SoylentNews is people
SoylentNews
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 2) by fraxinus-tree on Friday August 18 2017, @09:16PM (4 children)
It is a feature when you fiddle with the settings. OTOH, a single infotainment system exploit is enough for someone to disable your brake servo.
(Score: 3, Insightful) by bob_super on Friday August 18 2017, @09:45PM (3 children)
Noticed how the brakes die when you lose power?
Oh wait, they don't! Critical stuff has mechanical links: drive, brakes...
You can assassinate someone by hacking their "autopilot" maybe, but trying to kill by cutting the brake assistance or the power steering is only gonna work on a very limited subset of targets and circumstances.
The guy selling a gun for a Franklin at the corner of the street is a more reliable solution.
(Score: 4, Insightful) by mhajicek on Saturday August 19 2017, @12:03AM
The brakes in most modern cars get very weak when the power is off. Technically you still have brakes, but you have to really stand on them to get them to do anything. Add to this that the ABS system could be pwned to fight against you and you're free-wheeling.
Yes, shooting is faster, easier, and much more reliable, but it's also far more obvious and traceable. The shooter is likely to get caught, and unlikely to keep quiet about who paid him. Assassination by car hacking isn't likely to leave any traces of wrongdoing, and even if wrongdoing is strongly suspected it would be very difficult to trace back to the instigator.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by fraxinus-tree on Monday August 21 2017, @08:26AM (1 child)
>Oh wait, they don't!
They pretty well do. Engine out and you have vacuum for 3-4 more brake actions and then the pedal solidifies. Yes, it still works, but you have to be strong enough, be ready to push hard and on everything heavier than about 2 metric tons you are not strong enough to do emergency braking. And I still talk about the usual passenger car w/ vacuum-assisted hydraulic brakes, implying that ABS is out, too. Regenerative braking systems (on electric/hybrid), air-powered brakes and everything else that does not have a direct connection between the pedal and the brake caliper is a different story.
And what is worse, anyone w/ AK-47 on the street is limited by the number of bullets and the physical proximity to the targets. Imagine a hack that disables brakes on 2-3% of the cars nationwide (and "nationwide" limit is arbitrary anyway).
(Score: 2) by Reziac on Friday August 25 2017, @02:20PM
Never mind nationwide; just pick a few random spots on a Los Angeles freeway while everyone is traveling bumper-to-bumper at 70mph. One disabled vehicle equals ~100 in the pileup.
And there is no Alkibiades to come back and save us from ourselves.