Car hackers can kill brakes, engine, and more

http://www.networkworld.com/news/2010/051410-car-hackers-can-kill-brakes.html
"University researchers have taken a close look at the computer systems
used to run today's cars and discovered new ways to hack into them, sometimes with frightening results.
"In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car....
"In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes. In other tests, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car's brakes unevenly, a maneuver that could destabilize the car traveling high speeds. They ran their test by plugging a laptop into the car's diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle riding next to the car....
"Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn....
"In one attack that the researchers call "Self-destruct" they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown...."
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Uhh.... these are nasty? These are the kind of things that the diagnostic port is FOR. --scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Did you hear about the Polock that locked his keys in the car?
It took him 2.5 hours to get his family out.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I think the rest of the article makes it clear one need not worry now but to consider security ramifications.
Imagine if the laptop in the car were replaced by an unintrusive device under the bonnet, available in, say, 5 or 10 years' time...
DAS
To reply directly replace 'nospam' with 'schmetterling' --

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Imagine 50 years ago if someone cut your brake pipe(s)...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I have been thinking exactly the same thing. There is no more security problem here than there ever was.
Dave
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That depends. OnStar is already tapping into this system to disable cars remotely.
Cutting the brake pipe targets a single specific car. If OnStar is hacked, then you suddenly have a target-rich environment at your disposal.
So, instead of dismissing this as paralleling the narrow case of cutting someone's brake pipe, you should think about how pervasive the problem can be, given how connected cars and their computer systems are nowadays.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Well I don't know about your car, but on my BMW you have to get in, scrabble about in the footwell, plug in a diagnostic tool (BMW or aftermarket) and then you can reset fault warnings etc. I suppose you might be able to literally hack into the cable.
I think I would notice a sabateur in the cabin...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Precisely - physical access is still required. No security / or system protection is effective once you allow physical access.
Dave
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Does BMW connect BMW Assist to the car computer system as OnStar does?
For cars where the remote assistance system is connected to the car's computer, physical access may not be required.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That is a totally seperate issue and not related to the ability to control auto systems through a diagnostic port.
The security of the remote assistance system is far more severe a problem and much more apt to wind up being exploited in a bad way. The whole notion of the remote assistance system is pretty terrifying. --scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
---
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 24 May 2010 11:16:27 -0400, snipped-for-privacy@panix.com (Scott Dorsey) wrote:

http://www.faqs.org/patents/app/20100125402
Abstract:
The present disclosure is directed to a method for managing engines in response to a traffic signal. The method may comprise establishing communications with participating vehicles; responding to a stop status indicated by the traffic signal, further comprising: receiving a position data from each participating vehicles; determining a queue of participating vehicles stopped at the traffic signal; determining a remaining duration of the stop status; sending a stop-engine notification to the list of participating vehicles stopped at the traffic signal when the remaining duration is greater than a threshold of time; responding to a proceed status indicated by the traffic signal, further comprising: sending a start-engine notification to a first vehicle in the queue; calculating an optimal time for an engine of a second vehicle in the queue to start; and sending the start-engine notification to the second vehicle at the optimal time.
Claims:
1. A method for managing engines in response to a traffic signal, comprising:establishing communications with a plurality of participating vehicles;responding to a stop status indicated by the traffic signal, further comprising:receiving a position data from each participating vehicles;determining a queue comprising a list of participating vehicles stopped at the traffic signal;determining a remaining duration of the stop status;sending a stop-engine notification to the list of participating vehicles stopped at the traffic signal when the remaining duration is greater than a threshold of time;responding to a proceed status indicated by the traffic signal, further comprising:sending a start-engine notification to a first vehicle in the queue;calculating an optimal time for an engine of a second vehicle in the queue to start when the first vehicle starts moving; and sending the start-engine notification to the second vehicle in the queue at the optimal time.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    Motorsforum.com is a website by car enthusiasts for car enthusiasts. It is not affiliated with any of the car or spare part manufacturers or car dealers discussed here. All logos and trade names are the property of their respective owners.