Onboard Computers Subject to Attack?

Published: 2010-05-15
Last Updated: 2010-05-15 12:23:44 UTC
by Deborah Hale (Version: 1)
10 comment(s)

New Scientist has an article online titled New cars vulnerable to malicious attacks.  The article states that 2 researchers have used the a socket under the dashboard to plug a laptop into.  Using the laptop they were able to control various controls on the car.  As the article states it would be difficult to use this method.  I think the driver would notice a laptop connected to their dashboard.  However, imagine the possibilities if some device plugged into the socket allowed wireless control of the control systems.  Again probably still difficult to do but things thought to be impossible are cracked everyday.  As an owner of one of these new vehicles with all the computer controlled gadgets it is a scary thought for me.  Hopefully, the automakers will solve this potential security problem before someone does successfully take advantage of it and use it for malicious purposes. Imagine an out of control freight train or 18 wheeler heading straight at you because some terrorist or other knot head overrides the computer control system.  

In these days of high tech gadgets with computer control of everything from cell phones to automobiles to 18 wheelers to Train Engines,  it is time for everyone to take Computer/Data Security seriously.  

www.newscientist.com/article/dn18901-modern-cars-vulnerable-to-malicious-hacks.html

 Thanks to our reader Adam for bringing this to our attention.

 

Deb Hale Long Lines, LLC

10 comment(s)

Comments

Ars Technica also has an article on this, which has a bit more detail than the piece in New Scientist:

<http://arstechnica.com/security/news/2010/05/car-hacks-could-turn-commutes-into-a-scene-from-speed.ars>

Rich Gibbs
Consumers can always have the onboard crap ripped out. For as beneficial as it may be, the cons outweigh it. Why would you ever want to be tracked 24x7 and have that particular data end up in unknown hands? There isn't any federal or state legislation as to what the OnStar co. & others like them can do with that data. They don't specify in the documentation who has access or what they do with it. These are way too many unknowns for me, and, the New Science piece mentioned in this post is more than enough to convince me I don't want or need onboard.
I believe the research group was controlling the car wirelessly - my understanding was that there were two laptops in use.

While I am certain we will see this on CSI sometime soon, for the present, it seems to me that it still remains much easier and less traceable for an assailant to simply cut somebody's brake line. Even if a smaller dongle were developed, it would still have a maximum transmission range in which the assailant could be seen. The bad guy would also have to break into the car without leaving evidence (or raising the suspicions of the driver), and unless the car were utterly incinerated, the dongle could be found and its manufacturer potentially traced by police.

I'm personally more concerned about the reliability of the systems, given these capabilities.
I agree with Tisiphone that failures (e.g., car accidents due to computer bugs) are the bigger cause for concern. But I can still envision a more traditional computer security failure mode. Say the vehicle is equipped with a cellular mobile data radio that lets it communicate with the dealer and/or your home electronics, for maintenance and music sync or whatever. So now you've got a mobile link to something that's also hooked into the car's onboard communications systems. It's not hard to imagine a scenario with an automated IP network scan looking for a known vulnerability on the car's uplink computer, and then uses that to cause mayhem with the engine control computer.
The real risk here is not devices that are attached and mess around with the car, but the lack of security these car systems apparently have. What would stop someone from uploading modified firmware? For example, a little snippet of code that becomes active when the car exceeds 80mph and then jerks the steering to the left and disables the brake? 9for extra points, code that removes/fixes itself after the deed is done.) Would accident investigators inspect the firmware when they encounter such accident or would they simply conclude the driver lost control? Beats cutting the brake line if ask me.

That risk is akin to the risk of modified firmware in other equipment. Do you check the firmware of your router or VPN appliance to ensure that there is no backdoor planted to give China unfettered access to your network?

The difference is that tampered firmware in cars can lead to physical damage and death, a feat that a backdoored router has yet to pull off.
They are referring to the OBD II diagnostic connector on most cars built after 1994. There are several chips on the market that can read/write the various protocols used by different auto manufacturers, a good example would be this OBD II over bluetooth scanner: http://www.scantool.net/elmscan-5-bluetooth.html
Yes, this is the OBD-II port they are talking about. I have used it myself to read codes that are thrown when the check-engine light comes on.

You can really think of the car as having multiple modules - each of which can be addressed and queried from the OBD-II port. The ECU (engine control unit) is the brains of the car - it controls how much fuel is delivered to the engine for example.

On my car one can talk to the instrument cluster, the radio, the "comfort control module", the transmission (if you have an automatic), airbags, ABS, and several others. Virtually anything electrical on the car has an addressable module that you can talk to over the OBD-II bus. And with the proper software, virtually every sensor or switch on the car can be queried with the laptop.

It is possible to udpdate the firmware over the OBD-II port. The people who "chip" engines do this all the time.

For some operations, the module requires a password before you can change anything. For example, if you want to have a new key made, there is more to it than just cutting the grooves on the key. There is a little RFID chip on the key, and the instrument cluster has a list of keys that are allowed to start the car. To add a new key to the list, you need a 4-digit password that is specific to your car. Normally the dealer handles all of this for you, but people who chip engines can dig out that password for you (I have the password for both mine and the wife's car that I obtained in this manner).

My car has no bluetooth - newer ones do, so the only way that someone can talk to the modules in my car is by gaining physical access. To me, the bluetooth is common on newer cars is the weak link in all of this.
I think all the discussion about hacking cars is intellectually interesting, but insignificant from a security standpoint. People who want to do others harm have been sabotaging cars since cars first took to the road. Whether you reprogram the computer, plant a bomb under the dash or simply nick the brake line, it's all essentially the same thing. And if you really want to harm someone badly enough that you will risk discovery by breaking into their car to mess with their software, then I would suggest that you should try something else that will have a greater chance of success. After all, the reason we know about Toyotas and acceleration is that enough people have survived to tell the tale.
I worry that car companies will use this "security threat" as an excuse to lock down these interfaces and prevent repair work from being done by do-it-yourselfers or independent shops.
Academic paper:
Experimental Security Analysis of a Modern Automobile

www.autosec.org/pubs/cars-oakland2010.pdf

Abstract—Modern automobiles are no longer mere mechanical
devices; they are pervasively monitored and controlled by
dozens of digital computers coordinated via internal vehicular
networks. While this transformation has driven major advancements
in efficiency and safety, it has also introduced a range of
new potential risks. In this paper we experimentally evaluate
these issues on a modern automobile and demonstrate the
fragility of the underlying system structure. We demonstrate
that an attacker who is able to infiltrate virtually any Electronic
Control Unit (ECU) can leverage this ability to completely
circumvent a broad array of safety-critical systems. Over a
range of experiments, both in the lab and in road tests, we
demonstrate the ability to adversarially control a wide range
of automotive functions and completely ignore driver input—
including disabling the brakes, selectively braking individual
wheels on demand, stopping the engine, and so on. We find
that it is possible to bypass rudimentary network security
protections within the car, such as maliciously bridging between
our car’s two internal subnets. We also present composite
attacks that leverage individual weaknesses, including an attack
that embeds malicious code in a car’s telematics unit and
that will completely erase any evidence of its presence after a
crash. Looking forward, we discuss the complex challenges in
addressing these vulnerabilities while considering the existing
automotive ecosystem.

Appears in 2010 IEEE Symposium on Security and Privacy. See http://www.autosec.org/ for more information

Diary Archives