Wednesday, May 19, 2010

Hacking Your Car

Ok, so remember all the brouhaha not so long ago about Toyota cars having sudden acceleration and braking problems? Toyota initially said it was floor mats, and then a braking pedal shim needed to be added.

And then Popular Mechanics piled on and showed conclusively that the braking problems were all mechanical and not electronic.
[Popular Mechanics] But the possibility that a vehicle could go from idling at a traffic light to terrific, uncalled-for and uncontrollable acceleration because the guy next to you at a traffic light answered his cellphone? Or some ghost in the machine or a hacker caused a software glitch that made your car run away and the brakes suddenly simultaneously fail? Not in the least bit likely.

These throttle-by-wire systems are very difficult to confuse—they're designed to be robust, and any conceivable failure is engineered to command not an open throttle but an error message.

Remember how some people were caught being liars and gold diggers? Then there were the graphs and interpolations of data that showed that old people were disproportionately victims of Sudden Unintended Acceleration (SUA) - a not so subtle hint that the geezers were pushing the accelerator when they thought they were pushing the brake. Oops.

And then Toyota came out and said there was a problem with software causing braking problems after all, but it was nothing like this "runaway" problem that people were reporting. And there were Congressional hearings and fines levied and then we all breathed a collective sigh of relief because it was all overblown in the first place.

Remember all that, mister? Do you? Huh, do you?

Well nobody is calling out any companies by name, but a team of geeks led by Stefan Savage, an associate professor with the University of California-San Diego, and Tadayoshi Kohno of the University of Washington successfully hacked a car's computer to make it do all kinds of things you're not "supposed" to be able to do, including "turn off the brakes in a moving car, change the speedometer reading, blast hot air or music on the radio, and lock passengers inside the car".

They built a custom analyzer called CARSHARK and plugged it into the industry standard computer access port under the hood.

In the United States, the federally-mandated On- Board Diagnostics (OBD-II) port, under the dash in virtually all modern vehicles, provides direct and standard access to internal automotive networks. User-upgradable subsystems such as audio players are routinely attached to these same internal networks, as are a variety of short- range wireless devices (Bluetooth, wireless tire pressure sensors, etc.). Telematics systems, exemplified by General Motors’ (GM’s) OnStar [service].

Fuzzing. Much to our surprise, significant attacks do not require a complete understanding or reverse-engineering of even a single component of the car. In fact, because the range of valid CAN packets is rather small, significant damage can be done by simple fuzzing of packets (i.e., iterative testing of random or partially random packets). In- deed, for attackers seeking indiscriminate disruption, fuzzing is an effective attack by itself. [source]
Oh, and then they did the whole thing over again by remote control. Yeah.

Read the entire thing here.

I'm a computer security guy and I find this the Coolest. Thing. Ever. (also scary). So it's not like I'm saying "I told you so" or anything ... OK, who are we kidding? I am saying it. I told you so.

1 comment:

Jeff Stevens said...

Yes, but to do it, they had to have physical access to the car. Which means they could have planted a bomb, cut the break lines, or any number of more devious means of doing nasty things with the car.

You know it better than I. If you don't have physical security, you don't have any security.


Related Posts with Thumbnails