Tag Archives: Automobiles

The Unpatchable Bug In All Modern Cars

We have seen a number of hacks of cars including the hack of a Jeep driving down the highway at 60 miles an hour – from miles away – on 60 Minutes, but now researchers have come up with a new attack – one that cannot be patched.

The CAN bus or Controller Area Network bus, is the main communications highway in all cars built, at least, in the last 25 years.  The standard, designed in 1983 and in use since 1989 has not really changed very much since then.

In 1983 no one really worried about hackers so the bus has no security, no authentication and no encryption.

Today, almost every single car and light truck is controlled by the CAN buses in it.

Researchers from Trend Micro, Politecnico di Milano and Linklayer Labs discovered that you can overwhelm the bus with error messages.

Right now, today, the attack requires local access to your car.  That was the case with the Jeep attack – until attackers figured out how to do it remotely.

The attack injects error messages onto the bus which can, eventually, cause devices like the anti-lock brake controller or the airbag system to go offline and deactivate.  Since almost all car functions from the brakes to the engine control are computerized and attached to one of the CAN buses, if you can cause those devices to go offline, you will disable those functions.

Worse yet, without redesigning the CAN bus protocol, there is very limited remediation that car manufacturers can make.  On top of that, it is UNLIKELY that any cars currently on the road will ever be fixed because this is not a bug – it is, basically,  a feature.

SO, next time you get into your car… Well, I am not what you can do.

Information for this post came from The Hacker News.

Car Hacking – A Never Ending Bowl Of Fun

The Automobile hacking community is having a bang-up year.

In a Wired article today, Andy Greenberg talked about two new car hacking techniques – both completely different from the ones I have talked about before.

The first one is to use the Wi-Fi network in the dealer’s waiting room to hack the diagnostic equipment in the shop.  Likely auto dealerships don’t have sophisticated IT departments and that Wi-Fi could likely be on the same network as the shop.

Once you take over the shop equipment, you program it to infect every car it gets plugged into.  That would likely be thousands of cars a month.  Likely, most of the cars that come into the dealer’s shop are the same brand(s) as the dealer sells, and likely newer models, so that makes the hacker’s job easier.

The second attack is the reverse of this.

Given that there are only a few brands of diagnostic computers that mechanics use (such as Bosch and Snap-On), bring your car into the dealership already infected.  That way you can take as much time as you need to set it up.  When the mechanic plugs in his toy, your car infects the mechanic’s diagnostic tool and from there, you proceed like the hack above.

In both cases, you are using the dealership as a “typhoid Mary”.  What kind of PR does that give the dealer when the news breaks at 6PM on the local TV station.

The other story is that the Virginia State Police are working with the University of Virginia, Mitre, Johns Hopkins and other to hack their police cars.  These are are old (2012) Chevy Impalas and Ford Tauruses.  While these (early in the program) hacks required hands on access to set up the hack, the researchers were able to totally own the cars.

The State Police thinks that buying “connected” cars would be a bad move for them – they must watch 60 Minutes.

Still, given access, relatively old, non connected cars were still hackable to the point that they were able to stop the car from even starting.

Why are they interested in this?  Besides getting my award for the most forward thinking police department in the country?

First, to train their officers so that in case their car is hacked, they understand the parameters.

But more importantly, to train their forensics investigators to be able to BEGIN testing cars at accident scenes to see if they were hacked and the hacking caused the accident.

While this is VERY early stage work, I am not aware of any other police department in the country doing this.

If I was a hitman.  err, excuse me, hit person.  If I was a hit person and wanted to make a kill look like an accident, causing a car to drive off a cliff with my target in it and explode in a ball of flames might be pretty much undetectable by 99  and 44/100% of the crime scene investigators in the country – even if they knew what they were looking for.  Likely the car’s computers would have gotten burned up in the explosion, covering up the tampering – assuming the investigators even knew what to look for (you would have to be able to look at the code that was running in the tens of computers (more in a high end car) in the car at the time to figure out if any of them had been modified.  Given that the Jeep hack on 60 Minutes was done by reprogramming the radio (excuse me, on-board entertainment system), you would have to look at each and every computer to invalidate the hacking claim.

There are already some suspicious car accidents that at least some people believe fit this profile.

At least people are beginning to plan for this.  It is inevitable.  I don’t think the car manufacturers will spend the money needed to thwart them.


Information for this article came from Wired and Dark Reading.