SoylentNews is people
SoylentNews
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 2) by requerdanos on Friday August 18 2017, @09:40PM (8 children)
"The most likely hack" is to make the exhaust slightly less clean and stress the parts more so they have shorter maintenance intervals?
I grant the possibility that someone will think of that (you just did, after all), but I balk at believing that that will be the most common nefarious activity associated with vehicle hacking.
(Score: 2) by VLM on Saturday August 19 2017, @01:28PM (7 children)
Most commonly known, you mean. There's a lot more slightly crooked car mechanics out there than outright hollywood murder plots.
I suspect some "hacking" like I'm talking about will just be stupidity. My local tire place inflates all tires to 40 psi regardless of door sticker and pencil whips the little pressure report form after the fact. Other than that they do a good job, so I don't care too much, but it is kinda a joke.
They'll be a lot of "whoops I loaded your cooling system thermostat with the wrong temp resulting in 5% faster engine block wear" for every spectacular hollywood movie plot murder.
(Score: 2) by Grishnakh on Saturday August 19 2017, @03:34PM (5 children)
My local tire place inflates all tires to 40 psi regardless of door sticker
Door stickers are irrelevant. Carmakers don't manufacture tires, and if you've ever changed your tires, you're probably not using OEM model tires anyway. They usually set tire pressure recommendations lower to increase passenger comfort. Any decent tire these days can handle well over 50psi maximum, so accounting for pressure increase due to temperature, 40psi is a good spot usually for fuel efficiency without being unsafe or overinflating the tire (which would cause uneven wear).
(Score: 2) by VLM on Monday August 21 2017, @01:56PM (4 children)
I agree with all of that with two minor quibbles:
1) My car(s) only take roughly one size tire and they're all about the same. I suspect there's less than 1% difference in shape. There is probably a big difference between models in terms of rubber hardness / lifespan / friction and tread pattern pumping water out of the way. But the shape can't vary too much with model.
2) pressure times area "must" equal car weight, and higher pressure equals rounder tire, so theoretically low pressure should have longer front/back leading to better front back acceleration and braking, while higher pressure should have longer side to side contact leading to better turning performance. So there is a slight aspect of accident avoidance.
(Score: 2) by Grishnakh on Monday August 21 2017, @03:27PM (3 children)
2) pressure times area "must" equal car weight, and higher pressure equals rounder tire, so theoretically low pressure should have longer front/back leading to better front back acceleration and braking, while higher pressure should have longer side to side contact leading to better turning performance. So there is a slight aspect of accident avoidance.
Theoretically, but today's tires are very rigid, they're not like balloons, so I think the physics is a lot more complicated than that. Normally, when a tire is underinflated, it actually deforms so that it wears more on the edges of the tread, and not in the center, whereas when it's overinflated, it's the opposite: the edges will be untouched and the center will be worn. But these are extremes; today's tires again are very rigid so there's a big zone in the middle where it doesn't make that much difference in wear. To really scientifically test it, you need a pyrometer, which can tell you the temperature of the rubber across the tread of the tire. You use that right after stopping after some serious driving (such as on a highway; pull over and immediately test the tread temperature). Serious racers use these to optimize their inflation pressures. But normal drivers aren't likely to notice any difference in performance, and a few psi either way isn't going to have any noticeable downsides other than a slight hit to fuel economy if it's lower pressure.
1) My car(s) only take roughly one size tire and they're all about the same. I suspect there's less than 1% difference in shape. There is probably a big difference between models in terms of rubber hardness / lifespan / friction and tread pattern pumping water out of the way. But the shape can't vary too much with model.
A fair number of people change the wheels on their car, which means also changing the tire size. To do this correctly, and get the same outer diameter (so your speedometer works correctly and suspension and gearing aren't adversely affected), you change the sidewall height to compensate; this is called "plus 1", "plus 2" etc. if you're increasing the rim size. You can also change the width of the tire slightly with the same rim; sometimes people do this because their car came with an unpopular size and they get more selection if they get a tire that's 10mm wider. Rim sizes don't perfectly match up with tire widths, so a 7" rim can hold a (guessing here) 205 or 215 without noticing much difference. Frequently on the same car, there'll be two different rim sizes, one for the base model and one for the premium model, but the gearing and everything is the same. If you calculate it, there's a slight (less than 1%) difference in outer diameter between the two. But tires wear down as they're used, so there's also a difference between brand-new tires and ones at the end of their treadlife. So speedometers and odometers really aren't that accurate; there's no way for them to be without doing regular calibrations as the tires wear.
(Score: 2) by Reziac on Friday August 25 2017, @02:17PM (2 children)
Huh. And my complaint when looking for tires for my old pickup, which actually hauled loads, was that nowadays most have overly flexible sidewalls. And finding tires stiff enough to not get sidewall wear on the dually was an Adventure.
Tho nowadays my first criterion is Made In USA, because those damn Chinese tires apparently don't vulcanize the rubber quite correctly, and it cracks prematurely. I have tires laying in the sun in my yard that are ~40 years old and not cracked; I've seen Chinese tires get deep cracks and start to peel apart inside of two years.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by Grishnakh on Friday August 25 2017, @03:00PM (1 child)
And my complaint when looking for tires for my old pickup, which actually hauled loads, was that nowadays most have overly flexible sidewalls.
I'm talking really about car tires, and comparing to car tires of decades ago.
I don't know a lot about trucks and their tires, but I think you need to get the 100psi tires for a truck if you want load-hauling ability.
Tho nowadays my first criterion is Made In USA, because those damn Chinese tires apparently don't vulcanize the rubber quite correctly
The best overall car tires are probably made in Japan or the US (and a lot of US-made tires are made by Japanese companies: Bridgestone and Yokohama).
(Score: 2) by Reziac on Friday August 25 2017, @03:52PM
Yeah, nowadays I'm using Load Range E. 10-ply, middling-high PSI. The ones I've got now are Cooper under some other name.
Dunno about now but I had Yokohama tires back around 1980, and they didn't wear great, tho I suppose by now they're better. Sometimes it's luck of the draw, tho. Got a set of Winstons that came apart within a couple years; their warranty replacements (all four wheels) went 80,000 miles (yes, really!) over 20 years, and still weren't completely shot.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by requerdanos on Saturday August 19 2017, @09:59PM
No, I meant the most common in terms of exploitation, but I do see your point about the car mechanic profit padding angle.