Breaking News
News & Analysis

Car Hacking: NXP Pushes Flexible Security

Vulnerabilities
7/11/2013 01:15 PM EDT
25 comments
NO RATINGS
2 saves
< Previous Page 2 / 2
More Related Links
View Comments: Oldest First | Newest First | Threaded View
<<   <   Page 2 / 3   >   >>
Tom Murphy
User Rank
Blogger
Re: Hard to believe it is an issue
Tom Murphy   7/12/2013 12:23:12 PM
NO RATINGS
If electronics don't make a car safer and more efficient (in that order), then why would we want to add them?

As I read this, I'm thinking of a much cruder crime problem today: there are car burglars wandering the streets of America now with cheap, hand-help boxes that pop the automatic locks on cars as they pass by.  Not exactly rocket science, but another example of how an unnecessary convenience is turning into a problem.

Question: Would you buy a safe, efficient car with minimal electronic gadgets (no hands-free audio controls, no power windows or doorlocks), if it were half the price of the standard model with all the extras?  

ssavage920
User Rank
Rookie
Autosec report
ssavage920   7/12/2013 12:45:04 PM
NO RATINGS
So I'm the aofrementioned Stefan Savage.  I wanted to make a plea to please not call  this the "Savage" report.  It could also be called the Kohno report after my co-PI Yoshi Kohno from the University of Washington.  But this too would be wrong.  The two of us provided the context, funding and encouragement for doing this work, but all the credit is due to the amazing group of students at UW and UCSD who pulled off the impossible again and again to complete this research.  Call it the Checkoway report, or the Koscher report, or the Rosener report or the McCoy report or the Czeskis report if you must (or, more concisely the "Autosec report", after the site autosec.org where we've made our papers available).   There is a tendency to fetishize faculty and agreandize their contributions, but I can tell you that you could have locked Yoshi and I in a room with those cars for five years and we would not have pull this off.

ssavage920
User Rank
Rookie
Re: Hard to believe it is an issue
ssavage920   7/12/2013 12:48:42 PM
> There aren't many ways someone could connect to your car... actually, none.

Sorry, but this is factully not true for most modern automotbiles.  If you read our work, you'll see that we accompmlished remote wireless connection and compromise of our cars via two different channels (and compromise via two other non-wireless channels that did not require direct physical access by the advertsary).  I recommend you read our 2011 paper at autosec.org to undewrstand the breadth of the automotive attack surface.

ssavage920
User Rank
Rookie
Re: Need for automotive security
ssavage920   7/12/2013 12:53:32 PM
> Was there a real demo of what they could do on an unmodified car with
> this type of attack ?

Yes, we were ablee to achieve arbitrary control of automotive systems via this channel.  In our car (as with an increasing number of modern cars) the entertainment unit was a CAN bus peer and thus haing compromised the CD player our code then used another exploit to compromise the telematics unit, then downloaded more code and was able to control any ECU in the vehicle.  It is quite common that audio parsing is done in software these days to support the plethora of formats demanded by consumers.

We have demonstrating both bridging the explicit CAN gateway and creating an implciit CAN gateway via the telematics unit.  

junko.yoshida
User Rank
Blogger
Re: Hard to believe it is an issue
junko.yoshida   7/12/2013 1:01:26 PM
NO RATINGS
@ssavage920, wow, I am glad that one of the authors of the acclaimed report ( I promise we won't call it "savage report" any more ) responded to this messageboard. Thank you.

Now, this gives us an opportunity to hear the facts from the horse's mouth.

The 2011 paper, written by Mr. Savage, et al, and quoted in this story, can be downloaded here:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf  

daleste
User Rank
CEO
Re: Hard to believe it is an issue
daleste   7/12/2013 10:50:53 PM
NO RATINGS
Okay, I concede.  Interesting paper.  I don't think car thieves would have the ability to do the reverse engineering that you did and I don't think engineers would sell that information to the thieves, so we are relatively safe.  I expect the automotive manufacturers to take notice and improve their security.  Thank you for the education.

Kinnar
User Rank
CEO
Security but on the other hand dependability
Kinnar   7/14/2013 4:36:45 PM
NO RATINGS
The article is very nicely discussing about the security requirement, and the electronic component manufacturing companies are also trying hard ot implement better securities. But equally on the other side it is turning out that the customers will have to be dependent only on the OEMs. The entire business of spares will be getting centred around Original Manufacturers. This also leads to unavailability of the parts in the distant region globally. 

Charles.Desassure
User Rank
Manager
Get things right the first time
Charles.Desassure   7/14/2013 11:39:56 PM
NO RATINGS
Thanks for this article, but I think it is a neat idea to start talking about auto security.  Why do we have to always experienced any real-life disasters as a result of car hacking?   Yes, we need to keep in mind the Edwards Deming Theory, try to get things right the first time.

prabhakar_deosthali
User Rank
CEO
Re: Hard to believe it is an issue
prabhakar_deosthali   7/15/2013 7:37:42 AM
NO RATINGS
@Deleste

You cannot always be sure that an engineer in your company will not pass on the technical information to some unscrupulous elements.

A disgruntled engineer may himself misuse such information disrupt the security features .

The idea of having two separate networks in the car is good. And as per my knowledge these two networks need not be connected as they will be handling mutually exclusive functions

junko.yoshida
User Rank
Blogger
Re: Get things right the first time
junko.yoshida   7/15/2013 9:41:16 AM
NO RATINGS
Getting things right the first time is harder... Anticipating security holes is, I think, the hardest part for many engineers. It needs a different mindset.

<<   <   Page 2 / 3   >   >>
Flash Poll
Radio
LATEST ARCHIVED BROADCAST
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Top Comments of the Week