Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Transportation

Hackers Remotely Cut a Corvette's Brakes 161

Posted by Soulskill from the has-no-effect-on-corvette-drivers dept.
An anonymous reader writes: Security researchers presented work at the USENIX conference today showing an easy way to hack into a car's electronics using a small gadget that plugs into modern dashboards. The port they're taking advantage of is commonly used to monitor the location and speeds of these vehicles. Once the researchers' dongle is attached, they can use SMS messages to transmit commands to the car's internal network. They demonstrated this by remotely cutting a Corvette's brakes. "Though the researchers say their Corvette brake tricks only worked at low speeds due to limitations in the automated computer functions of the vehicle, they say they could have easily adapted their attack for practically any other modern vehicle and hijacked other critical components like locks, steering or transmission, too."
This discussion has been archived. No new comments can be posted.

Hackers Remotely Cut a Corvette's Brakes More

Hackers Remotely Cut a Corvette's Brakes

Comments Filter:

  • In related news.... (Score:5, Funny)

    by Anonymous Coward on Tuesday August 11, 2015 @04:41PM (#50296427)
    The NSA demonstrated a clever hack where they attached a small device to the underside of a Pontiac Grand Prix, remotely pushed a button, and the car blew up! General Motors says this is not a serious security breach and the vulnerability is not limited to their vehicles. They will not issue a recall.

    • Re: (Score:2)

      by PRMan ( 959735 )
      The difference here is that they hacked the most popular dongle that car modders use to send information to their smart phones. So this IS a remote hack of something the owner already has installed. But it's not GM that's at fault but some low-end company that makes ODB-II dongles.

      • Well, yes and no.

        In all seriousness, this is no different than a physical breach. If you have the means to bust into the car, you have the means to do whatever the hell you want to it while you're in there. There is honestly not much you can do to prevent it given the architecture of ODB-II (doubly so given the mass of insurance company 'monitor-me-for-a-discount' dongles out there).

        This is no different than sneaking into a server room and plugging a wifi-enabled keylogger into the server's USB port, FFS (a

        • Are these always somewhere under the driver's dash? Are there cars where they are relatively easy to access from the passenger's side?

          I'm wondering if a front-seat Uber passenger could "tie their shoes" and install one while welcomed into a car.

          • I'm wondering if a front-seat Uber passenger could "tie their shoes" and install one while welcomed into a car.

            And that still need physical access to the car regardless their interior design layout...

  • ... unethical to be releasing detailed information on an exploit.

    It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.

    The cost-benefit analysis going into the value judgement of a release of more details for hacks is VERY different from the analysis of some HTTP flaw or kernel bug. Actual lives are a

    • Re: (Score:1)

      by Anonymous Coward
      It depends. If it's a software fix, and manufactures have been given plenty of time to patch, releasing the exploit may be the only way to motivate all the players to action (manufacturers to release a fix, and people to be more careful about where they buy). But if it's a hardware flaw that will take more time and money to roll out and nobody has been notified, then that leaves a large window where it's just not possible to fix before it's used by a real attacker.

    • Re:We are rapidly getting to a point where it's... (Score:4, Informative)

      by ArhcAngel ( 247594 ) on Tuesday August 11, 2015 @05:12PM (#50296721)
      Oh, there are people doing it [nytimes.com] they just have the law on their side.

      • Damn. Things like that make me doubly glad that I pay cash for all of my vehicles. I can only imagine how much easier it is to hack a car remotely which has one of those little beasties installed...

        • Re: (Score:1)

          by Anonymous Coward

          It's just a remote starter kill switch. It is separate from the vehicle itself, though it might take advantage of power supplied at the OBD connector. The only hack possible is to turn off power to the starter.

          Companies also have to pay to have them and use them. They banks save them for their worst ~~victims~~ customers.

    • Re: (Score:1)

      by Anonymous Coward

      Actual lives are at risk either way and the exact time when these things should be pressed. When they aren't wide spread or commonplace. So steps can be put into place to prevent this sort of thing from ever happening or at least make it significantly harder to pull off. Plus lets face it without some level of public outrage do you really think most companies are going to lift a finger when it is going to cost them money when they don't absolutely have to?

      • Re: (Score:1)

        by Etcetera ( 14711 )

        Pressed, yes. More pressure = call your Congressman.

        When "more pressure" = "demonstrate to script kiddies how to easily kill people", the value judgement changes.

        • Re: (Score:2)

          by rthille ( 8526 )

          Or "more pressure" == "hack congress critter's teen's car"

    • Unless the exploit is in an Oracle environment. They don't care about exploits.

    • Re: (Score:3)

      by tlhIngan ( 30335 )

      It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.

      This exploit is unlike the Chevy exploit - in that to remotely use it, you had to get into the car in the first place. Well, if you're already in the car, then all bets are off.

      It's like saying Linux is vulnerable because you can install a keylogge

      • The thing is though, even if the car's internal network isn't currently attached to the internet/mobile access, it WILL be soon enough. That's the way the trends are going - because the world is getting more interconnected. As good as it would be for security, we're not going to be able to keep the connectivity genie stuffed in the bottle. Some executive is going to want it, some engineer is going to make it happen, and some car buyer is going to eagerly pay for it.

        So what can we do? Well, for one, we ca
    • Comment removed based on user account deletion

      • Re: (Score:2)

        by Etcetera ( 14711 )

        It seems to me that it is similar to a whistle-blower, than the security through obscurity model of not releasing the information.

        I question your ability to know that no one is actively doing this. Proving a negative is difficult at best.

        I'm all for whistle-blowing. But if sufficient results are not achieved, the response should be *more whistle-blowing*... NOT releasing the information.

        The latter may (may!) be ethically justified in other situations; not here.

  • OK, but... (Score:5, Insightful)

    by cyn1c77 ( 928549 ) on Tuesday August 11, 2015 @04:45PM (#50296455)

    Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.

    • Re: (Score:2)

      by digsbo ( 1292334 )
      You can't remove a bomb (or its fragments) after killing the driver in an explosion. I don't know how hard it would be to leave no traceable evidence you cut the brakes with a dongle, but I'm guessing it's a concern.

      • no traceable evidence

        The dongle is the physical evidence. If you physically put it there. If you didn't provide it, it'll be awfully hard to figure out the phone number of the device to perform the attack.

        • Re: (Score:2)

          by digsbo ( 1292334 )
          Get there and get it out...assuming you control the dongle, you cut the breaks via SMS, you should beat the cops to the scene? Seems risky. I don't really think it's an issue, but I see how some might.

          • Re: (Score:1)

            by Anonymous Coward

            well presumably you will want to be nearby to time your attack for greatest effect, and then you can be first on the scene! get in there,help the driver, pocket the device, call the cops.

      • I'm thinking it'd be pretty damned hard to remove the device in the limited time between crash and haul-away by the cops, unless you're directly following the guy on a lonely, remote, deserted road (otherwise, it's going to look real suspicious if someone sees you just walk up, reach into the vehicle, and leave without even trying to render aid to the victim...)

    • Re: (Score:3)

      by PRMan ( 959735 )
      But in this case they hacked a popular ODB-II dongle that many car modders already have installed.

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        Modders use Bluetooth enabled dongles (which might be hackable), but these things have a cellular modem in them. They are used by fleet management systems and insurance companies. Fleets monitor their drivers to check that they are driving efficiently and not wasting fuel. Insurance companies use them both to spy on the driver (with the offer of a potentially lower premium) and to gather evidence in the event of an accident (e.g. proving that their driver had come to a complete stop before the collision).

        Th

    • That's why I had a trunk monkey [suburbanautogroup.com] installed. It stops those kind of shenanigans.

    • You misunderstand. (Score:1)

      by Anonymous Coward

      Yes, this requires an additional hardware dongle to be attached to the car.

      However, the attackers did not create these dongles. These dongles are ALREADY THERE in many cars. These are devices that driver fleet managers use to track how their drivers are performing. Think FedEx vans and delivery trucks. They're also already in use by some insurance companies, who offer discounts for safe driving or infrequent use. Nobody's talking about breaking into cars and physically attaching a device that wasn't th

      • Yep, FedEX vans ... or armoured van fleets?

        A practical application of this for criminals would be to use it to stop and rob an armoured van.

    • Re: (Score:2)

      by FreeUser ( 11483 )

      Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.

      Or cut the break lines.

    • Re: (Score:2)

      by vux984 ( 928602 )

      Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.

      "just as easily" ? ORLY.

      From their FAQ:

      "We provide the Metromile Pulse, our OBD-II device, to our per-mile insurance customers. If you are interested in per-mile insurance, please learn more here."

      https://www.metromile.com/ [metromile.com]

      Please describe how and where my victims unwittingly order a remotely controlled bomb and install it in their cars for me?

      Lets keep this in perspective indeed. Thousands of people using metromile insurance receive and install this dongle in their cars. None of them are strapping C4 attach

    • Furthermore, TFS boldly claims "Hackers remotely cut brakes...". Well duh, if you have physical access to your target and attach your own device to it (which is what these guys did), of course you can do whatever to it. I can remotely shove a gerbil up Bush's butt if I am given physical access to him and I'm allowed to attach my device on him.

      The challenge is to remotely hack something that you have no physical access to and/or without attaching anything to it.

    • Comment removed based on user account deletion
    • True. But these dongles are in widespread use (e.g. by insurance companies selling insurance on a per-mile basis, or high risk policies for younger drivers; fleet managers who wish to track the movements and driving style of the their vehicles, etc.)

      Because these dongles are intended to be accessible over cellular networks, any defects in authentication or validation of query data can be troublesome. In this case, these dongles intended to monitor driving behavior and forward it to an authorised viewer,

    • Re: (Score:2)

      by fermion ( 181285 )
      The real overreaction here is the what how would this be useful in killing or maiming someone that do have easier or more effective alternatives. In reality, attaching one of these does not necessarily require physical access. Insurance companies are promoting drivers to use these in their cars so they can get data to raise rates. It would be easy enough to substitute a more malicious dongle for the less malicious dongle. The driver would voluntarily place the device and not know any better. In any cas

      • So, the blame would be on the insurance company or dongle manufacturer for allowing unauthorized access to the dongle then. Either way, the auto manufacturer is not at fault as they did not provide the attack vector.

  • I know it's not the entire point but... (Score:1)

    by Anonymous Coward

    Once the researchers' dongle is attached
     
    Can we have a bit less sensationalism around this articles about "This hack can happen once you get access to the physical sytem!!!!1111!!!!!"?
     
    It's can still be an interesting tech read but I can also cut breaks with a set of 99 cent snips from Radio Shack.

    • Once the researchers' dongle is attached It's can still be an interesting tech read but I can also cut breaks with a set of 99 cent snips from Radio Shack.

      Not any more.. Radio Shack has gone the way of Comp USA and Circuit City....

      • Comp USA and Circuit City opened up locations inside of Sprint stores?

        • Bankruptcy has taken all three... Sprint just purchased some of Radio Shack's stores so they could keep selling cell phones from them.

          • The Sprint/Radio Shack store a few miles from me here sells wire cutters, soldering irons, and even Arduinos.

            • The Sprint/Radio Shack store a few miles from me here sells wire cutters, soldering irons, and even Arduinos.

              Have you been there lately? Like in the last few weeks? The bankruptcy liquidation sales just ended last month or so around here. I didn't figure Sprint would want to continue selling the electronics trinkets, just cell phones and accessories... But hey, I've not seen a remaining Radio Shack/Sprint store myself, all the local stores closed.

    • yes but you can't snip the brakes when the vehicle is going 75 MPH on the freeway...

      • yes but you can't snip the brakes when the vehicle is going 75 MPH on the freeway...

        With a small remotely operated tube cutter, yes. (two actually due to dual-cylinder brake systems) Same as this device, other than one device versus two. The difference is to access the ODB-II requires getting into the vehicle without the owner knowing, while attaching a tube cutter only requires access to the underside of the vehicle. The latter is actually easier. In both cases pressing the emergency brake (ever wonder why it is called that?) would activate the rear brakes unless that physical cable w

        • The difference is to access the ODB-II requires getting into the vehicle without the owner knowing,

          That depends on the vehicle. Some can be raised up, crawled beneath, and the harness accessed. Some, you can't get to it from there. Once you get there you only need three lines for OBD-II.

          • The difference is to access the ODB-II requires getting into the vehicle without the owner knowing,

            That depends on the vehicle. Some can be raised up, crawled beneath, and the harness accessed. Some, you can't get to it from there. Once you get there you only need three lines for OBD-II.

            That is the CAN bus, not the ODB-II, but you are right, and I didn't want to spend the time explaining it, that accessing the CAN bus will probably yield the same capabilities. The CAN bus runs to a lot of components like the transmission and is often also exposed on the car's underside.

            • That is the CAN bus, not the ODB-II

              First, How is that you feel qualified to speak on this subject when you don't even know the difference between the second coming of Ol' Dirty Bastard, and On-Board Diagnostics?

              Second, CAN is a protocol which is used with OBD-II. It is also used for communications between modules. Getting onto any bus on which the PCM speaks is sufficient for making an attack against the powertrain. OBD-II can also use ISO 9141-2 or the J1850 standard. CAN is fastest, but most expensive.

              Third, if the PCM is located under the

              • That is the CAN bus, not the ODB-II

                First, How is that you feel qualified to speak on this subject when you don't even know the difference between the second coming of Ol' Dirty Bastard, and On-Board Diagnostics?

                The linked article explicitly spelled out the ODB-II, so I addressed that. The article said "The device that the UCSD researchers exploited for those attacks was a so-called OBD2 dongle"

                Second, CAN is a protocol which is used with OBD-II. It is also used for communications between modules. Getting onto any bus on which the PCM speaks is sufficient for making an attack against the powertrain.

                Which is why I said "accessing the CAN bus will probably yield the same capabilities."

                Third, if the PCM is located under the hood, which it often is, then the diagnostic line (whether it's a CAN line like it usually is on modern cars, or one of the other protocols used with OBD-II) may well run through an exposed harness under the hood.

                If you are going to break into the engine compartment, then it isn't that different than breaking into the car.

                For example, in the Audi A8, the E-Box which contains the PCM, TCM and so on is right up against the firewall and there's a very short bit of harness with the diagnostic line in which doesn't get exposed. And in my particular vehicle, a very early 1997 A8 Quattro, the ABS controller is located inside up under the dashboard, so that diagnostic line (in my case a K-line, not CAN) is also inaccessible. But since there's only one diagnostic line which literally goes to all the modules, in the cars which immediately follow mine (starting in late 1997) which have the ABS controller located directly on the ABS module under the hood, it's relatively easy to access the bus — upon which live the PCM, TCM, ABS, and SRS. I think those vehicles actually have a gateway between the powertrain (which includes the ABS in modern vehicles) and SRS, and the infotainment bus, which includes the steering wheel controls. Some of the details of cars which are not mine are a bit hazy.

                TL;DR: You don't know what you're on about, and sometimes a sensitive wire is accessible from beneath the hood, even if you can't raise it.

                What sensitive wire is under the hood isn't that big of a problem, unless it is at the bottom of the compartment and easily acce

        • Re: (Score:2)

          by fisted ( 2295862 )

          You don't seriously think the handbrake is an "emergency brake", right? Good grief, please be kidding.

          • You don't seriously think the handbrake is an "emergency brake", right? Good grief, please be kidding.

            It isn't a handbrake in my vehicle since it is on the floor, and such systems were originally put in place to provide a backup braking system in case the hydraulic system failed, especially since hydraulic braking systems used to be single-cylinder systems and were only mandated to use dual master cylinders starting in 1976. They were later adapted to provide a backup parking brake to supplement the vehicle being left in gear, and are now often also referred to as a parking brake.

            So yes, I think of it as

            • Re: (Score:2)

              by fisted ( 2295862 )

              It isn't a handbrake in my vehicle since it is on the floor

              Fair enough

              and such systems were originally put in place to provide a backup braking system in case the hydraulic system failed

              Today I learned. That's some pretty poor design then, especially considering that it usually brakes only the rear wheels. If you're vaguely familiar with driving physics, or if you have ever tried to actually brake with the handbrake, then you'll have realized that it is essentially useless as an ersatz brake.
              If you're going at a reasonably high speed, and attempt to brake that way, you'll notice it doesn't brake well. So you pull it harder, and then you lose traction on the rear wheels, which, a

          • You don't seriously think the handbrake is an "emergency brake", right?

            On my '72 Toyota, it was the only brake.

  • Less impressive than the other hacks (Score:1)

    by Anonymous Coward

    If it requires physical access to put in the magical dongle then I'm less impressed with this hack compared to the truly remote hacks we've seen on other vehicles.

    I could also cut the breaklines with a $5 tool with physical access to the vehicle. Not to mention the number of car bombs I could get from the mob!

  • Misleading Attention Grabbers (Score:5, Informative)

    by monkeyxpress ( 4016725 ) on Tuesday August 11, 2015 @04:50PM (#50296497)

    This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers. What they likely meant by 'disabled the brakes' is that they disabled the ABS or brake assist module. While troubling, these components are all designed with mechanical overrides for if the electronics goes hey-wire, so this is really scare mongering.

    We have known for years about CAN bus insecurity and how you can control indicators and wipers once you get physical access. There was even a model of car where you could just snap a wing mirror off and plug directly into the CAN system through the exposed mirror connector. These people haven't done anything new and are just being intentionally sensationalist to get attention.

    • Re:Misleading Attention Grabbers (Score:5, Informative)

      by 0123456 ( 636235 ) on Tuesday August 11, 2015 @05:03PM (#50296631)

      You realize that ABS cuts the brakes, right? So, if you can take over the ABS controller, you can stop the car from braking?

      There's no way in hell a device attached to the bus connector under the steering wheel should be allowed to do such a thing.

      • Likewise, power steering or power brakes can be disabled via the same method most likely. Especially if they're in electronic parking assist vehicles which typically have electric power steering vs hydraulic. At high speeds power brakes being cut can be dangerous, power steering not so much, more dangerous at lower speeds. This is why I will never buy a keyless entry car, and prefer manual transmissions, and prefer all driving assistance but ABS to be off. I had traction control nearly kill me once when it

      • Re: (Score:1)

        by Anonymous Coward

        Are you sure? Even with the power "off" you can typically brake your car - though it will take a bit more effort.

      • Re:Misleading Attention Grabbers (Score:5, Interesting)

        by monkeyxpress ( 4016725 ) on Tuesday August 11, 2015 @05:41PM (#50296985)

        It can't. The ABS module is designed to be mechanically failsafe. Have a look at a design. The system can only modulate the pressure in the brake line. It does not have any ability to vent to the reservoir or lock out the pedal connection (the isolation valve is just for pedal feel). All it can do is dump a tiny amount of fluid into a small internal reservoir and then pump it back into the line. If the system fails, whether due to a stuck valve, electronics going crazy, or just loss of power, the worst you'll get is a pedal that moves a bit further and no ABS. Even if you could flash the firmware in the controller through the CAN bus (which you normally can't) to get full control of all the valves and pumps you can't 'cut the brakes'.

        • Re:Misleading Attention Grabbers (Score:5, Informative)

          by StefanSavage ( 454543 ) on Tuesday August 11, 2015 @11:05PM (#50298643)

          Sorry, I have contrary empirical evidence. On multiple different cars we have manipulated appropriate ECUs with the effect that you can push on the brake pedal with no impact on forward velocity (see autosec.org and also the paper this post refers to). I'll personally attest that it is so and that no matter how hard you step on the pedal that nothing is happening wrt braking. I believe that Charlie and Chris also accomplished the same thing with the vehicles they addressed in the first and most recent presentations.

        • With everyone contradicting each other I can't follow what the central idea is. Isn't it so that if you can make the ABS think the wheels are slipping you can make it interrupt the brakes? So a hack that activates ABS (rather than disable it) could override the driver?

      • have ABS kill switches to disable ABS when going off road/mud/slippery roads besides that even if ABS fails the brakes still will work fine, who in their right mind would design it so the brakes fail if the ABS module/pump fails?

    • This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers.

      This is actually no longer true and I was surprised when I learned this a few weeks ago. Apparently Porsche no longer physically connects the brake pedal to the master cylinder in certain model cars. In fact, if you search for parts for Porsche's you'll see that, as of 2012, the only car that still has a brake pedal physically connected to the master cylinder is the GT3. I was pretty shocked and appalled to hear this since the e-brake on the car is a switch. That means that a total failure of the comput

  • Anything goes . . . (Score:1)

    by Anonymous Coward

    . . . when you "plug a gadget into the car".

    Some cars have been hacked with a special crafted music CD. You can perhaps trick someone to insert a CD, but nobody plugs a strange contraption into a hard-to-find plug under the dashboard.

    Once you get into the car's wiring, you can always disable stuff. Even old computerless cars could be disabled by short circuiting the starter cables.

  • My Battlestar Galactica security plan is working (Score:4, Funny)

    by He Who Has No Name ( 768306 ) on Tuesday August 11, 2015 @04:51PM (#50296511)

    ...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

    It doesn't even have power windows.

    Hack that wirelessly, bitches.

    • ...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

      It doesn't even have power windows.

      Hack that wirelessly,

      Well, to improve things, get yourself an older diesel powered vehicle and then not even the spark ignition stuff is necessary....

      • Considered, but the 4.0L inline 6 is way more durable than the diesels that came in that model.

        For true EMP scenarios, I have a Siberian Husky dogsled team.

        • LOL... Hope it happens in the winter then....

          • Re: (Score:1)

            by KGIII ( 973947 )

            You know they train them in the summer, right? They even sometimes just use the sled in the dirt or on leaves and whatnot. I have seen a neighbor that has them pulling an old WWII era Jeep. They have wheeled sleds that they pull. In the case of the Jeep I assume he has it running and they only pull partially. I do not imagine they are pulling the whole vehicle's weight. Dog sled teams are not all that uncommon up my way. Hell, one of my other "neighbors" (a loosely applied term here) is an Iditerode (spelli

      • Comment removed based on user account deletion

    • Re: (Score:2)

      by godrik ( 1287354 )

      In the spirit of this "hack", a rocket launcher could be used to blow up the car wirelessly.

    • Re: (Score:2)

      by mjwx ( 966435 )

      ...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

      It doesn't even have power windows.

      Hack that wirelessly, bitches.

      The brakes on a Jeep will fail on their own, no need to hack them.

    • A 1992 Jeep certainly has a PCM, I don't know if it's got any diagnostic link but I suspect it does. However, the link is probably very limited, it might be able to do stuff like adjust fuel delivery or timing but that's probably about it. So even if someone could interface to it remotely, all they could do is ruin your catalyst.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      They hacked devices that many fleets and some individuals install at the request of insurance companies. They don't need physical access to the car, the victim willingly fits the hackable device.

      What they do need is the phone number to send malicious text messages to. Getting that could be tricky... The operators of these devices will have databases that could be stolen. They could war-dial by sending "ping" messages in bulk to sequential numbers, perhaps, but there are a lot of numbers. If they find one th

    • You don't need a hacker to disable a Jeep's transmission, it does that on its own every few thousand miles.

  • Would you like to have the brakes go out as we round this steep hill, or after we get to the bottom near the lake?

  • It seems that some devices like this are provided by the insurance industry to their clients.... and the Charlie Miller write up confirms that there are CAN-BUS commands to lock and unlock the doors. Wonder if these would make an 'interesting" insurance claim?

  • Hackers Remotely Cut a Corvette's Brakes

    Yes, I know, it's a metaphor, but it not a particularly good one in the context. They remotely disabled the brakes. Nothing was physically cut.

    Not that it's entirely inconceivable that someone will one day find a way to cause physical internal damage to a car remotely...

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Re "Nothing was physically cut."
      In the past any good investigator might notice physical tampering.
      That would give courts, police more powers and ensure journalists kept asking questions.
      If the story can be altered to difficult conditions, a fast powerful car, a driver who was distracted... and no signs of any other issues

  • This is yet another fear based article while it carries merit to it the wording and general presence indicates that there is a vulnerability that can cause you to loose control of your vehicle. It wasn't triggered by the car driving next to you without first getting access to the vehicle physically, and it could possibly be exploited by a another vendors third party plugin.

    Yet this is the same type of article that helps to fuel the auto industry in it's goal WRT the DMCA. They maintain that allowing anyon

  • More Bullshit "hacking" (Score:4, Informative)

    by Lumpy ( 12016 ) on Tuesday August 11, 2015 @07:15PM (#50297555) Homepage

    Can we stop with these fake "researchers" that make claims that are stupid as hell?

    They did not hack anything, they compromised the car by having physical access and sent service code activation commands.

    Basically if there is a smelly guy wearing a trenchcoat under your dash, you might be hacked.

    • Re: (Score:1)

      by Anonymous Coward

      Can we stop with armchair experts spouting off without even reading the article? The whole point is that they didn't need a custom dongle - they hacked the one the insurance company gives you for a bill-by-the-mile plan.

  • How on earth is "...using a small gadget that plugs into modern dashboards." even considered remote?
  • Apparently if you have physical access to a car you can do stuff to it... More news at 11.
  • timberland Homme [mcmcoy.com] NIKE 2010 National Youth (U12/U14/U16) Jiangmen Grand Prix tennis tournaments was February 22 to April 4 to start, has successfully concluded more than two hundred from all over young players After qualifying, Zheng Xuansai the gradual flame, 32 players come to the fore in the points rankings, won the race in September to participate in the final qualification. NIKE 2010 National Youth (U12/U14/U16) Wuhan Grand Prix tennis tournaments was March 22 to May 4 to start, is currently in full swi
  • Once again, there is no reason for these systems to be accepting any kind of input from anything other than the drive controls. Any car that does is broken and needs to be recalled. I suppose that means every car currently being manufactured, but that is not my fault or my problem.

  • I just plugged a tech II scan tool into my OBD port and now have full control over all the systems in my vehicle.

    so.. basically, they just sent the right commands and got a reaction without paying a few grand to do it right.

  • From an email to a friend of mine around 1996,

    "Failure in brakes.dll" - John Carmack

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close