Breaking News
Comments
rick merritt
User Rank
Author
Chat about this now
rick merritt   8/9/2013 1:38:46 PM
NO RATINGS
This is more good fodder for the discussion happening right now at:

http://www.eetimes.com/author.asp?section_id=36&doc_id=1319176&

 

goafrit
User Rank
Manager
Re: Chat about this now
goafrit   8/9/2013 2:34:06 PM
NO RATINGS
Automobile security is a new fast developing market with all the mobility and infotainment. It is very refreshing that TI and co are not leaving that for firms like Bosch, TRW, and Conti  to dominante as has been the case in many automotive areas. Now, they are moving fast.

junko.yoshida
User Rank
Blogger
Re: Chat about this now
junko.yoshida   8/9/2013 2:39:02 PM
NO RATINGS
I agree, goafrit. Even more interesting to me is that a lot of security issues chip companies have learned by working with other industries --computers, smartcards, mobiles -- are now becoming very relelvant and applicable to the automotive market. 

junko.yoshida
User Rank
Blogger
Threats are everywhere
junko.yoshida   8/9/2013 2:36:31 PM
NO RATINGS
The diagram TI created (shown on page 1) illustrates a host of different places inside a car attackers can zoom in on.

Bert22306
User Rank
CEO
Subject matter needs focus
Bert22306   8/9/2013 4:15:42 PM
NO RATINGS
Perhaps it's just me. I tend to get exasperated when this topic keeps piling on the various security holes as if they were all critical. Hacking via a physical connection to the OBD-II port, or hacking into the infotainment system to change the station, or hacking into the telematics system to see how fast you're going, are no more of a threat than someone listening in on your cell phone conversation. That can happen too, yet we're not making a huge deal about it.

On this topic, it is just this sort of sensationalism that turns me off. I wouldn't be surprised if others feel the same way.

On the other hand, the real threats are to the critical systems, as I've suggested in the past, i.e. brakes, steering, and lastly throttle, and in particular with a remote wireless link. Not physical connection to OBD-II, even though these articles keep insisting that should count too. As many have said, an inside the car physical sabotage can take such a gymongous variety of types that it strains credulity to give an electronic attack any emphasis. It just sounds like a desire to sensationlize. So let's focus.

It seems that at least one car model allows disabling of the brakes via a remote wireless link. To me, that's inexcusable. The steering vulnerability that was uncovered, on the other hand, appears to be manually overridable. That's good design, and why not mention that explicitly?

I'm not denying the importance of introducing more security protocols into automobile electronics as these become more interconnected and pervasive. Just asking to increase the signal to noise ratio, as it were.

junko.yoshida
User Rank
Blogger
Re: Subject matter needs focus
junko.yoshida   8/9/2013 6:04:45 PM
NO RATINGS
Bert, it's unfortunate you see the story going after "sensationalism." As I talk to different automotive technology suppliers, though, this is high on their mind. I see my job is to "report" what their next steps are.

One TI official pointed out (see in the page 2 of this article), though, that someone remotely fiddling with your car audio shouldn't be entirely taken lightly. It could cause a havoc, confusion and chaos.  

LarryM99
User Rank
CEO
Hacking for fun rather than havoc
LarryM99   8/9/2013 5:41:27 PM
NO RATINGS
There is currently a market for reprogramming performance aspects of engine controllers such as emission controls. This is mostly done in professional race circuits, but it is also an aspect of high-end street racing. It looks like this may eventually become a victim of increased emphasis on security as automotive networks get locked down. This is similar to Linux's problems with UEFI BIOS on PCs, where security concerns removes some degree of what a user can do with something that they own.

Will this extend to other third-party add-ons as well? Will a third-party stereo be able to get access to light levels or other information that a user might want it to? Will that be a big concern for car companies that have never liked third-party add-ons anyway?

junko.yoshida
User Rank
Blogger
Re: Hacking for fun rather than havoc
junko.yoshida   8/12/2013 10:43:54 AM
NO RATINGS
Will that be a big concern for car companies that have never liked third-party add-ons anyway?


You are absolutely right, Larry. Carmakers have never liked third-party add-ons, and they would like to exert controls over them in any which way they can.

Loser99
User Rank
Freelancer
Duh, I can also cut the brake line.
Loser99   8/9/2013 6:07:35 PM
NO RATINGS
TI should find something more productive for its employees to do.

Who cares if you can physically wire some modification to control the car? Its all a bunch of overhyped sensationalism.  I can also 'hack' into it by dropping a brick on the pedal and make it magically accelerate.  I can also keep it from starting by disconnecting or "Hacking" the battery cable!

Show me how to control an off-the-shelf car remotely without making any physical modifications then I will be impressed.

Olaf Barheine
User Rank
Manager
Re: Duh, I can also cut the brake line.
Olaf Barheine   8/11/2013 4:16:09 AM
NO RATINGS
I think remotely controlled cars are not the problem that I fear. I fear to buy me one day a car with a manipulated speedometer or that a hacker steals my car. I remember an article where thieves used the LIN bus interface of a car mirror to open the doors.

przem
User Rank
Manager
Re: Duh, I can also cut the brake line.
przem   8/12/2013 12:15:21 PM
NO RATINGS
Several years ago there was a demo of hooking into the bluetooth infrastructure on cars using directional antennas from a highway overpass (the authors injected audio into the sound system, and could visually confirm success by observing driver's reaction :)


The thinking then is that the car manufacturers could not resist introducing integrated in-vehicle networks, which opens up a possibility of a horizontal access escalation from the sound/entertainment network to the car control network. The demonstration of CAN/OBD vulnerabilities should make people think in terms of integrated, interdependent systems that need multilayer security.

prabhakar_deosthali
User Rank
CEO
Car security threat is more serious.
prabhakar_deosthali   8/11/2013 7:43:10 AM
NO RATINGS
In my opinion the car security has to be taken more seriously than the mobile phone security. In case of the breach of security in a mobile phone there could be an identity theft resulting in financial loss and may be the loss of private information. But in case of car it is a matter of somebody's life putting in danger if a critical system in the car is compromised.

 

 

junko.yoshida
User Rank
Blogger
Re: Car security threat is more serious.
junko.yoshida   8/12/2013 10:57:50 AM
NO RATINGS
I couldn't agree wtih you more, prabhakar. I find it, however, fascinating that expertise the chip industry has developed over time -- be it in mobile or in smartcars -- can be now applied to automotive.

Kinnar
User Rank
CEO
The topic is gaining its importance
Kinnar   8/11/2013 9:35:17 AM
NO RATINGS
I think the initiation of thinking about the car security is started at the very right time. 

This will be more required in the public vehicles as compared to the private vehicle, as there are more chances and possible availability of the vehicle for any alterations.

If all the control electronics is from one vendor then it will be much feasible to put security protocols in the hardwired electronics itself, but if we talk about generalized security solutions across all the different vendors then this might take some years time to get the things standardized. 

But it really seems that the topic requires very many considerations.

junko.yoshida
User Rank
Blogger
Re: The topic is gaining its importance
junko.yoshida   8/12/2013 10:50:07 AM
NO RATINGS
Much of the initial work on automotive security started several years ago within the automotive industry, culminating to the development of SHE (secure hardware module) spec and a framework such as EVITA, as described in the article.

We are now beginning to see electronics based on such specs and that meet with the framework.

Cars equipped with such electronics are not here yet, but they will start showing up soon.

Kinnar
User Rank
CEO
Re: The topic is gaining its importance
Kinnar   8/13/2013 3:19:58 AM
NO RATINGS
Yes, It was a very good source of information, SHE (Secure Hardware Extension) and EVITA, are the emerging standards for Automotive Electronic Security, and it was a very surprising to me that virtually all the electronics giants are working on it name it a few like Mentor Graphics, Toshiba, Freescale, Renesas and the list continues. 

You are right SHE enabled automotive electronics will be soon getting seen in the general automobiles.

 

Charles.Desassure
User Rank
Manager
Car Security...
Charles.Desassure   8/12/2013 12:24:47 AM
NO RATINGS
Well, I think we are about five years behind time as it relates to car security.  But happy to see that it is now on the agenda. 

Loser99
User Rank
Freelancer
We need to get rid of glass windows in cars
Loser99   8/12/2013 11:13:27 AM
NO RATINGS
These glass windows can easily be "hacked" with a brick, enabling hackers access to the car.  I would suggest making the car like a tank and using video monitors instead of the windows.  Maybe TI's employees can work on that instead of this pointless illustration of "car security threats"

junko.yoshida
User Rank
Blogger
Re: We need to get rid of glass windows in cars
junko.yoshida   8/12/2013 11:23:33 AM
NO RATINGS
Loser99, I am sorry that you feel that way. When modern cars are equipped with so much electronics (and its content is increasing), invisible hacking inside the electronics system in a car is going to be a critical issue just as much as visible hacking via glass windows is.

krisi
User Rank
CEO
physical or cyber threat more important?
krisi   8/12/2013 2:18:30 PM
NO RATINGS
Very interesting thread...which brings in my mind a key point whether cyber or physical threats are more important...when we discuss car hacking possibility it sounds worrysome...until we realize that 40,000 people annualy die in car crashes already...so even with the best technology you can get hit from behind by a teenager texting (nothing against teenagers, just an example)

Loser99
User Rank
Freelancer
bluetooth audio hacking I doubt it.....
Loser99   8/12/2013 4:09:36 PM
NO RATINGS
Big deal I can hack into the sound system when the radio is tuned in with an FM transmitter and broadcast audio to their stereo.

How scientific is it to notice peoples reaction's in a car and assume you are successful?

junko.yoshida
User Rank
Blogger
Re: bluetooth audio hacking I doubt it.....
junko.yoshida   8/12/2013 10:37:43 PM
NO RATINGS
Loser99, you may change your mind if you read the following tech paper:

http://www.autosec.org/publications.html

The paper gives you answers to a lot of your skepticism.

vasanth kumar d
User Rank
Manager
Shipping the ship
vasanth kumar d   8/13/2013 4:19:30 AM
NO RATINGS
Why hack a simple car if you can hack a ship?

Have a look at this article and this youtube video.

 
 

 



Kinnar
User Rank
CEO
Re: Shipping the ship
Kinnar   8/13/2013 4:44:30 AM
NO RATINGS
May be you are right, but Cars are not being controlled by GPS. And Securing the car from all known threats it responsibility of the manufacturer, so this thread of security enhancement will any way continue.

Loser99
User Rank
Freelancer
Re: Shipping the ship
Loser99   8/13/2013 12:48:34 PM
NO RATINGS
Why hack a car or a ship when you can hack an ATM machine or a point of sale terminal or a gas pump?

Theres more money in it

junko.yoshida
User Rank
Blogger
Re: Shipping the ship
junko.yoshida   8/19/2013 4:29:04 PM
NO RATINGS
@dvk0, well, certinaly this is a cool video. What it shows, though, is not necessarily an answer to the question whether a car or a ship can be hacked; it is about where the weak link resides within any system that an attacker can go after. In this particular case, it is clearly the GPS. In the case of cars, it wasn't GPS, but there are a number of other attack surfaces that researchers exposed. 

vvc0
User Rank
Manager
ridikgreen appears to be a spammer
vvc0   9/3/2014 9:31:44 AM
The user ridikgreen appears to be spamming commercial or questionable web sites and is contributing nothing to the subject of this post

Max The Magnificent
User Rank
Blogger
Re: ridikgreen appears to be a spammer
Max The Magnificent   9/4/2014 11:20:19 AM
@vvc0: The user ridikgreen appears to be spamming commercial or questionable web sites...

Thanks for the heads-up -- I just deleted all his/her posts and disabled his/her account.

zeeglen
User Rank
Blogger
Re: great post
zeeglen   9/4/2014 9:07:06 AM
NO RATINGS
SPAM ALERT !



Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Vetinari Clock: Additional Possibilities
Max Maxfield
12 comments
In my previous blog on the topic of my Vetinari Clock project, we pondered a number of possibilities for the positioning of switches on the front panel, and we ended up with a number of ...

Jolt Judges and Andrew Binstock

Jolt Awards: The Best Books
Jolt Judges and Andrew Binstock
1 Comment
As we do every year, Dr. Dobb's recognizes the best books of the last 12 months via the Jolt Awards -- our cycle of product awards given out every two months in each of six categories. No ...

Engineering Investigations

Air Conditioner Falls From Window, Still Works
Engineering Investigations
2 comments
It's autumn in New England. The leaves are turning to red, orange, and gold, my roses are in their second bloom, and it's time to remove the air conditioner from the window. On September ...

David Blaza

The Other Tesla
David Blaza
5 comments
I find myself going to Kickstarter and Indiegogo on a regular basis these days because they have become real innovation marketplaces. As far as I'm concerned, this is where a lot of cool ...