Go Back   Team-BHP > Under the Hood > Technical Stuff


Reply
 
Thread Tools Search this Thread
Old 21st July 2015, 22:58   #31
BHPian
 
Join Date: Apr 2014
Location: Chennai
Posts: 203
Thanked: 214 Times
Default Re: Car Hacking

It will be a concern when a manufacturer is stupid enough to connect the engine control to the internet. Otherwise, it will be a concern only if a malicious person gets physical access to the car. In that case the malicious person can cause damage without hacking, but hacking can potentially enable subtle/"delayed" effects, maybe even enable remote controlling the car... [edit] reading the article, it looks like there was a vulnerability that let them communicate with the engine via the entertainment unit. Not sure how widespread such a "feature" is, or why Chrysler thinks the entertainment system should have any linkage with the engine. Their previous exploit involved wiring a PC to a car's onboard diagnostic port, but this one, they say, requires only knowledge of the car's IP address! One hopes manufacturers will take note and insulate the engine from other electronics.

Last edited by rsidd : 21st July 2015 at 23:03.
rsidd is offline   Reply With Quote
Old 22nd July 2015, 08:50   #32
BHPian
 
Cowardly Lion's Avatar
 
Join Date: Apr 2012
Location: New Delhi
Posts: 46
Thanked: 41 Times
Default

A software can be robust but not impregnable. Look at Microsoft. They have been at it for years and still routinely we d/l patches. If it's a work in progress with them then the car companies are certainly not gonna be able to find this holy grail.
Carjacking is one thing but crippling a car in Delhi while sitting in Karachi is a whole new world. It is not about stealing but could create a whole new level of susceptibility.

Smart cars are upon us whether we like it or not and advances in technology will ensure that they will keep on getting smarter (). Cars will be connected to the net eventually.
http://in.norton.com/yoursecurityres...d=car_computer
Cowardly Lion is offline   Reply With Quote
Old 22nd July 2015, 10:03   #33
BHPian
 
Join Date: Nov 2009
Location: Bangalore
Posts: 602
Thanked: 183 Times
Default Re: Hacking into a car's software to gain control of it

Couple of hackers gaining control of a Jeep in motion over internet. Truly scary.

WindRide is offline   (3) Thanks Reply With Quote
Old 22nd July 2015, 11:19   #34
BHPian
 
Join Date: Sep 2007
Location: Chennai
Posts: 294
Thanked: 14 Times
Default Re: Car Hacking

Quote:
Originally Posted by rsidd View Post
It will be a concern when a manufacturer is stupid enough to connect the engine control to the internet. ...
I would like to respectfully disagree. Imagine upgrading your car by updating the firmware of your car. Already manufacturers like Tesla are discussing this feature. Connected cars will be the future.

The article and researchers are highlighting the lack of security on a car in production. All manufacturers should awake to this and incorporate security features. Its disheartening to see Chryslers response to the researchers inputs.

In future, car safety aspects should not be limited to only crash tests but also vulnerability tests. A simple option could be to give a control to the driver to override auto mode and switch to manual mode completely. (similar to aeroplanes)
druva is offline   Reply With Quote
Old 22nd July 2015, 11:25   #35
Team-BHP Support
 
Eddy's Avatar
 
Join Date: Apr 2007
Location: Delhi
Posts: 7,251
Thanked: 4,364 Times
Default Re: Car Hacking

Are we talking of something like this ?

http://gadgets.ndtv.com/internet/new...ome-editorpick
Eddy is online now   Reply With Quote
Old 22nd July 2015, 11:34   #36
BHPian
 
Join Date: Apr 2014
Location: Chennai
Posts: 203
Thanked: 214 Times
Default Re: Car Hacking

Quote:
Originally Posted by druva View Post
I would like to respectfully disagree. Imagine upgrading your car by updating the firmware of your car. Already manufacturers like Tesla are discussing this feature. Connected cars will be the future.
If they do this they deserve the security flak (and, in countries like America, lawsuits) that they will inevitably get. Firmware upgrades for the entertainment system are one thing, but firmware upgrades for the ECU should be done only at an authorised shop. Or, at most, by a knowledgeable customer who has downloaded the firmware image on a computer and know how to do the upgrade by connecting to the onboard port. Not via the internet! All software that controls the functioning of the car needs to be insulated from the internet.
rsidd is offline   Reply With Quote
Old 22nd July 2015, 11:45   #37
Senior - BHPian
 
Join Date: Feb 2004
Location: Mumbai
Posts: 3,715
Thanked: 422 Times
Default Security experts hack into moving car remotely

Security experts used Fiat-Chrysler's telematics system Uconnect to hack into a moving Jeep.

Quote:
they turned on the Jeep Cherokee's radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.
Quote:
cybersecurity researchers have shown they can use the Internet to turn off a car's engine as it drives
Like with Smartphones, Fiat-Chrysler have come out with a security patch to plug this loophole. Where are we heading?!

Report from Reuters.

Last edited by amit : 22nd July 2015 at 11:47.
amit is offline   (4) Thanks Reply With Quote
Old 22nd July 2015, 11:55   #38
BHPian
 
Join Date: Dec 2010
Location: Mumbai
Posts: 188
Thanked: 83 Times
Default Re: Hacking into a car's software to gain control of it

Quote:
Originally Posted by WindRide View Post
Couple of hackers gaining control of a Jeep in motion over internet. Truly scary.
This is scary. Some points to note.
1. The head unit, touch screen or whatever it is called, must be connected to the public network/internet in some way. Wireless/3G/4G whatever and the hackers would require to first scourge the network to "search out" a suitable candidate i.e. the sacrificial lamb. Thankfully, it does not seem that one can hack this vehicle whenever it passes a doorstep/toll booth/restaurant. That would have been really freaky.

2. The OS/software on the head unit inherently has some vulnerability which has been exploited to "get access" into the head unit.

3. Once the OS access has been established, it is a question of putting in malicious piece of software which remotely accepts the commands and issues them on the vehicle's software/control bus. Frankly one need not know the exact bits and bytes of the protocol, all one needs to do is the ability capture and playback on demand the command sequences.

4. The question is how secure is the vehicular software bus and the head unit to these types of attacks.

I guess there would be many more points to chew on.
cyberwhizs is offline   Reply With Quote
Old 22nd July 2015, 13:42   #39
BHPian
 
Join Date: Apr 2014
Location: Chennai
Posts: 203
Thanked: 214 Times
Default Re: Hacking into a car's software to gain control of it

Interesting G+ thread here, particularly these comments from Michael Mol:
Quote:
My step-dad helped write the code for these sorts of systems. He quit when he was asked to do implement functionality in a way he considered unsafe and unethical. And he's borderline anarcho-capitalist, if that tells you anything. Two big parts of the problem:

1) The engineers warn about these things, are told to stuff it.
2) Fines won't make a single bit of difference; auto manufacturers simply pass those costs on to the purchasers of the vehicles.
...

The problem isn't with the head unit being on the CAN bus. I actually would want that...I'd like to get Torque running on an Android head unit connected to my CAN bus.

The problem is that the CAN bus is legally required to expose functionality that, well, makes it unsafe. Well, that and the way it's exposed. The receiver of a packet is supposed to send its response by modifying the sender's packet on the bus while the sender is still transmitting it. No checksums, sender validation, nothin. And while I haven't devoted a ton of thought to it, I don't know how you'd even add integrity and authenticity checks to a bus that operates that way....

The problem is that the manufacturers have already calculated the risk and expense of recalls and lawsuits, and decided it's cheaper to manipulate the engineers into building safety-critical features into a non-safety-critical-supporting platform and play the odds on recalls and lawsuits than to pay the engineers to build a secure system on principles of safety. (And it is expensive...in large part because you can't have a standardized platform when you have to work with bleeding edge silicon for which a properly-working SDK hasn't yet been developed. And if you don't use that bleeding edge silicon, your offering for an infotainment system will look paltry compared to a competitor's, and you won't get the job.)
rsidd is offline   Reply With Quote
Old 22nd July 2015, 15:25   #40
Senior - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 2,889
Thanked: 5,677 Times
Default Re: Security experts hack into moving car remotely

The solution is relatively simple in nature. Essential systems (e.g. steering, brakes etc) should be completely (physically) seperated from all the none essentials, e.g. radio.

Remarkebly, even on many modern airplanes that offer for instance WiFi access for passengers this is not the case.

Anything that cant be accessed (for lack of physical means) can't be hacked. Its that simple. Unfortunately, the IT crowd still believes that a logical separation is the same as a physical seperation, it is not.

Having said that, I'm not that concerned. I would like to understand a bit more in depth what it is they actually did. Especially the bit about how they issue commands to the engine and such. Here a lot of text on this little escape with remarkeble little technical information

http://www.wired.com/2015/07/hackers...-jeep-highway/

By the way, being able to remotely disable the engine is nothing new at all. In some countries (US States) it is considered a safety feature, so the cops can safely bring a vehicle to a full stop.

Jeroen
Jeroen is offline   Reply With Quote
Old 22nd July 2015, 15:31   #41
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,375
Thanked: 315 Times
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by Jeroen View Post
The solution is relatively simple in nature. Essential systems (e.g. steering, brakes etc) should be completely (physically) seperated from all the none essentials, e.g. radio.
This is not possible since the same user interface needs to control both. E.g. :

1. Touch screen interface controls Audio as well as HVAC
2. Same interface Tunes suspension
NetfreakBombay is offline   Reply With Quote
Old 22nd July 2015, 16:45   #42
BHPian
 
Cowardly Lion's Avatar
 
Join Date: Apr 2012
Location: New Delhi
Posts: 46
Thanked: 41 Times
Default

Quote:
Originally Posted by rsidd View Post
If they do this they deserve the security flak (and, in countries like America, lawsuits) that they will inevitably get. Firmware upgrades for the entertainment system are one thing, but firmware upgrades for the ECU should be done only at an authorised shop. Or, at most, by a knowledgeable customer who has downloaded the firmware image on a computer and know how to do the upgrade by connecting to the onboard port. Not via the internet! All software that controls the functioning of the car needs to be insulated from the internet.

An ECU update at an authorised outlet is no protection. The weakest link and all that....

These days smart phones get connected to headsets automatically. Soon these headsets will be employed to display ECU data and that is where the primary gateway into the vehicle appears -->smartphone --> headset --> ECU
Cowardly Lion is offline   Reply With Quote
Old 22nd July 2015, 17:47   #43
Senior - BHPian
 
Join Date: Mar 2006
Location: mumbai
Posts: 1,945
Thanked: 1,877 Times
Default Re: Security experts hack into moving car remotely

What is the purpose of leaving redundant code interfacing entertainment system with steering, brakes or engine? Doesn't make much sense. Unless we are talking about a on the fly 4x4 control, suspension control and abs traction control possible using a touch screen. And that touch screen capable of being remotely controlled by a smart phone or such.

I don't know why these software developers run after enabling everything on a smart phone. It is such an insecure device, capable of beings hacked or stolen.
apachelongbow is offline   (1) Thanks Reply With Quote
Old 23rd July 2015, 08:56   #44
Senior - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 2,889
Thanked: 5,677 Times
Default Re: Security experts hack into moving car remotely

This journalist that apperently drove this car also reported that these hackers managed to completely disable the brakes and the car ended in a ditch.

I'm not familiar with these new Jeep Cherokees (only owned a 1998 Cherokke), but as far as I'm aware on any car the basic brake system is still hydraulics/mechanical. There is obviously a booster which usually works on vacuum and then there could be all sorts of electronics involved in functions such as ABS. Disabling the electronics, would/should never disable the actual brake function, which is still hydraulically/mechanically operated.

Anybody any thoughts on how you can remotely disable a brake system on a car? If they were able to shut down the engine, you are most likely to quickly loose the vacuum and thus the boost, but you still have normal braking capabilities, you just need to push the brake pedal harder.

Jeroen
Jeroen is offline   Reply With Quote
Old 23rd July 2015, 09:41   #45
BHPian
 
Join Date: Dec 2013
Location: Ahmedabad
Posts: 82
Thanked: 114 Times
Default Re: Hacking into a car's software to gain control of it

And I thought this was stuff of the movies. I read the article of the car being controlled remotely and the first thing that came to mind was the chase sequence in Fast & Furious 6 where after hacking into Interpol HQ at London, when the bad guys were being given a chase by Toretto's people in BMWs they fire a remote transmitted and use it to jam the brakes on these cars.

But given that we are talking about the future of cars and Internet of Things, being able to control a car remotely will surely be one of the requirements.

Like they say, if its on the net, it can be hacked into. As the industry matures, I am sure loopholes or vulnerabilities will be plugged in - Fingers crossed

Last edited by GJ01 : 23rd July 2015 at 09:51. Reason: Spellcheck
GJ01 is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic Hacking : One driver improving traffic sandys Street Experiences 19 29th July 2016 20:04
A Device that can control all my gadgets / Universal Remote Control a4_attitude Gadgets, Computers & Software 28 24th August 2011 11:10
Best Version Control Software for Designers? Red Liner Gadgets, Computers & Software 13 16th June 2009 18:24
Software Dev. Engineer v/s Software Test Engineer DCEite Shifting gears 50 14th April 2008 13:10


All times are GMT +5.5. The time now is 10:24.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks