All your cars are belong to us

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,157
Scientist banned from revealing codes used to start luxury cars

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.
http://www.guardian.co.uk/technology/2013/jul/26/scientist-banned-revealing-codes-cars


Hackers Reveal Nasty New Car Attacks
http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
 

Davetouch

is un-Stoppable
Joined
Jul 30, 2006
Messages
8,556
Location
Longbridge, Birminghamland
Car(s)
'00 9-3 2.0 Turbo Vert, Various MGs, '99 Ringoo
Yeah I had a very good conversation with a computer scientist friend of mine about the problems of mobile Internet/infotainment systems in cars and the dangers without keeping the infotainment and ECU systems separate...
 

Interrobang

Forum Addict
Joined
Mar 5, 2007
Messages
8,144
So bascially all of VW this time ...

It is a curious read this, rather than VW asking for time to fix the problem - they try to limit acess to the information. I don?t see how that is helping anyone ...

[...]They [the scientists] argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".
solid argument. Trying to keep the lid on this is not helping. Fix the bloddy problem VW, not try to make it seem like there was none.
 

chaos386

.sa = bad driver!
Joined
Nov 8, 2004
Messages
7,960
Location
Back in Saudia
Car(s)
SEAT Leon FR

Dr_Grip

Made from concentrate
DONOR
Joined
Jul 8, 2008
Messages
13,964
Location
Germany
Car(s)
1979 Opel Kadett | 1972 Ford Country Sedan
Any more info on that? The article was disappointingly light on details. "five minutes" to connect to a car, but do they mean from the outside? Inside the car? The capabilities of the device also don't seem serious enough for the automakers to care, although I imagine they're saving the juiciest bits for the conference.
I think the article means access to the car is necessary once to connect the device. From there, it's not complicated at all - hook up a controller (maybe raspberry pi-based to keep costs down), combine with wireless LAN, have fun.
 

AiR

Forum Addict
Joined
Dec 19, 2005
Messages
11,985
Location
Suecia
Car(s)
Bulgogi Knedliky 1.6 GDI (Hyundai i30)
Silly scientist, when you discover something like this you don't write a paper, you sell your invention to the mafia and get rewarded for your hard work. The mafia in turn makes VW improve their security.
 

LiveToWin

Active Member
Joined
Jan 3, 2010
Messages
402
Location
Tempe, Arizona, USA
Car(s)
2012 Lexus IS F
I'm a computer engineering student and I did some research last semester on the lack of security when it comes to automotive computers. Some are better than others, but they're all pretty poor. If I remember right, Toyota's system (for the same model years as those in the "unintended acceleration" scandal) was particularly awful.
 

chaos386

.sa = bad driver!
Joined
Nov 8, 2004
Messages
7,960
Location
Back in Saudia
Car(s)
SEAT Leon FR
But is it possible to open up stranger's beamer from afar? Perhaps so. You'd need is the iOS app, the username, and the obtained or guessed password ? there's no way to limit the car to one mobe.
That's the digital equivalent of "all you'd need to steal someone's car is to break into their house and steal their car keys!" They mentioned brute-forcing the password, but the system disallows logins after five failed attempts, requiring a phone call to reset, so not exactly something you can just throw a rainbow table at, and repeated account locks would very quickly tell the real owner that something was up.
 

Cellos88GT

Well-Known Member
DONOR
Joined
Jan 20, 2008
Messages
3,994
Location
Santa Cruz, CA
Car(s)
2 Fox Mustangs and a '00 VFR
Having worked extensively with CAN at my previous place of employment, I agree that it's not the most secure network protocol. However, 'hacking' it and assuming control is a little bit more involved than as described in the above articles. One needs the CAN database before being able to do anything and that varies between manufactures and can even vary between platform. Of course it is possible to snoop the bus and figure out which message does what but that is incredibly time consuming (I know because I've done it when trying to decipher the CAN messages on competing products) and requires some basic knowledge about bit addressing.

Bosch has already been hard at work to bridge these security gaps in their next standard release.
 
Top