Jump to content

Car hacking just got real: possible to remotely to disable/control brakes, transmission, steering wheel...

esaj

By esaj
in Off Topic Discussion

Recommended Posts

Jag_Rip Community Regular

Jag_Rip

Posted
Posted

When I saw in 2013 that some carmakers had wi-fi modules built in to synchronize music when in range of their home wi-fi, I figured the day was nigh already.

CANBUS has no security, so if you can manipulate the lights, nothing is stopping you from turning off the engine. :wacko:

Link to comment
Share on other sites
Jason McNeil Grand Master

Jason McNeil

Posted
Posted

Pretty stupid of auto-makers to be making these primary controls accessible over the Internet. What conceivable need would there be to take over the steering, acceleration & braking? At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. 

Link to comment
Share on other sites
cg Enthusiast

cg

Posted
Posted

At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. 

Don't give the power away goddamit,

Also, if someone can have access, anyone can have access... right now is obviously horrible since nobody thinks about security, I actually swearer I wanted my next cart to be with a minimum of electronics... and ended up with a Renault Laguna 2005 packed with electronics (most advanced at the time they say )

Link to comment
Share on other sites
Jag_Rip Community Regular

Jag_Rip

Posted
Posted

Security costs money you dont easily get back from the customer before something happened. So you go without  it as long as you can. Its also much easier to implement cool features when all the data is freely accessible.

 

That does in no way mean I like that fact. Not at all. I'd rather like to see a carmaker (Tesla could do it) take it up to themselves and create a secure protocol standard for all to use, but it seems nobody takes the plunge yet. They all wait for the next Elk-Test... <_<

Link to comment
Share on other sites
esaj Grand Master

esaj

Posted
  • Author
Posted

Pretty stupid of auto-makers to be making these primary controls accessible over the Internet. What conceivable need would there be to take over the steering, acceleration & braking? At most there should be a remote kill-switch in the case of theft, or police pursuit, that requires a central authority's approval. 

Actually, the primary controls are NOT accessible directly over the internet. What these guys figured out was that the best attack-vector is the Uconnect-system, that controls navigation, phone class,entertainment system etc., and shares the CAN-bus with the primary controls, and the UConnect is the component that has a vulnerability over which they can rewrite the entertainment system firmware, and then attack the rest of the systems over the CAN-bus:

Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels.

So it's not something that works on EVERY car, "only" around 400000+ cars already driving around in US... :D  But no doubt similar vulnerabilities are found on all cars which have incoming internet access. Like Kevin Mitnick said long ago, "If it's connected to the Internet, you could as well roll out the red carpet" (or something along those lines).

 

Link to comment
Share on other sites
  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...