Go Back   Team-BHP > Under the Hood > Technical Stuff


Reply
 
Thread Tools Search this Thread
Old 10th September 2011, 13:39   #16
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Hackers could make your car unsafe and expose to dangers

This article if from Mcafee.

Fear mongering is in Mcafee's best interests. Reality is quite different.

1. Car systems, specially internal communication network (E.g. CAN) has vulnerabilities. E.g. Private keys are not always encrypted while transmission withing network. It is transmitted only while radio communication with Key fob.
2. However, it is not economically feasible to exploit these systems. This is still in research stage and possible in lab. Not feasible because a successful exploi should be packaged in a way that a "normal" thief should be able to run it. E.g. b just plugging in something in car's data port.
3. There is one area that is definitely cause of concern. That is GPS based anti-theft systems.
4. These systems do not have any authentication at all. If someone known phone number of SIM, he can simply send an SMS to disable the car.
NetfreakBombay is offline   Reply With Quote
Old 10th September 2011, 13:42   #17
Senior - BHPian
 
Join Date: Nov 2009
Location: Bhubaneswar
Posts: 1,762
Thanked: 532 Times
Default Re: Hackers could make your car unsafe and expose to dangers

A person on the inside who actually knows how the proprietary encoding for a particular brand is done.
julupani is offline   Reply With Quote
Old 10th September 2011, 13:43   #18
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by headers View Post
Can you elaborate this point? Especially if you are able to have a person on the inside means ... ??
You dont need an insider's help (though that definitely makes the job easier).

For example this vulnerability was discovered in 1999 by black box scenario:

http://www.ece.cmu.edu/~koopman/thesis/etran.pdf
NetfreakBombay is offline   Reply With Quote
Old 10th September 2011, 13:59   #19
BHPian
 
guyfrmblr's Avatar
 
Join Date: Aug 2011
Location: Boston
Posts: 940
Thanked: 1,920 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Most of the Bluetooth modules present in the cars have a default passkey such as 0000, 9999 for pairing which makes it more vulnerable. Hackers can easily pair with ICE's bluetooth module. Instead they should generate random passkeys which makes it more secured.

I don't think its possible to communicate with ECU with the existing bluetooth profiles implemented in the cars. As far as I know, there are only 3 profiles present in most of the cars:
1. HSP (Headset Profile) - Used for voice communication between mobile and ICE.
2. A2DP (Advanced Audio Distribution Profile) - Used to stream music (stereo) from the mobile to ICE.
3. SAP (Sim Access Profile) - Used to share the contacts from mobile to ICE as soon as both are paired with each other.
guyfrmblr is offline   Reply With Quote
Old 10th September 2011, 14:47   #20
Senior - BHPian
 
pranavt's Avatar
 
Join Date: May 2008
Location: Mumbai
Posts: 1,628
Thanked: 272 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Wow, an anti-virus company scaring people about viruses. Never seen that before. Wonder how it affects McAfee.
pranavt is offline   Reply With Quote
Old 10th September 2011, 19:48   #21
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by pranavt View Post
Wonder how it affects McAfee.
It affects McAfee along expected lines

MCafee if coming up with security products for cars and other embedded systems. And this is the kind of PR that it needs. Blurrb from PR:

Quote:
At McAfee, we are committed to securing embedded devices and the world beyond PCs. As such, we’re
partnering with Wind River and content experts in a variety of fields to analyze the security of embedded
systems and provide sector-specific recommendations for securing these systems and keeping customers,
as well as the general public, safe.
NetfreakBombay is offline   Reply With Quote
Old 10th September 2011, 20:31   #22
Senior - BHPian
 
Join Date: Nov 2009
Location: Bhubaneswar
Posts: 1,762
Thanked: 532 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by NetfreakBombay View Post
It affects McAfee along expected lines

MCafee if coming up with security products for cars and other embedded systems. And this is the kind of PR that it needs. Blurrb from PR:
I seriously hope McAfee and the rest of the anti-virus world doesnt scare us into having to install anti-virus on our cars.

Then we will have messages on the MID like, "Your car's security systems are not up-to-date".

If at all I want any "security systems", it would be a roof mounted M61 cannon or something of the sort.
julupani is offline   Reply With Quote
Old 10th September 2011, 21:23   #23
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by julupani View Post
I seriously hope McAfee and the rest of the anti-virus world doesnt scare us into having to install anti-virus on our cars.
This product is directed towards manufacturers and integrates (Bosch/ Mitsubishi et el).

Fear mongering is directed towards PR.
NetfreakBombay is offline   Reply With Quote
Old 13th September 2011, 14:57   #24
abs
BHPian
 
abs's Avatar
 
Join Date: Mar 2008
Location: Chennai - Kotturpuram
Posts: 28
Thanked: 3 Times
Default Re: Hackers could make your car unsafe and expose to dangers

See my thread related to this at http://www.team-bhp.com/forum/techni...-analyser.html

Its not difficult to get/build a spectrum analyser.

See mossmann's blog: a $16 pocket spectrum analyzer

Being a licenced Ham, I have access to the needed gadgets. This is a nice activity for this weekend I guess Will post my findings here soon.
abs is offline   Reply With Quote
Old 13th September 2011, 16:29   #25
BHPian
 
Racer_X's Avatar
 
Join Date: Jun 2011
Location: Pune
Posts: 268
Thanked: 114 Times
Default Re: Hackers could make your car unsafe and expose to dangers

@abs looking forward to that!

I have a friend who is also a HAM (Vu2VPR) will talk to him over the weekend and see if it makes sense to him and try to conduct some sort of experiment and post the findings here.
Racer_X is offline   Reply With Quote
Old 13th September 2011, 18:48   #26
abs
BHPian
 
abs's Avatar
 
Join Date: Mar 2008
Location: Chennai - Kotturpuram
Posts: 28
Thanked: 3 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by Racer_X View Post
@abs looking forward to that!

I have a friend who is also a HAM (Vu2VPR) will talk to him over the weekend and see if it makes sense to him and try to conduct some sort of experiment and post the findings here.
@Racer_X I know vu2vpr - Vilas - He is an Old Timer. But am not sure if I am famous enough for him to know me My Call is VU2ABS

Here is an update: -

My Xylo Keyfob transmits something @ 433.903 Mhz. All I hear is a didodidodido audio signal for each key press for Open, Lock and Locate keys. Will feed the same to the computer and see what signal is being sent. Should be fun to see what happens if I record and retransmit the same. FYI the UHF frequency allocated for Hams is 434-438 Mhz

Last edited by abs : 13th September 2011 at 18:51. Reason: Added specific reply to Racer_X's quote
abs is offline   Reply With Quote
Old 13th September 2011, 20:00   #27
BHPian
 
ssh1979's Avatar
 
Join Date: Jun 2011
Location: Chennai
Posts: 395
Thanked: 106 Times
Default Re: Hackers could make your car unsafe and expose to dangers

^^ You guys scare me. Anyways, I'll keep watching this thread.

Those days when bluetooth was picking up, I've read stories on how texts, documents or even programs could be uploaded to Bluetooth devices that were visible and unprotected. So, I don't see why advancements could not have been made in this area.

Once it's confirmed that here in our country, it's possible to inflict harm via BT, that's it. I'm uninstalling all ICE straightaway. Anti-virus? No, thanks.
ssh1979 is offline   Reply With Quote
Old 13th September 2011, 20:45   #28
Senior - BHPian
 
DerAlte's Avatar
 
Join Date: Mar 2007
Location: Bangalore
Posts: 8,076
Thanked: 2,876 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by guyfrmblr View Post
... I don't think its possible to communicate with ECU with the existing bluetooth profiles implemented in the cars. As far as I know, there are only 3 profiles present in most of the cars...
Correct, though one has to remember that the BT communications is always limited to the car's infotainment system (HU, Stereo, Integrated whatchamacallit), not ANY of the other ECUs (there are upwards of 40 ECUs, some visible, some not). Only Integrated infotainment systems query some ECUs over CAN for getting some information and putting it on MFDs.

Forget Engine Management ECU - no sane control system designer will put an unreliable wire-connection replacement just because there is BT around. The reason is quite simple, even if it is for an RR or a Bentley: BT increases the ECU cost without giving ANY benefit over a wired connection.

BT was originally designed as a wire replacement wherever there were long wire runs connecting instrumentation to the controls in Power Generation and Industrial Control. Even there it didn't succeed. Of course the reason was different - too much electrical noise practically in the field). LOL maybe McApee should look at wherever BT is deployed in the field in those applications. Quite likely there are more such installations than cars. Who knows - some hacker may switch off the Power Station or change the frequency or voltage or something like that?

F1 engine management systems talk back to the pit systems via radio. But ... they only report some data back (telemetry), and do not accept any commands that influence engine behavior. Wouldn't it be more profitable malicious behavior - if McAfee has any clue - to influence engine behavior (think Betting)??? Maybe they should start scaring Bernie of the possibilities!!!

Quote:
Originally Posted by NetfreakBombay View Post
... For example this vulnerability was discovered in 1999 by black box scenario: ...
Err... though I didn't read the whole paper, this is about a double bit error in transmission. At most one would get erroneous data at physical network level, which all communications layer designers (for Control Systems) take care of by throwing out implausible data.

Didn't understand what has it got to do with vulnerability against malicious behavior induction?

Quote:
Originally Posted by NetfreakBombay View Post
This product is directed towards manufacturers and integrates (Bosch/ Mitsubishi et el).

Fear mongering is directed towards PR.
Absolutely. And the manufacturers/integrators will just laugh it off. ECUs used in cars, almost all of them, don't use a COTS RTOS. Many don't have an RTOS. On the other hand, McAfee has to spend a few 10's of million USD to find out a vulnerability to cover. Not a viable economic venture by a long shot - wish them all success. Sound bytes cost nothing - such public expressions are soon forgotten, and the world moves on.

Reminds me of M$'s desperate attempts at replacing Mainframes with WinTel boxes. One veteran m/f user laughingly mentioned on a forum "WinTel guys wouldn't know a mainframe from a pocket calculator even if someone hit them over the head with it"!!! Obviously they didn't succeed (some Unix boxes did, though, but that is a fraction of the world's m/f count).

What one has to realize is how much CONTROL is allowed by ECU designers to outside influence (via whatever protocol or interface) - NONE whatsoever. CAN is only the physical layer implementation of a simple principle: ask a question, get an answer (and an associated action, if provided). Like in any object oriented system, if there is no handling method provided inside an object, all such queries are just ignored by the object one queries. The principle was the same in the generation previous to CAN/OBD too: KWP2000.

So, if there is NO handling method / action provided in an ECU, what will a malicious attempt achieve? Diagnostic connections, whether over BT or wired connection, can only ask questions they are ALLOWED TO. If in real desperation one tries to replace the whole blessed map in the engine ECU while the car is running, the ECU will reject any such requests. Sure, it is possible at rest, but one doesn't need a virus to do it, right? It will only make the engine behave funnily after that, since the ECU will most likely go into 'limp-home' mode because of internal implausibility checks on the map.

Lastly, ONE insider is of no use in this scheme of affairs - you need to win over at least 20-30 people in the chain to make them collude in sending out deliberately vulnerable code. Would they risk their (and their company's) reputation on such a frivolous thing? I don't think so.

Last edited by DerAlte : 13th September 2011 at 20:49.
DerAlte is offline   (2) Thanks Reply With Quote
Old 13th September 2011, 23:18   #29
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Of course, McAfee's intentions are marketing PR related, but this issue is going to become real as cars get integrated with wireless networks.

Quote:
Originally Posted by DerAlte View Post
What one has to realize is how much CONTROL is allowed by ECU designers to outside influence (via whatever protocol or interface) - NONE whatsoever.
That is not true anymore.

Cars that are on lease are routinely fitted with remote monitoring systems that can send various commands over cell networks. That includes Engine shutdown.

Hacker Disables More Than 100 Cars Remotely | Threat Level | Wired.com

In this case, it was not "Hacked", employee just knew the password. But car was connected to net and was receiving commands.

Similarly, most GPS trackers that are sold in India, so not encrypt SMS that are sent to remotely disable the cars. All such cars are easy pray if someone knows cell number assigned to SIM used by device.
NetfreakBombay is offline   Reply With Quote
Old 13th September 2011, 23:57   #30
BHPian
 
Tejas Ingle's Avatar
 
Join Date: Dec 2010
Location: Pune
Posts: 272
Thanked: 301 Times
Default Re: Hackers could make your car unsafe and expose to dangers

Quote:
Originally Posted by dhanushs View Post
Relax!!.. I don't think a hacker can access the ECU, via bluetooth in the ICE.

P.S - Experts with knowledge on how this can be done, or any experience, please enlighten!
Quote:
Originally Posted by mayankjha1806 View Post
I agree with @dhanushs, i don't think there is any capability to pass any malicious code into the ECU through the Bluetooth. I am sure they have made it reasonably full proof from that aspect. Yes if someone can hook up a wire through some other interface and interfere with ECU settings then there is a case but to do that you need to open the car first. So i would rather relax and enjoy the Bluetooth.
Quote:
Originally Posted by headers View Post
boss, most modern cars [ecu] use CAN protocols and have proprietary handshakes..hence it is near impossible to crack into them.

What the internet says may be a stray case !!
Quote:
Originally Posted by julupani View Post
Impossible it is not. It is very very difficult though, not something that is at all easy to do.
Quote:
Originally Posted by headers View Post
I believe it is impossible to break into a ECU from outside via BT
IMO, it is possible to play with onboard control units remotely. This is possible in high end cars starting from entry level luxury cars. It is not possible in lower end cars.
This is because there is a separate control module to control each system eg. ECU, air-bag control module etc. All these modules are networked together by CAN (Controller Area Network). This is done to reduce the wiring, reduce complications etc. One important advantage of this system is that a single signal can be used by multiple control units. For instance, vehicle speed is detected by sensors and is communicated to ESP control unit. The ESP uses this information as well as converts it into digital form and transmits it over the CAN. From CAN this information is accessed by ECU, instrument cluster unit, air-bag unit, EPS unit etc. Similarly, when the driver turns the key to start the car, a digital signal is sent to ECU which in turn actuates fuel pump, starter etc to start the car.
Now if I have to stop a running car, I just have to duplicate the signal generated by the Electronic ignition control unit to stop the car, and put that signal over the CAN. The ECU will follow the instructions.
These signals are encoded and is difficult to be decoded. But if I have to play with it, I will find a way to do it.
In modern cars, every single system from ICE to ECU are connected to CAN.
Tejas Ingle is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Facts or Myths....Expose the truth sforsarang Technical Stuff 20 15th April 2015 09:24
Dangers of flicking Cigarette Ash out of a vehicle ashwin.terminat Street Experiences 39 28th August 2014 15:42
Goa water unsafe for bathing and fishing 2500cc Shifting gears 8 1st July 2011 21:43
ALERT : Pak hackers planning attacks on Indian networkst : ms001 Shifting gears 1 6th January 2009 11:00
dangers on the expressway speedsatya Shifting gears 1 17th October 2004 03:43


All times are GMT +5.5. The time now is 20:03.

Copyright ©2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks