How to Hack a Car and Control It From 1500 Miles Away:
"When you are driving an automobile today, you are driving a big computer system that happens to have wheels and a motor," says a security researcher interviewed by Motherboard. And there are definite vulnerabilities in CAN bus, the network at the heart of your car that communicates with everything from the windshield wipers to the engine. In the video, you can watch information security researcher Mathew Solnick take control of a car from his laptop. If it's any consolation, hacking a car is not easy, and this is definitely not the simplest way for someone to take you out. So take heart-there are plenty of other things to fear in the world than car hackers.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 1, Informative) by Anonymous Coward on Saturday May 31 2014, @10:49PM
The Risky Biz podcast did an episode on car hacking a couple of weeks ago too: http://risky.biz/RB320 [risky.biz]
(Score: 2, Informative) by Max Hyre on Saturday May 31 2014, @11:08PM
Don't freak out now, but hold that thought. Unless car manufacturers get their act together, the time to freak out isn't many years from now. Of course if a TLA (three-letter agency) is interested, they'll find a way.
(Score: 4, Interesting) by davester666 on Saturday May 31 2014, @11:24PM
maybe right this minute would be a good time.
the big car companies are falling over themselves to throw in a cellular modem into new cars, conveniently connected to your car's main computer, so the car can conveniently upload your location, driving speed and style [steering input, how hard you mash the gas and brake] to their servers to sell to anybody walking by, like your insurance company. as a bonus, they will ask you to pay for the cell bill, in exchange for letting you use it instead of your existing cell phone data/minutes.
and of course, there will be absolutely no way for anyone to be able to access your cars electronics via this built-in modem, because they are experts in software and hardware.l
(Score: 4, Interesting) by frojack on Saturday May 31 2014, @11:40PM
But "physically modifying" your car can be accomplished in three minutes, especially easy if they can get the hood open. If someone can get your hood open, its game over.
On SUVs, where there is often enough ground clearance for someone to slide under the vehicle, you can get at the can bus on some models from below the engine compartment.
No, you are mistaken. I've always had this sig.
(Score: 2, Interesting) by anubi on Sunday June 01 2014, @12:43AM
However, it does strike me as this would be another way to settle personal grudges. An automotive malfunction at an appropriate time could make someone else's problems go away, whether it be some sort of personal relationship, financial debt, or business competition problem.
The TLA ( Three Letter Agency; acronym coined several posts above ) seem to have no problem with the telephone companies, so why should they stop there. Even if they never use the info, its not all that much storage to be able to store everywhere any car has ever been.
A heckuva lot less storage is required than digitizing phone calls. Just type in the registration info and time window into the database to retrieve a map of when and where the target vehicle was...
It would either confirm or deny a lot of alibis. Especially if you have friends in authority who can access this database. This would be quite a boon for those with connections which want to get dirt or info on a cheating spouse or business competitor.
The upside of this is this may also be used to get dirt on politicians and people who are used to bypassing the law because they know someone "important". Once it can be shown to the public the emperors have no clothes either, this may provide the evidence to dismount them from their high-horses.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by HiThere on Sunday June 01 2014, @06:26PM
The downside is that it will make it easier to blackmail politicians.
OTOH, you're only looking at passive risks, and driverless cars are already on the road. (Yeah, they're still in testing. So that's the five years before freaking out.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by anubi on Monday June 02 2014, @04:13AM
On the post, I kinda went a bit overboard. What I was trying to convey is that we are now entering yet another era of technology which enables things which can be used by a few privileged individuals ( those who are getting the dirt or friends of those who can do so ) to subjugate the many via blackmail and extortion.
I guess the telephone was the first easily-tappable communication medium, that is if your agents did not want to sit through endless church sermons. However, it was quite obvious that the telephone was not secure. Anyone could tap into the line, and siblings often did it to each other at the expense of countless sisters being very annoyed their talk with their paramour was being intercepted by a sibling which will bring up the conversation at the family dinner.
I think everyone knew that phones were "postcard" security.
Personally, I drew the line at the front door of private residences. What goes on in that house between consenting adults is no-one else's business. Even if there is a computer involved. To me, a computer that rats out its stuff over the internet is just about as welcome as someone entering a football huddle and relaying the plans to anyone who cares to listen in. If the computer user is using his stuff unlawfully, there is where due process of law, including a search warrant, comes in. One better have damned good reason to force themselves into someone else's affairs.
I have seen the TV "Cheaters" episodes, and find them amusing, as well as frightening as to how far people can go into nosing into private affairs. There are even openly advertised methods of tracking people and snooping their phones.
One thing I am quite concerned with is the coalition between business and government dictating what one can do with his stuff under the guise of patent and copyright law. My previous understanding was that patents and copyrights meant I could not duplicate other's work for enterprise use, but building or copying anything for personal curiosity was fair use... the big thing was I could make it for myself - but selling it was out of the question. Now, with all this snooping, people can accuse me of something I may not have ever done, and its up to me to prove I didn't.
I think we are making an awful bed if we are going to have to sleep in it.
I just get that uneasy feeling I would get in a restaurant if the people at the next table over just kept staring at me.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1, Informative) by Anonymous Coward on Sunday June 01 2014, @02:59PM
Hood open? Nah there is typically 1-2 ports in the passenger compartment. Or even a wire harness that I can piggy back on.
CAN is pretty much wide open. There is very little authentication. Like most controller networks. Usually if they are 'secure' they use some sort of door bell type security and/or obscurity. Sometimes they even put a password in the doorbell. Other than that the way to encode/decode is quite well understood. There just is not enough payload in CAN to put encryption. As 99.9% of the payload in CAN is about 8 bytes. Less if you are after a particular function.
Then even if you could properly get an authentication scheme going in CAN you could just hack one of the dozens of controllers to emit the right data on your behalf.
Remote security is in many ways much easier than physical security. If I can touch it I probably can own it. Then go on to own it remotely.
(Score: 2) by frojack on Monday June 02 2014, @04:55AM
You are far less likely to get inside a passenger car un-detected than get under the hood un-detected. Something about a broken window or pried ope door tends to give your clever plot away.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by Angry Jesus on Sunday June 01 2014, @02:17AM
> Where it tells you someone has to physically modify your car to do this stuff.
On the other hand, we've already had people show that hacking a car via bluetooth is possible. [phys.org]
So combining the two attacks does not seem out of question.
(Score: 0) by Anonymous Coward on Saturday May 31 2014, @11:46PM
Just pull out the tail light (most come out easy to change bulbs/LEDs.) Plug in a Cell Phone with CAN bus pass thru, Plug back in tail light.
Wal-la instant kill switch/hack. Can be done without opening the car in some cases.
Where's that super glue at now?
Looks in closet for cell jammer.
Alf
(Score: 2) by frojack on Sunday June 01 2014, @04:21AM
You can't easily pull a tail light unless you can get into the trunk of the, or read compartment of a SUV.
At least not if you expect to put it back so that it is not noticeable.
If you are inside the car, there are a lot easier places to get to the can bus.
No, you are mistaken. I've always had this sig.
(Score: 2, Interesting) by Anonymous Coward on Sunday June 01 2014, @06:52AM
Example: Ford's Econoline vans
(Score: 0) by Anonymous Coward on Monday June 02 2014, @02:59PM
Spellcheck: "voilà "
(Score: 2) by c0lo on Sunday June 01 2014, @12:09AM
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: -1, Offtopic) by Anonymous Coward on Sunday June 01 2014, @12:27AM
and since haiku need three lines, [foxnews.com]
two for the far right. [foxnews.com]
(Score: 1) by Max Hyre on Sunday June 01 2014, @03:40PM