Anthony Posted July 21, 2015 Share Posted July 21, 2015 http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Scary stuff Miller and Valaseks full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeeps brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say theyre working on perfecting their steering controlfor now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeeps GPS coordinates, measure its speed, and even drop pins on a map to trace its route. Quote Link to comment Share on other sites More sharing options...
fordmantpw Posted July 21, 2015 Share Posted July 21, 2015 Doing that on the highway, especially a busy interstate, is rather irresponsible. There are 100s of better choices to do a demonstration like that. Are the brakes fully electric without mechanical backup? I thought they all had mechanical backup and didn't think they could be hacked. Hmmm... Quote Link to comment Share on other sites More sharing options...
fuzzymoomoo Posted July 21, 2015 Share Posted July 21, 2015 same thing goes for steering. Shouldn't I still be able to maintain control of the steering wheel as long as I have a hand on it? If not then that's absolutely ludicrous Quote Link to comment Share on other sites More sharing options...
PREMiERdrum Posted July 21, 2015 Share Posted July 21, 2015 same thing goes for steering. Shouldn't I still be able to maintain control of the steering wheel as long as I have a hand on it? If not then that's absolutely ludicrous Steer-by-wire is the new norm... Most of the things you touch to control the car are little more than video game controllers plugged into a big computer. Except, you know, with 4,000lbs of steel behind you. Quote Link to comment Share on other sites More sharing options...
fuzzymoomoo Posted July 21, 2015 Share Posted July 21, 2015 Sweet Christ we are doomed! That is absolutely ridiculous. Quote Link to comment Share on other sites More sharing options...
silvrsvt Posted July 21, 2015 Share Posted July 21, 2015 Sounds like Chrysler screwed the pooch by sharing the vehicle bus with the Uconnect. From what I understand, MFT/Sync has its own bus and doesn't interface with the vehicle itself? Quote Link to comment Share on other sites More sharing options...
RichardJensen Posted July 21, 2015 Share Posted July 21, 2015 I saw that article earlier. Did some research. CANBUS is a horrible protocol. I've read the specs. It is, without question, a horrible, antiquated, easily hacked, easily compromised insecure utterly worthless protocol. It's worse than SMTP, which I had thought was the worst network protocol in existence (I exaggerate). You could not, if you tried, come up with a worse protocol than CANBUS (I'm not really exaggerating there). The ONLY reason why people have not been hacking cars with zero day exploits over the past 10 years is because no engineer has compromised his/her employer by releasing the CANBUS codes outright, requiring hackers to spend lengthy amounts of time sniffing CANBUS traffic and matching it to vehicle activity, which requires that they first of all have almost unlimited access to a representative vehicle--which is not exactly easy. If you want to make it incredibly difficult to hack vehicles, you have to replace CANBUS, and you have to harden the OBD II interface. I'm talking entirely separate wiring, vehicle-specific data encryption (that is, a separate key for each individual vehicle), and an essentially one-way interface between essential systems and infotainment. Key-fob related features could work off frequency hopping so that a hacker cannot record a radio signal and use it to start the car w/o the fob. In the extremely limited instances where infotainment needs to send data to the engine (air conditioning is the only system I can think of off the top of my head), the requests would be limited, and the system would incorporate a firewall and other protections intended to avoid crippling the system via a DOS attack through the one open port. Essential services could be configured with a handful of firewalls that would--to a certain extent--prevent a hacker from cutting into the essential service network and broadcasting tremendous amounts of garbage as part of a DOS attack on the network. Throttle, steering and brakes would not be wired into this network. The transmission & engine controllers would not communicate over this network either. In the event the essential systems network is compromised, the vehicle could trigger a 'limp home' mode. The infotainment bus would be restricted to the console, dash and any satellite controls/displays (as in CUVs). Every other system in the vehicle would be tied to the 'essential services' bus, and there would only be a single junction point where the essential services bus would broadcast a variety of data (vehicle speed, engine temp, external temp, etc.) and listen for an extremely limited set of instructions. --- The goal here would be to do the following: - Render essential systems as remote as practicable from infotainment both in terms of physical separation and information exchange. - Encrypt essential systems to this extent: --- A hacker must have physical custody of the hacked vehicle AND --- The hacker must have physical custody long enough to decrypt the keys used to encode data exchanged on the essential system bus (because let's be honest, all you'd have to do is snip a wire and put a packet sniffer inline to start tracing essential service communications--it's not hard). Ultimately, you want to make it *impossible* for hackers to create universal exploits and you want it to be *effectively impossible* to implant vehicle specific exploits. Now granted, if you encrypt essential system traffic on the existing CANBUS network, you could claim that you've rendered it impossible to plant universal exploits, but that ignores the fact that any exploit that took control of the infotainment system would be able to jam the CANBUS network with garbage. Of course, all of this will make cars more expensive......... Quote Link to comment Share on other sites More sharing options...
RichardJensen Posted July 21, 2015 Share Posted July 21, 2015 (edited) My pitch in a nutshell: Most secure 'ring' TPS, steering wheel sensor and brake position sensors all wired directly into the PCM--they do not use the "ESN", although their data is encrypted. ESN "Essential service network" Various engine sensors, headlight/taillight controllers, cruise control, radar/camera systems, etc. - Data encrypted using keys specific to that VIN Infotainment network Radio, climate control, navigation system, phone integration Remote access devices key fobs, etc. - Data encrypted using spectrum hopping keyed to, say, the vehicle VIN (and you thought key fobs were expensive before!) Fail-safe: - "limp-home" mode which can be triggered either by the PCM itself based on conflicting data from TPS, brake, steering systems and other ESN sensors/controllers OR by hitting a 'panic switch' in the cabin for a preset length of time. Edited July 21, 2015 by RichardJensen Quote Link to comment Share on other sites More sharing options...
fordmantpw Posted July 21, 2015 Share Posted July 21, 2015 Wouldn't it be better to just shoot all hackers when found? Of course, finding them may not be easy... Quote Link to comment Share on other sites More sharing options...
RichardJensen Posted July 21, 2015 Share Posted July 21, 2015 I don't know, CANBUS is so crappy, it should be retired on that basis alone. Did you know CANBUS isn't even capable of device addressing? That means that you can't even *route* CANBUS traffic. You need everything hooked up to everything else, just for a message to get from point A to point B. And you have to pay a license fee to Bosch just to use that crappy protocol. Quote Link to comment Share on other sites More sharing options...
fordmantpw Posted July 21, 2015 Share Posted July 21, 2015 I don't know, CANBUS is so crappy, it should be retired on that basis alone. Did you know CANBUS isn't even capable of device addressing? That means that you can't even *route* CANBUS traffic. You need everything hooked up to everything else, just for a message to get from point A to point B. And you have to pay a license fee to Bosch just to use that crappy protocol. OK, that's just crazy, and I agree with you now. It needs to be scrapped and completely replaced. Quote Link to comment Share on other sites More sharing options...
akirby Posted July 21, 2015 Share Posted July 21, 2015 You shouldn't be able to get to the infotainment system from the Internet in the first place. This is IT 101. 1 Quote Link to comment Share on other sites More sharing options...
fuzzymoomoo Posted July 21, 2015 Share Posted July 21, 2015 You shouldn't be able to get to the infotainment system from the Internet in the first place. This is IT 101. Aren't some automakers doin over the air updates now? Couldn't you hypothetically get into the system that way? Quote Link to comment Share on other sites More sharing options...
fordmantpw Posted July 21, 2015 Share Posted July 21, 2015 Aren't some automakers doin over the air updates now? Couldn't you hypothetically get into the system that way? That would be the system going out to the internet, not coming into the system from the internet. Firewalls are there to prevent the latter. Quote Link to comment Share on other sites More sharing options...
fuzzymoomoo Posted July 21, 2015 Share Posted July 21, 2015 That would be the system going out to the internet, not coming into the system from the internet. Firewalls are there to prevent the latter. That makes sense. I would still be concerned if I had that feature though. If someone wanted to get in bad enough, they could theoretically get through that firewall eventually. Quote Link to comment Share on other sites More sharing options...
akirby Posted July 22, 2015 Share Posted July 22, 2015 What the windoze guy said. There are two ways to secure that type of connection. One is to only allow outgoing connections from the car to the servers, not incoming connections. That would virtually eliminate the possibility of this type of hack. But sometimes you need to allow that type of connection for some push services like traffic notifications, etc. The other is to use a firewall so that the car only accepts connections from the mfrs servers and also requires a secure login of some kind (passwords, ssh keys, etc.). Hackers can still get in but it's a lot harder. And then you do what Richard suggests - make it so even if they get in they can't get to the critical components. IT 101, guys. Not rocket science. But not something a PCM/Canbus programmer normally has to deal with. 1 Quote Link to comment Share on other sites More sharing options...
RangerM Posted July 22, 2015 Share Posted July 22, 2015 Why didn't the driver (in the story) simply engage the emergency brake? Quote Link to comment Share on other sites More sharing options...
twintornados Posted July 22, 2015 Share Posted July 22, 2015 Steer-by-wire is the new norm... Most of the things you touch to control the car are little more than video game controllers plugged into a big computer. Except, you know, with 4,000lbs of steel behind you. Does Jeep use high strength steel too? Quote Link to comment Share on other sites More sharing options...
Anthony Posted July 22, 2015 Author Share Posted July 22, 2015 Gotta love Fox News. If it bleeds it leads! Quote Link to comment Share on other sites More sharing options...
RichardJensen Posted July 22, 2015 Share Posted July 22, 2015 BTW: Let's not pretend that these hackers are behaving at all responsibly here. This notion that they can release portions of their code as a 'proof of concept' without enabling others to do exactly what they did is exactly the kind of stupidity that is represented by manufacturers insisting that these hacks are impossible in the first place---only more so. "We're very smart, and this took a lot of time to figure out, so if we leave crucial bits out, nobody will ever be able to figure out what we did." --- And let me just say that I despise this whole hacker culture of setting the world on fire just to watch it burn (Not a fan of the Dark Knight, but that's a pretty savvy description of the way some people go through life). I especially despise the insistence that this anarchy is 'beneficial' and that they're 'holding people accountable.' Garbage. You're doing incredibly irresponsible things because you like doing incredibly irresponsible things and then backfilling a specious justification. Quote Link to comment Share on other sites More sharing options...
Anthony Posted July 22, 2015 Author Share Posted July 22, 2015 Chrysler's response: http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/ Quote Link to comment Share on other sites More sharing options...
fordmantpw Posted July 22, 2015 Share Posted July 22, 2015 BTW: Let's not pretend that these hackers are behaving at all responsibly here. This notion that they can release portions of their code as a 'proof of concept' without enabling others to do exactly what they did is exactly the kind of stupidity that is represented by manufacturers insisting that these hacks are impossible in the first place---only more so. "We're very smart, and this took a lot of time to figure out, so if we leave crucial bits out, nobody will ever be able to figure out what we did." --- And let me just say that I despise this whole hacker culture of setting the world on fire just to watch it burn (Not a fan of the Dark Knight, but that's a pretty savvy description of the way some people go through life). I especially despise the insistence that this anarchy is 'beneficial' and that they're 'holding people accountable.' Garbage. You're doing incredibly irresponsible things because you like doing incredibly irresponsible things and then backfilling a specious justification. Agreed! Release the code to the manufacturers so they can see areas they need to improve, but don't open source this crap to everyone wanting to start hacking cars. That's just ludicrous! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.