Cars are now sophisticated computers on wheels. The technological improvements have enabled them to approach the point that they may be able to drive themselves. But that means that, like any computer, they are also now vulnerable to hacks by people who can break into those computer systems and take control of the car out of the driver’s hands and operate it remotely.
In the video below, Wired magazine’s Andy Greenberg experiences first hand what it is like to be driving a Chrysler Jeep the control of which suddenly shifts from the driver to someone else they cannot see.
It is pretty scary to see and he describes what it felt like.
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
…As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
…Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.
This was a demonstration of the hacking capabilities and Greenberg had been warned that his car would be taken over and that he would not come to any harm. But it still scared him and he panicked. Imagine if you were not expecting it. This possibility has triggered legislation to create new digital security standards for cars and trucks.
Who Cares says
Oh for fucks sake cutting of the engine while on the highway IS life threatening, that is not safe.
kyoseki says
Why the hell would the wifi entertainment network have access to the engine management system?
That is positively idiotic.
Reginald Selkirk says
More automobile functions are becoming electric and electronic for a couple of reasons.
1) Move to alternative fuels. It no longer makes sense to have things run directly off the engine by power shafts or belts. If it’s electric, you can put it in a gas car, an electric car, a hydrogen car, a hybrid, whatever.
2) Ease of design for left drive/right drive versions for various markets. This applies to steering, instrumentation, etc.
3) Computer control allows better performance, efficiency. Not just the engine computer, think anti-lock brakes and stability control.
So, with everything going electronic, it needs to be networked. And because it hadn’t occurred to anyone yet that it was a dangerous thing, they all go on one and the same network.
Tesla Model S Has Hidden Ethernet Port, User Runs Firefox On the 17″ Screen
Reginald Selkirk says
Just think of the possibilities. With control of the fuel injectors, you could program the engine to backfire in synchrony with Tchaikovsky’s 1812 Overture.
lanir says
Yeah, this is bad design. It’s bad design through lack of foresight but stil bad design. Fortunately it’s one that can easily be fixed, at least in newer generations of vehicle. The most basic aspect of security for computer server systems is to turn off access to any services you don’t use and limit the ones you only want to use internally to only being accessible internally. All they have to do to make this MUCH more secure is adopt the basic firewall and service level security. And of course you probably want to strongly authenticate ANYTHING that gets to remotely access any part of a vehicle responsible for keeping passengers safe. But again this is well travelled territory.
kyoseki says
I understand why vehicles are becoming more automated, but as with any critical systems, air gap that shit.
The vehicle management system should only be accessible via a hardwired port in the vehicle interior, it’s not like this is Formula 1 where the engineers are reprogramming the car on the track.
Anything with a wireless signal shouldn’t be networked with systems like engine management for exactly this reason, I’m not buying naivete on the part of the automobile designers, this is cutting costs or corners, one of the two.
I’m more than a little alarmed reading stories about people who have allegedly done the same thing with commercial aircraft, but I’m not sure I buy those.
Who Cares says
The only way to air gap this is to remove all the functionality that is now accessible through the touchscreen.
The problem is that the mobile phone hasn’t been (properly) sandboxed when it connects to the car system for hands free mode. You do want it to be able to turn down or suppress the radio when you receive a call that goes over the same speakers. But that should be all it should have access to.
EigenSprocketUK says
Like Kyoseki says: the solution is two networks, not one. And that’s a small price to pay. The critical functions network would only be accessed through a physical port. Anything with a radio interface must NOT be connected in any way to this network. Anything else (infotainment, passenger controls) goes on the other network. Nothing should ever be allowed on both. This is what the hackers have been saying (and demonstrating) for years.
I wish the industry could be honest about why it has been paying lip-service ever since.
kyoseki says
Ok, and this is a problem, why?
On my car, the EVIC controls anything vehicle related, while the touchscreen head unit is responsible for handling communication & entertainment. The two units do not speak other than having the head unit send visual prompts to the dashboard binnacle for GPS guidance and even that is somewhat unnecessary since I tend to watch the head unit for that anyway.
The only reason to put all of this on the same network is to save money/increase profits.
flex says
Well, not necessarily.
A little background, I am an automotive engineer working at a tier 1 supplier supplying automotive electronics. I myself discussed this with one of the OEMs about 10 years ago. Not that we discussed the problem of hacking, but the problem of using the same bus for entertainment and vehicle operation.
The interface between the entertainment system and vehicle operation system is limited, but there was a desire to use the entertainment system for vehicle alerts. Things like messages that your tire pressure is low or that your engine temperature is too high. So a connection was made, against the desires of many vehicle engineers who felt there might be problems. I would be very surprised if this connection went away, there is too much engineering investment in creating software to use the entertainment system to provide driver information about the vehicle status.
But, a lot of improvements can be made. One issue is that even with the better micro-processors we use today, we are still running low on memory. Security checks add a significant amount of overhead to a system, and while I feel they are necessary, some designs have compromised security in order to allow functionality. There are solutions, but they take time to implement. Developing a new automotive platform is at a minimum a 36 month process, and 60 months isn’t unheard of.
And the vulnerabilities are not limited to the entertainment system. I recently heard of another exploit using a vehicle operational device which would allow access to the CAN bus remotely. The distance is limited, you couldn’t use a cell tower to take over someone’s car, but if you are within 30 feet you could lock/ulock doors, and start the engine. I haven’t heard whether you could take over the steering and brakes, but if the vehicle does have electric steering or brakes there is no reason why it couldn’t.
Finally, while the wired article is interesting, it is a little miss-leading. The author was instructed to not touch the steering wheel or brakes once the vehicle had been hacked. Even today the driver can over-ride the electronic controls of both the brakes and steering. Had the author grabbed the steering wheel, or stomped on the brakes, they would have responded. Shutting off the car, on the other hand, is a function the hackers could activate without the driver having a chance to take over.
There is a lot of activity at the OEMs for this. I’m not in the midst of it, but I see it going on. There are some things which are obvious which should be able to be patched within a couple months, like knowing what messages each module should be sending and ignoring messages which appear to be from that module but are really being spoofed. That’s the biggest vulnerability and it’s pretty easy to correct. There are other problems which are going to take architecture changes, and those might take a little while to correct.
Reginald Selkirk says
Tesla hackers explain how they did it at Defcon