Monday, May 17, 2010

Hack attacks mounted on car control systems

CarShark attack, CAESSThe computer systems used to control modern cars are very vulnerable to attack, say experts.

An investigation by security researchers found the systems to be "fragile" and easily subverted.

The researchers showed how to kill a car engine remotely, turn off the brakes so the car would not stop and make instruments give false readings.

Despite their success, the team said it would be hard for malicious attackers to reproduce their work.

Locked in

The team of researchers, led by Professor Stefan Savage from the University of California-San Diego, and Tadayoshi Kohno from the University of Washington set out to see what resilience cars had to an attack on their control systems.

"Our findings suggest that, unfortunately, the answer is 'little,'" wrote the researchers from the Center for Automotive Embedded Systems Security.

The researchers concentrated their attacks on the electronic control units (ECUs)scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs. ...

"Cars benefit from the fact that they are (hopefully) not connected to the internet (yet) and currently are not able to be remotely accessed," said Rik Fergson, a security analyst at Trend Micro. "So in order to carry out a successful attack you would already need to have physical access to the vehicle, as a break-in or as a mechanic, seem the two most likely scenarios." ...

via BBC News - Hack attacks mounted on car control systems.

Internet enabled cars are not far away:
Ford's latest dashboard development, called MyFord Touch, builds upon existing Sync and Microsoft Auto software. The standard installation places three display screens on the dashboard, replacing many traditional meters and display indicators. MyFord does all the standard duties you'd expect from a car-based computer, including navigation, providing info on popular destinations, and functioning as the all-important media center. While parked, though, the system also lets you get online via a WiFi connection (if there happens to be one available) or with an optional cellular modem.

Some might call foul on introducing yet another way for drivers to distract themselves from the road, but Ford, as well as the other manufacturers working on similar systems, has loaded its interfaces with safety warnings and interlocks that aim to prevent irresponsible use of the technology. There's also the question of just how valuable an internet-enabled car is when so many of us have web-enabled smartphones. At least with MyFord, you can type comfortable by plugging in a full-sized keyboard and enjoy a much larger screen. When you're on a long car trip, little comforts like that start to add up.

MyFord will be able on select 2011 car models later this year, with it spreading to most of the rest of the Ford fleet over the next four years.

- via Obsess

2 comments:

PLAzmA said...

HOW DID THIS EVER MAKE NEWS.

1. People have been doing this for yes, take BLUE FIN who make ODBC II BYPASS MOD CHIPS, which do exactly the same for performance.

AND HAHA before ECUS was it just as easy to screw over the breaks, YES, with the ECU can you screw them over easier not using the ecu YES ??

So for this hack to work they have to get access inside your car and remove the panel covering the ODBC II Connector.

WHAT A JOKE I CANT BELIVE SOMEONE THOUGHT THIS WAS NEWS ITS JUST OLD HAT !!!!

Xeno said...

Yeah, I think you mean OBDII not ODBC. ODBC is a virtual beast, not a physical connector. This stuff makes the rounds and people are surprised, copy machine hard drives storing everything you copy, voice recognition system in your car uploading everything you say, it's all a big surprise the first time you hear it. ;-)