1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Hackers gain access to car systems...

Discussion in 'Fred's House of Pancakes' started by Dozzer, May 17, 2010.

  1. Dozzer

    Dozzer Prius Noob

    Joined:
    Jul 23, 2008
    189
    5
    0
    Location:
    Swansea, UK
    Vehicle:
    2008 Prius
    Not specifically about the Prius but relevant to nearly all modern cars on sale at the moment..
    Hack attacks mounted on car control systems



    [​IMG] The research team could subvert almost every car control system The computer systems used to control modern cars are very vulnerable to attack, say experts.
    An investigation by security researchers found the systems to be "fragile" and easily subverted.
    The researchers showed how to kill a car engine remotely, turn off the brakes so the car would not stop and make instruments give false readings.
    Despite their success, the team said it would be hard for malicious attackers to reproduce their work.
    Locked in The team of researchers, led by Professor Stefan Savage from the University of California-San Diego, and Tadayoshi Kohno from the University of Washington set out to see what resilience cars had to an attack on their control systems.
    "Our findings suggest that, unfortunately, the answer is 'little,'" wrote the researchers from the Center for Automotive Embedded Systems Security.
    The researchers concentrated their attacks on the electronic control units (ECUs)scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs.

    More: BBC News - Hack attacks mounted on car control systems
     
  2. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    This sort of attack requires physical access to the car and its electronic devices. Most people reading this headline are going to assume it's some sort of remote takeover, such as what you find on a home computer, which it isn't.

    Being able to hack an ECU by connecting directly to it isn't any more scary than being able to cut brake lines. Without physical security, you are at the mercy of anyone that wants to mess with your stuff.

    Tom
     
  3. JimboPalmer

    JimboPalmer Tsar of all the Rushers

    Joined:
    Apr 14, 2009
    12,470
    6,871
    2
    Location:
    Greenwood MS USA
    Vehicle:
    2012 Prius v wagon
    Model:
    Three
    They speculated that it MIGHT be possible via Bluetooth, but that has a range of about 10 feet, so they still need to be RIGHT at your car while it is on.
     
  4. bwilson4web

    bwilson4web BMW i3 and Model 3

    Joined:
    Nov 25, 2005
    27,665
    15,664
    0
    Location:
    Huntsville AL
    Vehicle:
    2018 Tesla Model 3
    Model:
    Prime Plus
    Buaaahhhhhhaaaaa!!!!

    [​IMG]
    Too late! We've taken over the world!

    Your only defense:
    [​IMG]

    Paging Citizen Kane! Paging Citizen Kane!

    Bob Wilson
     
  5. David Beale

    David Beale Senior Member

    Joined:
    Jul 24, 2006
    5,963
    1,985
    0
    Location:
    Edmonton Alberta
    Vehicle:
    2012 Prius
    Don't be silly. That aluminum hat isn't nearly big enough! If you're going to demonstrate, at least use an "effective" shield!

    ;)
     
  6. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    This, of course, depends on what is attached to the Bluetooth network. If something isn't attached to anything connected to the outside world, it is going to be very hard to hack into it. Possible, perhaps, by inducing signals with EM waves, but not very likely. This is the reason that truly secure computer systems are not attached to the Internet.

    Once manufacturers start updating automotive systems remotely this risk will become much more significant.

    Tom
     
  7. hill

    hill High Fiber Member

    Joined:
    Jun 23, 2005
    20,183
    8,356
    54
    Location:
    Montana & Nashville, TN
    Vehicle:
    2018 Chevy Volt
    Model:
    Premium
    Since there isn't even a showing this has happened to a prius I vote this thread relegated into the 'other cars' fourm ... not worthy of being on par with our smug-mobiles.
    :p
     
  8. JimboPalmer

    JimboPalmer Tsar of all the Rushers

    Joined:
    Apr 14, 2009
    12,470
    6,871
    2
    Location:
    Greenwood MS USA
    Vehicle:
    2012 Prius v wagon
    Model:
    Three
    That is why I thought that making upgrades an 'administrator' function, requiring the Toyota PC hardware would be wise. WiFi updating of your car on the fly will be error prone and insecure.

    Some will claim this is a trick to get traffic at the dealership, I think it will be safer by orders of magnitude.
     
  9. Danny

    Danny Admin/Founder
    Staff Member

    Joined:
    Nov 24, 2003
    7,094
    2,116
    1,174
    Location:
    Charlotte, NC
    Vehicle:
    2013 Prius Plug-in
    Model:
    Plug-in Base
    Yeah, this is "news" as much as plugging a ScanGauge into your ODBII connector is news.
     
  10. Rokeby

    Rokeby Member

    Joined:
    Jan 21, 2008
    3,033
    708
    75
    Location:
    Ballamer, Merlin
    Vehicle:
    2008 Prius
    OK, I'm of a mind to not get overly concerned about having my car
    virtually car-jacked or rendered unusable. Well, not just yet. :confused:

    But what about cars with Onstar or some other proprietary real-time
    system that locks/unlocks doors, flashes lights, starts/stops the engine?

    Seems like all the pieces would be in place for a wireless entry point.

    Most probably it would be a Federal offense, but the FCC/NHTSA would
    have to catch the perp... triangulation on a mobile transmitter?

    I've read that the "future of the car" includes being wi-fi connected
    full time as part of something involving computing via "the cloud."
    Then what?

    Boycott OnStar!: Automobile Surveillance and Evesdropping
     
  11. bwilson4web

    bwilson4web BMW i3 and Model 3

    Joined:
    Nov 25, 2005
    27,665
    15,664
    0
    Location:
    Huntsville AL
    Vehicle:
    2018 Tesla Model 3
    Model:
    Prime Plus
    Hello, hello, hello!

    My thermistor hack successfully worked on my 2003 Prius. It fooled the control computers into letting the car enter hybrid mode a full 3 minutes before the actual engine temperature reached 70C. <GRINS>

    But ok, since it is kinda of a Fred's House sort of discussion. . . .

    Bob Wilson
     
  12. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    If Microsoft made cars they would use "on the fly" updates.

    Tom
     
  13. Rebound

    Rebound Senior Member

    Joined:
    Mar 11, 2010
    3,970
    2,618
    0
    Location:
    Portland, OR
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    I don't understand the article... If you don state the attack vector, then you have to assume it means physical access, which is about as meaningful as saying that your car can be attacked with a key, a rock, another car, a pair of pliers...