Wired reports that:
They built their anti-hacking device for $150 in parts: an mbed NXP micro controller and a simple board. This plugs into a jack underneath a car or truck's dashboard known as the OBD2 port. Power it on for a minute during routine driving, and it captures the vehicle's typical data patterns. Then switch it into detection mode to monitor for anomalies like an unusual flood of signals or a command that should be sent when the car is parked but shows up when you're instead doing 80 on the highway.
If it spots mischief, the device puts the car into what Miller and Valasek call "limp mode," essentially shutting down its network and disabling higher-level functions like power steering and lane assist until the vehicle restarts. "You just plug it in, it learns, then it stops attacks," says Valasek, the director of vehicle security research at security consultancy IOActive.
Miller and Valasek's gadget may raise fears about false positives that could mistakenly disable your car's computers during rush hour. But in their tests, they say it hasn't misinterpreted any innocent signals in the car's networks as attacks. That's in part, they say, because a car's digital communications are far more predictable than those of a typical computer network. "It's just machines talking to machines," says Valasek. "In the automotive world, the traffic is so normalized that it's very obvious when something happens that's not supposed to happen."
The inventors claim it defeats all previous CANBus attacks. However, when you've got no authentication, no encryption and no source address in your "trusted" network, defense seems like a losing battle.
(Score: 2, Funny) by Anonymous Coward on Thursday July 24 2014, @07:06AM
The computer is the car. Nothing could possibly go wrong! Just remember, KITT is the good one and KARR is the evil one. See, everything is obvious and normalized.
(Score: 3, Insightful) by FatPhil on Thursday July 24 2014, @07:52AM
So now you don't need a targetted attack, you can just spew noise onto the bus, and the system will shut down. So you've made it unimaginably easier to DoS. >slow hand clap<. *Availability* is an essential component of a secure system, and this removes that.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Informative) by Anonymous Coward on Thursday July 24 2014, @08:13AM
> So you've made it unimaginably easier to DoS.
If you are DoS'ing the system then you are, by definition, attacking it.
The other half of the problem is to make sure there is no wireless access to the CANbus.
If there is no wireless then any attacker has already had physical access to the vehicle.
So whether it is a directed attack or not doesn't really matter, it is a sign the system is compromised.
(Score: 0) by Anonymous Coward on Thursday July 24 2014, @08:02AM
They claim no false positives, which is pretty important given the catastrophic problems that could arise.
But what about false negatives? It's not going to be of much good if actual attacks don't trigger it. They say it detects all known attacks, but how much is that just "teaching to the test" rather than robust design? Can an attacker just apply minor tweaks to a known attack and be able to circumvent it?
(Score: 1) by speling on Thursday July 24 2014, @09:11AM
Yes, in antivirus analogy it's like they're saying our antivirus detects all known viruses and we haven't yet seen our antivirus mistake an innocent file for a virus. I don't like this. Morphy laws man, Morphy laws
(Score: 2) by kaszz on Thursday July 24 2014, @11:30AM
Murphy's law perhaps?
(Score: 2) by present_arms on Thursday July 24 2014, @11:45AM
He's probably Irish and typed it how he would pronounce it :)
http://trinity.mypclinuxos.com/
(Score: 2) by forsythe on Thursday July 24 2014, @04:25PM
Perhaps Muphry's [wikipedia.org], although criteria for it striking don't appear to have been met in this thread yet.
(Score: 2, Interesting) by anubi on Thursday July 24 2014, @10:36AM
how a car gets infected? I did not think they were online to the internet.
I thought I would have to explicitly connect an accessory to the CAN bus.
The car industry is not like the software industry as when cars malfunction, companies get sued : big-time.
If any company made a device which messed with the CAN bus and could be implicated in someone getting killed, there would be no end to the damage claims. And I mean just *implicated* would be enough to be financially quite painful.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by Urlax on Thursday July 24 2014, @11:35AM
Well the "car" as a whole is not connected to the Internet, but the sat-nav may be internet enabled. or it gets updated from SD/USB/DVD.
If the sat-nav uses the same USB port as the radio (often they are integrated), it must be possible to run code on them. There are literally almost no security updates, so given sufficient time, there should be a way in.
from there you should be able to spew data onto the vehicles bus.
(opening a vehicle and inserting a Bluetooth ODB device is also possible, but it requires driving in close proximity and is more dificult than cutting a brake line)
(Score: 3, Informative) by kaszz on Thursday July 24 2014, @11:45AM
Internet may come through satellite connection for remote upgrades, repair shop plugging in or just plainly someone at the parking lot connecting for mischief.
(Score: 0) by Anonymous Coward on Thursday July 24 2014, @04:44PM
> how a car gets infected? I did not think they were online to the internet.
>
> I thought I would have to explicitly connect an accessory to the CAN bus.
Through the tires [arstechnica.com]
(Score: 1) by Adamsjas on Thursday July 24 2014, @04:18PM
Might not be the best thing to do. Some cars become pretty hard to steer when power steering is off, especially big cars driven by little people.
Maybe most the protection this thing provides is by taking up the most logical attack place, the ODB2 port.
(Score: 0) by Anonymous Coward on Thursday July 24 2014, @04:42PM
> Might not be the best thing to do. Some cars become pretty hard to steer when power steering is off,
The faster the car is going, the easier it is to steer unassisted.
(Score: 1) by Adamsjas on Friday July 25 2014, @05:07PM
I guess that helps, as the little old lady is destined for only a slow speed crash.