Car people: check this out

[poopgiggle]

http://www.autosec.org/pubs/cars-oakland2010.pdf <---- "An Experimental Security Analysis of a Modern Automobile"


So if you've been paying attention to how modern cars work, you know that everything is controlled electronically. Engine timing, braking, acceleration, etc. On some newer cars, the automatic parallel parking feature means that even steering is computer controlled.

That link is to a paper that shows what can happen if bad guys get into the network. Here are some highlights:

A false speedometer reading and a humorous message

In one case, we sent a random packet which not only engaged the front left brake, but locked it resistant to manual override even through a power cycle and battery removal. To remedy this, we had to resort to continued fuzzing to find a packet that would reverse this effect. Surprisingly, also without needing to unlock the EBCM, we were also able to release the brakes and prevent them from being enabled, even with car’s wheels spinning at 40 MPH while on jack stands.

In another set of experi- ments, we disabled the communication of individual compo- nents on the CAN bus. This was possible at arbitrary times, even with the car’s wheels spinning at speeds of 40 MPH when up on jack stands. Disabling communication to/from the ECM when the wheels are spinning at 40 MPH reduces the car’s reported speed immediately to 0 MPH. Disabling communication to/from the BCM freezes the instrument panel cluster in its current state (e.g., if communication is disabled when the car is going 40 MPH, the speedometer will continue to report 40 MPH). The car can be turned off in this state, but without re-enabling communication to/from the BCM, the engine cannot be turned on again.
Thus, we were able to easily prevent a car from turning on. We were also able to prevent the car from being turned off: while the car was on, we caused the BCM to activate its ignition output. This output is connected in a wired-OR configuration with the ignition switch, so even if the switch is turned to off and the key removed, the car will still run. We can override the key lock solenoid, allowing the key to be removed while the car is in drive, or preventing the key from being removed at all.

Even at speeds of up to 40 MPH on the runway, the attack packets had their intended effect, whether it was honking the horn, killing the engine, preventing the car from restarting, or blasting the heat. Most dramatic were the effects of De- viceControl packets to the Electronic Brake Control Module (EBCM) â€" the full effect of which we had previously not been able to observe. In particular, we were able to release the brakes and actually prevent our driver from braking; no amount of pressure on the brake pedal was able to activate the brakes. Even though we expected this effect, reversed it quickly, and had a safety mechanism in place, it was still a frightening experience for our driver. With another packet, we were able to instantaneously lock the brakes unevenly; this could have been dangerous at higher speeds. We sent the same packet when the car was stationary (but still on the closed road course), which prevented us from moving it at all even by flooring the accelerator while in first gear.

(Emphasis mine)


Personally I think this is really cool, but I can see how it might scare the bejeezus out of you.

 

[dennishoddy]

It's been said that with our reliance on artificial intelligence to perform the most mundane tasks in civilian as well in our military, the next great world war will be fought not by men and machines, but computer vs computer.
I think we have already seen evidence of this with the stutznet virus that is ravaging the Iranian neuclear facility.

 

[poopgiggle]

It's even worse with tractor-trailers. Those things are so wired up now that it's ridiculous.

I'm going to be screwing around with CAN systems in semi-trucks a lot over the next few years. I'll be sure to post some interesting videos.

 

[dennishoddy]

http://www.youtube.com/watch?v=K2VduViwvlw&feature=player_detailpage


Many in the automotive industry believe that the automobile will undergo more changes in the next 15 years than it has since its inception 125 year ago.