Remember Toyota’s Phantom Gas Petal and break failures
Hat’s off to this guy for finding the problem: Toyota Electrical System can be hacked.
“Driven by his own curiosity, Gilbert in January found he could manipulate the electronics in a Toyota Avalon to recreate the acceleration without triggering any trouble codes in the vehicle’s computer. Such codes send the vehicle’s computer into a fail-safe mode that allows the brake to override the gas.”
Lie After lies. Toyota has the best lobbyist money can buy.
Not the sticky gas pedals or the mat design? It’s the customers. There driving the car wrong. Yeah right .. It’s the Electronics. The problem is the main buss electrical system. Serial based and can be hacked if someone wanted too. I always said this but no one ever believed me either.
Today a Toyota excuitive stated on fox. “ It’s the drivers, there just driving the car wrong and are ******* the brakes. Its’ not us.” This was stated on fox business with Cuvato today.
Your car is highly vulnerable to Malware through a cellphone, Wi-Fi, infected MP3 and other means. Be very afraid! – Hackers can hijack the car’s computer systems to disable the brakes, change the cruise control, turn the engine on and off, and control most of the electrical systems such as the lights, climate control, odometer, locks and your radio.
Researchers have found various vulnerable sites and ways hackers can gain access. Most modern cars have what is called an ‘On-Board Diagnostics (OBD-II)’ port. This is an access point that repairers hook-up to get data on the vehicle’s performance and to modify various things such as the timing of the engine, and most of the car’s electrical systems and functions. This is a primary access point for hackers as virtually everything can be changed using this port designed to provide direct access to the car’s computer.
Direct access to internal systems is a simple matter of connecting a laptop to the on-board diagnostics port, which is now mandatory for all cars in the United States. This port“provides direct and standard access to internal automotive networks.” Attached to these networks are all sorts of sensors, diagnostics and wireless systems – many of which can be directly upgraded by a user or a hacker. This is heaven for a hacker wanting to attack or control automotive subsystems. New software could be installed to enable remote control access via cellpones, Wi-Fi and any of the system in the car that are controlled by remote control buttons.
Another major entry point is the car’s cellphone hardware which provides a connection to the car’s computer system. Malware could be installed that would enable a thief to unlock the car remotely and to take over various other systems. Researchers were able to hijack the car using a Trojan app on a phone that had the Android operating system installed. Any cellphone software can be hacked and the cellphone port provides a vulnerable entry point. Remote access was gained by the researcher using the car’s Bluetooth system. This can be accessed remotely via a laptop or Cellphone.
Hackers can even hijack your car’s computer system via the stereo system in various ways. There are so many remote control devices in the car that are vulnerable. The stereo systems is often intertwined with other electronic systems in the car such as the GPS and climate control. The researchers demonstrated that malware embedded in an MP3 file on a thumb drive could install itself into the car’s computer system and provide access to remote hijacking.
Many of the modern car’s automatic systems such as cruise control could theoretically be hacked and interfered with. Similarly a hacker could gain access to a car’s a self-parking system and could potentially allow the car to be driven away by the hacker in a similar way to a remotely controlled toy car. Be Very Afraid!
Imagine the mayhem if your car was hacked. A hacker could sit in a nearby cafe with his Wi-Fi connected laptop or cellphone and connect to your car’s computer as your crawled past in traffic. The hacker could force you car to accelerate suddenly or to brake without warning causing a crash. This sounds like the plot of a B-Grade horror movie. Be Very Afraid!
Imagine if someone could hack the Google’s self-driving car. Be Very Afraid! Google has been working on the system for some time and Google has admitted that it has been testing the system using a fleet of prototypes. The cars have logging more than 140,000 miles on public roads. These vehicles were manned, but only as a backup. Google said that the software could negotiate the routes on public roads with minimal human intervention. The vehicles were reported to have crossed the Golden Gate bridge, driven along the Pacific Coast Highway, and even driven right around Lake Tahoe.
Various computer-assisted accident prevention devices have been installed in luxury cars for several years. Google’s software includes very sophisticated methods for avoiding collisions which are major advances on the computer-aided accident prevention systems on modern luxury cars. These systems can automatically apply the brakes when your car gets too close to the car in front.
But imagine if someone took over these systems. How vulnerable are these systems to hacking and what security systems are in place to prevent this? This is no information on this.
My teenage son is doing a robotics unit at High School. His project is to add a GPS system to a remote controlled plane and to develop a way of flying the plane to a predetermined location and to drop a candy bar on a target. Be Very Afraid!
There is growing concern that the software controlling Cruise Missiles and the Drones used very successfully in Afghanistan, and in other conflicts could be hacked remotely in flight, or that terrorists could steal these devices. Be Very Afraid!
As Discover Magazine reports, modern vehicle computer systems such as Electronic Stability Control, Automatic Parking Systems, Emergency Braking Systems and Active Cruise Control are connected directly to accelerators, brakes and steering controls in the car and are potentially controllable by remote devices. Car computer systems are becoming more sophisticated and the parts of the car that can be controlled is expanding all the time. As with other computer systems, developers forget that their systems can be hacked remotely. The more complex and integrated systems are the most vulnerable because of the number of entry points and hijacking targets that are available. A single enry point can give access to everything because the system is highly integrated.
Modern car computers are very complex indeed. The S-class Mercedes-Benz is reported to require over 20 million lines of code for its systems. This is almost as complex as the system for the new Airbus A380. Where there is a software system, there is a hacker waiting to gain entry to it. The more complex the system the easier it is to hide the malware in it.
Which Systems are Vulnerable and Can be Changed Remotely?
- Engine speed
- Door locks
- GPS navigation systems
- Luggage Compartment, Trunk and Hatch
- Engine Cover
- Car Horn and warning systems
- Radio and music systems
- Fuel Gauge
- Speedometer Readings
- Panel illumination
- Engine performance and shut down
- Windscreen wipers and washers
- Headlights and Interior lights
- Ignition locks
- Car security systems and steering locks
- Electronic Brake Control Module
- Automatic Parking Systems
- Emergency Braking Systems
Be Afraid, Be Very Afraid!
- Car computer systems are highly vulnerable to hijacking by hackers and there is an urgent need to install industrial level firewalls and other control devices which are virtually non existent at the moment.
- There is a need to focus on all the vulnerable entry points and insert firewalls to inhibit access to the entire integrated system from a trivial entry point such as the radio and music system!
- Car manufacturers need to urgently update the security of automotive computer systems.
- JULY 2011
- BY KEITH BARRY
- ILLUSTRATION BY CHRIS PHILPOT
Not too long ago, securing a car meant popping the faceplate off the CD player, slapping a Club over the steering wheel, and locking the doors. As vehicles’ electronic systems evolve, however, automobiles are starting to require the same protection as laptop computers and e-commerce servers.
Currently, there’s nothing to stop anyone with malicious intent and some computer-programming skills from taking command of your vehicle. After gaining access, a hacker could control everything from which song plays on the radio to whether the brakes work.
While there are no reported cases of cars being maliciously hacked in the real world, in 2010, researchers affiliated with the Center for Automotive Embedded Systems Security (CAESS—a partnership between the University of California San Diego and the University of Washington) demonstrated how to take over all of a car’s vital systems by plugging a device into the OBD-II port under the dashboard.
It gets worse. In a paper that’s due to be published later this year, those same researchers remotely take control of an unnamed vehicle through its telematics system. They also demonstrate that it’s theoretically possible to hack a car with malware embedded in an MP3 and with code transmitted over a Wi-Fi connection.
Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.
So the possibility now exists for platoons of cars to go rogue at the command of computer-savvy terrorists, crazed exes, and parking attendants with Ph.D.s in computer science. But the truth is that hacking a car takes a lot of time, effort, and money—three resources automakers are using to fight back.
At Chrysler, where optional infotainment systems are integrated with hard drives and mobile internet hot spots, company spokesman Vince Muniga says a data breach of an individual automobile is “highly unlikely.” That doesn’t mean the company is ignoring the problem. “It’s an ongoing engineering issue,” he says. “You want to stay one step ahead of what these guys might do.” Rich Strader, Ford’s director of information technology security and strategy, says the automaker has been steadily strengthening in-vehicle systems, but the threat is always evolving. He says the difficulty with security is that “you can’t honestly say something is impossible.”
Presently, automakers are beginning to take steps to secure networks the same way the information-technology sector now locks down corporate servers. “Just like the internet in its early days, car networks don’t employ very much security,” says Brad Hein, a programmer who accessed vehicle data from his 2006 Chevy Impala on an Android phone using code he’d written. “As more people start to access car networks,” Hein says, “I expect that the auto industry will start beefing up the security.”
That’s certainly happening at OnStar, the telematics system that’s already in more than 6 million vehicles. Eric Gassenfeit, OnStar’s chief information security officer, says his team has seen resources and staff grow “by an order of magnitude” over the past two years.
So the battle between the hackers and the carmakers is on. Here are your car’s most vulnerable entry points and what automakers are doing to protect them:
Car-hacking: Remote access and other security issues
It’s not time for full-on panic, but researchers have already successfully applied brakes remotely, listened into conversations and more.
August 6, 2012 (Computerworld)
A disgruntled former employee of Texas Auto Center chose a creative way to get back at the Austin-based dealership: He hacked into the company’s computers and remotely activated the vehicle-immobilization system, which triggered the horn and disabled the ignition system in more than 100 of the vehicles. The dealership had installed the system in its cars as a way to deal with customers who fell behind on their payments.
Police arrested the man and charged him with breach of computer security. His legal status was unclear as of our deadline for this story.
Out-of-control honking horns may be annoying, but other types of hacking, such as cutting the engine of unsuspecting drivers, could have deadly consequences. Although most experts agree there isn’t an immediate risk, vehicle hacking is something that bears watching.
A 2011 report (PDF) by researchers at the University of California, San Diego and others site numerous “attack vectors,” including mechanics’ tools, CD players, Bluetooth and cellular radio as among the potential problems in today’s computerized cars.
With the increasing computerization of vehicles of all types, observers have longer-term concerns over the vulnerabilities of trucks, delivery vans, rental cars and consumer autos. A malicious hacker could, in theory, disable the vehicles, re-route GPS signals or otherwise put employees, customers and the company as a whole in danger.
Consumers are getting worried about the safety and privacy risks that come with today’sconnected cars, according to a Harris Interactive poll released last week. For their part, auto makers and industry association spokesmen responded that they are adding electronic features carefully and based on market research.
Modern vehicle engines bear little resemblance to the engines of the past. Engines originally consisted of various mechanical devices assembled around a combustion engine. Within the past 20 years, cars have evolved to contain a complex network of as many as 50 to 70 independent computers, electronic control units (ECUs) with up to 100MB of binary code. Automotive ECUs originally entered production in the U.S. largely in response to California’s automotive-emissions reduction law, first passed in 1961, and then the subsequent federal Clean Air Act, passed originally in 1963, strengthened considerably in 1970 and updated since then.
ECUs measure the oxygen present in exhaust fumes and adjust the fuel/oxygen mixture before combustion, which improves efficiency and reduces pollutants. Over time these systems have become integrated into nearly every aspect of a car’s functioning, including air bag deployment, steering, braking and other real-time systems.
In the mid-1990s car manufacturers began integrating more powerful ECUs with peripherals such as GM’s OnStar system, which is a combination GPS, emergency response unit and vehicle recovery system. An OnStar-equipped car can analyze its on-board diagnostics as the car is being driven, detecting problems and alerting the driver to any issues that require a visit to the repair shop.
These ECUs connect to one another and to the Internet, making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.
“The Austin case is a fairly particular case in that they had an add-on system that specifically gave them the ability to wirelessly immobilize the cars,” says Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego. “It’s not a standard feature on most automobiles.”
Generally speaking, these types of systems are there to disable the vehicle in the event of theft and enable their eventual recovery, says Savage. “This was not a case of hacking into a system or creating new functionality that didn’t exist before,” he explains. But that’s not to say it can’t be done. “In our research we demonstrated taking over a car through a software vulnerability and creating a completely new piece of functionality that did not exist before,” he says.
GM’s OnStar service, which also helps recover stolen vehicles, is currently the only vendor advertising that capability as a standard feature, says Savage. “However, the set of cars for which a clever adversary could create a new capability to shut down the car is likely quite a bit larger.”
Motive behind the madness
One of the saving graces is there are relatively few motivations to stealing vehicles via a sophisticated hack, Savage adds, because of the complexity involved and the need to spend some serious cash to be able to pull it off. “There is a theft motivation. But while we’ve been able to demonstrate a computer attack and steal cars, frankly it’s still easier to use a Slim Jim,” he says, referring to the classic lock pick.
“The Austin scenario could not happen to a system that is not networked,” says Dan Bedore, director of product communications at Nissan North America. “Our vehicle control modules are discrete systems and are not networked. So any scenario that involves hacking a car would be limited to a single unit.”
If a fleet of, say, 100 units were immobilized, “the hack would likely be into some added hardware or software installed by the fleet operator,” such as what occurred in Austin, says Bedore.
Nonetheless, a fair number of vulnerabilities in car computer systems currently exist, says Savage, although he feels it will be a while before computerized attacks are preferable to physical ones. “The most likely scenario where you have to worry are disgruntled attacks, where people are trying to sow havoc,” he says.
There are two main ways an attacker could theoretically gain access to a car’s internal network. The first is by physical access, such as a mechanic, a valet, a person who rents a car, an ex-friend or car owner, someone with momentary access to the vehicle. The attacker could insert a malicious component into a car’s internal network via the OBD-II port, typically located under the dashboard. A brief period of connectivity embeds the malware within the car’s components.
Similarly, counterfeit or malicious components may enter the vehicle before it is sent to the dealer or with a car owner’s purchase of an after-market component such as a radio or alarm.
“One of the attacks we staged took advantage of vulnerability in the diagnostic tools used at dealerships,” says Savage. “We built a virus that could get into a dealership and then could affect the diagnostic tools. So whenever a car was brought into the dealership and the diagnostic tool was connected to the car it would infect the car.”
Savage and his team built a package that, upon taking over the car, would then contact his team’s servers via the Internet and request further instructions. “At that point we could download just about any functionality we wanted — disable the car, listen to conversations in the car, turn on the brakes, etc.”
Access may also happen via numerous wireless interfaces. “Cars are not only becoming more computerized internally, but that they are becoming increasingly connected to the outside world,” says Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington. She calls this interconnectedness a “concerning” trend.
Today’s cars are connected to the cell phone network and to the Internet via systems including OnStar, Ford Sync and others, Roesner explains. They have Bluetooth connectivity, short-range wireless access for key fobs and tire pressure sensors, they support satellite radio and they also have inputs for CDs, iPods, USB devices and others, he says.
BMWs hacked via diagnostic port
Thefts of BMWs in the U.K. recently spiked as thieves discovered they could bypass the car’s alarm system and immobilizers. Using devices that plug into the car’s OBD port, thieves programmed blank key fobs and drove the stolen cars away.
Reports indicate that such thefts appear to work similarly: After gaining access to the vehicle, either by breaking a window or via a nearby RF jammer — which blocks the fob lock signal from reaching the car, thus preventing the car owners from properly securing their own vehicle even if they think they have — thieves gain access to the car’s OBD-II connector. This allows the thief to gain access to the car’s unique key fob digital ID, enabling him to program a blank key fob on the spot, insert the key and steal the car.
In a statement by BMWs U.K. media relations manager, Gavin Ward, the company noted it is aware of and investigating the security loophole. The loophole affects all BMW series models, from the 1 to the X6.
“We liken this increase in connectivity to the desktop computing world before the Internet: Security vulnerabilities on disconnected machines suddenly became very important when computers were networked together,” says Roesner. “There’s even talk among auto manufacturers about creating app stores for cars. We’re at the same point in the evolution of computerized automobiles.”
Roesner works with other researchers to identify these issues with the goal of addressing them before they become major problems.
Studies conducted by Roesner and her colleagues show the OBD-II port as the most significant automotive interface for hacking purposes. This port provides access to the vehicle’s key controller area network buses and can provide sufficient access to affect the full range of a vehicle’s systems.
Alternatively, hackers may deliver malicious input by encoding it into a CD or a song file, which may “live” on an iPod or other MP3 player, or by installing software that attacks the car’s media system when it connects to the Internet.
Currently, the Internet is only a hypothetical vulnerability, however, says Roesner. “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio.”
“In our research, we showed that attackers with access to the car’s network can completely control most of the car’s computerized components,” she says. This could allow an attacker to sabotage an automobile — disable the brakes or lights, for instance. “But we also showed that attackers could use such exploits to perform espionage,” Roesner explains. Examples include the ability to extract potentially sensitive GPS data from a system and send it outside of the vehicle to an attacker. Also, a car could be stolen if the hacker can override the car’s computerized theft detection/prevention system.
Automobiles most at risk include those with more components under computer control and without manual overrides, and those that are more connected to the outside world via the Internet or wirelessly, says Roesner.
Law enforcement fleet concerns
A security attack on a law enforcement fleet, in particular, may risk the lives of police officers as well as the general public. This issue raises concern at the Arizona Department of Public Safety, which in June fell victim to hackers who downloaded and released hundreds of law enforcement files on the Internet to protest a newly passed law they perceived as racist.
Hackers infiltrated accounts of Arizona law enforcement personnel and email accounts of the Arizona Legislature in a separate attack, posting items such as credit card information, photos, emails and documents including a master list of passwords and names and addresses of other police officers throughout the state of Arizona, according to Stacey Dillon, president of Public Safety Authority Media.
Extrapolating from there, she says, “If the hackers had accessed our fleets by, say hijacking our GPS system, it could present a lot of officer safety issues.” In that scenario, police couldn’t send backup units to the correct location if the GPS were compromised.
One safety check already in place: If a patrol car is idle or is stopped for 45 minutes to an hour, “an automatic signal is sent to our dispatchers and they’re told to check on it,” says Dillon.
Rick Perine, vice president of the Mesa (Ariz.) Police Association, agrees that a hacker could stop police in their tracks. “We use a GPS map in our vehicles that’s constantly updated,” he explains. Among other things, “it relays to our dispatch where our patrol unit is, Hacking into our GPS could put me in the wrong part of town and another officer dispatched to a different part of town, which puts me in danger.”
The use of an after-market product is the most likely way for a hacker to take over a vehicle fleet, says André Weimerskirch, CEO of Escrypt Inc., a provider of embedded security systems based in Ann Arbor, Mich. “If you own a business and you use after-market products to equip your fleet with GPS, for example, it’s important to look at the details in terms of security.”
After-market products work similarly to remote-control car engine starters marketed to consumers through retail stores, says Weimerskirch. “Remote control starters work by undermining the theft protection mechanism in the car. This opens the door for anyone to steal your car.”
A clear, but not yet present, danger
“We can remotely stop the brakes on a car from 1,000 miles away, but it’s not a clear and present danger today,” Savage explains.
Doing this kind of a hack requires a large investment of time and money. “You need to buy the kind of car you want to hack,” says Savage. “You have to be really motivated to do this; it’s not something someone will do as a hobby. Because of the time and money involved, I don’t think it’s an imminent problem.”
Although hacking into fleets may not present an immediate danger, manufacturers are taking this research seriously, says Savage. “Every manufacturer we are aware of is putting substantially more research into security than they have in the past. The challenge is they’ve never had to think about this before at all.”
The good news is that car manufacturers can ramp up very quickly by adapting the same techniques as those used with PCs, such as finding latent security vulnerabilities, implementing data execution prevention and other measures, says Savage. “Some things will [require] standardization to make them economically feasible,” he says.
The Society for Automotive Engineers (SAE), the industry’s premier standardization group, is in the process of trying to set security baselines “based on our work,” says Savage. “But it will take a while because there’s so many different components involved.”
Roesner’s research pointed to diagnostic tools used by service personnel as a potential source of attacks, she says. “These tools can be used to exploit vulnerabilities in automobiles,” so owners need to be careful about who is permitted to access the OBD-II diagnostic ports of their cars, Roesner says.
Beyond individual auto companies, the U.S. Department of Transportationhas “shown interest,” she explains. The United States Council for Automotive Research (USCAR) and the SAE have both created tasks forces focused on computer security for automobiles.
Now is a good time to look at this and start thinking of possible solutions, when automakers and fleet owners are not in panic mode, says Savage. “We’re working with the car industry to get ahead of it. In five to 10 years, it may be more of an issue.”
See related stories:
Linda Melone is a freelance writer based in Orange County, Calif. She specializes in consumer topics ranging from health and technology to business. Contact her at Linda@LindaMelone.com.