Forgot your password?
typodupeerror

+ - Car computers dangerously insecure-> 7

Submitted by
jd
" rel="nofollow">jd writes "According to the BBC, it is possible to remotely control the brakes, dashboard, car locks, engine and seatbelts. Researchers have actually done so, with nothing more than a packet sniffer to analyze the messages between the onboard computer systems and a means of injecting packets. There is no packet authentication or channel authentication of any kind, no sanity-checking and no obvious data validation. It appears to need a hardware hack, at present — such as a wireless device plugged into the diagnostics port — but it's not at all clear that this will be a limiting factor. There's no shortage of wireless devices that must make use of the fact you can inject packets to turn on/off the engine, lock/unlock the doors, track the car, etc. If it's a simple one-wire link, all you need is a transmitter tuned to that wire."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Car computers dangerously insecure

Comments Filter:
  • This story reflects a basic misunderstanding about the nature of car "networks." It's a closed system. The "network" is more like the PCI bus in your computer. Of course cards on the bus have access to the other devices on the bus and can instruct the computer to reset or shut down. And if someone builds a wireless PCI card that's externally hackable for general-purpose access to the PCI bus then they deserve a hammer to the head.

    • by jd (1658)

      Like I said, it depends on the type of interconnect. SCADA is a bus/network, but is repeatedly savaged for its insecurity. I would want to know why SCADA is so brutalized but another network that is identical in all important aspects (function, use in embedded systems, mission-critical threats, etc) is treated as "oh so what?" - because it's something we are at risk from, versus a power station where it's someone else's fat that's going to be in the fire? I'm not comfortable making that kind of distinction.

      • by Spazmania (174582)

        SCADA is used in physically dispersed multiuser systems where different users interact unsupervised with different components. A "car network" is not.

        As for launching attacks on the 1-wire bus, you can also crawl under the car and cut the brake line or plant a bomb. You can drive up behind someone and bump them, causing them to lose control and crash. You can even stand on a bridge and throw bricks at the cars below. These are not systemic security problems. They're law enforcement problems.

        When the guy in

        • by jd (1658)

          Not sure why it would take $200 per component. Sequence numbers that are very hard to predict would almost be sufficient right there. Communication ports to external devices need a little more. A second trivial calculation based on data both sides should know gives you a pseudo-random number. XOR gates are cheap - XOR each word in the packet with the calculated value. Initial data should be something a mechanic can look up or have programmed into the shop's diagnostics tools. It's weak as security goes but

          • by Spazmania (174582)

            Trivially breached by an attacker that has already gone to the difficulty of breaking through to where he has access to the bus in the first place. Half-measures are worse than nothing - they increase the likelihood of death-causing software bugs without buying a meaningful improvement in security.

            • by jd (1658)

              What evidence do you have that these existing plug-in systems are so secure that it would constitute "difficulty"? If nobody has looked into the issue, then it is reasonably safe to conclude that they are not secure. As for half-measures, I wouldn't say that OpenBSD has any death-causing bugs (in fact, it's bloody good software), but what have they done to get it there? Closed down stuff that wasn't needed, filtered out packets that shouldn't be there, fixed weak sequence numbering to be strong, etc. Yes, t

              • by Spazmania (174582)

                I assume that having gained physical access to the car network you have total control of it, just as physical access to the PCI bus gains you total control over the computer.

                My security expertise tells me that once you have physical access to the control components of the car, securing the network between them is moot. If I can't place my hack device on the car network, I'll place it directly on the individual components I want to control. No software or firmware-level security will prevent it.

                I further ass

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Working...