Breaking News
Comments
Newest First | Oldest First | Threaded View
Page 1 / 8   >   >>
krisi
User Rank
CEO
Re: Car Infotainment and Its Requirement
krisi   5/6/2014 10:19:15 AM
NO RATINGS
I question needs for car entertainment...there is already more accidient caused by people texting than being drunk...do we really want to increase number of fatalities even further?

Paul Harris
User Rank
Rookie
Car Infotainment and Its Requirement
Paul Harris   5/6/2014 8:44:32 AM
NO RATINGS
Car entertainment and car infotainment are two very important technology related to the improvements in car infosystems. Several, new technologies are also being implemented in car industry also. Car sensors and car electronic dashboards are quite helpful for the car traffic control and proper route detection also. Auto parts repair and service also very necessary for the safety of the vehicle or car users. It will help in safe driving by the vehicle operator.

junko.yoshida
User Rank
Blogger
Re: Cautionary
junko.yoshida   10/18/2013 1:22:07 AM
NO RATINGS
Interesting, Etmax. I know this story had to simplify potential scenarios in order to clarify the issues...but let us know if you have found out anything further.

junko.yoshida
User Rank
Blogger
Re: Cyber security for cars?
junko.yoshida   7/29/2013 10:30:58 AM
NO RATINGS
Hi, Etmax. I believe you are right. For attack scenarios using bluetooth cellular does require the previous physical access, if I understood it correctly. 

Aside from the debate over how easy or difficult it is to gain the previous physical access to a car that is to be attacked (and I agree, it would be difficult), it still boggles my mind how easy bluetooth pairing was done in that attack test scenario.

I agree thaqt accessing the OBD-II is an age-old problem, which is hard to solve.

Etmax
User Rank
Rookie
Re: Cautionary
Etmax   7/29/2013 3:45:38 AM
NO RATINGS
This was largely my understanding (gateway) but the article desribed a less complicated structure. A Diesel truck I was working on a while back had 2 buses, an internal TCM to ECM path and an instrument cluster path and given that dealers can reflash the ECU as part of recall processing the OBD-II port would need programming access to that bus. I'll grab a few manuals and have a further think about this.

cdhmanning
User Rank
Rookie
Re: Cautionary
cdhmanning   7/29/2013 2:42:39 AM
NO RATINGS
I doubt very much that an OBD2 connection is connected directly to the engine bus. Instead the connection is likely to a gatweay which provides the OBD2 standard messages.

This is easy to test: short out the CAN wires on the OBD2 connector and see if the engine runs. There is no way any sane car designer is going to have that connector connected  so it can tamper directly with the main CAN bus.

By the way, CAN is really easy to DOS. Just dshort the wires, or continually send priority 0 packets. These have a higher priority and will prevent any other trafic on the bus.


At the end of the day, anyone with physical access can do anything they want: mess with the fuel, cut fuel lines, .... The only bene fit of doing an electronic attach is that you **might** be able to do damage without leaving any trace that you were being naughty.

 

These days, however, many vehicle manufacturers are doing a whole lot of run-time verification to reduce the possibility of tampering and are logging strangeness for diagnosis as well as for evidence during court cases.

 

Etmax
User Rank
Rookie
Re: Cautionary
Etmax   7/29/2013 1:28:43 AM
NO RATINGS
Yes the original article weighed heavily on getting the OBD-II port accessed. I read the article too, and it was very unclear as to wheather the OBD-II attack was necessary in addition to the Bluetooth/cellular attacks. I agree with your mention of the normal CAN messaging only allowing certain things to be transported, but would like to add that if you have access to the CAN bus itself via an OBD-II pass thru then reprogramming of every module on that bus becomes a possibility unless the module manufacturer disables it explicitly.

Assuming for the moment that this hasn't been done then in my mind far easier than the methods proposed in the original article would be to design a module that you can attach to the CAN bus in a few minutes that can at your leasure give you access to module reprogramming when you chose. Because the CAN HW layer won't let you crash the bus (something a simple wire link could of course do) you would need to do things like invoke special test modes that do allow control and are there for service puposes, and it would just be so much easier to develop and debug with the same level of mischief as the interfaces are specified in the OBD-II standards and manufacturer documentation.

But nothing a remote brake line sever couldn't achieve :-(

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 1:14:15 AM
NO RATINGS
Hi Krisi, having an inside ticket to this I can say that some of the push is cost savings for the vehicle manufacturer in the build of the vehicle, part is warranty cost reduction by making the vehicle's systems easier to debug and part is to make it cheaper to add luxury features for next to no cost but still be able to charge for them. Then there's the majority of buyer that want the extra functionality I could write a thesis on this as to where all of cost benefits come but suffice to say here it's worth it for them and we're along for the ride (like it or not). These comments are explicitly related to vehicle networks, not the actual electronification of cars. I could do a thesis on that as well. :-) Some are common to the above and some additional. Purely on electronics in cars, this actually saves the buyer money for real benefit.

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 1:04:24 AM
NO RATINGS
Hi Bert, in fact fails safe modes for all sensors are part of the design criteria for intelligent car modules. That sad fact of the matter is that more and more car design is being done in countries where most engineers don't drive a car :-) I worked for this unnamed automotive electronics manufacturer that moved design of an OEM program to Singapore where car ownership is at maybe 12% according to Wikipedia and when I was there only 1/2 the engineers had cars and none tinkered with them, essential to fully understanding things (I believe). In any case the issues that arose from that program were many. On my car the throttle position sensor had an intermittent fault and the only thing that was noticable was the car's inability to accelerate fast from a standstill. This was obiously missed on the ABS system mentioned resulting in the recall. I read the article that Junko referred to, and they put a lot less effort into it than professional crime gangs do into Windows exploits, but a hacker having OBD-II access to a car in my opinion is the same as giving your computer to the hacker to do as he sees fit, and is therefore indefensible. I.e as you say the same as cutting brake lines.

Etmax
User Rank
Rookie
Re: Unconvinced
Etmax   7/29/2013 12:28:32 AM
NO RATINGS
Or just desolder the LED from the commercial one, if you have physical access no problem, do it when you re-flash the MCU via OBD-II.


Re Arduino, I wonder how long before we need virus checkers for out Arduinos :-)

 

Page 1 / 8   >   >>


Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Saddleback Sale – It's Happy Dance Time
Max Maxfield
Post a comment
It's no secret that I'm a huge fan of the products from Saddleback Leather. As I sit here at my desk, I'm wearing one of their 1¾" wide Tow Belts, upon which rests one of their Belt ...

Engineering Investigations

Air Conditioner Falls From Window, Still Works
Engineering Investigations
1 Comment
It's autumn in New England. The leaves are turning to red, orange, and gold, my roses are in their second bloom, and it's time to remove the air conditioner from the window. On September ...

David Blaza

The Other Tesla
David Blaza
5 comments
I find myself going to Kickstarter and Indiegogo on a regular basis these days because they have become real innovation marketplaces. As far as I'm concerned, this is where a lot of cool ...

Larry Desjardin

Engineers Should Study Finance: 5 Reasons Why
Larry Desjardin
47 comments
I'm a big proponent of engineers learning financial basics. Why? Because engineers are making decisions all the time, in multiple ways. Having a good financial understanding guides these ...