No announcement yet.

Security vulnerabilities in high tech cars

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security vulnerabilities in high tech cars

    Not content with plugging into your OBD port, "security researchers" have figured out that they can interject themselves into the connection between your tires and your car's computer:

    Ars Technica: Cars hacked through wireless tire sensors

  • #2
    interesting.. i am starting to appreciate old carbureted cars more and more...

    while this is a little more realistic then a hacker connecting to a obd2 port(at this point, cutting your brake lines is cleaner, and faster), the article states that they still cannot cause serious harm from a remote location using the tpm system...just turn on a couple lights, etc...
    My OLD 2001 Mitsubishi Eclipse GT:
    "The Project That Never Ended, until it did"

    next project? subaru brz
    carpc undecided


    • #3
      Damage! so my tires weren't really flat like my display said? it was just a hacker?! That explains the funny looks I got when I drove with the flat tires to the tire store...

      In all seriousness, orly? your cell phone broadcasts uniquely identifiable addresses so you can technically be tracked everywhere you go.

      This study is complete FUD. *Any kind of wireless technology is hackable* no matter what security measures you put in place. Very disappointed in this article. Ars is normally above this kind of stupidity.
      Former author of LinuxICE, nghost, nobdy.
      Current author of Automotive Message Broker (AMB).
      Works on Tizen IVI. Does not represent anyone or anything but himself.


      • #4
        Time for firewalls guys.

        And don't forget to shut the vehicle down if any foreign signal is detected (like the authorities can, but with YOUR vehicle instigating the shutdown instead of the overhead chopper or satellite).

        Yep - I love my non-CANned non-security vehicles. Cheap, reliable, reconfigurable - and most of all - HEAPs of fun!


        • #5
          "$1500 in equipment" just to mess with my tire pressure reading...


          • #6
            But of course!

            Everyone knows you can't just connect and decrypt a CAN system - the hardware costs zillion$!

            Different if it were only a matter of some copper and software.....

            Besides, hook up some dirty interface and your car may catch a virus. Or worse - tetanus or some STD! Imagine a crazy car running amok.
            And sterility don't come cheap these days (except through natural aging).


            • #7
              I can only imagine if you were one of those poor saps driving a toyota prius and someone hacked your electronic throttle and drove you into a wall, no wait a second the car does that automatically without the hack, crap where is this world leading to?
              MY INSTAllS:




              • #8
                This is a non-issue. There is nothing on this planet that cannot be hacked. The whole use-case/scenario has a huge missing gap:
                1. pull up next to car
                2. sniff the uid of the TPMS (which I'm sure takes more than just a few seconds)
                3. spoof a fake message
                4. ???
                5. Profit
                A more likely scenario:

                1. idiot spends $1500 on hardware
                2. pulls up next to car. minutes pass...
                3. owner of car sees a brief message that his tires are too full/low/missing, discounts it and keeps driving
                4. idiot tries a few more times on a few different cars
                5. idiot gives up and spams F5 until the next "hackers hack X" shows up in his twitter feed.
                Former author of LinuxICE, nghost, nobdy.
                Current author of Automotive Message Broker (AMB).
                Works on Tizen IVI. Does not represent anyone or anything but himself.


                • #9
                  There's a lot of people who don't even have to spend the $1500.

                  They were just trying to illustrate a point about how much the equipment might cost if you had to go buy the barebones stuff to make it, but many of the types of people who like to tinker and have been tinkering with technology to build their own cool projects like I like to do already, have more than enough equipment right in the basement now, to do this kind of data sniffing already. I know I do. I used to work for a wireless internet service provider and I have all kinds of equipment for scanning wireless spectrums, directional antennas, radios of all types and frequencies common for data transfer, and my current job is for a company that builds packet sniffing equipment for capturing packets and wireless transmissions of all types, used for "Network Troublshooting", although it has an ignored dark side.

                  I could go into my basement right now and grab this old laptop I have w/ Fedora Core installed on it, and install this old pcmcia a,b,g network adapter I have with hacked firmware on it which can scan a wider range of frequencies than the stock firmware will allow, and use free softwares available on the internet right now for packet sniffing and there are even other softwares available for sniffing and recording the actual radio spectrum signal in its analog form as it passes over the airwaves. I could do this for free. I think I even still have all those programs stowed away somewhere on one of my servers.

                  I bet a lot of people already have most of the equipment to build something like this and not even know it. You could probably even Google around to learn how to do it if you really want to. But I can think of a lot of other things I'd rather spend my time on than this. This is most likely more of something a younger kid like high school or college age would do for personal education and 'fun'.

                  I may be a hacker, but not a malicious one. I'd rather be doing constructive projects to figure out how to harness my talents in order to make money legally anyway.


                  • #10
                    Samsonite is another that sees the issues with today's so called security....

                    Let's see, if a protocol analyser or network troubleshooter is a high-level tool with "higher levels" than what it is testing, and it has handshaking or intercommunication (as is required), could it possibly be a threat?

                    Hmmm - isn't that like a root and a sniff on a typical comms platform?

                    And that's at transmission levels.

                    What about the backdoors? How much free software is there? Has anyone cleared free or purchased software from encoded sleepers? (And has anyone else certified that those checkers didn't miss anything?)

                    My "you can't just connect and decrypt a CAN system - the hardware costs zillion$! was sarcasm directed at those that think you have to spend heaps to intercept or hack, or that spending heaps somehow protects you.

                    After seeing sticks used to gain entry to highest security installations, or simple electronics (sometimes merely metal!) gain interception...

                    And if you can't intercept, you simply prevent (ie, jam, or flood, etc).
                    As to wireless - ha!