"No such attacks will ever take place in the real world but car manufacturers and auto industry associations are already aware of the possible risk."
Fixed it for ya! (Gratis, too!)
McAfee has put together an elite team of researchers to investigate how to go about protecting car systems from next-generation hacking attacks. Members of the team include Barnaby Jack, the security researcher best known for demonstrating ways that crooks can force ATMs to spit out cash and for highlighting security …
All theoretical attacks WITHOUT EXCEPTION need physical access to the vehicle's CAN bus. There are so many other ways you can sabotage a car, even without getting inside the car (hint: wheelnuts), that this is utterly pointless. For precisely this reason of safety, a wireless CAN bus is not going to happen. Sure a wireless sensor network in a car may come about sometime, but it's not here yet, and only an idiot would assume that the automotive engineering industry wouldn't think about security.
Even then, all modern ECUs are designed to cross-check sensors and reject anything which looks bogus. If the vehicle speed sensors are reporting values which are not physically possible given the engine RPM and gearbox output shaft RPM, all modern ECUs will flag up the speed sensors as faulty and ignore them. I'm sure you may be able to find ECUs which don't do every cross-check they possibly could, but the investment in time and effort to make this happen with a car you already have sat in your garage is ludicrous.
One minor problem, TPMS sensors are already wireless. NTN has demonstrated wireless ABS sensors. The industry is moving to something more like a wireless version of CAN, quite possibly because it doesn't make much sense to have miles of copper control wire inside an automobile when the same can be done with a single loop providing Vcc, the chassis providing ground and wireless for data and control. Compare that with the typical CAN bus or USB having Vcc, gnd, data hi & data low.
As in the linked article, it's already possible to fool TPMS going down the road at over 40 mph and it wouldn't be hard to get someone to pull over while the attacker plays "good Samaritan" and ultimately steals the "disabled" car. Now imagine the attacker is a bit more aggressive and can tap into the brakes as well so he doesn't really need to play the con game. Many cars are already throttle by wire and I don't think it will be long before those wires go away. Of course the upside to all this is the mechanic will be able to diagnose your car without having to get grease on the seats. I call it an upside because for most people cars are already too complex to perform any serious repairs yourself.
I think you'll find that Ford's "Sync" APIM has access to both high & medium speed CAN busses, and also has Bluetooth connectivity. It runs "Windows Auto". Joy.
Also, see my post from nearly two and a half years ago:
No, I didn't try hacking into his car. At my age, I need to be paid for that kinda work ... As a side-note, ask me why I collect & restore 1960s Ford muscle-cars, and late-60s/early-70s Datsuns ...
So, Graham Bartlett, why is the automotive engineering industry more likely to think about security than, for example, the ones who made rlogin, rsh and rcp transmit passwords in the clear, or the ones who made Macro Viruses viable by including auto-execute macros, or the ones who decided it would be a really cool idea to have your OS autorun stuff from any junk media you plug in, or the Siemens SCADA engineers who not only designed equipment with well-known default passwords, but made software that failed if you changed them?
I guess these must be different engineers, working for companies that value security highly. Good thing Siemens isn't building automotive systems... oh, wait!
Id like to see how they intend to address the patching of in-car systems when exploits are detected.
If its anything like today, you'll have to drive to your vehicle manufacturers stealership, hand over a briefcase full of used notes, disappear for a few days, then hope that they've managed to find the update cd.
Or, more likely, you'll only be protected if you pay a subscription fee where they can use the built in 3G modem to download it, but only whilst you continue to pay the 'protection fee'.
How long will it be until McAfee resellers start offering car software support 'because we wouldn't want anything bad to happen, like your brakes failing'.
Or are vehicles mostly using PPC and ARM, where performance per watt is in the land of reality rather than ridiculousness, thus allowing sensible cooling arrangements?
The amount of business they do is a round number, for sure. Namely zero.
You'll find a few WinCE thingys in satnavs, radios and other in-car entertainment stuff. Even then though, it's mostly ARM. And since none of this stuff ever gets to talk on the engine/transmission CAN bus, they physically can't get to anything safety-related.
Uh ... Graham, at least with Ford's "Sync", the "entertainment" system does have access to the vehicle management system, through a central computer that controls both. The central computer (called the "APIM" by Ford) runs Windows Auto. No, it's not Intel. Yes, it's ARM. But it's still MS-Windows.
<SARCASM> Really, McAfee? This will be the death of the automobile as we know it. Might as well get a new bicycle now before the price goes up. Norton wouldn't be any better.
First, the car will take over ten minutes to start because their antivirus is such a miserable resource hog, then it will only allow you to drive it to the dealer because it will need an update about everytime you start it. Next, driving it anywhere near another vehicle will cause both vehicles to temporarily shut down while they scan each other for viruses. During scanning or updating the vehicle will lock the doors and windows and turn off all other functions. For your own safety, you will not be able to leave the vehicle until the scan or update is done. Unfortunately, the update will corrupt the master boot record so the vehicle is locked in an endless cycle of update and reboot. The end result is that millions will die from being locked in their cars.
Tree hugging carbon credit junkies will finally get their wish as millions die and the rest are forced to walk everywhere. 40% of the remainder die of heart attacks because they now had to walk. The overwhelming unbalance in favor of the remaining unwashed hippies finally tips the vote in favor of wind energy. All regular power plants are shutdown and those who know how to run them are killed for crimes against the enviroment. Unfortunately, a cold snap happens and the winter temps dip below -10 F for two months and the rest of humanity outside of the equatorial regions freezes to death.<SARCASM>
"You'll need an environmental impact assessment. And an equal opportunities policy."
Ha ha! So very true. A few weeks ago after an item on the local news section of BBC News site I read the proposal by Bristol counci to introduce 20mph limits over most of the city in the next few years. And there were several pages at the end covering an environmental impact assessment (20mph seen as being positive to the environment) and an impact assessment of the effect of the policy on non-white people, women, gay people and transgendered people (impact seen as being neutral with possible slight positive effect)
The guy up near the top of the thread talking about CANbus is your first clue. CANbus is a common industrial automation protocol used in almost every auto today. Check http://www.canbushack.com/blog/index.php for some interesting info.
Maybe I misunderstood this article, but the guys at the Center for Automotive Embedded Systems Security (http://www.autosec.org) have demonstrated remote car hacking years ago. They presented a paper called "Experimental Security Analysis of a Modern Automobile" in 2010, so I would not call this new.
They have done such entertaining things as killing the brakes of a car..
Who knows what really went on with the relatively recent Toyota recalls where something accelerator-related was replaced?
The story I've heard is that the accelerator position sensor used some kind of rheostat (aka potentiometer) and that there was a loss of contact between slider and track (and hence loss of position info) from time to time. The "fix" was to make the "slider" push harder on the track of the potentiometer.
What kind of idiot would be so idiotic as to ignore fifty years of reliable low cost medium resolution position-sensing history (Gray codes, optical sensors, etc)?
Are there lots of idiots like this around in the safety critical bits of the vehicle control industry?