Jump to content

Hackers take over Jeep

Anthony

By Anthony
in Competing Products

 Share

Recommended Posts

Anthony

Anthony

Posted
Posted

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

Scary stuff

 

Miller and Valaseks full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeeps brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say theyre working on perfecting their steering controlfor now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeeps GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

Link to comment
Share on other sites
fordmantpw

fordmantpw

Posted
Posted

Doing that on the highway, especially a busy interstate, is rather irresponsible. There are 100s of better choices to do a demonstration like that.

 

Are the brakes fully electric without mechanical backup? I thought they all had mechanical backup and didn't think they could be hacked. Hmmm...

Link to comment
Share on other sites
PREMiERdrum

PREMiERdrum

Posted
Posted

same thing goes for steering. Shouldn't I still be able to maintain control of the steering wheel as long as I have a hand on it? If not then that's absolutely ludicrous

 

Steer-by-wire is the new norm... Most of the things you touch to control the car are little more than video game controllers plugged into a big computer. Except, you know, with 4,000lbs of steel behind you.

Link to comment
Share on other sites
RichardJensen

RichardJensen

Posted
Posted

I saw that article earlier. Did some research. CANBUS is a horrible protocol.

 

I've read the specs. It is, without question, a horrible, antiquated, easily hacked, easily compromised insecure utterly worthless protocol. It's worse than SMTP, which I had thought was the worst network protocol in existence (I exaggerate).

 

You could not, if you tried, come up with a worse protocol than CANBUS (I'm not really exaggerating there).

 

The ONLY reason why people have not been hacking cars with zero day exploits over the past 10 years is because no engineer has compromised his/her employer by releasing the CANBUS codes outright, requiring hackers to spend lengthy amounts of time sniffing CANBUS traffic and matching it to vehicle activity, which requires that they first of all have almost unlimited access to a representative vehicle--which is not exactly easy.

 

If you want to make it incredibly difficult to hack vehicles, you have to replace CANBUS, and you have to harden the OBD II interface.

 

I'm talking entirely separate wiring, vehicle-specific data encryption (that is, a separate key for each individual vehicle), and an essentially one-way interface between essential systems and infotainment. Key-fob related features could work off frequency hopping so that a hacker cannot record a radio signal and use it to start the car w/o the fob.

 

In the extremely limited instances where infotainment needs to send data to the engine (air conditioning is the only system I can think of off the top of my head), the requests would be limited, and the system would incorporate a firewall and other protections intended to avoid crippling the system via a DOS attack through the one open port. Essential services could be configured with a handful of firewalls that would--to a certain extent--prevent a hacker from cutting into the essential service network and broadcasting tremendous amounts of garbage as part of a DOS attack on the network. Throttle, steering and brakes would not be wired into this network. The transmission & engine controllers would not communicate over this network either.

 

In the event the essential systems network is compromised, the vehicle could trigger a 'limp home' mode.

 

The infotainment bus would be restricted to the console, dash and any satellite controls/displays (as in CUVs). Every other system in the vehicle would be tied to the 'essential services' bus, and there would only be a single junction point where the essential services bus would broadcast a variety of data (vehicle speed, engine temp, external temp, etc.) and listen for an extremely limited set of instructions.

 

---

 

The goal here would be to do the following:

 

- Render essential systems as remote as practicable from infotainment both in terms of physical separation and information exchange.

- Encrypt essential systems to this extent:

--- A hacker must have physical custody of the hacked vehicle AND

--- The hacker must have physical custody long enough to decrypt the keys used to encode data exchanged on the essential system bus (because let's be honest, all you'd have to do is snip a wire and put a packet sniffer inline to start tracing essential service communications--it's not hard).

 

Ultimately, you want to make it *impossible* for hackers to create universal exploits and you want it to be *effectively impossible* to implant vehicle specific exploits.

 

Now granted, if you encrypt essential system traffic on the existing CANBUS network, you could claim that you've rendered it impossible to plant universal exploits, but that ignores the fact that any exploit that took control of the infotainment system would be able to jam the CANBUS network with garbage.

 

Of course, all of this will make cars more expensive.........

Link to comment
Share on other sites
RichardJensen

RichardJensen

Posted
Posted (edited)

My pitch in a nutshell:

 

Most secure 'ring'

TPS, steering wheel sensor and brake position sensors all wired directly into the PCM--they do not use the "ESN", although their data is encrypted.

 

ESN "Essential service network"

Various engine sensors, headlight/taillight controllers, cruise control, radar/camera systems, etc.

- Data encrypted using keys specific to that VIN

 

Infotainment network

Radio, climate control, navigation system, phone integration

 

Remote access devices

key fobs, etc.

- Data encrypted using spectrum hopping keyed to, say, the vehicle VIN (and you thought key fobs were expensive before!)

 

Fail-safe:

- "limp-home" mode which can be triggered either by the PCM itself based on conflicting data from TPS, brake, steering systems and other ESN sensors/controllers OR by hitting a 'panic switch' in the cabin for a preset length of time.

Edited by RichardJensen
Link to comment
Share on other sites
RichardJensen

RichardJensen

Posted
Posted

I don't know, CANBUS is so crappy, it should be retired on that basis alone. Did you know CANBUS isn't even capable of device addressing? That means that you can't even *route* CANBUS traffic. You need everything hooked up to everything else, just for a message to get from point A to point B.

 

And you have to pay a license fee to Bosch just to use that crappy protocol.

Link to comment
Share on other sites
fordmantpw

fordmantpw

Posted
Posted

I don't know, CANBUS is so crappy, it should be retired on that basis alone. Did you know CANBUS isn't even capable of device addressing? That means that you can't even *route* CANBUS traffic. You need everything hooked up to everything else, just for a message to get from point A to point B.

 

And you have to pay a license fee to Bosch just to use that crappy protocol.

 

OK, that's just crazy, and I agree with you now. It needs to be scrapped and completely replaced.

Link to comment
Share on other sites
fuzzymoomoo

fuzzymoomoo

Posted
Posted

 

That would be the system going out to the internet, not coming into the system from the internet. Firewalls are there to prevent the latter.

That makes sense. I would still be concerned if I had that feature though. If someone wanted to get in bad enough, they could theoretically get through that firewall eventually.
Link to comment
Share on other sites
akirby

akirby

Posted
Posted

What the windoze guy said. :)

 

There are two ways to secure that type of connection. One is to only allow outgoing connections from the car to the servers, not incoming connections. That would virtually eliminate the possibility of this type of hack. But sometimes you need to allow that type of connection for some push services like traffic notifications, etc.

 

The other is to use a firewall so that the car only accepts connections from the mfrs servers and also requires a secure login of some kind (passwords, ssh keys, etc.).

 

Hackers can still get in but it's a lot harder. And then you do what Richard suggests - make it so even if they get in they can't get to the critical components.

 

IT 101, guys. Not rocket science. But not something a PCM/Canbus programmer normally has to deal with.

  • Like 1
Link to comment
Share on other sites
RichardJensen

RichardJensen

Posted
Posted

BTW: Let's not pretend that these hackers are behaving at all responsibly here.

 

This notion that they can release portions of their code as a 'proof of concept' without enabling others to do exactly what they did is exactly the kind of stupidity that is represented by manufacturers insisting that these hacks are impossible in the first place---only more so.

 

"We're very smart, and this took a lot of time to figure out, so if we leave crucial bits out, nobody will ever be able to figure out what we did."

 

---

 

And let me just say that I despise this whole hacker culture of setting the world on fire just to watch it burn (Not a fan of the Dark Knight, but that's a pretty savvy description of the way some people go through life). I especially despise the insistence that this anarchy is 'beneficial' and that they're 'holding people accountable.'

 

Garbage. You're doing incredibly irresponsible things because you like doing incredibly irresponsible things and then backfilling a specious justification.

Link to comment
Share on other sites
fordmantpw

fordmantpw

Posted
Posted

BTW: Let's not pretend that these hackers are behaving at all responsibly here.

 

This notion that they can release portions of their code as a 'proof of concept' without enabling others to do exactly what they did is exactly the kind of stupidity that is represented by manufacturers insisting that these hacks are impossible in the first place---only more so.

 

"We're very smart, and this took a lot of time to figure out, so if we leave crucial bits out, nobody will ever be able to figure out what we did."

 

---

 

And let me just say that I despise this whole hacker culture of setting the world on fire just to watch it burn (Not a fan of the Dark Knight, but that's a pretty savvy description of the way some people go through life). I especially despise the insistence that this anarchy is 'beneficial' and that they're 'holding people accountable.'

 

Garbage. You're doing incredibly irresponsible things because you like doing incredibly irresponsible things and then backfilling a specious justification.

 

Agreed! Release the code to the manufacturers so they can see areas they need to improve, but don't open source this crap to everyone wanting to start hacking cars. That's just ludicrous!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...