Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 2 / 5   >   >>
junko.yoshida
User Rank
Blogger
Re: Local access does make the difference
junko.yoshida   8/9/2013 11:09:49 AM
NO RATINGS
@ssavage920, thank you so much chiming in on this thread. This is awesome! Nothing like hearing directly from one of the authors of the paper:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

fmotta
User Rank
Freelancer
With the advent of convenience devices remote access to ODB-II is easy
fmotta   8/9/2013 9:14:53 AM
NO RATINGS
There are a number of ODB-II devies that allow you to proxy the port to bluetooth and wifi so that one need not even have physical access to use the port.  The challenge is to ensure that the access is managed, safe, limited, or otherwise controlled.  Safety items of brakes and steering are of first priority.  But, at some time privacy-related issues are important.

wmwmurray01
User Rank
Rookie
Just to show it can be done
wmwmurray01   8/9/2013 7:27:02 AM
NO RATINGS
- To duplicate how my vehicle was hacked in the accident, I have in about 18hrs taken a Avnet Development Board, and Code I found on the Internet -- I now have a battery powered JTAG programmer that will program the MCU found in my ABS.   For the Physical Access, I Just get the VIN off of the windshield when it is in a parking lot(public access), and go to the dealer with an ID made on an ID printer bought at a surplus electronics store in DFW.  Then I take the key obtained, open the door, pop the hood, open the cover for the ABS computer, and Voila -- I can

1) Back up the working ABS code onto a SPI flash board

2) Copy this to a file on a PC

3)Look at it with a dis-assembler

4) Edit it

5) Load it onto a new flash board

6) Re flash the ABS

7) Close up shop

Think your car is physically safe in a garage?   Hardly -- One can easily short the power out on most Protection None home alarms with a pocket knife and gain access to ones house.

Keys a problem?  Not with a locksmiths tools in hand

 

Hope you all had a good nights sleep!

 

 

 

 

 

daleste
User Rank
CEO
Re: Local access does make the difference
daleste   8/8/2013 10:41:45 PM
NO RATINGS
I wish I could attend the discussion but since it is during work hours, I will not be able to.  Hope it is a good discussion.

Susan Rambo
User Rank
Blogger
Re: Local access does make the difference
Susan Rambo   8/8/2013 9:09:56 PM
NO RATINGS
Hi Bert. Thanks for your thoughtful contributions to the discussion.

Everyone, we're having a chat on car hacking tomorrow with EE Times editors. Please join us if you can. More details here: "EE Times Week in Review Online Chat: Is Car Hacking a Concern?"

And here: This week's chat will take place on Friday, August 9, 2013, commencing at 10:00 a.m. Pacific Time/1:00 p.m. Eastern Time. To kick things off, we'll start by considering two columns that have sparked a lot of interest over the past few days: How Hackers Can Take Control Over Your Car and Car Hacking: Here's Code, Have at It.

All you have to do is click here at the appropriate time to join the fun and make your opinions known. If you aren't already a member of EE Times, now would be a perfect time to register.



Susan Rambo
User Rank
Blogger
Re: its all about access
Susan Rambo   8/8/2013 9:07:07 PM
NO RATINGS
Thanks for your thoughtful response. We're having a chat on car hacking tomorrow with EE Times editors. Please join us if you can. More details here: "EE Times Week in Review Online Chat: Is Car Hacking a Concern?"

ssavage920
User Rank
Rookie
Re: Local access does make the difference
ssavage920   8/8/2013 8:43:42 PM
NO RATINGS
Actually, I was thinking of something much more positive, like a shorting plug that needs to be removed for brake troubleshooting and diagnosis, and then replaced under normal conditions.

There is huge resistance to such solutions because of the added labor/parts cost and need to qualify additional failure modes.

 

Because again, it's not like the ABS control loop needs to be remotely accessible under normal driving conditions. Same with the steering column. Under normal driving conditions, you can still design a monitoring function that doesn't affect the control of the system.


Its worth remember that its not the ABS 'control loop" here.  That is isolated.  But the brake controller is a CAN bus peer (and indeed, it will be producing sensor output for other units and there may be some interaction with other units that deal with stability control).  In principal one could implement a predicate that used some secure measurement (e.g., signed signal from a unit with a physical switch) to establish that the car was in "mechanic mode" but I'm not aware of _any_ manufacturer who does that.

 

The redundant hydraulic brake arrangement was specifically retained for safety, else brakes would be fully electrically controlled by now. Seems kind of surprising that a manufacturer would retain the hydraulic system, and then defeat its supposed safety role by allowing electric (never mind wireless remote) override?


By definition, the brake control msut be ablee to ignore user input.  Otherwise, ABS couldn't work (nor stability control, etc)

 

- Stefan

 

Bert22306
User Rank
CEO
Re: Local access does make the difference
Bert22306   8/8/2013 8:35:47 PM
NO RATINGS
"Some of this does happen.  However, typically in some cases (e.g., the car we looked at) there was an authentication protocl that once broken could override this limitation.   Obviously, reflashby bypasses any such limitation."



Actually, I was thinking of something much more positive, like a shorting plug that needs to be removed for brake troubleshooting and diagnosis, and then replaced under normal conditions. Because again, it's not like the ABS control loop needs to be remotely accessible under normal driving conditions. Same with the steering column. Under normal driving conditions, you can still design a monitoring function that doesn't affect the control of the system.

The redundant hydraulic brake arrangement was specifically retained for safety, else brakes would be fully electrically controlled by now. Seems kind of surprising that a manufacturer would retain the hydraulic system, and then defeat its supposed safety role by allowing electric (never mind wireless remote) override?

Not sure this is 20/20 hindsight, somehow.

ssavage920
User Rank
Rookie
Re: Local access does make the difference
ssavage920   8/8/2013 8:05:34 PM
NO RATINGS
Sorry, I see that as bad design in a particular model.
 
Perhaps.  I can't comment on that specifically.  In the past things I've thought were bad design decisions (e.g., why can't we separate mission critical components from other stuff like door locks and infotainment) and spent time with the manufacturers I've come to realize that there are complex constraints and couplings that are non-intiutive but neccessary.  However, in some sense its irrrelevant.... the point I was making is that these problems exist in real cars... and popular cars.  I know that the problems we found were present in millions of cars on the road in the US.  Charlie and Chris found similar things on their vehicles.  Security highsight is 20-20, but the issues are real and present.
 
 
Or if this is allowed during troubleshooting, why it can't be physically switched to a "running mode" when the problem has been resolved.
Some of this does happen.  However, typically in some cases (e.g., the car we looked at) there was an authentication protocl that once broken could override this limitation.   Obviously, reflashby bypasses any such limitation.


And that can also be done remotely via wireless interface? Or does that require access to the OBD-II port?

Remotely.  Remember any module on the CAN bus can transmt (they all typically use the same tranceiver chips).  The radio can reflash any component on the same bus with it for instance.  Thus, once you compromise one component it can reflash the others.  In case cases you may need to be able tto bypass a bridge ECU to get across CAN busses, but we did not find this to be difficult.
 

 

Bert22306
User Rank
CEO
Re: Local access does make the difference
Bert22306   8/8/2013 7:48:37 PM
NO RATINGS
 "This diagnostic interface can be abused to directly override braking behavior."

Sorry, I see that as bad design in a particular model. Diagnosing brakes can also be done with someone applying the brakes, and then sensors connected to OBD-II indicating if the system is working as needed. I don't see any reason why that control loop needs to be opened to remote access. Or if this is allowed during troubleshooting, why it can't be physically switched to a "running mode" when the problem has been resolved.

"The second avenue is simply by reflashing the brake ECU."

And that can also be done remotely via wireless interface? Or does that require access to the OBD-II port?

These are the topics I'd concentrate on in the discussion, leaving aside remote control of the stereo volume control and the rest.

<<   <   Page 2 / 5   >   >>


Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Rishabh N. Mahajani, High School Senior and Future Engineer

Future Engineers: Don’t 'Trip Up' on Your College Road Trip
Rishabh N. Mahajani, High School Senior and Future Engineer
3 comments
A future engineer shares his impressions of a recent tour of top schools and offers advice on making the most of the time-honored tradition of the college road trip.

Max Maxfield

Juggling a Cornucopia of Projects
Max Maxfield
7 comments
I feel like I'm juggling a lot of hobby projects at the moment. The problem is that I can't juggle. Actually, that's not strictly true -- I can juggle ten fine china dinner plates, but ...

Larry Desjardin

Engineers Should Study Finance: 5 Reasons Why
Larry Desjardin
37 comments
I'm a big proponent of engineers learning financial basics. Why? Because engineers are making decisions all the time, in multiple ways. Having a good financial understanding guides these ...

Karen Field

July Cartoon Caption Contest: Let's Talk Some Trash
Karen Field
140 comments
Steve Jobs allegedly got his start by dumpster diving with the Computer Club at Homestead High in the early 1970s.

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)