With hacking, music can take control of your car

Discussion in 'User Submitted News' started by Kwartel, Mar 12, 2011.

Mar 12, 2011
  1. Kwartel
    OP

    Member Kwartel The fairest in all the land

    Joined:
    Apr 11, 2009
    Messages:
    1,298
    Country:
    Netherlands
    From: www.itworld.com
    With hacking, music can take control of your car
    by Robert McMillan
    March 10, 2011 —

    About 300 years ago, the English playwright William Congreve wrote, "music has charms to soothe a savage breast, to soften rocks, or bend a knotted oak." This week we learned that it can also help hackers break into your car.

    Researchers at the University of California, San Diego, and the University of Washington have spent the past two years combing through the myriad computer systems in late-model cars, looking for security flaws and developing ways to misuse them. In a new paper, they say they've identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.

    But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. "It's hard to think of something more innocuous than a song," said Stefan Savage, a professor at the University of California.
    Last year Savage and his fellow researchers described the inner workings of the networks of components found in today's cars, and they described a 2009 experiment in which they were able to kill the engine, lock the doors, turn off the brakes and falsify speedometer readings on a late-model car.

    In that experiment, they had to plug a laptop into the car's internal diagnostic system in order to install their malicious code. In this latest paper, the objective was to find a way to break into the car remotely. "This paper is really about how challenging is it to gain that access from the outside," Savage said.
    They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. "The easiest way remains what we did in our first paper: Plug into the car and do it," he said.

    But the research shows how completely new types of automotive attacks could be on the horizon. For example, thieves could instruct cars to unlock their doors and report their GPS coordinates and Vehicle Identification Numbers to a central server. "An enterprising thief might stop stealing cars himself, and instead sell his capabilities as a service to other thieves," Savage said. A thief looking for certain kinds of cars in a given area could ask to have them identified and unlocked, he said.

    In their report, the researchers don't name the make of the 2009 model car they hacked.

    Savage and the other researchers presented their work to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, which is studying the safety of electronic automotive systems in the wake of last year's massive Toyota recall. That recall was prompted by reports of unintended acceleration in Toyota vehicles, a problem that was once thought to have been connected to electronic systems but ultimately was blamed on floor mats, sticky gas pedals and driver error.
    With the high technical barrier to entry, the researchers believe that hacker attacks on cars will be very difficult to pull off, but they say they want to make the auto industry aware of potential problems before they become pervasive.

    Car hacking is "unlikely to happen in the future," said Tadayoshi Kohno, an assistant professor with the University of Washington who worked on the project. "But I think the average customer will want to know whether the car they buy in five years ... will have these issues mitigated."

    Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it's unlikely to work on another. "If you're going to hack into one of them, you have to spend a lot of time, money and resources to get into one software version," said Brian Herron, vice president of Drew Technologies, an Ann Arbor, Michigan, company that builds tools for automotive computer systems. "It's not like hacking Windows, where you find a vulnerability and go after it."

    So far, carmakers have been very receptive to the university researchers' work and appear to be taking the security issues they've raised very seriously, Savage and Kohno said.
    Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

    IDG News Service[/p]

    [​IMG] Source

    I'm impressed. It's very logical if you think about it, but I would never come up with this idea.
     


  2. AlanJohn

    Member AlanJohn くたばれ

    Joined:
    Jan 6, 2011
    Messages:
    3,425
    Location:
    Canada,New Jersey
    Country:
    Ukraine
    ... First my PC, then my Iphone, then my PSP... NOW MY CAR???!?!?!?!?!
     
  3. Sausage Head

    Banned Sausage Head Lord Sausage LXIX

    Joined:
    Oct 28, 2010
    Messages:
    1,677
    Location:
    alanjohn check ur pm
    Country:
    Netherlands
    This helps the Earth so much, man.
     
  4. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,748
    Country:
    United Kingdom
    Wow I knew car security was lousy (speak to some of the people that create keys outside of the official manufacturers circles or have a fiddle with a decent ODBII tool) and a few people were toying with it but this is news to me.
    I do have a go at car hacking down the scrapyards as well- everything, even pointless things, these days is mapped to the ECU or worse and as such few can fix things so I thought I would have a go at reconditioning otherwise working kit (turns out it is not that hard). I might have to look further into this side of things though.

    On the other hand this is US car electrics which changes things a bit- if you thought US mobile phones were bad when compared to European, Australian or Asian stuff prepare to be shocked if you try the same thing with cars.

    Edit: might as well link up something else for the curious
    http://www.darknet.org.uk/2010/12/car-immo...yption-schemes/
     
  5. Kwartel
    OP

    Member Kwartel The fairest in all the land

    Joined:
    Apr 11, 2009
    Messages:
    1,298
    Country:
    Netherlands
    Just thought about it. It's actually really bad that your CD player has access to the motherboard.. I mean, it only has to give some sound and text to display!
     
  6. CannonFoddr

    Member CannonFoddr Regular GBATemp Lurker

    Joined:
    Sep 23, 2006
    Messages:
    4,106
    Location:
    Sitting by computer
    Country:
    United Kingdom
    It's all lies !!!!....

    Those researchers were paid by the Music companies to say this, so that we don't rip/download music in fear of trashing our cars... [​IMG]
     
  7. AlanJohn

    Member AlanJohn くたばれ

    Joined:
    Jan 6, 2011
    Messages:
    3,425
    Location:
    Canada,New Jersey
    Country:
    Ukraine
    ... If you think of it its kinda possible [​IMG]
     
  8. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    With the entire CAN bus available over the ODBII socket you can plug in an "ecu" and just drive off [​IMG] Some high end code readers can run some engines without even having an ECU connected.
     
  9. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,748
    Country:
    United Kingdom
    I suppose I will have to echo myself from earlier then cwstjdenobs (I really need to look further into this)- most of my fiddling with ODBII or EOBD was just to try and work around some of the vendor/manufacturer specific pins (or hack the DRM in their programs) or bring back some of the broken machines back to life (on that note if you ever meet the person that designed the rover test kit for their early 90's models if you would be so kind as to headbutt them I would really appreciate it). Equally some of the drive by wire stuff is also wound into all this I could have a proper remote control car.

    Wonder if we will have any more of those overconfident security companies doing "drive it away and you own it" advertising gimmicks.
     
  10. Coto

    Member Coto GBAtemp Addict

    Joined:
    Jun 4, 2010
    Messages:
    2,278
    Country:
    Chile
    Interesting share again bud.


    Here´s my thought.

    What happens if all the memory chips being used are read-only chip?

    Unless radio is connected (DATA, not electricity) to the mainboard circuitry, there shouldn´t be problems. But, seems they´ve been trying on-the-fly assembly routines, which sadly might affect a lot of components. Besides, .cda format is an executable format for CD player. And, I don´t see why most modern radios might need flash eeprom chips now.
     
  11. Godson777

    Member Godson777 Everyone's Favorite Blue Mario

    Joined:
    Mar 27, 2010
    Messages:
    394
    Location:
    idk
    Country:
    United States
    Wait, Music Hacking Cars? Whats next? DS Hacking 3DS?
     
  12. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,748
    Country:
    United Kingdom
    Some of the stuff was write once- people that use off the shelf encryption though tend to use off the shelf chips as well so that was not too bad (thankfully BGA is not big).
    As for radios they quite often support MP3 or even some video, ipods, bluetooth, have a GPS wound in there plus speed camera locations, radio station name storage, setup options storage (audio profiles) and more which all require a measure of storage and are open to various hacks- some of these things even run embedded versions of windows.

    Similarly cars are often all wound together as cwstjdenobs mentioned using the CAN bus- quite often only single control + power wires go round cars (it is also what means you get to program previously standalone devices or more likely pay through the nose to get some else to sort it when needing to replace them).
    Add in electric windows, variable door locks (think like some vans that only unlock drivers on the first click), multiple sound systems (parental controls), headset video, seat warmers, electric seat adjustment (or even better automated for different drivers), wing mirror adjustment, lights and car companies (having now been demonstrated to not have a clue on matters of electrics* or security) just stick it all through the same bus which led to this situation you are reading about now. I agree at present it is a so called movie plot threat but it does have interesting implications.

    *do not even get me started on lack of materials and mechanical knowledge in electrical systems- so often do I see looms turn into green dust or manage to break connections where the simplest tweak or just asking a passing engineer with a clue would have prevented it.


    @Godson777 any backwards compatibility options are one of the first places I look for such things. If you mean an actual DS providing the basis for a 3ds hack the DS lacks decent packet injection abilities (it is why the port of the likes of aircrack never amounted to much) but there is some precedent for such a thing (using compromised devices to facilitate easier further hacks).
     
  13. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    Sorry I was just pointing out it was possible, thought it might be an interesting bit of extra info.
     
  14. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,748
    Country:
    United Kingdom
    My apologies I never meant it as a retort/snub just as a "wow this gets even better".
     
  15. Hop2089

    Member Hop2089 Cute>Hot

    Joined:
    Jan 31, 2008
    Messages:
    3,810
    Country:
    United States
    No need for this what the world needs is some sound weaponry like in Macross 7.
     
  16. Fear Zoa

    Member Fear Zoa This... This is the world we live in

    Joined:
    Jun 18, 2009
    Messages:
    1,437
    Location:
    Maryland
    Country:
    United States
    Thats pretty cool, I always had a hunch these kind of cars could be hacked....its just a law of electronics unfortunately...
     
  17. Marlonguppy

    Member Marlonguppy GBAtemp Regular

    Joined:
    Jul 31, 2009
    Messages:
    181
    Location:
                                  
    Country:
    Netherlands
    The 'Highway to hell' is now for real! [​IMG]
     
  18. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    Or the weirding modules from Dune. I've always wanted a legitimate reason to use the line "My own name is a killing word.".

    But back on topic, the link FAST6191 posted makes me wish I'd bothered looking into that ages ago. I've had my suspicions for a while, but always thought there'd be no point checking. You know if I can think of brute forcing or simple replay attacks in a couple of seconds the high paid engineers at GM et al should have thought of it sort of thing. I guess this is more proof that you shouldn't overestimate big companies.
     
  19. ProtoKun7

    Global Moderator ProtoKun7 GBAtemp Time Lord Regenerations: 3

    Joined:
    Jan 3, 2009
    Messages:
    7,481
    Location:
    Gallifrey
    Country:
    United Kingdom
    [​IMG]
    It's so close to that stage now; maybe not the car itself, but that's a freaky amount of power. [​IMG]
     
  20. nando

    Member nando GBAtemp Addict

    Joined:
    Jan 1, 2008
    Messages:
    2,072
    Country:
    United States
    who plays CDs anymore?
     

Share This Page