SoylentNews is people
SoylentNews
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 2) by Grishnakh on Friday August 18 2017, @10:00PM (10 children)
Ok, I went through your links briefly and it seems there is one car (a high-end Nissan/Infiniti) that has some really stupid drive-by-wire steering system. That's the first I've heard of this, and it certainly isn't normal for even the newest cars. It also retains a mechanical connection, but has an electromagnetic clutch to decouple this connection when the system is operating (that way, if the car is dead and you need to turn the wheels to push it off the road, you can do so). So I stand corrected on this, but again just barely because it's not a common thing at all, and again the mechanical connection is still there.
I still challenge you to find an example of DbW braking. I honestly can't imagine how that would ever be done because you need to be able to stop a car even when all electric power is gone. You'd have to do something like the aforementioned DbW steering system with a mechanical fall-back, and at that point it's questionable how there's any benefit to DbW at all. It's not like you need it for autonomous driving; we already have cars that can brake themselves in emergencies (my close-to-economy car has it even), and it's pretty simple and cheap to do too, as it's just part of the ABS system that hooks into the hydraulic system. What's the benefit? Eliminating the hydraulic slave cylinders? You'll still need calipers and pads, and I can't see how a sufficiently torquey electric motor would weigh any less than a slave cylinder that's built into the caliper.
(Score: 5, Interesting) by mhajicek on Friday August 18 2017, @11:50PM (9 children)
Hadn't seen this when I replied to your above post.
For hacking / pwning purposes, a mechanical fallback is useless unless the driver has a panic / E-Stop button that forcefully disengages all computer control and puts everything in manual mode, and even so the drivers reaction would probably be too late. The mechanical clutch in the Infinity will not engage manual steering if your steering is pwned, only if power is cut or the computer decides to allow you to steer. Any car with any auto-driving capability (how many have parking assist and lane-keeping now?) has at least partial steer-by-wire and brake-by-wire, even though it may still have a mechanical linkage. This is more than enough for a pwned controller to swerve the vehicle into oncoming traffic, well before the driver could react and fight the controls.
The best part is that unlike a cut brake line, this would leave no physical evidence of tampering. It could even be possible to remotely return the computer to its original state leaving no evidence whatsoever. There have already been some awfully suspicious cases of people who were about to testify against powerful people all of a sudden fatally crashing their cars at high speeds (and with melted brakes!) and that was years ago when the hackers probably only had access to throttle control.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2, Disagree) by Grishnakh on Saturday August 19 2017, @04:46AM (8 children)
For hacking / pwning purposes, a mechanical fallback is useless unless the driver has a panic / E-Stop button that forcefully
You said before that modern cars didn't even have mechanical linkages, which is plainly wrong (except for throttles, which really doesn't matter because you'll never want to *increase* the throttle input when you're having a major malfunction, and a mechanical linkage would only allow an increase, not a decrease, since throttles use a cable). You're moving the goalposts. You're only partially right here: if a car has an electric motor for steering assist, it's quite possible to overpower that motor if you're in a panic; even if you can't completely overpower it, it may be enough until you can hit the engine power button to turn the car off.
There have already been some awfully suspicious cases of people who were about to testify against powerful people all of a sudden fatally crashing their cars at high speeds (and with melted brakes!) and that was years ago when the hackers probably only had access to throttle control.
1) Citation needed.
2) There is probably no car on the market (except maybe some exotics, and even then it's doubtful) where the engine can overpower the brakes, as long as the brakes are working properly. Every case of "unintended acceleration" where the driver crashed, and had a decent amount of time to react, is a case of driver error: there is simply no way you cannot make a car stop even if it's at full-throttle; you just press and hold the brakes. This whole thing is a big myth out of bad 1970s TV shows, just like cars that explode is a giant fireball as soon as they have a fender-bender or fall off a cliff (long before they hit the bottom). Now, if you simultaneously command the throttle to 100% and also disable the brakes, then sure, but that wouldn't manifest in "melted brakes", the brakes would be unharmed.
(Score: 2) by mhajicek on Saturday August 19 2017, @05:25AM (7 children)
You're sticking on an irrelevant technicality. Sure there may be a mechanical linkage to the brake, but you will not be able to overpower the ABS system if it's set to keep the brake open. Regarding brake vs throttle, I'll say citation needed back at you, since I'm sure you've done an exhaustive study of comparative brake and engine forces. And if you drive with one hand loosely guiding the steering wheel as most do, good luck preventing the system from sharply swerving you off the road without warning. Even if you car is not technically fully drive by wire, it is likely drive by wire enough that you cannot stop it from driving you into oncoming traffic.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Grishnakh on Saturday August 19 2017, @03:30PM (6 children)
Regarding brake vs throttle, I'll say citation needed back at you, since I'm sure you've done an exhaustive study of comparative brake and engine forces.
Wow, are you really that clueless? Go sell your car now and stop driving, because you are too incompetent to be driving.
Car & Driver did an extensive test on it right here:
http://www.caranddriver.com/features/how-to-deal-with-unintended-acceleration [caranddriver.com]
Here's a discussion where someone does some high-school physics analysis (probably beyond you) in one comment:
https://community.cartalk.com/t/brakes-vs-engine/56292 [cartalk.com]
(Score: 2) by mhajicek on Saturday August 19 2017, @06:02PM (2 children)
You're sure in a childish mood, aren't you? I'll refrain from responding in kind.
If what you say is true this guy shouldn't have had any problem stopping his Prius:
"Closed captioning of: Driver claims Prius went wild on freeway
live interview.
but we begin with the wild ride involving a runaway toyota prius on a highway in california. miguel almaguer has more details.
reporter: the 61-year-old driver who has a heart condition says he did everything he could to slow down that prius , but he says the car kept going faster and faster. wedged behind a california highway patrol cruiser, the 2008 prius sat idle after a terrifying 30-mile ride that nearly cost james sikes his life.
still shook up.
reporter: it began when he tried to pass another driver and his car accelerated out of control. as he dodged other vehicles, sikes says the brakes didn't work. soon, he was doing 90. he called 911.
i was on the brakes pretty healthy. it wasn't stopping, wasn't doing anything to it, and just kept speeding up.
reporter: the patrol car pulled alongside using the p.a. system to relay instructions -- keep pressure on the brake, try to shut the car off.
when i saw him, i could smell the brakes. i saw his brake lights coming on.
i was standing on the brake pedal , looking out the window at him, and he said, "push the emergency brake , too," and i laid on both of them.
reporter: suddenly, the car began to slow down, dropping to 55 miles per hour. the chp cruiser moved in front of the hybrid, guiding the prius to a stop on the interstate. sikes just had his car serviced at a local dealer. mechanics told him his car wasn't a part of any recall, but eventually, some prius models were recalled for floor mats or brake problems. toyota 's recalled 8.5 million vehicles worldwide and 6 million here in the u.s. now the company says it's investigating this latest incident.
do you solemnly swear --
reporter: just last month, congress held hearings on the toyota recalls after the government received complaints of over 30 deaths linked to sudden acceleration since 2000 .
it's really starting to feed in and fuel a sense that possibly toyota really doesn't know what the situation is and it's a mystery that we're all going to have to discover together.
reporter: the investigation into what happened in this case could take weeks, but damage to toyota 's reputation may already be done.
i won't drive that car again, period.
reporter: this morning, both the california highway patrol and toyota say they are investigating the incident. in fact, toyota officials say they're sending a representative here to southern california to take a look at that car. matt?
hey, miguel , the highway patrolman said he told the driver to turn the ignition off. the driver did not do that, though, correct? why?
reporter: the driver said he did everything he could to turn off that car, matt, and of course, remember, these priuses don't have those key switch ignitions, they have those buttons, and the driver may have had some concern that he would have lost his power steering at speeds up to 90 miles per hour, but he does say he did everything he could to turn off that car.
all right, miguel almaguer for us this morning. miguel , thanks very much. it's now five"
http://www.nbcnews.com/id/35783011/ns/business-autos/t/how-stop-your-car-when-throttle-stuck/#.WZh8LFV96iO [nbcnews.com]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Troll) by Grishnakh on Sunday August 20 2017, @12:31AM (1 child)
You're a fucking idiot. C&D tested this stuff as I showed. I remember this incident well; this guy wasn't in any danger, he was making the whole thing up so he could sue Toyota.
The brakes work fine in an incident like that; you step on them and stop the car. Priuses do not have a lot of power. And his lies about not being able to turn off the car are bullshit too; you just press and hold the start button.
Give it up. You have no fucking clue what you're talking about, and it becomes ever more apparent with each of your pathetic replies.
(Score: 2) by mhajicek on Sunday August 20 2017, @06:37AM
You're a childish ninny. But that's ok, you have the right to be wrong.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by mhajicek on Saturday August 19 2017, @06:05PM (2 children)
Also, since you've never done any hard driving:
https://en.wikipedia.org/wiki/Brake_fade [wikipedia.org]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Troll) by Grishnakh on Sunday August 20 2017, @12:28AM (1 child)
You're clueless. You don't get brake fade unless you're driving around a track and using the brakes continuously, but never actually stopping. That's totally unlike driving along with cool brakes and suddenly having a stuck accelerator; in that case, you just slam on the brakes and stop.
You really think you know better than the people at C&D? You moron.
(Score: 2) by mhajicek on Sunday August 20 2017, @06:41AM
Insulting people always wins them over to your side of the argument.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek