The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.How bad is it? This bad:
Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.I've been talking about this for years and years. Here's an example from four years ago:
The rush to computerize your car is basically over, which means the rush to pwn it has begun in earnest. Fortunately (for the Bad Guys), security was never part of the design - for example, all of the non-critical components (like cell phones, music players, and GPS nav units) are on the same network as the critical ones (brakes, throttle, transmission control).Sigh.
I mean, what could possibly go wrong?
It looks like the automakers are fixin' to learn what software companies learned decades ago:
- If a software developer finds a security bug right after he wrote the code, it costs a few bucks to fix.
- If QA finds the security bug a couple months after the developer wrote it, it costs hundreds of dollars to fix.
- If the customer finds the security bug years after the developer wrote it, it costs thousands of dollars to fix.
Remotely hackable cars are a PR nightmare, but I expect there will be a bunch of these stories over the next few years. The rush to market with lousy security designs will cost the automakers millions of dollars. All I can say is that stupid is expensive.
14 comments:
Wow. Whoever attached a remotely accessible entertainment system which is not a vital pet of a vehicle, to critical driving systems has a lot of explaining to do.
Aaron, I'm in the wrong line of work. I should be a a law firm - I know the embarrassing questions to ask during discovery ...
Well, at least in a car with a manual transmission, you can engage the clutch and coast to the side of the road, then engage the hand brake.
I hope.
Oh, and it's good to see you still making the occasional post, Borepatch.
Sounds like a good retirement job.
First, there's no need to rush off and get a law degree, BP. There will be more than enough work for consultants and expert testimony as the cases fire up. Keep your suit pressed.
And, I think your estimate on damages is low: Jane's car is pwned, it runs into mine. I sue Jane for not knowing her car has a software exposure and taking that into account while operating it, a separate suit against GeeWiz Motors for incompetently designing a car with software exposures, and probably Fred & Larry's Excellent Car Dealership for their involvement in the security failure scam. I'm not really interested in owning General Motors or Ford, but that's going to be the end result. Once the software hacks begin in earnest and involve millions of cars the manufacturers will have neither the intelligence, time nor money to unscrew themselves.
If suddenly the manufacturers institute good security measures in new cars that will be used as tacit admission of problems in previous model years. Lawyers beg Santa Claus for that sort of gift.
"If suddenly the manufacturers institute good security measures in new cars that will be used as tacit admission of problems in previous model years. Lawyers beg Santa Claus for that sort of gift."
THIS^ is why design flaws in US products are not fixed, but stay in production forever.
Wouldn't finding and unplugging the antenna mitigate this class of exploit?
The new Harleys are pretty electronically sophisticated, with the whole Bluetooth, GPS and electronic this and computerized that. I'll stick with my '97 Dyna that's carbureted and has nothing that doesn't need to be there.
That's OK....one good EMP blast will clear the roads of them.
A car with totally fly-by-wire BRAKES? WT*A*F?
The regenerative braking in my old-model Prius is of course computer-controlled, but stomp hard on the pedal and old-fashioned hydraulics engage the old-fashioned friction brakes.
When I'm designing a controller, if there's any obvious safety-critical control path, I always (unless overridden by the client) include a hardware connection - so, e.g., the software can turn off the high voltage, but the safety interlock forces HV off regardless of what the software is doing.
And that's not even getting into the software and communication architecture. Why are critical control systems not isolated from the wireless Internet connectivity?
Are these automotive systems being designed by brand-new university grads, with no adult supervision?
And have they not read In Enemy Hands? (Of course having the admin password for the entertainment computer should enable the user to control the weapons and airlocks!)
I don't have to worry about somebody else doing that, I have a Ford with a Ford ignition which is occasionally self-dismantling. On my last Ford truck you could pull the key and leave the engine running to go do other things with other keys on the key-ring.
I'm having trouble understanding why brakes and steering should be on any net, much less the internet. But one way to defeat this is to disable the wireless module. Do you really need internet in your car, anyway? What value does it add? Keep in mind most engineering has nothing to do with the job of getting you from point A to point B, and everything to do with adding enough worthless features to persuade the typical idiot to choose one brand of vehicle over another.
Jaguar Mk VII, 3.8 litre straight six. Timing done by shining a strobe at the crank pulley and twisting the distributor back and forth until the mark on the pulley is in the right place when the strobe flashes. Adjusting the points gap with a feeler gauge.
Tuning the three SU carbs with a mercury column instrument, making sure that each carb is sucking air at the same rate (until the next time you lift the bonnet!)
The car radio is just that. A radio.
Hack me if you can!
https://www.flickr.com/photos/fine-cars/4829628586/
Post a Comment