Experimental Security Analysis of a Modern Automobile (http://www.autosec.org/pubs/cars-oakland2010.pdf) (PDF)

Department of Computer Science and Engineering

University of Washington
Seattle, Washington 98195–2350
Email: {supersat,aczeskis,franzi,shwetak,yoshi}@cs.washin gton.edu
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage
Department of Computer Science and Engineering
University of California San Diego
La Jolla, California 92093–0404
Email: {s,dlmccoy,brian,d8anders,hovav,savage}@cs.ucsd.ed u



Abstract

Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

Scary but true!

And it will become more so as time goes on with the newer vehicles. Hard wired multiplexed systems with no use of radio frequency's, I believe they would be safe.

But any system that has a radio transmitter/receiver incorporated into it that is not physically isolated from the ecu (which would defeat the purpose) could/would be vulnerable to attack. I have been playing with a program called backtrack that its sole purpose in life is to crack/break into networks.

I can see something similar being used in time to hack the newer vehicles given time.

There is not a lock made by man physical or electronic that can not be broken into.

An implant device timed to self destruct, could easily be rigged I imagine.

Scary but true!

And it will become more so as time goes on with the newer vehicles. Hard wired multiplexed systems with no use of radio frequency's, I believe they would be safe.

But any system that has a radio transmitter/receiver incorporated into it that is not physically isolated from the ecu (which would defeat the purpose) could/would be vulnerable to attack. I have been playing with a program called backtrack that its sole purpose in life is to crack/break into networks.

I can see something similar being used in time to hack the newer vehicles given time.

There is not a lock made by man physical or electronic that can not be broken into.

In the article they talk about various ways to access the car's computer (OBD II, bluetooth, etc. They used an iPod), then possibly upload malware code which would ten open up access.

An implant device timed to self destruct, could easily be rigged I imagine. The obs-2 port that every vehicle has is a direct hot line to the ecu. Not sure how much access to directly effect the system other than tweaking the engine that some obs-2 dongles can do pre programed by the user. I think it would depend on what is hard coded and soft coded in the ecu.

My new Mazda 3 it seem that there is a ton of crap that can be changed just by the stroke of a computer key board.

An implant device timed to self destruct, could easily be rigged I imagine.

Another scary part is that a hack cold be made, do its deeds, then erase itself with no evidence that it as ever present.

In the article they talk about various ways to access the car's computer (OBD II, bluetooth, etc. They used an iPod), then possibly upload malware code which would ten open up access.

Again I can see that happening. Obs-2 you need hands on access, but radio, the sky is the limit depending on the radios range. Blue tooth is what? Maybe 30 feet or so? But All it would take is someone slowly passing to upload a nasty. I think some of the new vehicles are offering built in internet (for a fee) that opens up huge can of worms.

Edit: I have seen Obs-2 bluetooth dongles out there that some use to monitor performance, and tweaking.

Sure, the management system is completely rudimentary to make it as fail-safe as possible.

I don't think they are coded for security that well, if at all.

Sure, the management system is completely rudimentary to make it as fail-safe as possible.

I don't think they are coded for security that well, if at all. But is it hard coded or soft coded, that is the major diff. Hard coded , no worry, but if soft coded, then kaddy bar the door.

But is it hard coded or soft coded, that is the major diff. Hard coded , no worry, but if soft coded, then kaddy bar the door.

I think hard coded = eprom or some other flashable format. I am not sure about soft coded. You would have to read through the article. I only skimmed through it.

Sure, the management system is completely rudimentary to make it as fail-safe as possible.

I don't think they are coded for security that well, if at all.

That is one of the authors' conclusions.

I think hard coded = eprom or some other flashable format. I am not sure about soft coded. You would have to read through the article. I only skimmed through it. Hard coded = burn it once and that is it no way to change it. Soft coded = the code can be changed , sorta like a eprom but most eproms need to be flashed electronically or ultraviolet (the ones that have the window) Not sure what the tech is now.

From the report, something I knew about, but never gave a lot of thought to:

"In the United States, the federally-mandated On-
Board Diagnostics (OBD-II) port, under the dash in virtually
all modern vehicles, provides direct and standard
access to internal automotive networks."

From the report, something I knew about, but never gave a lot of thought to:

"In the United States, the federally-mandated On-
Board Diagnostics (OBD-II) port, under the dash in virtually
all modern vehicles, provides direct and standard
access to internal automotive networks."

Yes, that is what they do, but the outside access is the question. The older obs systems were limited but now who in the hell knows. Probably everything can be pulled up for interrogation.

Hard coded = burn it once and that is it no way to change it. Soft coded = the code can be changed , sorta like a eprom but most eproms need to be flashed electronically or ultraviolet (the ones that have the window) Not sure what the tech is now.

The software in most vehicle (all) systems these days is upgradable by flash programming.

When I was working on cars, that was my specialty area. Many vehicle driveability/emissions issues were software related.

The software in most vehicle (all) systems these days is upgradable by flash programming.

When I was working on cars, that was my specialty area. Many vehicle driveability/emissions issues were software related. I am finding that out now with my new mazda..Amazing!

OT - The nav system I put in my truck said that my diesels fastest speed was 155 miles an hour. I should post a picture of it because it's IMPOSSIBLE.

I believe that they are doing it right now with the new cars....if you don't stop when the cops tells you to he then will type your license plate number in his comp and press the enter key.....and your engine dies.

I would be nice to be able to stop the cops car the same way hahahahahahahah.

V

Yes.

pgmfi.org

O/T I had two master keys cut for my "new" car at the dealership and while I waited an older gentleman walked in needing one new key. The difference? His key was $160.; wasn't the master plus he needed an appt. for programming the chip. I walked out with two working keys for $3.50.

Hacksaw Reynolds would say, "Yes they can."

"Reynolds earned his nickname in 1969 by cutting an abandoned 1953 Chevrolet Bel Air (some accounts claim it was a Porsche) in half with a hacksaw after his previously unbeaten University of Tennessee team returned from an embarrassing 38-0 road loss to Ole Miss. "I came back to school and I was very upset," Reynolds said. "I had to do something to relieve my frustration." He decided to turn the abandoned car into a trailer for his newly purchased Jeep. After working through the night on the project, chewing through 13 hacksaw blades, he returned the next day with some teammates to show off his handiwork."

http://en.wikipedia.org/wiki/Jack_Reynolds_%28American_football%29


once i got upset and smashed a bunch of bricks.

but i've never had a desire to cut a car in half. with a hacksaw.

This thread got me thinking , I own a spectrum analyzer and I drug it out for a grin and played push the buttons on mh key dongle and watched.

Yes It can be cracked if you know the proto call.



Thank you for this thread, you ass humper..

Hacksaw Reynolds would say, "Yes they can."

"Reynolds earned his nickname in 1969 by cutting an abandoned 1953 Chevrolet Bel Air (some accounts claim it was a Porsche) in half with a hacksaw after his previously unbeaten University of Tennessee team returned from an embarrassing 38-0 road loss to Ole Miss. "I came back to school and I was very upset," Reynolds said. "I had to do something to relieve my frustration." He decided to turn the abandoned car into a trailer for his newly purchased Jeep. After working through the night on the project, chewing through 13 hacksaw blades, he returned the next day with some teammates to show off his handiwork."

http://en.wikipedia.org/wiki/Jack_Reynolds_%28American_football%29


once i got upset and smashed a bunch of bricks.

but i've never had a desire to cut a car in half. with a hacksaw.

I've got a friend who cut up an entire car with a cutting wheel, packaged it up in small cardboard boxes, tied them with twine and left it out at the curb for the garbage men. :D

...you ass humper..

:confused:

:confused:

Don't bother him, he's playing push button with his key dongle...

https://www.youtube.com/watch?v=bHfOziIwXic

http://www.veteranstoday.com/2013/06/19/we-got-the-message/

Apparently cars can be hacked and used for assassination...

UPSIDE: good news for the used cars business... people will get more mechanic skills... :)

Watch how easy...


www.youtube.com/watch?v=oqeoqe6S6m73Zw

www.youtube.com/watch?v=oqe6S6m73Zw