General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCould Terrorists REMOTELY Crash Your Car?
Could a 14-year-old computer hacker in Indonesia remotely take over control of your car as you drive down the Interstate, cause the car to dangerously accelerate and and kill you by crashing it? That's the scenario raised and explained by AOL Autos in a story about the threat of terrorists and cars -- and one that drew a fairly quick rebuke from auto site Jalopnik as unwarranted "fearmongering." The government is taking threats of carhacking seriously enough that the National Highway Traffic Safety Administration opened up a "cyber terrorism department" to sort out software issues that could make cars vulnerable to attack, AOL Autos says.
When Sen. Jay Rockefeller, D-W.V., raised the issue of cyber car terrorism at a Senate Commerce Committee hearing, he was told that university researcher had succeeded in hacking into car's electronics systems and were able to perform stunts like turning the engine on and off. Jalopnik, however, in its typically unvarnished way, calls the findings into question. "While technically some of what's described in the article is certainly true, the fear-mongering tone, calculated to terrify the rapidly aging AOL dial-up readership, is uncalled for at this point," its post says.
Yes, cars are packed with computers, but few can be accessed wirelessly from outside the car. It noted that researchers said they probably would need an additional attachment to car's computer brains to really take it over. Plus, some of the kinds of systems that might make a car vulnerable aren't really deployed yet. Nissan, for instance, is one of the first with drive-by-wire steering, and so far, it's is limited to one luxury model, the Infiniti Q50. There are also backup safety systems and the software is written in a way that emphasizes safety and redundancy.
cont'
http://www.usatoday.com/story/driveon/2013/06/23/terrorists-crash-car/2446151/
But Dr. Kathleen Fisher from DARPA's High Assurance Systems begs to differ and explains some hitech methods in service today. Worth a watch!
NightWatcher
(39,353 posts)The computer in it has been fried so many times the Check Engine light is forever on.
Good luck ya terrist bastids
Politicalboi
(15,189 posts)I have a 2000 Ford Ranger with widows you roll up yourself, and doors you lock yourself. I will never be locked in my car till the hacker feels I've had enough sitting in the hot car with no air on and not be able roll down the windows. May I suggest for new car owners to buy a window punch.
Art_from_Ark
(27,247 posts)It's not connected to the Internet or any other wireless communication system. The only wireless feature it has is door locking from up to 10 feet away. So a 14-year-old hacker in Indonesia would have to be pretty damn smart to figure out how to take control of it.
DJ13
(23,671 posts)take advantage of todays much cleaner fuel and go back to the days of no computer on board.
Its the computer that exposes us to this kind of risk.
Apophis
(1,407 posts)That way, they can keep us safe and know where exactly where we're at.
Segami
(14,923 posts)In the first paper, the researchers from UCSD and the University of Washington showed if they can touch the CAN Bus through that diagnostic port, they can take over all the functionality of the car thats controlled by software. In the modern automobile, thats pretty much everything.
The brakes are controlled by software because of Anti-Lock Braking. The acceleration is controlled by software because of Cruise-Control,...and the fancy new cars that can park themselves, even the steering is under software control....."
al_liberal
(425 posts)Unless the "terrasts" can actually connect to the diagnostic connector under your dash there is nothing to worry about. Injecting a virus into an automobile, regardless of how many CAN or other communications protocols they utilize, is extremely difficult. Even if you are able to connect to the 16 way under the dashboard. So unless we're talking about age old nefarious shit like cutting break lines or disabling the steering there is nothing to worry about right now.
Not that it won't be possible in the near or far future, just that it isn't likely now.
My software is utilized by many manufacturers to program vehicle control modules in assembly plants all over the world.
Segami
(14,923 posts)"....according to Randy Garrett, a program manager for the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), and more evidence that cyber-security challenges in the future will dwarf those of the past.
http://fcw.com/articles/2013/06/04/cyber-targets-future.aspx
Major Nikon
(36,877 posts)mhatrw
(10,786 posts)Do you think we don't monitor shit like this and make adjustments? This is no different than a new computer virus and anti-virus software defeating it.
You're entitled to your own understandings and beliefs, but the fact remains that unless the culprit has direct access to the vehicle's diagnostics system they can't do shit. That access is only through the 16-way connector under the vehicle's dashboard.
Jesus Malverde
(10,274 posts)The system (Brains of the car, integrated with the entertainment system) which grants administrator rights to all comers, can be reprogrammed by putting a cd in the player. Through a blue tooth connection, or if the vehicle has it, a remote vehicle monitoring system like on-star.
al_liberal
(425 posts)The two research papers cited in the Richard Clarke story are both years old. One was written in 2010 the other in 2011.
The security access needed to reprogram vital vehicle modules is not something your average mechanic, terrorist, hacker, or disgruntled person could crack. There are very specific sequences of seed keys, pin voltages, and responses that must be performed, all successfully, to gain access. And we're not talking varying voltages on one module pin, we're talking varying voltages applied to various module pins in a specific sequence interspersed with security algorithm queries and responses. And the specific sequence of events must be successfully executed within a time frame of milliseconds.
Now if we're talking about what the NSA could do to your vehicle, all bets are off. They probably demand full access to everything.
BTW: I'm explaining vehicles rolling off of the assembly lines today, not the last or in any other previous model year.
DreamGypsy
(2,252 posts)...by the group from UCSD and UW that did the work Kathleen Fisher from DARPA described on the video in the post. What they looked at is quite a bit beyond cutting brake lines and disabling steering.
You can also get a pdf of their paper here: http://www.autosec.org/pubs/cars-usenixsec2011.pdf I found it very entertaining reading.
As long as automobile manufacturers, the engineers they employ, and the authors of software components and tools that they use are aware of potential threats and employ techniques to ensure the systems they develop are secure...well, then no problem. However, denying the problem and failing to respond to the risks would be a short drive to disaster.
al_liberal
(425 posts)That's like bringing up some computer virus or Trojan from the same time. You must think that we're illiterate or completely out of touch with technology.
TheMadMonk
(6,187 posts)If your car has the equivalent of a mobile phone in it, which a good many high end modern cars do, it's probably vulnerable to this kind of attack RIGHT NOW, all you have to know is the number to dial, and London to a house-brick, NSA has a database linking license plate, VIN and than number.
If you can get close enough to connect to it's Bluetooth, a feature that's now in damned near every vehicle sold, a car is almost certainly vulnerable to this type of attack.
Remote start feature? Odds are roughly unity, that that feature was implemented by adding a couple of lines of code to the remote unlock feature. Is it vulnerable to a buffer overrun?
And there's always "And we prepared this one earlier." If you know which vehicle a person will be driving, a few seconds with a "slim Jim" will give you access to that connector and allow the pre-loading of any software one damned well pleases.
al_liberal
(425 posts)Dude:
The entertainment systems, phone systems, and GPS systems cannot access the CAN BUS in the vehicle. No CAN BUS access, no control.
TheMadMonk
(6,187 posts)...capable of taking over the on board systems of some vehicles via the Entertainment system.
IT'S BEEN DONE!
al_liberal
(425 posts)Not today. Plus, you'd have to sort of trick the user to put the CD in the player to defeat that system. Just like hackers used to drop specifically configured thumb drives at random places around gov't installations, because the finder of said thumb drive would likely think they were very fortuitous in they're find. Hey, it might be someone's porn stash, vacation photos, etc. But at the very least, they thought they had a free thumb drive to use as they saw fit. Needless to say, that ruse has been thwarted by informing the workers.
The security access needed to reprogram vital vehicle modules is not something your average mechanic, terrorist, hacker, or disgruntled person could crack. There are very specific sequences of seed keys, pin voltages, and responses that must be performed, all successfully, to gain access. And we're not talking varying voltages on one module pin, we're talking varying voltages applied to various module pins in a specific sequence interspersed with security algorithm queries and responses. And the specific sequence of events must be successfully executed within a time frame of milliseconds.
Now if we're talking about what the NSA could do to your vehicle, all bets are off. They probably demand full access to everything.
BTW: I'm explaining vehicles rolling off of the assembly lines today, not the last or in any other previous model year.
Autumn
(45,812 posts)I'm sure they can and probably more.
BainsBane
(54,150 posts)Guns take out way more people. Even toddlers have killed more people this year than terrorists, and more people have been killed by guns since Sandyhook than US soldiers in the Iraq War. Our priorities are way out of whack.
Autumn
(45,812 posts)truebluegreen
(9,033 posts)Richard Clarke has a fair amount of credibility with me....
MiniMe
(21,789 posts)That is, they drive cars by remote control and crash them for science. But it does bring up an interesting possibility.
cherokeeprogressive
(24,853 posts)Yeah, ain't nobody hackin' MY software...
ReRe
(10,633 posts)... and if you can't find an older model car, you can always join the historical society and use a horse and buggy to get around town. They can't hack a horse, huh?
Question: How far back have they been putting computers & black boxes in vehicles? I know it goes back to before 2000.
A good car mechanic could make some good honest money with a used car lot. Big sign "Computerless Cars!" One of these days, they will sell like hot cakes.
TheMadMonk
(6,187 posts)Tierra_y_Libertad
(50,414 posts)bunnies
(15,859 posts)HiPointDem
(20,729 posts)and if a terrorist in indonesia can do it, the government can too.
the real question: who wanted such capabilities built into autos? it wasn't the indonesian terrorist.
perhaps we should reexamine the real motives for the 'cash for clunkers' program.
TheMadMonk
(6,187 posts)We need to stop adding features just for the sake of adding features. We need to start designing systems which do EXACTLY AND ONLY WHAT THEY ARE INTENDED TO DO.
HiPointDem
(20,729 posts)the same people who are spying on us, imo.
DevonRex
(22,541 posts)longship
(40,416 posts)Even if you don't have one of those new fangled jalopies with all that computer folderol, the damned deer all have those antenna on there heads. The buggers run right inta ya.
I just noes that them Al Cicada monsters are doing it.
Funny! Always happens when I am on the way home from the bar. They have cameras there, too. That way they know when to send the deer drones.
bluedigger
(17,133 posts)It's parked out front and unlocked because it's a Jeep. My dog might scare them off, though.
beevul
(12,194 posts)I have 3 vehicles.
A 1985 s-10 4x4 with a 383 stroker in it, carbureted, automatic transmission. A playtoy/farm/work truck. Not licensed or registered.
A 2000 gmc jimmy, bone stock - fuel injected, automatic transmission.
A 2000 Suzuki swift - fuel injected manual transmission.
The s10, no way no how.
The jimmy? Possibly, but there is no system to stop me from putting the vehicle in neutral, shutting off the ignition key, or using the emergency brake.
The Suzuki? Possibly, but along the same lines, theres nothing to stop me from shifting it into neutral and shutting off the ignition key, and using the emergency brake.
Newer vehicles, I would say from what I know of their systems, could possibly be quite dangerous, if electronically hacked.
And that could be multiplied tenfold if someone who were in one when it happened were to panic rather than staying calm.
Having been in a few "stuck throttle" type situations, its easy to panic.