Go Back   Team-BHP > Under the Hood > Technical Stuff


Reply
 
Thread Tools Search this Thread
Old 23rd July 2015, 11:52   #46
BHPian
 
Join Date: Feb 2012
Location: BLR/SAN
Posts: 124
Thanked: 227 Times
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by Jeroen View Post
Anybody any thoughts on how you can remotely disable a brake system on a car? If they were able to shut down the engine, you are most likely to quickly loose the vacuum and thus the boost, but you still have normal braking capabilities, you just need to push the brake pedal harder.

Jeroen
Most actuators in the car can be controlled through the System CAN bus. There are some protections to avoid running malicious code to access the safety CPU and thereby accessing the system bus but for a dedicated hacker it is fairly straight forward. Unfortunately it is not some thing that can/should be discussed in a public forum.
I have seen cars been hacked before, just not publicized. Actually one of the group just to prove to us that it is possible, hacked a rental car which they had rented the same day from the airport. Although they needed a access to the system through diagnostic port, as the car didn't have telematics.

Last edited by acurafan : 23rd July 2015 at 11:53.
acurafan is offline   Reply With Quote
Old 23rd July 2015, 13:28   #47
Senior - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 2,786
Thanked: 5,343 Times
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by acurafan View Post
Most actuators in the car can be controlled through the System CAN bus. There are some protections to avoid running malicious code to access the safety CPU and thereby accessing the system bus but for a dedicated hacker it is fairly straight forward. Unfortunately it is not some thing that can/should be discussed in a public forum.
I have seen cars been hacked before, just not publicized. Actually one of the group just to prove to us that it is possible, hacked a rental car which they had rented the same day from the airport. Although they needed a access to the system through diagnostic port, as the car didn't have telematics.
Specifically on the brakes; there is (my understanding) a mechanical linkage between the brake pedal and the brake master cilinder and then a hydraulic linkage (via ABS pumps etc) to the actual brakes. So how can that be disabled remotely?

Anybody familiar with the brakes on this Jeep?
R jeroen
Jeroen is offline   Reply With Quote
Old 23rd July 2015, 14:20   #48
Distinguished - BHPian
 
DerAlte's Avatar
 
Join Date: Mar 2007
Location: Bangalore
Posts: 8,068
Thanked: 2,866 Times
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by Jeroen View Post
This journalist that apperently drove this car also reported that these hackers managed to completely disable the brakes and the car ended in a ditch. ...
Perhaps he didn't know / remember that with engine off there is no brake boost and one has to press harder.

Quote:
Originally Posted by Jeroen View Post
... as far as I'm aware on any car the basic brake system is still hydraulics/mechanical. There is obviously a booster which usually works on vacuum and then there could be all sorts of electronics involved in functions such as ABS. Disabling the electronics, would/should never disable the actual brake function, which is still hydraulically/mechanically operated.

Anybody any thoughts on how you can remotely disable a brake system on a car? ...
You are right/ Lack of boost is the only plausible reason that one feels the brake is disabled. The only other way is to hack into the ABS ECU and flag all valves to Open state (the ECU will report this as error - watchdog loop which checks for anomalies). But, that is not a trivial task - considering the ABS ECU doesn't have any open interfaces to communicate over.
DerAlte is offline   (1) Thanks Reply With Quote
Old 23rd July 2015, 15:44   #49
Senior - BHPian
 
Join Date: Mar 2006
Location: mumbai
Posts: 1,945
Thanked: 1,876 Times
Infractions: 0/1 (9)
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by Jeroen View Post
This journalist that apperently drove this car also reported that these hackers managed to completely disable the brakes and the car ended in a ditch.

Jeroen
Just saying, imagine having the new fangled green car with hybrid technology, connected to the Internet via smart phone and all kinds of gizmos, having regenerative breaking capability where in the electric motor reverses to act like a brake. What if the hacker ensures that your electric motor free wheels or even accelerates when you brake????

Last edited by Technocrat : 23rd July 2015 at 20:45. Reason: Please quote selectively as a long quoted post causes inconvenience to our mobile readers, thanks
apachelongbow is offline   Reply With Quote
Old 23rd July 2015, 19:26   #50
BHPian
 
Join Date: Feb 2012
Location: BLR/SAN
Posts: 124
Thanked: 227 Times
Default Re: Security experts hack into moving car remotely

Quote:
Originally Posted by Jeroen View Post
Specifically on the brakes; there is (my understanding) a mechanical linkage between the brake pedal and the brake master cilinder and then a hydraulic linkage (via ABS pumps etc) to the actual brakes. So how can that be disabled remotely?

Anybody familiar with the brakes on this Jeep?
R jeroen
You may want to read this
http://illmatics.com/car_hacking.pdf

In fig 6, page 19 you can see which ECUs can be accessed through HS-CAN and regular CAN.
The attack on braking system is discussed around page 54. Anti-locking Brake ECU can be accessed through HS-CAN bus. There is a diagnostic command to bleed brakes, the author is talking about Ford here but it will probably be the same for GM. When the command is issued, one cannot depress the brake pedal. Only catch is that the command can be issued only when the vehicle is moving at less than 5 mph. Therefore I can see why the vehicle didn't stop and end in the ditch.
acurafan is offline   (1) Thanks Reply With Quote
Old 24th July 2015, 05:54   #51
BANNED
 
Join Date: Dec 2011
Location: Chennai
Posts: 818
Thanked: 1,647 Times
Default Re: Hacking into a car's software to gain control of it

Audi is going to make it easier for folks to hack Into your car with their "self parking cars".

Hack and steal would be the new tag line:

VeyronSuperSprt is offline   Reply With Quote
Old 24th July 2015, 08:24   #52
Senior - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 2,786
Thanked: 5,343 Times
Default

Quote:
Originally Posted by acurafan View Post
Most actuators in the car can be controlled through the System CAN bus. There are some protections to avoid running malicious code to access the safety CPU and thereby accessing the system bus but for a dedicated hacker it is fairly straight forward. Unfortunately it is not some thing that can/should be discussed in a public forum.
.

Actually, these discussions are very much on public forums already see the post from Acurafan. It is what Internet is all about. There is of course a downside to it, but in general I believe openness and transparency are good. I for one, would really like to understand and make up my own mind what is possible, how difficult is it etc.

I don't have any great confidence in either the hacker stories or the manufacturers counter claims to speak. Anybody that claims, trust me I know what I'm doing and doesn't provide in depth insights, raises suspicion, at least with me.

Jeroen
Jeroen is offline   Reply With Quote
Old 25th July 2015, 14:03   #53
BHPian
 
Join Date: Apr 2014
Location: Chennai
Posts: 202
Thanked: 214 Times
Default Re: Hacking into a car's software to gain control of it

Fiat-Chrysler has issued a recall for 1.4m vehicles, to update the software and (presumably) stop the hack. But the real problem is the lack of separation between the engine and the radio. Will they (and other manufacturers) take this more seriously in future cars?
rsidd is offline   Reply With Quote
Old 28th July 2015, 10:50   #54
BHPian
 
Join Date: Oct 2013
Location: Mumbai
Posts: 158
Thanked: 48 Times
Default

Considering the fact that US legislators are setting their eye on implementing secure car legislations, the analysis brought forward in some of the threats that warn of danger signs deserve some merits and kudos rather than just getting into the critic war.

A buyer must be aware about any glitches, vulnerabilities or bugs in the automobile he/she is investing (perhaps for the buyer's lifetime ) in. And I won't hesitate to say that manufacturers for that matter must offer to fix these issues free of costs if not recall the affected cars.
TMRT is offline   Reply With Quote
Old 5th August 2015, 07:55   #55
BHPian
 
Join Date: Feb 2012
Location: BLR/SAN
Posts: 124
Thanked: 227 Times
Default Re: Hacking into a car's software to gain control of it

Quote:
Originally Posted by Jeroen View Post
I don't have any great confidence in either the hacker stories or the manufacturers counter claims to speak. Anybody that claims, trust me I know what I'm doing and doesn't provide in depth insights, raises suspicion, at least with me.
Jeroen
Some more details on the fiasco.
http://www.wired.com/2015/08/chrysle...int-jeep-hack/
acurafan is offline   Reply With Quote
Old 5th August 2015, 08:19   #56
Senior - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 2,786
Thanked: 5,343 Times
Default

Quote:
Originally Posted by acurafan View Post

Thanks for sharing. They are saying the exact same thing I mentioned in my first post on this topic. You need to have physical separation between the two systems. Whether this warrants a class action is not so much an automotive as more a cultural topic.


The fact that Chrysler recalled these vehicles for an software update doesn't prove much in terms of how vulnerable from a technical point of view the system really is/was. Companies are as much worried about Brand and PR damage as they are worried about technical facts.

We lived in the USA for three years and in many ways the original settler spirit and attitude is still very much present. You look after yourself and don't expect anything from anybody least the government. Against that mind set we never understood this also very American approach to sue first, sue hard, sue without facts approach to legislation.

If there is one thing all that live in the (self proclaimed) 'greatest nation in the world' agree upon is that going through formal legislation, i.e. Through court, doesn't necessarily bring the truth or attach blame or innocence in an appropriate, balanced matter. To much theatre, to much money, to many stakes involved etc. etc. really a shame for such a great nation.

Jeroen
Jeroen is offline   Reply With Quote
Old 18th November 2015, 02:23   #57
Newbie
 
Join Date: Oct 2015
Location: Indore
Posts: 24
Thanked: 42 Times
Default Re: Hacking into a car's software to gain control of it

Here's a list of most hackable cars:

http://www.dailymail.co.uk/sciencete...-hijacked.html
rusticnomad is offline   Reply With Quote
Old 21st January 2016, 10:35   #58
BHPian
 
Join Date: Oct 2013
Location: Mumbai
Posts: 158
Thanked: 48 Times
Default Re: Hacking into a car's software to gain control of it

This month's InfoSec Magazine by ISC2.org has an interesting read on this topic which makes me believe there is a great momentum happening in this area.

Some direct quotes from the article:

"Over the coming years, information security professionals will have increased contact with connected vehicles of all classifications. Turning a car or truck into a data communications hub makes it more plausible that connected vehicles—executive fleets, freight carriers, utility trucks—
will, by degrees, fall under the supervision and oversight of chief security officers and their ICT management colleagues, who would bear some responsibility for protecting them from cyberattacks and ensuring data assurance."

"Connected vehicles of all kinds are increasingly using mainstream IT operating environments in preference over the proprietary software systems found on earlier generations"

What the second quote means is tech savvy mind of next generation will have to do less to exploit open systems in automobiles unless secured using strong counter measures. E.g. What I used as specialist tools few years back have become mainstream tools for troubleshooting connectivity problems that any user would use to solve internet connectivity issues from his home.

The article also alludes to SPY CAR ACT 2015 brewing in the States that I referenced in my earlier post.

With Honda introducing HondaConnect with the mission of "24x7 connectivity support for safety security and convenience" one wouldn't think that all automakers are passive indeed as cited in a whitepaper titled "Automakers Remain Passive as Government Take Action" in that article.


reference: January-February 2016 Infosecurity Professional Magazine

Last edited by TMRT : 21st January 2016 at 10:38.
TMRT is offline   Reply With Quote
Old 2nd August 2016, 16:11   #59
Senior - BHPian
 
hserus's Avatar
 
Join Date: Sep 2014
Location: Chennai
Posts: 1,495
Thanked: 1,391 Times
Default Re: Hacking into a car's software to gain control of it

This "internet of things" fetish extending to cars means you have fully mobile, high speed botnets to go with the ones that merely stay in one place like infected PCs and laptops.

Here is a new example of just how right ISC2 is - http://www.zdnet.com/article/hackers...elong-to-them/ - break into the CAN bus of a Jeep Cherokee and gain control of the brakes. Right now, physical connectivity but the way things are going, it is likely to be quite possible over the internet.

Last edited by hserus : 2nd August 2016 at 16:15.
hserus is offline   Reply With Quote
Old 14th May 2017, 18:38   #60
BHPian
 
Join Date: Jun 2006
Location: Chennai
Posts: 36
Thanked: 35 Times
Default Car Hacking! It's Real!!

Yesterday, when I was reading about the recent ransomware attack 'WCry / Wannacry' on computers worldwide, I stumbled upon this 2 year old video, wherein the hackers (here reasearchers Charlie Miller and Chris Valasek) demonstrate remotely activating Air conditioning, Wipers, fans including stopping the engine in a car on highway.



I further read Chrysler has patched the software for this particular bug but as cars are becoming more and more Automated / Controlled electronically and connected to Internet, soon it may be a reality when hackers can intrude into you car and demand ransom for it to move further.

In a follow-up article in wired.com they say “There will almost certainly continue to be remote vulnerabilities in the future”

The complete article is in the link below:
https://www.wired.com/2016/08/jeep-h...eration-hacks/

In the above link you can find the video below that hackers (researchers) controlling steering through a laptop, although while sitting inside the car and connected physically.



Although the article says "A careful driver with two hands on the wheel could also overpower the steering attack". But as the cars becoming more and more Automated, it is natural that drivers will become lethargic over a period of time. They may not be 100% alert, like when they drive the car all through by themselves. Even the common, Internet-connected insurance insurance dongles plugged into vehicles’ dashboards could create the same remote hacking vulnerabilities, the article states.

Just imagine subscribing to 'Anti-virus' software for your car! Hope the Cars would not become as vulnerable as today's computers!
batman is offline   (3) Thanks Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic Hacking : One driver improving traffic sandys Street Experiences 19 29th July 2016 20:04
A Device that can control all my gadgets / Universal Remote Control a4_attitude Gadgets, Computers & Software 28 24th August 2011 11:10
Best Version Control Software for Designers? Red Liner Gadgets, Computers & Software 13 16th June 2009 18:24
Software Dev. Engineer v/s Software Test Engineer DCEite Shifting gears 50 14th April 2008 13:10


All times are GMT +5.5. The time now is 20:33.

Copyright ©2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks