Wednesday, March 16, 2011

I for one welcome our pwn3d robotic car Overlords

That's not a Photoshop.

The rush to computerize your car is basically over, which means the rush to pwn it has begun in earnest.  Fortunately (for the Bad Guys), security was never part of the design - for example, all of the non-critical components (like cell phones, music players, and GPS nav units) are on the same network as the critical ones (brakes, throttle, transmission control).

I mean, what could possibly go wrong?

Researchers who have spent the last two years studying the security of car computer systems have revealed that they can take control of vehicles wirelessly.

The researchers were able to control everything from the car's brakes to its door locks to its computerized dashboard displays by accessing the onboard computer through GM's OnStar and Ford's Sync, as well as through the Bluetooth connections intended for making hands-free phone calls.
Sigh.

Yes, I've been harping on this for some time now, but that's about as precient as predicting that the Sun will come up in the east or that Democrats will raise taxes.

So you might want to rethink that sweet Z4, and get one of these instead.  At least it can't get hacked wirelessly.

10 comments:

Bob said...

There ya go. My car exactly. Exact year, exact model, exact configuration, exact color. Bravo!

Bob said...

Dream car. Let me make that perfectly clear.

Raptor said...

Very nice choice. I'm partial to the '69 GTO in Windward blue myself.

North said...

What idiot engineer would put essentials on the same bus (CAN or LIN or whatever) as a wireless device? I take that back. Engineers love good solutions. This was a management decision.

Borepatch said...

I love that car, Bob.

[Wayne's World]Some day, she will be mine. Oh, yes.[/Wayne's World]

North, it's not a design I'd want my name associated with.

However, OnStar advertises that they can remotely unlock the doors, turn the engine on/off, etc. Unless the security of that is very well thought out, your attack surface will be large.

Irish said...

Borepatch, you will also be able to drive your GTO after an EMP attack :)

(at least for awhile )

Keads said...

Yeah, stuffing everything on the CAN bus is problematic.

Nice Goat!

Cliff Smith said...

I had a 67 GTO in 1967. It lasted untill 12/7/69, when it was eaten by a boxcar on the westbound hump in Enola yard. It would s**t and git. It was burgundy, had 4 in the floor, 400 cin engine, Hurst shifter, 4-11 positraction rear, am fm stereo radio with reverb.

aczarnowski said...

When my wife and I saw the first commercial for OnStar we looked at each other and both said the exact same thing - no way ever. And Microsoft in your car was a joke long before Ford actually did it.

*shakes head*

I don't blame the engineers so much as the designers, marketing and customers that buy these things. What the hell is wrong with people?

Ian Argent said...

Why waste resources implementing a parallel communications bus when we have this one handy? Plus, it'll let us do nifty keen stuff, and put telemetry onto your home network, and, and, and...

Just because they're an engineer doesn't make them security conscious. And as a post at ESR just pointed out, EE's make the grodiest hacks when they code - every bit is precious after all.