Auto Industry Teams Up With Military To Stop Car Hacking 114
An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.
First rule of computer security!!! (Score:4, Insightful)
1. Physical security.
If you let the machine get into the hands of hackers... they will break it the controls. And that is doubly certain if the device is mostly functional regardless. It will interact and that will let people either exploit flaws in the security or just decrypt it.
If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.
Re: (Score:2)
If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.
The sad part is that preventing this is really easy by following some basic principles of networking and security like properly sanitizing your inputs. But they're just not used to even having to think about that at all at the companies which build the PCMs. Some vehicles are clever enough to have a communications gateway in between systems but who trusts the gateways?
Re: (Score:2)
The radio is not a radio any more, it's a control unit (in many cases) and it changes powertrain and suspension settings. it legitimately needs to be able to communicate with stuff that's on that bus. But it should be doing it through a gateway which only permits the necessary signals...
I want remote features, but nobody should be able to drive away with the vehicle without actually having the key, and nobody should be able to reflash the vehicle without actually physically accessing it. Once they are in, t
Re: (Score:2)
Most cars cost multiple thousands of dollars
Re: (Score:2)
Most cars cost multiple thousands of dollars
This does not appear to be a reply to my comment, but that's where you left it. Care to expound, or are you simply schizophrenic? The fact that cars cost multiple thousands of dollars is the reason why it's worth it to spend a grand or more on tools for stealing them. Get some easy scores from cars without good security, work your way up, like any other job.
Re: (Score:2)
cars worked just fine without this nonsense. They can clearly work just fine without it again.
The easiest way to make sure the tech is not insecure is to not have it. It think the tech should be optional.
Those that want it for whatever reason can have it. Those that don't can omit it.
Re: (Score:2)
You can still buy a dead simple new car.
Re: (Score:2)
You can still buy a dead simple new car.
Only if you buy a Morgan. Otherwise you're getting ABS, traction control, yaw control, driver and passenger airbags, and the aforementioned backup camera. All that stuff has been mandatory on new production vehicles sold in the USA since 2010, and the camera is coming next year. It doesn't have to be digital, though. If they're not putting any other screen in the car, or if it's not doing anything high-res, it could well be analog.
Re: (Score:2)
ABS and Traction control do not need to be networked to a larger system that is wireless accessible or even programmable.
Ideally, these systems should hardwared. By all means, give them some updatable firmware but have that be something that requires a per chip hardware connection to facilitate.
You can't hack a VCR from 1995 with a bluetooth radio even though the VCR has some sort of computer in it.
Re: (Score:1)
Which it should never be!
A car stereo should be a car stereo and nothing more. It should have absolutely no communication to the rest of the car. Passive receive only connections would be fine in order to display some statistics about the car, but allowing the stereo to transmit data to the control bus is pure idiocy.
The idea of having wireless connections is not really a bad one
Re: (Score:2)
Your mention of why does the radio need to be on the CAN bus? Like those controls on the steering wheel? Wouldn't be possible without the CAN bus.
Re: (Score:2)
The radio generally isn't on the same CAN bus as the ECM. The ECM is on the high speed bus which usually is reserved for engine and safety systems, like airbags and ABS. But as you noted, there are places where messages have to cross over: airbags need to be able to tell the entertainment system to have the connected cell phone dial 911. There are commercial CAN bus bridges [buenoptic.net] available that provide this function, and they can be configured like a firewall to isolate all messages except those identified as
Re: (Score:2)
In general they are not. Or rather, they were not designed as such.
CANbus is a prime example of a bus system that was designed with pretty much anything but security in mind. The whole deal is like 30 years old, and as one can imagine the core ideas in its conception were simplicity and resilience against noise. Both not quite lending themselves well to the idea of ensuring security on a bus.
Also there was really not a huge need to consider security an issue. Mostly because you needed physical access to the
Re: (Score:2)
Product liability for software is in a weird limbo where vendors effectively have no liability. So they don't have much reason to care, beyond damage to their brand.
If you read the EULA that comes with software you purchase, it disclaims ALL warranty, and the vendor is not guaranteeing the software will do anything, not even what it says on the box.
I wonder if automotive software might be on different legal ground, since nobody accepts a software license when they buy a car.
Re: (Score:2)
The sad part is that preventing this is really easy
Yes. I think it is pretty clear that the auto makers got themselves into this mess -- as they have often done -- by doing stupid shit they did not understand.
Re:First rule of DICEDOT (Score:1)
BRING BACK THE FUCKING TAGLINE: NEWS FOR NERDS, STUFF THAT MATTERS.
Also, FUCK BETA.
Filter error: Don't use so many caps. It's like YELLING.
AND FUCK FILTER ERRORS.
Re: (Score:3)
1. Physical security.
If you let the machine get into the hands of hackers... they will break it the controls. And that is doubly certain if the device is mostly functional regardless. It will interact and that will let people either exploit flaws in the security or just decrypt it.
If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.
First rule of Capitalism: Make money.
Second rule of Capitalism: Actually give a shit how you make it.
Good luck getting anyone to pay attention to any other rule but the one that counts.
In other words, fuck your risks. The vendor is going to massively profit from those insecure features you never asked for, and won't stop installing them until enough people die to make it illegal (key word there being enough, that threshold is a lot higher than you think thanks to political gaming.)
Re: (Score:2)
You're expecting the government to understand computer security?
All I know is that there will be mods on the market to cripple these systems and I'll be using them.
Re: (Score:2)
Product liability law says that manufacturers should be aware of the most current science related to manufacture of their product. They are on the hook for all manufacturing defects. Congress doesn't have to codify the state of the art.
The problem is that the law hasn't decided how software fits in to product liability law, so vendors can argue security defects are not manufacturing defects, but *design* flaws, and they have much less liability for design flaws.
Congress could fix this easily, but legisla
Re: (Score:2)
Lawsuits seem to only be useful for catching defects rather then actual design flaws.
As to congress, you're talking about people that went into politics young in many cases. Most of them aspired to office from a fairly early point in their career. And therefore they tend to have very specialized skills which have little utility outside of strong arming other politicians.
Re: (Score:2)
The military is good at physical security. That's their mandate, after all. It seems logical to put them together.
However, they seem to suck at this aspect of it. There is no reason that an American vehicle (or weapons system) left in the hands of an Iraqi army battalion should ever be able to be commandeered by troops who switched allegiance to ISIL. There should be an American satellite link required for occasional checking-in, and the vehicle should be disabling itself if it's failing to check in, or
Re: (Score:2)
No, the military's physical security is a soldier with a loaded rifle trained to kill you if you touch things you're not supposed to touch
Lets say I took any bit of modern military hardware and just dump it in the middle of a hacker convention. What exactly are the odds that someone there won't be able to break the lockouts?
Military gear is not designed to be hack proof. It is designed to be deadly and robust. How long did it take the Iranians to reverse engineer the drone we lost in their territory? They h
Re: (Score:1)
Separate the networks. Have essential processes (engine, breaking, steering) on a secure network
Have infotainment, radio, bluetooth phone, gps, wipers, rain sensor, etc on a separate network
Have anything wifi (door unlock) heavily vetted before you allow it into one of your other networks.
Personally I feel that windows even belong on the infotainment network, as they aren't vital to the safety of the vehicle.
Keep chatter between networks to a minimum. I figure secure (engine) would
Re: (Score:2)
I'm going to have to side with the Colonial Fleet on this one and say the systems should not be networked at all.
Each of these systems has their own internal sensor package and programming. My fuel air sensors do not need to be coordinated with my anti lock breaks. The two operate just fine isolated.
What is more, some systems should be dumb. Toaster simple. Simplicity means not just more secure but more robust. Simple systems tend to be less prone to failure and error.
Re: (Score:2)
Your traction/stability control operates the throttle and brakes, so they need to be connected at some point.
Re: (Score:2)
Assuming that is correct, does that system need to be connected to anything else?
If the traction control system is connected to the brake servos and throttle servo, does that system need to be linked to the wireless ignition system or my bluetooth stereo? What is more, I do want manual over rides for all these things.
I have an older car and it is profoundly simple in the way that everything works. I don't see why I can't have all the relevant modern features without compromising the underlying robustness of
Re: (Score:2)
Well, it is kind of hard to have wireless ignition (remote start) without having access to the engine controller, so they do need to be connected. And the remote start probably has connections to the body controller so it can do things like lock the doors, flash lights (for feedback) and monitor to brake pedal so it can kill the engine if the brake is touched (in order to shift into gear) without the key being present.
As for the radio, starting next year all new cars in the US must have backup cameras. T
Re: (Score:1)
I do feel that the backup camera is just fine being on the infotainment network. If side camera go away I feel the same about them. Engine, steering, breaking - things where one might lose control of the vehicle if they don't function correctly belong on their own se
Re: (Score:2)
Depends on how complicated the system is actually.
If all you want is remote starting, then have a simple radio/computer system that interfaces with another very simple non-programmable bit of hardware. All the radio/computer unit can do is send a "GO" command to the ignition unit. The ignition unit should have a hardware fail safe that prevents it from operating if the alternator is producing power. In this way, the remote start will only start a car that is off and will have zero impact on a car that is on
Re: (Score:2)
If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
If you want to stop 99% of malicious vehicle hacks you need to remove any wireless components from the system as well as physically securing it. This means not giving the infotainment system access to the CANBUS or anything else.
The answer to vehicle hacking is stupidly simple... but this means they cant sell the new Craptiva with remote start technology so guess which one they're going to do.
Re: (Score:2)
I don't have to buy that feature. Most cars in fact don't have a remote starter. Remote door locks are pretty common but the starter is unusual.
Re: (Score:2)
I don't have to buy that feature. Most cars in fact don't have a remote starter. Remote door locks are pretty common but the starter is unusual.
Like remote locks were in the early 90, remote start is uncommon now but it will become more common later. Its more common in Europe than the US because of the weather, most people would rather have breakfast than sit in their car waiting for it to warm up enough to drive.
Re: (Score:2)
Trust me, it gets every bit as cold in the US. US is a big place. Parts of it get a great deal colder then anything you'll see in western europe. Just saying.
As to remote start, there are ways to do it that don't present a security risk.
1. Isolate the system.
2. Make it so it does nothing if the car is already on.
3. Make a distinction between starting the engine with the remote start and authorizing driving. If what you want is to warm the car up then you don't need to unlock the steering wheel.
4. Consider m
Overkill! (Score:2, Funny)
Nothing, and I mean nothing the security guys ever come up with will have anywhere near the effect of the six inch square piece of plywood with 25 six inch nails hammered through that i place under the driver seat of my car. The second a would be thief jumps into my car seat is the second they begin to understand just how bad their life choices have been. I also have a conventional car alarm that serves to let me know that i should call an ambulance for the 'tard, should but wont, baseball bat feels better
Re: (Score:2)
I'm wondering: is your car a 1960 VW Beetle or 2CV? Because those are the only cars I can think of where the seats can sag enough to make this a worthwhile proposition.
Or, much more likely, you actually don't do any of this.
Re: (Score:2)
Or, much more likely, you actually don't do any of this.
Probably not. But the springs break in lots of Mercedes seats, and so they're candidates too. A lot of people shore them up with a pool noodle. If you can find a fairly compatible spring, you can splice it into the broken section from below after removing the seat without even having to pull the upholstery, which you don't want to do.
Re: (Score:2)
Not a lot to say (Score:2)
Re: (Score:1)
In the UK in the nineties a very popular hatchback (Vauxhal Nova/Opel Corsa early models) had a large rectangular hazzard light switch which could be pulled out of the dash on a long stalk. The switch could then be rotated through 180 degrees and popped back into the dash with the effect that the cars electrics were now on, all a car thief then had to do was break the steering lock and bump start the car. This was corrected in later models but was bloody hillarious.
Captcha: extracts
Re: (Score:2)
Popcorn in the airbag?
It's easy! (Score:2)
OT: I have a small feature request for car-makers (Score:2)
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives [washingtonpost.com].
Re: (Score:1)
You want a machine to decide that for you...
Re: (Score:3)
No, I want it to decide for itself — when I am not there.
Re: (Score:2)
I have a heat gun/torch and I know how to use them!
Re: (Score:1)
LOL that's even worse.
Re: (Score:2)
This sort of logic was present and functioning on the first steam-engines [wikipedia.org]! You have such a system in your toilet — it closes the water-valve, when the "sensor" detects, the tank is full...
Re: (Score:3)
A number of reasons this isn't a simple feature request:
* continuous monitoring will drain your battery, so you will come to a dead battery every time you go on vacation;
* the system will also have to monitor for precipitation, so additional sensors are needed (you wouldn't want to come back to wet seats now, would you?);
* there are better ways to spend ~100$ in parts and 5lb of weight.
Re: (Score:2)
I have an outside temperature sensor, that radios figures to the display unit inside. Its puny little battery lasts a year... You too can get one at Home Depot.
As I said, such sensors are already built into my car. The wipers start automatically, when the rain or snow hits the windshield.
Re: (Score:2)
Just need to teach the existing software a new trick.
And I bet you the existing wetware will learn a new trick just as fast as you automate your car to crack the windows. Won't even need a wedge to slip in an opening tool.
Re: (Score:2)
On my car I can set fan to run for some time using residual core heat or cooling to maintain preset temperature. This feature good for about 30 minutes (but will run longer) and does not run if the battery charge drops past some threshold, but yo
Re: (Score:2)
Continuous monitoring isn't an issue with EVs. When you have a 24,000Wh or larger battery remaining connected to a cellular network for weeks is no issue. Remember when your Nokia could run for a week on one charge? That's what the modem in the car is like, only it has a giant car sized battery to power it.
Re: (Score:2)
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives [washingtonpost.com].
Or perhaps you'll walk back to an empty parking spot where your car used to be.
All a thief really needs to steal a car (or the contents inside) is access, which you're suggesting to now provide in a automated and unattended fashion.
Re: (Score:2)
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
Would've made returning to your car in the sunny lot more comfortable and even saved some lives [washingtonpost.com].
Because opening the windows slightly only affects inside temperatures slightly? Yet it makes it much easier to thread in a wire to snag a door handle to open the door.
A forced air fan to vent in cooler air from below the car 30 minutes before you return to the car would be more effective. And the only thing stopping that is cost vs benefit - not enough people would find it useful enough to add $xx to the price of the car.
Re: (Score:2)
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside? All the hardware is already there — the sensors know both the inside temperature and whether anything is hitting the windshield (so wipers can turn automatically in rain).
It'd be way safer to get a fan going to circulate the air than to crack the windows open. You really want car makers to open themselves up to having cars stolen easier?
Re: (Score:2)
Spinning fan will drain battery quickly. A slightly-open window will not make theft much easier — and the alarm will still go on, if the door is opened.
People do leave windows rolled-down a little on hot days as a matter of course. Would be nice, if the car could do it itself. And even close them back up, if rain starts.
Re: (Score:2)
So... all I'd have to do to break into your car is to increase the inside temperature? Provided it doesn't rain, of course...
That's doable.
Re: (Score:2)
If a hacker can do all that, why can't the car itself open the windows slightly if the temperature inside gets high and there is no rain outside?
It's safer to just put a solar panel on the roof, my car has it integrated into the sunroof. When the interior temperature rises sufficiently and the panel is sunlit then it runs the blower motor to keep the car cool. Sadly, it ignores the ambient temperature sensor and has no concept of humidity, so in some conditions the sun can hit your car, heat it up before the surroundings, and suck damp cold air into the vehicle and humidify it. In the normal course of the day, though, it will blow warm air through a
morons (Score:1)
Laff (Score:1)
Auto Industry Teams Up With Military To Stop Car Hacking
Yeah only good things can come from this.
Re: (Score:2)
Auto Industry Teams Up With Military To Stop Car Hacking
Yeah only good things can come from this.
Yeah.... it'd be like Monsanto and the IRS teaming up to make children's lunches healthier.
Re: (Score:2)
I'm sorry, they just don't have the broad expertise in mass food preparation. Sure, they can grow crops and tax stuff, but can they make billions upon billions of Happy Meals? I think not. We clearly need to outsource this to McDonalds and Coca-Cola.
Re: (Score:2)
I'm sorry, they just don't have the broad expertise in mass food preparation. Sure, they can grow crops and tax stuff, but can they make billions upon billions of Happy Meals? I think not. We clearly need to outsource this to McDonalds and Coca-Cola.
When I went to high school, (mid-seventies) CocaCola already had the drinks contract, (probably why I can't stand the stuff today) and the food was worse than anything McD's had ever produced up to that time. Recognizable bone meal in the hamburger. Looking back, I realize now that the food would be considered bargain dog food today.
Re: (Score:1)
Did you ever get the weird lumps in the milk, that was the last time I ate cafeteria food and always brought my lunch after that.
Re: (Score:2)
Did you ever get the weird lumps in the milk, that was the last time I ate cafeteria food and always brought my lunch after that.
Only once, and never ordered the milk again. (Maybe they were trying to drive us to the corporate sponsor, Coca Cola?) The cafeteria was a huge multipurpose room, and kids would buy the milk cartons to use as "hand grenades", throwing them high in the air across the room and learning important lessons about splash damage.
Similarly, had the hamburger once, didn't do that ever again. The burrito was... ok. The pizza was ghastly. (How can you ruin pizza??) The hot dog... I don't want to talk about it.
The
Re: (Score:2)
Especially if you consider that many military vehicles do not even have lockable doors...
so waitaminute... (Score:2)
I know we've talked about it in Slashdot, in the context of more and more electronics taking responsibility for control of the car, mesh car networks, Windows controlling and potentially driving your car, but really -- hyperbole aside, is car hacking a real thing? And if so, is it really an effective tool for terrorists? (Or is that -- "terrorist" -- what we're calling experimenters and hackers these days?)
I mean, if someone is being proactive about what might be a terrorist vector, I guess that's ok, but
Re: (Score:2)
To answer your question: yes, car hacking is a real thing. It's widespread among higher-end cars, especially luxury models. However, it's usually limited to stealing the vehicles to be parted out and resold.
To answer your second question: Terrorists? WTF are you smoking? It's probably more likely to be abused by law enforcement.
Re: (Score:2)
> To answer your second question: Terrorists? WTF are you smoking?
Whatever I'm smoking, it doesn't appear to be working. I was referring to this line in the article:
> in response to a growing threat from criminals and terrorists
Criminals, that's a given. You had a great example. Terrorists? I'm having a hard time seeing the connection.
Re: (Score:1)
Re: (Score:2)
Ok. I think I'm going to hang onto my old truck, thanks.
No reason to network cars (Score:2)
You also get your car pwned remotely, because not only they track you, they failed to secure the interface, ether out of ignorance or "in the interest of national security".
Re: (Score:3)
Car manufacturers want to double-dip by tracking you using your car. When you pair your phone with infotainment system, they can sell real-time location data (your car's GPS) strongly tied to your identity. Even if you opt out of OnStar and such system, they are still active.
Let's be realistic here for a moment. When is your cellular GPS data not your real-time location?
There is no opting out of being tracked if you own a cell phone, whether you own a car equipped with OnStar or not.
And you signed away that GPS data about 17 EULAs ago.
Re: (Score:2)
Yes, correct to the above. Only now car manufacturers also can do what telecoms have been doing for some time.
Also, some phone manufacturers allow you to turn GPS off. I am not aware of a car manufacturer letting you do the same.
Re: (Score:2)
Also, some phone manufacturers allow you to turn GPS off.
That's irrelevant. Read up on DTOA, differential time of arrival. TL;DR: It's like GPS in reverse, with multiple cell sites used to triangulate your position based on your cellular radio emissions.
Re: (Score:2)
Software to implement that tracking would be very complex and expensive, and deploying it would be a huge PiTA.
DTOA is how the USA GSM providers decided to implement the mandatory E911 position services. In fact, they were allowed to slip the deadline so that they could get it implemented. It's what they use right now. Consequently, GSM phones remained cheaper on average than CDMA phones when E911 was made mandatory because they did not have to include a GPS chip even when it was not made available to the user.
Re: (Score:2)
Yes, we have progressed from cars that could NOT remotely have the boot opened, windshield wipers set off, brakes locked, and engine cut, to cars that can. Well done.
But hey, I'm sure that security will be taken seriously now and these issues will be gone any minute. And only the "older models" will be vulnerable...
It's always the same claim from software developers. "Oops, we fucked up horribly last time... Buy our NEW version!!!"
This problem will become much worse as insurance companies refuse to accept "insecure" car models, or simply charge a 4x fee for "obsolete hardware support."
Manual door and ignition locks? (Score:1)
If you MUST have a remote-control door lock, make it something that requires very close physical proximity that is very hard to override.
For example, have a receiver that is on the car-facing side of the door handle using a very-near-field communications setup. You swipe your "key" under the handle and the door locks or unlocks.
Yes, it might be possible for a thief to make a small "reflector" and tape it to your car door near the handle, but that's one more step he'll have to go through and one more opport
No useless technology, better security (Score:2)
If they want better security then stop with the unnecessary technology. I don't want a car that unlocks or locks every time I walk up to it or walk away. The GPS should be isolated, not integrated and should do it's best to maintain privacy. There should be no possible way in the world for a radio signal to control anything, but the door locks. Cars should not be as Ford says "A computer on wheels". I'm quite happy with my luxury car from the 90's and although some modern features are nice I really think it
Re: (Score:2)
Cars should not be as Ford says "A computer on wheels".
Ah yes, Ford. They went to 32-bit PCMs when Hitachi at least (and Bosch too, I think) was still using 6800-family chips. A computer on wheels, indeed.
How about simple reliable cars that people can actually afford to buy.
Like a Ford Fiesta?
What, car thieve are now "terrorists"? (Score:2)
What is next? Shoplifters as terrorists? Or people that ride public transportation without a ticket?
Seriously, this is far beyond mere ridiculous. Possibly, this utter idiocy results from a deep desire to classify all hackers as "terrorists". After all, they can do things! That seems to scare the government badly.
We already knew; we just don't seem to care (Score:1)
BUT BUT BUT INTERNET OF THINGS
This article and 'autonomous' cars: (Score:2)