Cyber Attacks to Vehicle Electronics

[strych9]

This is a long, but interesting read. Enjoy.

http://www.autoweek.com/article/2013...news/131019856

[Apex Motorsports]

Cyber warfare and terrorism are very serious threats. You can do as much or more damage with a few key strokes as you can with a nuke. On a smaller scale, hacking a car could be an effective way to murder/assassinate someone.

[Goober]

That's it, I'm ripping out my On Star module. Where's my tinfoil hat damn it!

[The Stig]

Quote:

Originally Posted by Goober

That's it, I'm ripping out my On Star module. Where's my tinfoil hat damn it!

Onstar is actually safer than your BCM.

There are no security protocols for the BCM. If you know what PID to target and have access to the car's OBDII port (which is SO much easier now that everyone is using bluetooth modules to datalog) I can do more damage to your car than Onstar could in a lifetime.

Heck - I can kill your car battery in under 30 minutes with something but a RF transmitter and a frequency scanner. (100 Internets to anyone who knows how I do it.)


Edit: If anyone is actually interested in how this works I procured copies of the research articles the black hatters wrote regarding their work.

[DGthe3]

Fear mongering.

If you have to get physical access to the cars systems (via the OBDII port or otherwise), its going to be pretty hard to cause mass chaos.

Vehicles that are equipped with wireless communication technology generally don't have any electronic connections between the systems that controls a vehicle and the communication tech. The exception is On*, but that is only the vehicle slowdown feature and I'm gunna guess that there are a number of encryption and other protocols to safeguard your vehicle.

[The Stig]

Quote:

Originally Posted by DGthe3

Fear mongering.

If you have to get physical access to the cars systems (via the OBDII port or otherwise), its going to be pretty hard to cause mass chaos.

Vehicles that are equipped with wireless communication technology generally don't have any electronic connections between the systems that controls a vehicle and the communication tech. The exception is On*, but that is only the vehicle slowdown feature and I'm gunna guess that there are a number of encryption and other protocols to safeguard your vehicle.

Onstar has them yes - but the GMLAN has zero security protocols in it. You can read and write all you want, as log as you use the proper headers.

Oh - and to drain your battery all I have to do is continually ping your TPMS sensors. They will then push the data to the CANbus.

[Overflow]

Quote:

Originally Posted by Goober

That's it, I'm ripping out my On Star module. Where's my tinfoil hat damn it!

I don't know if they was suppose to be a joke or not but I laughed pretty hard at this.

Well done, sir.

[Angrybird 12]

They can just shoot a high energy electromagnetic pulse at your car to disable it. Knight Rider and Batman used to do it, and all the reports of alien abductions on lonely back roads have reports of it....

[Ringo64]

As a Sr Software Engineer, I'm more worried about the driver next to me hitting me (or another outside force) and killing me than someone ruining my car through effectively hacking my car's electronics. People have been scared of everything and while yes, you are more vulnerable the more you use technology, someone just has to really be after you for them to do this or you have to really do something wrong

[Angrybird 12]

Shhh Onstar is allowing the NSA access to your car and is listening to everything you say and knows where you are...

[Ringo64]

Quote:

Originally Posted by Angrybird 12

Shhh Onstar is allowing the NSA access to your car and is listening to everything you say and knows where you are...

Damn, this week they must of heard a lot of "GO HOME YOU STUPID SNOWBIRDS!", "LEARN TO DRIVE!", "WHY THE **BLEEEEEEEP** DID YOU ALMOST HIT ME!"

[The Stig]

Quote:

Originally Posted by Angrybird 12

Shhh Onstar is allowing the NSA access to your car and is listening to everything you say and knows where you are...

NSA: We Listen to You

[The_Blur]

I think a lot of people get worked up about this stuff, but the reality is that there are only so many spies and already plenty of bad guys to track down. They're probably not looking for you, and they certainly don't care what highway you're using to get to the office or whether you're speeding on the way.

As far as malicious hackers, I can see a disaffected teen using this for fun, but I don't think a lot of hackers would use this method of security penetration considering there's no upside. There's a lot more money in messing with ATMs and websites than there is in making people crash or turning off cars.

I imagine the best way to navigate around some of this would be to install manual features where there used to be automatic ones or to install switches to disable certain equipment unless you're actually using it. It would be easy to install an accessories power switch that pretty much turned off everything on the car by interrupting the power supply to features like OnStar, MyLink, and the OBD2 port.

[DGthe3]

Quote:

Originally Posted by The Stig

Onstar has them yes - but the GMLAN has zero security protocols in it. You can read and write all you want, as log as you use the proper headers.

Oh - and to drain your battery all I have to do is continually ping your TPMS sensors. They will then push the data to the CANbus.

If the wireless hack can't control the car (as in throttle, steering, and brakes), its never going to amount to anything more than an annoyance. And if it takes physical access to actually be able to control the car it can never be widespread. So the doomsday scenario that the article where hundreds of cars in one city all go out of control at the same time is fiction.

A dead battery tends to not be a dangerous event, usually it just means that your car won't start. An annoyance, nothing more. Get a boost & off you go, as I'd be shocked if a running car were unable to cope with continuous data sent from the TPMS.