How To Take Control of a Car's Electronics, Cheap

mspohr writes with this excerpt from The Register: "Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road. The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems. 'A car is a mini network,' security researcher Alberto Garcia Illera told Forbes. 'And right now there's no security implemented.'"

wait, the subject isn't autofilled in the beta? al

[Anonymous Coward]

Plenty of people have offered criticism. Hold on, let me check the current beta and see how much of it has been taken...

Oh, look, it's all been ignored. There's still a massive block of whitespace at the top of the page for no apparent reason. The comment box is still so narrow it looks like I've written several pages of text when in reality it's more like three sentences. They "fixed" the sidebar along the side of the screen, though, in that instead of being a giant empty space it's plastered with ads. So

Re:

[okcdan]

ditto.

Here you go spaz retard

[Anonymous Coward]

Taken from the wise wjwln
http://slashdot.org/comments.pl?sid=4761849&cid=46192975

You're obviously not paying attention then. Plenty of people have posted *exactly* what's wrong with the comment system in beta. Maybe you haven't seen them because you're actually using beta?

Look, you have to understand something: Slashdot discussions generate interesting content by allowing tons of garbage to be posted, mixed around, and evolved. Part of the evolution comes from the interactive nature of community discussion, and part of it comes from the moderation process. For this evolution process to work properly, you have to be able to see a lot of posts at once, all in one shot. You need to be able to see some contextual information about the people posting comments. When you post your own comments, you need to be able to quote or link to other posts easily. When you want to moderate, you need to be able to do it in place, at the comment you intend to moderate.

Beta breaks all of these vital features; without them, the nature of Slashdot discussion changes completely. People will read fewer comments because the new layout hinders rapid seeking, scanning, and comprehension of potentially valuable posts... all while making it much more difficult to skim past the stuff that doesn't interest you. When people read fewer comments, they post fewer comments. When the total number of comments starts to drop, the exploration of the discussion space becomes much less thorough. Potentially valuable or interesting discussion paths will be missed. Those rare, but highly sought after gems of insight and wisdom borne from the cesspool of chaos will become much more scarce.

You want to know why people hate the beta so much? It's because it kills the evolutionary discussion dynamic that makes this community what it is. There's nothing else like it, and many of us do not want to lose it.

Re:

[FatdogHaiku]

Slashcode is open source, ya? Can't we just "fork" the site?

In SlashDot Beta, Site Forks You!

Re:

[Anonymous Coward]

Considering the fact that nobody is ddosing or hacking slashdot, I would say things are actually quite civil.

Re:

[Forty Two Tenfold]

You're assuming too much. Namely that "it works" and "is being improved."

Re:

[rudy_wayne]

If you need physical access then it's not a hack and doesn't show lack of security.

Re:

[AK Marc]

It's still a hack, but unless you can get to the port without popping the hood or accessing the interior, then the car is secure, and the comment "And right now there's no security implemented." is a lie.

Re:

[LifesABeach]

When folks talk about control, could control be from a parent computer like a lap top? Maybe interfaced to some cameras? My idea is that self driving cars could be developed faster if folks could write their own open source solutions. The car companies can't think of everything, but a motorist stuck in a car problem can begin.

Re:

[AK Marc]

The implication is that someone else could remotely control your car. The reality of plugging your computer into your car and controlling it real-time is so 2001 (Fast and Furious made it mainstream, showing the very-real ECU-in-a-laptop). Interfacing with your computer and issuing commands is something that's been done for years. It that's all this is, yawn. That's why the implication is "remote" means from outside the car, like the "no security" comment implies. After all, if someone has to be in the

Re:

[gl4ss]

well, it's as much as a hack as hacking the breaklines into pieces is.

but, eh, this is hardly worth of a blog post and not worth of a black hat speech. it's a fucking easy subject to go for if you just want to hold a black hat presentation I give him that though. but if the presentation doesn't do something really interesting like controlling steering on the new car that has servo steering(when powered off the steering connects physically) then gtfos.

Re:

[AK Marc]

It's nothing that wasn't done 20 years ago, but done with greater difficulty (having to solder chips in to the ECU to allow remote control of air/fuel mixture, then putting in a second computer - sometimes a cockpit mounted laptop - to "remotely control" all that could be). The only difference now is that much more of the car is drive by wire. Brakes in Mercedes to most everything in cars with park assist.

Even if this allows servo control of steering, it's a simpler "hack" than what has been done 20 year

Re:

[JaredOfEuropa]

It's reasonable to assume that no hacker will have physical access to your computer. For your car, that's a much less reasonable assumption. Cars sit unattended in public places for long periods, so someone intent on messing with you will probably have little trouble gaining access to your car and installing this box.

A simple way to improve security somewhat would be to require CAN devices to be paired with the car's computer. IIRC Volvo used to do this; installing a CD player on the CAN bus required

Re:

[aix tom]

but they've since disabled this security as it was "too troublesome".

Exactly that. You have to see the pro/cons of security. If someone has physical access to your car and wants to mess with you, all the CAN-bus security in the world won't prevent him from snipping the break lines, drilling a hole in the bottom of your tank, or loosening the tire nuts.

And seeing how "security" at my computer sometimes prevents the legitimate user from doing stuff, I would really hate to get a "unauthorized brake attempt detected" error message when I slam on the breaks while seeing the tanke

Re:

[LesFerg]

I wouldn't mind notification as I slide the key in, such as "Would you like to remove the device from the diagnostic port before driving?".
I'm sure the technician with a legitimate purpose will be able to handle a few extra steps in activating diagnostic systems.

Re:

[Meski]

A bluescreen at 140k would be fun, too.

Re:

[Hamsterdan]

Having to go to the dealer to pair a device means saying goodbye to your affordable OBD-II scanner and ECU flasher.

Re:

[wagnerrp]

For what it's worth, industrial data buses in general implement no form of data security. They all rely on physical security. CAN just seems to be following the standard.

Say what?

[djupedal]

No security? BS. That would suggest that all one has to do is lift the skirt and look. That's not the case, however, since not all the data is easily sniffed. Seems this is just a product leak/blurb to build a brand, nothing else.

Re:

[AK Marc]

It's only use is as a gadget in CSI for the gang to figure out to determine it was the husband that sabotaged the wife's car and drove her off a cliff, after all, the husband would need physical access, and he'd have it, as he has a set of keys.

Re:

[Meski]

And 90% of the objectors are AC's - you don't get a vote as AC, guys. Say it from your named account. Perhaps your paid for, ad free named account.


"If you're not paying for the product, you are the product."

Not a totally remote exploit.

[140Mandak262Jamuna]

The hacker has to physically install a dongle in the port, or plug the hard ware somewhere under the hood of the car. Once that is done, it would be possible to control the cars electronics remotely.

Re:

[PRMan]

Yes. The Supreme Court just said so.

Re:

[Hamsterdan]

Yes, but they'll do it anyways

Bluetooth ODB-II?

[chill]

And how does this differ from the Bluetooth ODB-II connector I use to stream car data to my cell phone? That is wireless and also requires being plugged into the diagnostic port on the car.

I can pull all sorts of data from that. If I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.

This isn't hacking. It is a product demo for VW.

Re:

[DarwinSurvivor]

From what I understand, cars have multiple CAN networks, all isolated from each other. There is at *least* 3 in most modern cars. One for infotainment (cars stereos and heating/fan control), 1 for basic control diagnostics (that's the one under the dashboard), and one for the engine (this one is usually a P.I.T.A. to get into as they don't leave open ports plug into). If they've managed to get into the engine CAN through one of the more accessible CAN's, then they've done one hell of a job!

The different buses...

[batistuta]

Most cars have a high speed CAN, for all functions needing messages at a rate of about 10 or 20 ms like Abs, engine, etc. There is also a low speed CAN, which is used for things like heating, and low rate signals of about 100 and 200 ms. The advantage of low speed CAN is that it can be put into low power and use it to wake up devices, like a wake up on LAN. I Then there is the LIN bus. This is a low speed, single wire cheap bus. It is used for things like wipers. These are the basic three buses.

Cars like BM

No, you can't send.

[batistuta]

I spend a little more, I can get a full CAN-bus connection and actually *send* information and control things.

No, you can't send over CAN this way, at least not without risking messing up the core structure of your network. Most nodes in vehicle CAN send messages periodically. Each message type has a unique id, and sending two messages with the same id at the same time can result in collisions. But even if these don't collide, they will get overwritten right after by the next real message. If the inconsistencies are bad enough, the safety fuses will catch them and shut the system down. Any respected automotive OEM

Physical Access

[Pcgeek21]

This issue surrounds physical access to the vehicle, at which point no amount of security is going to be able to protect it (it will only make it more difficult to do). Adding security would make it significantly more difficult for mechanics and enthusiasts to work with their vehicles. My vote is towards adding a notification light on the dash board for when a device is connected to the vehicle's computer (that cannot be turned off by the computer [e.g. controlled by an auxiliary system]), which would notify the user that something is not right (if they did not connect something).

Re:

[Jane Q. Public]

"This issue surrounds physical access to the vehicle, at which point no amount of security is going to be able to protect it (it will only make it more difficult to do). Adding security would make it significantly more difficult for mechanics and enthusiasts to work with their vehicles."

But "more difficult" might be the right thing to do.

It's true that it might make mechanics' jobs slightly more difficult. But what you said is kind of like saying locks on doors are pointless "because no amount of security is enough if you have physical access". In truth, there are few locks that a skilled locksmith can't pick open given a little time. But that doesn't mean a lock that can be picked in 5 seconds or no lock at all is a good solution in most cases.

Re:

[blue trane]

The better solution is, eliminate the motivation to break in, in the first place.

Step one: have the government serve as an ethical example; so instead of exploiting vulnerabilities that exist in the wild, it fixes them.

Re:

[davester666]

own and drive a really crappy car? done!

Re:

[blue trane]

Mo' money, mo' problems.

Re:

[Zibodiz]

Posting to undo an accidental moderation -- shoulda been 'funny', not 'redundant'.

Re:

[phantomfive]

Honestly I'm not sure this is particularly worth worrying about. Maybe cars have changed, but last time I was messing around with CAN in a car, it couldn't do very much. It's not like they are going to be able to drive the car remotely. But they will be able to get some telemetric data.

Re:

[sumdumass]

The thing about script kiddies is that they don't need to know much because they use other people's scripts and efforts.

Here is a more illustrating example. Most people who have rooted android phones have no idea how to actually root a phone. Instead, they either (themselves or pay someone to do it) use scripts and procedures developed by others in order to gain root access and do as they please. So someone set up a side business rooting phones and to the average user, they look like a hacker. To someone w

Wireless access, once you've got wired access

[Theaetetus]

"Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road... the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

That's like saying I can get wireless access to your server, provided you let me have physical access first so I can plug in my wireless NIC.

Re:

[alostpacket]

To be fair, you don't keep your server in your driveway. Or maybe you do? :)

I don't know how easy it is to find the connector though. In theory, cars should be able to tell if external devices are connected.

Re:

[Hamsterdan]

"To be fair, you don't keep your server in your driveway. Or maybe you do? :)"

With the temperatures we have in Montreal, it would make a hell of an overclock...

Not with a bang, but with a Beta.

[emmagsachs]

What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" [slashdotmedia.com] platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.

Nevertheless, Dice is despera

Re:

[dcollins]

Mod this up.

Re:

[allsorts46]

What is $6.3 million of goodwill, anyway?

Re: Not with a bang, but with a Beta.

[Anonymous Coward]

"Goodwill" is an accounting term for the amount paid for the purchase of a company above the total value of the physical parts of the company. It's the premium one pays for the "name value".

For example, a bakery buying the "Hostess" brand name would buying "goodwill", since the brand name has no tangible value.

"Writing down" the goodwill means admitting that it isn't worth what they paid for it, either because they paid too much or because they did silo etching to make it less valuable.

Dice apparently is gu

Re:

[Attila Dimedici]

I have expected Dice to kill slashdot ever since I heard that they bought it because I cannot imagine anyway to make slashdot a profit center. The best I can see is for it to do is to pay for itself and perhaps a little bit more, but not enough return to justify it to the accountants. I think if I was in Dice management I could make a case for it on the basis of the good will it generates and the ability to data mine it to predict technology trends (the only reason to actually capture user information in th

amazing

[stenvar]

Just imagine all the chemical and physics hacks you can do once gain access to a car's hardware!

Re:

[maxwell demon]

Yeah, I've heard you can hack the tires to no longer hold air, by using a tool as simple as a knife! And what's worse, you need not even access to the inner parts of the car. The vulnerable part is right on the surface!

I've also heard that cars get regularly hacked by martens. This includes quite dangerous hacks like killing the brakes.

Re:

[sumdumass]

lol.. That reminds me of a situation about 20 years ago or so. Locked the keys in the car in the middle of nowhere and hacked the door lock with a rock through the window.

No Wifi, No Beta

[Anonymous Coward]

Seems my comment is a reaction to the useless Slashdot-Beta.

Security?

[kimvette]

I'm really not too worried about it, so long as any wireless connectivity is secured.

Old cars had zilch for security. Wanted to take off with it? On really old cars, just cut and twist a few wires, cross two more momentarily, and you're off. Not even a column lock to get in the way.

More recent cars? Hmm, prior to electronic keys (and keys with resistor values, i.e., GM ignition keys), slide-hammer the ignition and use a screwdriver to turn it, or if the column under the dash is acceptable, just pull and jum

So, this is a test

[Ralph Spoilsport]

I will type a line and hit return here: And then type another line. I will now type a paragraph HTML command here:

And then type another line, followed by another paragraph code here:

This will prove to myself whether or not Beta, in all of it's innovative wonder, will finally allow Slashdot to recognise a return command.

That is all.

Oh FFS. That's terrible.

[Ralph Spoilsport]

Not only did it not recognise my return char, it fucking CHANGED FONT after using a paragraph command. WHISKEY TANGO FOXTROT? This isn't beta software. This is mid Alpha, at best.

Physical access

[BillX]

Wait, someone can control something by physically plugging something into a control port designed for that purpose?

It's a neat trick, but if the bad guy has physical access, it doesn't take a wireless dongle in the CAN port to mess shit up...

So the solution is DRM for cars?

[caseih]

Am I the only one that thinks car manufacturers reactions to these "hacks" is just going to be heavy DRM on the bus, more nickel-and-diming for unlocking features, and more expensive parts because third parties are locked out because of the DMCA?

Right now in agriculture, everything is quite proprietary on the bus, but having it free and open would be a huge boon. There is no DRM at this time, but the protocols themselves are closely guarded secrets. In an ideal world, one companies' GPS receiver should wo

In other news

[niw3]

Hackers hacked into home networks using off-the-shelf cheap ethernet cables, by plugging those into ethernet ports of home routers.

Micharl Hastings was murdered

[Rujiel]

After Richard Clarke, fmr. national security advistor to bush jr. amd clinton, publicly brought up the concern that journalist Hastings was murdered, the trolls insisted that such control over a car wasn't possible. Well, here you go. If these guys can rig up a car, you bet your ass the feds can.

Just relax

[Josh Keaper]

I'll take care of the squealing, wretched, pinhead puppets of Gotham!