bills and not much else...I don't need my Mazda 3 to be networked, it drives fine already, thank you very much

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 1:14:15 AM
NO RATINGS
Hi Krisi, having an inside ticket to this I can say that some of the push is cost savings for the vehicle manufacturer in the build of the vehicle, part is warranty cost reduction by making the vehicle's systems easier to debug and part is to make it cheaper to add luxury features for next to no cost but still be able to charge for them. Then there's the majority of buyer that want the extra functionality I could write a thesis on this as to where all of cost benefits come but suffice to say here it's worth it for them and we're along for the ride (like it or not). These comments are explicitly related to vehicle networks, not the actual electronification of cars. I could do a thesis on that as well. :-) Some are common to the above and some additional. Purely on electronics in cars, this actually saves the buyer money for real benefit.

prabhakar_deosthali
User Rank
CEO
Re:
prabhakar_deosthali   7/9/2013 2:34:43 AM
NO RATINGS
In my opinion, if any catastrophe as a result of attempted hacking into the car systems is to be avoided then there should be two networks in the car. One a private network controlling the critical operation of the car - accelerator, brake, engine, windshield wipers, windows etc. This network should be totally isolated and should have a manual override for every automatic function that it handles.

The other network containing the GPS, cell phone connectivity, entertainment etc can be connected to WAN and thus would not affect the critical functionality of the car even if it is hacked.

cedricfau
User Rank
Rookie
Re:
cedricfau   7/9/2013 12:20:57 PM
NO RATINGS
The problem is that it will cost a lot in work labor to install 2 networks and in available room into the car. I'm not sure that the industry will accept these drawbacks.

Olaf Barheine
User Rank
Manager
Technology is not the problem
Olaf Barheine   7/9/2013 7:54:21 AM
NO RATINGS
In my opinon, the main problem are the engineers and developers in the automobile industry (and not only there), who still seem to underestimate the crminal energy of the hacker scene. Everything that can be hacked, will be hacked!

Duane Benson
User Rank
Blogger
Cautionary
Duane Benson   7/9/2013 5:50:29 PM
NO RATINGS
If this were a supermarket tabloid, I'd call this fear mongering. However, given that it's here on EE Times, I'd say it's fodder to prompt important thinking and discussion subjects for engineers.

Automobile systems are more closed off than are personal computers, but they are opening up and will continue to do so. Smart phones were developed in a time period where everyone was very clearly aware of the risks of compromise, yet they still have vulnerabilities. I don't at all think it's a stretch to get to where cars are open and connected enough to be quite vulnerable.

Mechanical systems can break and can be tampered with. One key difference today is that the threshold of action is so much lower than in the physical world. Some people have always been willing to shoplift or otherwise steel, but not that many. By going remote over the Internet, orders of magnitude more people are willing to steel music than would even think about physically shoplifting a CD.

I fear that the same will someday apply to cars. Very few people are willing to actually crawl under a car and cut the brake lines. When connected, however, the threshold is very much lower and far more people will be willing to mess with cars digitally than physically.

It's a sad eventuality that we need security solutions for and now is the time to be designing those solutions; not after car hacking is someone's pastime.

cdhmanning
User Rank
Rookie
Re: Cautionary
cdhmanning   7/11/2013 9:44:36 PM
NO RATINGS
If this was a supermarket tabloid I would expect them to print rubbish like this. I would not expect EE Times would stoop so low.

EETimes does the industry a great disservice by sensationalising an issue that the industry has known about for years and manages pretty well.

If you read the original paper, you will see that these are "possible" attacks that could theoretically be achieved. They were not achieved except by pypassing all the bridges in the car.

That is like saying that I could possibly steal all the gold in Fort Knox if they left all the doors open and provided me with truck to help carry it away.


Cars do not have attack vectors from the entertainment subsystem into the engine control. Where there is such a data path this is through a bridge which does many things:

1) It only passes legitimate packets. The engine RPM might be sent to the entertainment system to show RPM, but engine control messages are not sent to the engine bus.

2) It limits the message rate to prevent denial of service type attacks.

Cars have multiple buses to partition the system for multiple reasons:

1)  Testing/proving.

2) Limiting denial of service issues (eg. a micro in a door going nuts and flooding the bus with messages).

3) Limiting the impacts of electrical damage (eg. a bus short in the back door should not stop the engine from running).
4) Limiting the ttack surface.

Some of those buses are joined via bridges (think very strict network firewall) that allow some limitied data connectivity, but limiting others.

Having been involved in CAN for at least 15 years, I can say that there is nothing new in this.

 

CAN buses can be easily probed and attacked with a physical presence (ie. hooking up to the CAN bus), but so too can any physical system.

 

selinz
User Rank
CEO
Re: Cautionary
selinz   7/12/2013 12:34:07 PM
NO RATINGS
Junko,

Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."

Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.

The dramatic increase in the number of sensors each year gives testamony to the direction we're going.

Let's hope they don't add self destruct capability!

junko.yoshida
User Rank
Blogger
Re: Cautionary
junko.yoshida   7/16/2013 4:05:47 PM
NO RATINGS
I understand your concern. But rest assured, EE Times hasn't gotten down to the level of supermarket tabloids, I hope!

I wrote this story based on the on-going interviews I've done with the automotive chip companies, as well as reading the technical paper published by a group of scientists back in 2011. 

You can read the full paper here:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf  

One of the authors of that paper is Stefan Savage, now the professor at Univ. of Calif., San Diego.

Prof. Savage also joined the conversation at EE Times forum on a separate story I did. You can read his rebuttal comments here -- for those who are unconvinced:

http://www.eetimes.com/document.asp?doc_id=1318871&piddl_msgpage=2#msgs

 

Etmax
User Rank
Rookie
Re: Cautionary
Etmax   7/29/2013 1:28:43 AM
NO RATINGS
Yes the original article weighed heavily on getting the OBD-II port accessed. I read the article too, and it was very unclear as to wheather the OBD-II attack was necessary in addition to the Bluetooth/cellular attacks. I agree with your mention of the normal CAN messaging only allowing certain things to be transported, but would like to add that if you have access to the CAN bus itself via an OBD-II pass thru then reprogramming of every module on that bus becomes a possibility unless the module manufacturer disables it explicitly.

Assuming for the moment that this hasn't been done then in my mind far easier than the methods proposed in the original article would be to design a module that you can attach to the CAN bus in a few minutes that can at your leasure give you access to module reprogramming when you chose. Because the CAN HW layer won't let you crash the bus (something a simple wire link could of course do) you would need to do things like invoke special test modes that do allow control and are there for service puposes, and it would just be so much easier to develop and debug with the same level of mischief as the interfaces are specified in the OBD-II standards and manufacturer documentation.

But nothing a remote brake line sever couldn't achieve :-(

cdhmanning
User Rank
Rookie
Re: Cautionary
cdhmanning   7/29/2013 2:42:39 AM
NO RATINGS
I doubt very much that an OBD2 connection is connected directly to the engine bus. Instead the connection is likely to a gatweay which provides the OBD2 standard messages.

This is easy to test: short out the CAN wires on the OBD2 connector and see if the engine runs. There is no way any sane car designer is going to have that connector connected  so it can tamper directly with the main CAN bus.

By the way, CAN is really easy to DOS. Just dshort the wires, or continually send priority 0 packets. These have a higher priority and will prevent any other trafic on the bus.


At the end of the day, anyone with physical access can do anything they want: mess with the fuel, cut fuel lines, .... The only bene fit of doing an electronic attach is that you **might** be able to do damage without leaving any trace that you were being naughty.

 

These days, however, many vehicle manufacturers are doing a whole lot of run-time verification to reduce the possibility of tampering and are logging strangeness for diagnosis as well as for evidence during court cases.

 

Etmax
User Rank
Rookie
Re: Cautionary
Etmax   7/29/2013 3:45:38 AM
NO RATINGS
This was largely my understanding (gateway) but the article desribed a less complicated structure. A Diesel truck I was working on a while back had 2 buses, an internal TCM to ECM path and an instrument cluster path and given that dealers can reflash the ECU as part of recall processing the OBD-II port would need programming access to that bus. I'll grab a few manuals and have a further think about this.

junko.yoshida
User Rank
Blogger
Re: Cautionary
junko.yoshida   10/18/2013 1:22:07 AM
NO RATINGS
Interesting, Etmax. I know this story had to simplify potential scenarios in order to clarify the issues...but let us know if you have found out anything further.

fmotta
User Rank
Freelancer
I am quite convinced and seen results
fmotta   7/9/2013 9:15:47 PM
NO RATINGS
With the growing use of RF in automotive control and access the risk is obviously increasing.

With the ready availability of low-cost Software Defined Radios (SDR) and computing power is outlandishly high (Many of us have many many cores/cpus/gpus that we have just languishing most of the time) the ability to capture and crack any security increases.


With a small amount of effort I was able to reverse engineer a keyfob with true hobby class parts.  Since this was to replace the ~$800 replacement fob with one of my own design for a friend then this was sanctioned and legal (and she loves the new fob).  It will be easier the next time since I will have a Nuand SDR and more experience.


Simply put.  If a mildly equiped person can do this then a sophisticated attack can happen.

Risk? Yes! TO what level? Well, it has been my premise that the primary reason most "secure" areas remain so is that Engineers have less motivation to hack than they do to create.  That ratio of hack vs create is shifting a lot and fast.

junko.yoshida
User Rank
Blogger
Re: I am quite convinced and seen results
junko.yoshida   7/9/2013 11:18:11 PM
NO RATINGS
@fmotta, your premise, as described here, "the primary reason most 'secure' areas remain so is that Engineers have less motivation to hack than they do to create.  That ratio of hack vs create is shifting a lot and fast," is an interesting one.

Especially the part you mention the ratio of "hack vs. creat."

How fast is it shifting and what's prompting it?

fmotta
User Rank
Freelancer
Re: I am quite convinced and seen results
fmotta   7/9/2013 11:38:21 PM
NO RATINGS
Have a look at the trending toward social engineering (aka hacking) and assess for yourself :)

Sheetal.Pandey
User Rank
Manager
Re: I am quite convinced and seen results
Sheetal.Pandey   7/10/2013 12:33:37 AM
NO RATINGS
Yes the more and more electronics parts and technologies are getting added to automobile as enhanced features, the risk of destruction and hacking too increases. But there are positive sides too, if you can access the cars control remotely, one can also save lives if there are failures.

Jerrysc
User Rank
Manager
Re: I am quite convinced and seen results
Jerrysc   7/10/2013 8:09:14 PM
NO RATINGS
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.

DrQuine
User Rank
CEO
Is it time for emergency stop switches on cars?
DrQuine   7/10/2013 5:27:03 PM
NO RATINGS
It seems an interesting coincidence that remote key fobs and autonomous cars are becoming a reality at the very time that we lose the ability to disable the vehicle ourselves. Every driver used to know that removing the key from the ignition would stop the engine of a misbehaving vehicle (unless the ignition was hotwired). Today experienced drivers riding in a new car may honestly not know how to stop the engine. That seems to be a dangerous turn of events. We have standardized emergency stop switches on escalators and elevators, is it time to implement them on cars as well?

junko.yoshida
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/16/2013 3:57:13 PM
NO RATINGS
That is an excellent point. Why wouldn't the auto industry agree on the standardized emergency stop switches? 

It drectly speaks to those who are concerned about the automotive safety!

elizabethsimon
User Rank
CEO
Re: Is it time for emergency stop switches on cars?
elizabethsimon   7/22/2013 8:01:35 PM
NO RATINGS
Every motorcycle that I've owned has an emergency stop switch so it's obviously NOT new technology....

I'm NOT buying a newer vechicle unless it can be turned off by turning the key to the off position or it has an emergnecy stop switch.

 

Tom Murphy
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Tom Murphy   7/22/2013 8:11:22 PM
NO RATINGS
I'm with you, Elizabeth. There are some machines that I want to control all by myself, and a car is one of them. 

Does anyone know what if there is a cheap, low-tech car I can buy? I'm curious to see how much a car would cost if it, well, was just a car.

Max The Magnificent
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Max The Magnificent   7/23/2013 8:49:43 AM
NO RATINGS
@Tom: There are some machines that I want to control all by myself, and a car is one of them.

This sounds good when you say it quickly, but I've heard about the way you drive, so maybe it's best for the car to be in control :-)

Tom Murphy
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Tom Murphy   7/23/2013 11:14:00 AM
NO RATINGS
That's a cheap shot, Max! ;-) 

Truth is I haven't had a car accident (my fault or others) in my four decades behind the wheel (knock on wood), but I've had five bike crashes that sent me to the ER over the past quarter-century. Maybe I should look into a remote controlled bicycle...?   I see Lexus is now offering a $10k bike (another story on the EET home page today), but it is still under manual control.

How do others feel? Do you want a computer to control your car (or bus, or train)? Or would that scare you to death?

Max The Magnificent
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Max The Magnificent   7/23/2013 11:26:03 AM
NO RATINGS
@Tom:Truth is I haven't had a car accident (my fault or others) in my four decades behind the wheel (knock on wood)


We must have had the same driving instructor -- I'm the same -- no car accident and (wait for it, wait for it) no tickets either... (touch wood)

On the other hand, I don't own a motorbike, so I cannot say what would have happened if I had...

 

 

Tom Murphy
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Tom Murphy   7/23/2013 11:56:32 AM
NO RATINGS
Max: The only motors on my bike are in my legs. ;-)  I now drive about 3,000 mis a year and ride about 8,000.  I used to drive 18,000 and ride 3,000.  Strangely, I reversed that when I moved OUT of the city, where I had to take the car everywhere and when I rode, most everything was closer.

Max The Magnificent
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
Max The Magnificent   7/23/2013 11:59:40 AM
NO RATINGS
@Tom:The only motors on my bike are in my legs. ;-)

Ah, a "two cylinder" eh?  And you still managed 5 crashed -- remind me not to ride tandem with you :-)

Etmax
User Rank
Rookie
Re: Is it time for emergency stop switches on cars?
Etmax   7/25/2013 5:31:56 AM
NO RATINGS
We had an incident last year where (supposedly) a guy's car was stuck on 100kph (cruise control??) and supposedly couldn't stop it. It was an auto so aparently he couldn't take it out of gear and I don't know why he didn't turn the ignition off but maybe it was a push button start without that feature. Either way it highlights your mention of people not knowing how to stop a car, and really suggests a kill switch as a useful addition. Re the incident, it was on TV and I didn't see official police reports so it may have been the media let loose on something they didn't understand or not, but  kill switch does sound good in the ligth of it.

rich.pell
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
rich.pell   7/25/2013 7:40:12 AM
NO RATINGS
"...it may have been the media let loose on something they didn't understand..."

That would be a first, lol!

junko.yoshida
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/25/2013 7:51:13 AM
NO RATINGS
Etmax, I don't know about that incident either. At the risk of writing something I don't know about, "kill switch" sounds like a real good idea!

David.Proffer
User Rank
Rookie
Re: Is it time for emergency stop switches on cars?
David.Proffer   7/25/2013 7:07:21 PM
NO RATINGS
The increasing speed at which automakers are including hackable technology is highlighted by this article, the business pressures that old schoolers are feeling from disruptors is a big reason.

If the personal computer experience is a good benchmark, you are going to get in your car, started it and see:

'Cadillac is Installing update 1 of 56.... Please do not power off or drive your vehicle..... do not remove your foot from the brake.'

From an article at MIT Technology Review:

http://www.technologyreview.com/view/517531/tesla-versus-the-luxury-automakers/

Cadillac and BMW are pushing forward driver assist technologies, such as adaptive cruise control and systems that will help you park your car. The BMW will drive itself during a traffic jam on the highway, controlling speed and steering to keep the car in its lane. 

 

David.Proffer
User Rank
Rookie
Re: Is it time for emergency stop switches on cars?
David.Proffer   7/25/2013 7:25:57 PM
NO RATINGS
A great preview of some of the hacks that will be discussed at the upcoming talks in Las Vegas, a very funny and terrifying video:

Digital Carjackers Show Off New Attacks 

http://www.youtube.com/watch?v=oqe6S6m73Zw

 

Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles. The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month-the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers.

 

http://www.laobserved.com/biz/2013/07/hacking_into_your_ca.php

 

junko.yoshida
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/25/2013 11:11:05 PM
NO RATINGS
David.Proffer This video is, wow, pretty scary!

David.Proffer
User Rank
Rookie
Re: Is it time for emergency stop switches on cars?
David.Proffer   7/25/2013 7:25:58 PM
NO RATINGS
A great preview of some of the hacks that will be discussed at the upcoming talks in Las Vegas, a very funny and terrifying video:

Digital Carjackers Show Off New Attacks 

http://www.youtube.com/watch?v=oqe6S6m73Zw

 

Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles. The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month-the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers.

 

http://www.laobserved.com/biz/2013/07/hacking_into_your_ca.php

 

Doofus0
User Rank
Rookie
Even Car Alarms Don't Work Yet
Doofus0   7/15/2013 12:04:59 PM
NO RATINGS
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.

Etmax
User Rank
Rookie
How to hack a car
Etmax   7/22/2013 3:31:32 AM
NO RATINGS
For this whole concept of hacking cars to fly there has to be a control path from the wireless portion of the system to the actual vehicle network's internals. If I have a phone connected to the bluetooth of my car radio and the radio is able to send messages over the CAN network to my instrument cluster, this still doesn't mean that someone can remotely attack my CAN bus. The limited functionality that is aforded the radio does not extend to such things. My radio's OS would need to be reprogrammed with a new one that was wired with the approriate sofistication. The command set that my car radio supports via WiFi/Bluetooth won't support reprogramming of the primary OS. A physical connection to the radio's USB port is needed for that. It may happen in the future that a car manufacturer loses all sense and adds cost to a vehicle system that adds no benefit (except to a hacker) but i haven't seen any thus far. A number of vehicle systems I've worked on even have multiple CAN busses but they have no connectivity to each other only to/from the primary controller to the CAN busses. Only certain data patterns are tolerated on the busses with malfunction codes set when limits are exceeded.

I'm not sure what car they're using, but mine certainly obeys pairing protocols, requiring a key and as far as OBD goes, that's a car inside under my steering wheel.


The big differnce between PC's and embedded vehicle computers is that they are design for a specific function and operate in real time, lacking the free form communications available on a TCP network.


I think in the future some accountant at a car company may have too much Bourbon and sign off on a 20% price incease for no user and bottom line benefit, but while they switch suppliers over 10 cents it's unlikely.


Celphones are hackable because they ARE general pupose computers that have ample room for apps and anything can talk to anything because that is required. Car systems (the drive train systems) are quite a different kettle of fish.

I just read the article again, and it seems that they had internal access for some of the strategy which makes the whole thing no different than cutting brakelines.

The NHSA Should act now and dictate that no vehicle drive and safety systems are allowed to be controllable remotely. There's no reason for it and without that functionality the NXP car will never hit the assembly line.

Well that's my 2 cents worth :-)

junko.yoshida
User Rank
Blogger
Re: How to hack a car
junko.yoshida   7/22/2013 8:28:21 AM
NO RATINGS
Thanks for your comment. Indeed, it won't be that easy to hack a car. It's not like that car has only one CAN bus that connects to everything. There are always several networks inside a car. And there are gateways.

That said, it isn't a total fantasy, either.

i recommend that you read the original tech paper (mentioned in the story):

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Etmax
User Rank
Rookie
Re: How to hack a car
Etmax   7/22/2013 12:05:16 PM
NO RATINGS
Dear Junko, Thanks I will read through the article and if if need be tuck my tail in :-)

David.Proffer
User Rank
Rookie
Re: How to hack a car
David.Proffer   7/23/2013 2:22:32 AM
NO RATINGS
There are two talks coming up at DEFCon 21 and BlackHAT in the next couple weeks on car hacking. Both should really help to get people understanding the risks and possibilities in this area and why addressing security should be as important as it is for all other control systems. 

I ran across this short YouTube video published recently by one of the speakers, he demos control of steering:

 

http://www.youtube.com/watch?v=ws8lSobe-sk

 

 

junko.yoshida
User Rank
Blogger
Re: How to hack a car
junko.yoshida   7/24/2013 6:41:54 AM
NO RATINGS
David.Proffer, that's good to know. I will keep my eyes open for those sessions, then!

Paul Harris
User Rank
Rookie
Car Infotainment and Its Requirement
Paul Harris   5/6/2014 8:44:32 AM
NO RATINGS
Car entertainment and car infotainment are two very important technology related to the improvements in car infosystems. Several, new technologies are also being implemented in car industry also. Car sensors and car electronic dashboards are quite helpful for the car traffic control and proper route detection also. Auto parts repair and service also very necessary for the safety of the vehicle or car users. It will help in safe driving by the vehicle operator.

krisi
User Rank
CEO
Re: Car Infotainment and Its Requirement
krisi   5/6/2014 10:19:15 AM
NO RATINGS
I question needs for car entertainment...there is already more accidient caused by people texting than being drunk...do we really want to increase number of fatalities even further?

Radio
NEXT UPCOMING BROADCAST
EE Times Senior Technical Editor Martin Rowe will interview EMC engineer Kenneth Wyatt.
Top Comments of the Week
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Flash Poll