SoylentNews is people
SoylentNews
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 1) by anubi on Saturday August 19 2017, @12:24AM (5 children)
Its my belief my government will use these backdoors to shutdown civilian vehicles in the event of civil unrest which I feel is likely to occur at the next financial crash, as the cushion of kicking the can down the road by dropping interest rates is no longer an option.
The elite have a vested interest that their enforcement stuff works, while everyone else's stuff does not, should history repeat itself when the masses decide they have had enough.
Reference to how the French people had to free themselves from their subordination to a burdensome elite.
I believe today's elite are being proactive in getting their wishlist enforcement mechanisms in place.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Reziac on Saturday August 19 2017, @02:45AM (4 children)
This won't work so well here in flyover country, where the average vehicle age is about 20 years older than in the coastal metros.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by mhajicek on Saturday August 19 2017, @05:31AM (3 children)
Not yet anyway. That could change if they pass laws making older, less efficient cars illegal or put outrageous licence fees on them. Eventually they'll mandate automated cars "for everyone's safety."
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Reziac on Saturday August 19 2017, @05:44AM (2 children)
Yeah, that'll go over real well in farm country.... I imagine it will be attempted, as you say, but enforcing it is another matter.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1) by anubi on Friday August 25 2017, @09:46AM (1 child)
My guess is that they will just refuse to renew registration.... then take the thing on the road at your own risk.
Trying to keep some farmer from using a diesel engine on his farm stuff would probably be as impossible to control.
My hope is enough rich people have diesel toys, and Congress won't want to disappoint them.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Reziac on Friday August 25 2017, @02:08PM
Fortunately, vehicle registration is a state matter, not federal. And most farm states don't register farm equipment. If you want to see a quiet insurrection, try and regulate away pickup trucks where they actually work for a living.
I've been told by owners of electric vehicles that they're fine on dry pavement, but have no torque and are not fun at all on a road lumpy with old ice. I can imagine how useful they'd be as tow rigs, especially since most are front-wheel-drive... kind like the old tagline...
Optimism: Yugo with a trailer hitch
And there is no Alkibiades to come back and save us from ourselves.