back to article Jeep drivers can be HACKED to DEATH: All you need is the car's IP address

Anyone driving about in a new Jeep Cherokee should update its software: at the moment the car's brakes and engine can be remotely controlled by anyone with an internet connection. This update might not sound particularly important, but trust me, if you can, you really should install this one. pic.twitter.com/qhTCrBIho8 — …

  1. Anonymous Coward
    FAIL

    Just why are these systems not air-gapped?

    Why oh why?

    1. MattPi

      "Just why are these systems not air-gapped?"

      Difficultly, laziness, and convenience. The radio wants to know how fast the car is going to adjust the radio volume and the radio also wants to connect out the world to stream music and/or get cd info. The satnav connects out to get traffic data and accident alerts. Building all that in (let's not discuss the merit of some of that, just accept that some people want it) means air-gap doesn't work. Apparently there are gateways and IDS for CANBUS, but that's where laziness and cost come in.

      My car does most of the above functionality via bluetooth over a smartphone app; I'm not sure if that's better or worse. I'd lean towards better, as I can always cut the link via my phone.

      1. Anonymous Coward
        Anonymous Coward

        No need to get those data from the same sensors attached to vital functions. Radio can get speed from the GPS, non need to get it from wheels or engine. It can use mics to get noise and correct for it.

        It's just a bad, cheap design.

        1. MJI Silver badge

          Speed to radio

          Pre CANBUs this was just one wire with speed info. Single was traffic.

          Personally I think the only way safety critical systems should be communicated with is via the diagnostics port

        2. John Brown (no body) Silver badge

          "It's just a bad, cheap design."

          No, it's software engineers. When all you have is a hammer, everything looks like a nail.

          Why would a software engineer even consider adding extra microphone hardware when s/he can just tap into the engine ECU and read the rec counter?

          There's too much specialization and not enough cross pollination between disciplines.

      2. Jamie Jones Silver badge

        " The radio wants to know how fast the car is going to adjust the radio volume and the radio also wants to connect out the world to stream music and/or get cd info"

        But why does the radio need to be able to control the speed?

        1. Christian Berger

          simplez

          "But why does the radio need to be able to control the speed?"

          That's obvious, the range of volume the radio can put out is limited so if you are going to fast for your music the radio needs to be able to break your car.

        2. Anonymous Coward
          Anonymous Coward

          to automatically boost the volume as speed increases. to overcome road noise.

          1. MJI Silver badge

            My car has that - 1 wire

          2. nilfs2
            Facepalm

            "to automatically boost the volume as speed increases. to overcome road noise"

            That "road noise" is actually good, it needs to be heard by the driver, someone should remind the auto manufacturers that hearing the engine and being aware of the world outside the car is a vital part of driving.

            1. Shades

              Why is road noise that important unless you're driving like a complete bellend in an old "V-Tec just kicked in yo!" Honda Civic or some other ridiculous "I think I'm in The Fast and the Furious" motor on the public highways?

              And engine noise? My car, even though it is a diesel, makes barely any engine noise (from inside at least!) at the best of times and its pretty much silent when cruising at a steady speed.

              1. David Roberts
                Happy

                Two words

                Induction roar.

              2. nilfs2
                Headmaster

                Road noise is important because you are aware of what's going on around you, you can hear the motorcycle or cyclist you just ran over and didn't noticed, or the person behind you trying to get your attention because your car is leaking fluids or has a flat tire, or hear the train comming on the train crossing you are about to cross, and so on; and it's important to hear the engine to make proper gear changes on manual cars, also, the engine tells you if something is wrong when it makes an unusual noise.

                As a car driver you are operating a machine that needs your attention, isolating the driver from the machine is a bad, you are operating a dangerous machine, it requieres all your senses, you are not sitting on a sofa in your living room listening to your favorite music, sipping coffee and smoking a cigar like car manufacturers want you feel like when driving, pay attention to the damn thing.

                1. Shades

                  What a load of absolute bollocks! So according to your little list deaf people shouldn't really be driving?

                  "you can hear the motorcycle or cyclist you just ran over"

                  Being able to hear them once you've ran over them is a little bloody late! Correct use of mirrors and proper observations, like you should be doing anyway can prevent harming anyone that isn't doing their very best to end up under your wheels themselves.

                  "the person behind you trying to get your attention because your car is leaking"

                  Proper maintenance prevents, and regular checks alert you to, those sort of things, that and on-board sensors.

                  "or has a flat tire"

                  If you can't tell if your car has a flat tyre then there is something wrong. very wrong. Then again its understandable if you can't feel a deflated tyre in those over-sized wallowing barges you call cars.

                  "or hear the train coming on the train crossing you are about to cross"

                  I'm not sure how it works in the States (where I presume you're from given your spelling of 'tyres') but most rail crossing in the UK have some form of physical barrier and/or warning sirens and lights, or sometimes gates, which one has to get out of a vehicle to open. If anyone is dumb enough to cross an open crossing, without turning down their music and making proper observations, then they probably deserve their eventual Darwin award.

                  "and it's important to hear the engine to make proper gear changes on manual cars"

                  I don't need to hear the engine to know when to change gears, neither does anybody I know given the preponderance of manual cars over here. If you need engine noise to know when to change gear then its probably best you stick to the auto-boxes you're so fond of that side of the pond.

                  "the engine tells you if something is wrong when it makes an unusual noise"

                  Again, proper maintenance and regular checks will prevent this and unless you're driving a properly old shit-box then your car will have a whole array of sensors and warning lights/display that will alert you to the fact that something is wrong long before you "hear" it.

                  "isolating the driver from the machine is a bad"

                  Again, in practice, with regards to being able to hear "road noise", what is the difference between having loud music or being deaf? According to you being deaf would similarly be a "very bad thing" when it comes to driving.

                  "it requires all your senses"

                  Taste?

                  "you are not sitting on a sofa in your living room listening to your favorite music, sipping coffee and smoking a cigar like car manufacturers want you feel like when driving"

                  That may be how cars are advertised over there, not over here.

                  Your post sound more like a list of your inadequacies as an owner and driver of a "dangerous machine".

                  1. nilfs2
                    Coffee/keyboard

                    @Shades

                    According to your logic, it is ok to make a chainsaw with a built in screen where you can watch your favorite show or movie on Netflix when you are cutting a tree, of course as long as it has been given proper maintenance, machines never fail even if they are brand new, just like the Jeep mentioned on the article.

                    Thank Odin that you are driving on the U.K. and not around here, it gives me a little peace of mind. BTW, no, I'm not from the US, as shocking as it sounds for you, there's a whole world out there with lots of countries aside from the US and the UK with people able to speak english as well (or even SEVERAL LANGUAGES!!).

                  2. Anonymous Coward
                    Anonymous Coward

                    @ Shades

                    My dear Shades.

                    Has anyone ever told you that you come across as a pompous, know-it-all prat?

                    I'm surprised if they haven't!

        3. Cuddles

          "" The radio wants to know how fast the car is going to adjust the radio volume and the radio also wants to connect out the world to stream music and/or get cd info"

          But why does the radio need to be able to control the speed?"

          More importantly, why does the radio want to adjust the volume in the first place? My radio, and every other than I've ever seen, has a volume control. If I can't hear my music well enough, I turn the volume up. There is no reason I would ever want the radio to adjust the volume itself. Especially since my phone constantly tries to adjust the volume automatically and does a fucking terrible job of it - apparently I might damage my hearing if the volume is too high, but since it has no idea whether I'm using headphones, speakers, in the car over bluetooth, or trying to forcibly insert the phone into my ear, it has no idea what "too high" actually means yet tries to tell me off anyway. I very much doubt a car stereo will be any better programmed.

          So this isn't a case of some useful functionality compromising security due to the connections it needs. It's a completely pointless function of no use to anyone, that also compromises security as an added bonus.

          1. Anomalous Cowturd
            Megaphone

            why does the radio want to adjust the volume?

            So you can still hear it when you leave town and accelerate to out of town speeds, and conversely, so it doesn't blow your ears off when you get to the next slow spot.

            My nearly twenty year old car does it, and it's very useful. One less reason to take your eyes off the road.

            In the grand scheme of things, not a massive advance, but it's the little things like it that make me appreciate my car's design.

            It's a Volvo by the way.

            1. fnj
              Alien

              Re: why does the radio want to adjust the volume?

              That's bullshit, and if one can't live a perfectly happy life without the sodding automatic volume control, one is brain dead. It's time for Darwin, but don't kill me in my car because you want to design for the helpless jellyfish.

            2. Anonymous Coward
              Anonymous Coward

              Re: why does the radio want to adjust the volume?

              @ Anomalous Cowturd

              Amazing! All that technology to make a radio louder or softer.

              I had a Renault where I was able to do that to MY satisfaction, with a very simple steering wheel stalk to control volume, station switching, all without taking my eyes off the road, or my hands off the wheel. It also worked better than the subsequent Mondeo I had, whereby if you pulled the up and down buttons at the same time it instantly muted the radio. Do it again and it unmuted again.

              I really don't think you need a bloody computer to do what a couple of switches and your fingers can do - and more accurately as well.

          2. Jamie Jones Silver badge

            Vauxhall Vectra...

            I've had my car for 18 years, and it has a setting that adjusts volume based on speed. No GPS, no cellular intcoming internet. No need!

    2. Phil O'Sophical Silver badge

      Never mind air-gapped internally, why are any incoming connections accepted at all?

      1. Blofeld's Cat
        Black Helicopters

        I find your lack of faith disturbing...

        "Never mind air-gapped internally, why are any incoming connections accepted at all?"

        But, citizen, you forget that it is essential that the agents of security can remotely neutralise the threat from paedoterrorists and rogue ninjas who might otherwise escape them.

        You should not question these design decisions, citizen - they are for your safety..

      2. Anonymous Coward
        Anonymous Coward

        How else are the spooks supposed to track you in your car? I mean apart from the cameras, your phone, your credit card spend...

        Welcome to the Internet of Tat.

        1. Paul Hovnanian Silver badge

          @AC: "How else are the spooks supposed to track you in your car?"

          Follow the clouds of blue smoke and the drops of gear lube on the pavement.

      3. Charles Manning

        The Swiss Army Knife Effect

        A few months ago I was involved in a "brainstorming session" for a proposed new product. The product never got into development, but is illuminating about the way some of these products develop - this one too.

        In the case I mention, it started off being a simple safety feature for outdoors people. I pointed out the world already has very good, cheap EPIRB/PLBs. Slowly the proposed product grew features: GPS tracking, a Facebook interface that updated your position on a map, a camera to instantly update your friends with photos on your social media...

        So in the end we had something that was basically a ruggedised phone without voice but with some extra safety gizzmos that would kill a battery in a day. The PLB I carry has a 7 year battery life. It just lives in my pack. I can forget it is there until I need it.

        The proposed device was no longer any good at providing its core service: being a safety device because it was compromised by all the extra crap that had been added. Most of the rainstorming discussion had gone into discussing the feature sets/details of the ancillary functions: how many Mpixel camera? soft keys or a hardkey Facebook button,... The actual core function got little attention.

        Exactly the same happens on those massive 20+ function Swiss Army Knives. Each function is poorly implemented and each addition detracts from the core function of being a knife. Having carried a wide range of Swiss Army knives, I now carry an Opinel: a knife that is just a knife: light cheap and very effective.

        A product like car infotainment system has a similar genesis. Each added function detracts from the core function of the unit. More effort goes into making the DVD player work than into making the car control work. The need to run Linux or Windows to support the ancillary functions compromises the simplicity and robustness of the core functions.

        It is made worse by the chip vendors who provide an infotainment reference design/BSP. Their purpose is just to demonstrate their chip running an infotainment function set. They do not concern themselves with all the serious design issues such as security. The product designers just start with such a reference design and tweak it to make a product. What they should really be doingi s throwing away the whole lot and designing from the ground up.

        The IoT industry is heading down exactly the same path. Most IoT devices are just slight tweaks of IoT reference designs.

        This industry is not going to improve any time soon.

      4. Dr_N

        "why are any incoming connections accepted at all?"

        How else will the dealer/finance company disable the car when you miss an installment ...?

      5. JamesPond

        why are any incoming connections accepted at all?

        Because car manufacturers want to be able to upload patches directly to your car when it is parked on your driveway. This will be vastly cheaper than the current system where they have to pay a dealer x minutes during your yearly service to update the firmware, and across the world, those minutes add up. As an example, shaving a 30 seconds off a full vehicle ECU reset saved the OEM I worked for £1/2m per annum in dealer charges.

        1. Stoneshop
          Facepalm

          Re: why are any incoming connections accepted at all?

          Because car manufacturers want to be able to upload patches directly to your car when it is parked on your driveway.

          So kill everything that's listening for incoming connections as soon as the vehicle starts moving.

        2. Anonymous Coward
          Anonymous Coward

          Re: why are any incoming connections accepted at all?

          "Because car manufacturers want to be able to upload patches directly to your car when it is parked on your driveway."

          Irrelevant.

          Manufacturer does not need to send connect request to car for that, update app on car can send periodic connect request to manufacturer. Update app on car can have restricted capabilities too, if required and sensible (and why wouldn't it be sensible).

          Next.

    3. Anonymous Coward
      Anonymous Coward

      @skelband

      Just why are these systems not air-gapped?

      Because it makes life extremely difficult for the Feds when they need to make someone disappear.

      https://en.wikipedia.org/wiki/Michael_Hastings_%28journalist%29#Allegations_of_foul_play.2C_and_assertions_to_the_contrary

    4. Black Betty

      Why are we using GP computers/OS's...

      with all the bells and whistles for limited functionality applications?

      It would not surprise me at all to learn that like with IoT devices, computerised cars are loaded down with tens of megabytes of code which serves absolutely no useful purpose except to provide an expanded attack surface for potential miscreants.

      Recall this old joke?

      Windows 95/98, (n): 32 bit extension and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprossessor, written by a 2 bit company that can't stand 1 bit of competition.

      This joke is why black hats have such an easy job.

    5. Nigel 11

      Air Gap

      I won't be buying any car without an air gap.

      That's the air gap between the engine and the mechanically operated clutch. I'd far rather that there's also no possible control of the steering, gearbox or brakes by the computer. Failing which, they must at most be servo-assisted with mechanical override possible via the major controls, not "drive by wire" through a computer.

      There's going to be a Ford Pinto moment for someone in the auto industry in the near future.

    6. jonathanb Silver badge

      Conspiracy theorists would say it is because the manufacturer put a back-door in the software to allow the police to remotely disable the car. Whether or not that is more or less plausible than complete incompetence, I'm not sure.

    7. Anonymous Coward
      Anonymous Coward

      @ skelband

      Why the hell are these systems there at all!! There is no remotely good reason why a car should be connected to the internet - ever.

      And those who say for safety reasons (I'm sure there will be people who think this) it is just nonsense.

  2. Paul Crawford Silver badge

    A start, but...

    "$5,000 fine"

    No, lets start with $500k for failing such a penetration test, and go upwards from there. Only if profits are seriously threatened will those morons who decide to make everything software-controlled (by the cheapest code monkeys they can find) start to get the message.

    And yes, I have designed control systems and even written code for an engine management computer project in the distant past. So I'm no Luddite, but someone with a heightened sense of how critical such systems are and how piss-poor most designs end up.

    Rule #1 no external connection unless ABSOLUTELY necessary. There is no necessity for brakes, steering and throttle control to be externally accessed.

    Rule #2 have hardware & software with no single point of failure.

    Rule #3 software is never 100% trustworthy, so have hardware limits, watchdogs and cut-outs that can override ANY software command.

    Rule #4 big red switch for power. That stops EVERYTHING if needed.

    <edited to add>

    Rule #5 don't trust something that has not been independently audited. Not even your own code.

    1. Anonymous Coward
      Anonymous Coward

      Re: A start, but...

      Or how about, $5000, per car, per week or part thereof that said car is left vulnerable and $1M per crash that is attributed to said vulnerability.

      If there's 10 cars that are vulnerable and they take 3 days to address the security issue, that's $50000.

      If there's 1000 cars and they drag their feet for 8 weeks, $5000 × 1000 x 8 = $40000000 ($40M).

      That might encourage them to stop and think. I can't think of a good reason why you should be able to control the steering/brakes/accelerator from a position other than the driver's seat either.

      The nasty bit about this is that it'll probably kill or maim those who have nothing to do with a Jeep other than being unfortunate enough to be near one when one misbehaves.

      1. Phil O'Sophical Silver badge

        Re: A start, but...

        Past experience shows that bankrupting the car manufacturers won't help, since the taxpayer will be on the hook to bail them out. Jail time for the executives is the only deterrent that will work.

      2. Vic

        Re: A start, but...

        I can't think of a good reason why you should be able to control the steering/brakes/accelerator from a position other than the driver's seat either.

        It's very useful for automated testing \ but you do it with a physical cable, not over an IP link from the ICE...

        Vic.

    2. Anonymous Coward
      Anonymous Coward

      Re: A start, but...

      That sounds like a standard. which will have to be complied with.

      now await the compliance is not security brigade.

    3. Vic

      Re: A start, but...

      Only if profits are seriously threatened

      A $5,000 fine for each violation does seriously threaten profits.

      $5000 for each violation. One on each of 200,000 cars - that $1B. That should make them think[1].

      Vic.

      [1] It won't - there seems to be a new breed of management at the moment who *genuinely* believes they'll never get caught, no matter how egregious their wrongdoing...

      1. Anonymous Coward
        Anonymous Coward

        Re: A start, but...

        [1] It won't - there seems to be a new breed of management at the moment who *genuinely* believes they'll never get caught, no matter how egregious their wrongdoing...

        That's the "I'm smarter than..." effect and it seems to be endemic in humans, not just specific to managers. However, when it does rear its ugly head, it's the manager's egregious behavior that makes the Evening News (or suitable web page).

        We also run into the "there oughta be a law..." effect as well. Whatever law does get passed will be effectively toothless since Congress gets a large pile of money from the auto/vehicle/home/... industries. If it had teeth, then bankrupting the industry just forces another takeover. Oh, I forgot. Aren't the Teamsters part-owner of GM? That makes them bulletproof.

        1. Paul Crawford Silver badge

          Re: A start, but...

          As already pointed out: start aggressively jailing managers who fail to enforce proper safety processes in product design, testing, and support.

          Industry won't go bankrupt, and after a few execs are doing jail time the behaviour will improve remarkably.

          1. Stoneshop
            Devil

            Re: A start, but...

            Indeed. Like I suggested on another subject a while back, it should physically affect the idiots that allow such a situation to (continue to) exist.

      2. Bob Wheeler

        @Vic Re: A start, but...

        Th sharpen their attention,the Directors and managers that signed off the 'bad' design/implantation are personally libel jointly along with the company.

      3. Anonymous Coward
        Anonymous Coward

        Re: A start, but...

        "$5000 for each violation. One on each of 200,000 cars - that $1B. That should make them think[1]."

        Maybe. But there's already at least one example of billion dollar penalties in the US alone. Do you think anybody relevant noticed or cared? Personally I favour the "lock up the directors responsible" method as a means of really focusing management attention.

        Over a year ago, in March 2014, Toyota agreed to pay a $1.2 billion criminal penalty in a settlement with the U.S. Justice Department, after the company acknowledged having misled consumers about safety problems related to unintended acceleration of a number of its vehicles. Problems related to sudden acceleration resulted in the recall of millions of vehicles from 2009 through 2011.

        The court case, and the dubious engineering, behind this is described in a few places including

        http://www.eetimes.com/document.asp?doc_id=1319903 25 Oct 2013

        "Could bad code kill a person? It could, and it apparently did.

        The Bookout v Toyota Motor Corp. case, which blamed sudden acceleration in a Toyota Camry for a wrongful death, touches the issue directly. This case -- one of several hundred contending that Toyota's vehicles inadvertently accelerated -- was the first in which a jury heard the plaintiffs' attorneys supporting their argument with extensive testimony from embedded systems experts. That testimony focused on Toyota's electronic throttle control system -- specifically, its source code. The plaintiffs' attorneys closed their argument by saying that the electronics throttle control system caused the sudden acceleration of a 2005 Camry in a September 2007 accident that killed one woman and seriously injured another on an Oklahoma highway off-ramp. It wasn't loose floor mats, a sticky pedal, or driver error."

        [article continues]

        A billion dollar penalty was subsequently imposed for the (mis)handling of the recall:

        http://www.nytimes.com/2014/03/20/business/toyota-reaches-1-2-billion-settlement-in-criminal-inquiry.html?_r=0

        Eric H. Holder Jr., the United States attorney general, talked in impassioned tones on Wednesday about Toyota’s behavior in hiding safety defects from the public, calling it “shameful” and a “blatant disregard” for the law. A $1.2 billion criminal penalty, the largest ever for a carmaker in the United States, was imposed.

        Mr. Holder said the department’s four-year investigation of Toyota found that the company concealed information about defects from consumers and government officials, putting lives at risk because of faulty parts that caused sudden, unintended acceleration in several of its models.

        [continues with reference to inquiry into similar issues at GM]

    4. Voland's right hand Silver badge

      Re: A start, but...

      You are not thinking.

      5000 is OK. If it is per affected vehicle.

    5. MrXavia

      Re: A start, but...

      "No, lets start with $500k for failing such a penetration test, and go upwards from there."

      How about lets make it mandatory that a car passes a pen-test before release to the public?

      Prevention is better than cure... and ensure that any software updates are also pen-tested before release!

      And the cost of pen-testing should be low, otherwise you will hit the problem of companies not releasing bug fixes as they don't want to pay the pen-test fees.

      "Rule #5 don't trust something that has not been independently audited. Not even your own code."

      Very good rule!

  3. Anonymous Coward
    Anonymous Coward

    You can't fix STUPID !

    How many deaths and injuries do we need to see in the transportation field before companies are held accountable for the safety and security defects in their products? 25 years ago Microsucks should have been nailed to the wall for selling such evil O/Ss so now every fool who writes defective, irresponsible code claims that they can't check all of the code because it has xx (fill in the number) millions of lines of code. That is 100% B.S.

    Wait until autonomous vehicles get hacked or have computers that crash and then the shit will hit the fan as the paid liars cash in on the incompetence of unscrupulous companies and programmers.

  4. adnim

    Once my

    2002 Focus falls apart... I have had it from new and it don't look or drive much different. I will buy a car I can root and lock down or another 10+ year old car.

    If someone else has or can gain control.... including manufacturers it ain't yours...

    1. joed

      Re: Once my

      exactly the reason I've kept my 02 as spare. Even windows are manual (minor gripe until I realized it could not break and was actually more convenient at times).

      1. Hellcat

        Re: Once my

        I'm guessing you don't realise that the part that breaks on car window mechanisims is usually the shuttle and cable system - a system that's pretty much the same for both electric and manual windows.

        1. Lionel Baden

          Re: Once my

          @Hellcat, Yup, or the crappy plastic wedges that hold the window in place, Although I drive a 2cv so don't even have to worry about that. Windows just Flap up.

  5. Kevin 6

    Well damn glad I got a shiny old jeep cherokee which only had an exploding gas tank recall

  6. joed

    I beg to differ

    ""Drivers shouldn't have to choose between being connected and being protected," said Senator Markey."

    I wished I could actually disable all the connectivity in my new car. That's what the smartphone is for.

    1. Remy Redert

      Re: I beg to differ

      Step 1) Locate the antenna used for wireless connectivity

      Step 2) Snip the wires leading to it.

      Your vehicle's connectivity is now permanently disabled. Enjoy.

      If you have GPS, it probably has another antenna for that, which being receive only you may not want to mess with unless you're extremely paranoid.

      1. joed

        Re: I beg to differ

        not that easy:

        1. you have to get to these (buried behind the dash etc)

        2. once unplugged the rest of the system may (will in case of my car) complain (luckily for me it'll keep running as far as I know)

        3. going really low-tech may void warranty (and look ugly)

        4. at some point it may become illegal to disable built in comm systems (one more reason to keep the old clunker around for "special" runs;)

  7. Anonymous Coward
    Anonymous Coward

    So...

    Still happy with the idea of a car without a proper ignition key or without anything else to act as kill switch?

    No? Thought so. There is hope after all.

    1. Alan Brown Silver badge

      Re: So...

      "car without a proper ignition key"

      That key thingie you turn to start the car hasn't been the primary power switch (or controller) for over a decade. At best it tells the car what you'd like to do.

  8. Fred Flintstone Gold badge

    ""Drivers shouldn't have to choose between being connected and being protected," said Senator Markey."

    Well done. Now apply that to your three letter agencies as well - you have all the required basics in that one line.

  9. Greg J Preece

    Take old car, rip out stereo unit, replace with cheap 2-DIN touchscreen <insert OS here> unit, get a superior version of all their connectivity crap without the ludicrous security bugs and less tracking bullshit. That's what I'm planning to do with my car at any rate. it's not exactly hard to do, and even with the 3G connectivity, car mic, rear parking camera, etc I'm still only looking at $500-600.

    1. This post has been deleted by its author

      1. Lionel Baden

        1980_coder, That is a bit unfair, replacing a stereo and laying down a cable with camera on the end isn't exactly more complex than Ikea furniture. You could safely assume 98% of the population could figure it out.

        most tech luddites I know, are not stupid or incompetent, they are Lazy and would rather somebody else did it for them.

  10. Charles Manning

    So Toyota was bad?

    What amazes me is that Toyota got nailed for over $1bn in damages when no smoking gun was ever found.

    US car companies can make shit like this and get slapped with a wet bus ticket.

    1. Paul Crawford Silver badge

      Re: No smoking gun?

      Have you read this about Toyota's ECU software:

      http://betterembsw.blogspot.co.uk/2014/09/a-case-study-of-toyota-unintended.html

      Not just it could crash, but also it might corrupt the logging feature supposed to help find the cause of a serious crash.

      1. Charles Manning

        Re: No smoking gun?

        "Have you read this about Toyota's ECU software?"

        Yes I have. I've also read the stuff written by Michael Barr (the main and most convincing litigating expert witness).

        They found a whole lot of software that looked badly written, but they never actually demonstrated the software failing. Basically the argument was that the code looked ugly and had programming errors in it therefore it likely failed.

        They never managed to actually make it fail though.

        1. Paul Crawford Silver badge

          Re: No smoking gun?

          So how do you explain the significant number of reported incidents?

          What about the case when they (passenger) were making a 911 call during the process of the car being uncontrollable? (They died in the crash). No one from Toyota could point to a sticky mat, etc, to explain that away.

          Sorry, but show me safety-critical system that has so many potential flaws and has single points of failure (in both code and the hardware) and that is a "smoking gun" to me.

          1. Phil O'Sophical Silver badge

            Re: No smoking gun?

            safety-critical system that has so many potential flaws and has single points of failure (in both code and the hardware) and that is a "smoking gun" to me.

            I'd say the most common example of such a system is "the driver".

            1. Paul Crawford Silver badge

              Re: No smoking gun?

              In many cases, yes. But that is not an excuse for not properly engineering systems that are safety critical.

  11. Anonymous Coward
    WTF?

    $5k per car, or...?

    Because any fine I can consider easily paying as individual is a joke to a large corporation.

    I can believe this level of incompetence though. I am leaving my job working with 'med-tech' because the software standards I experienced made the rushed code for a mediocre game look like NASA code. The software profession tolerates a lot of idiots.

    1. John H Woods

      Re: $5k per car, or...?

      "I can believe this level of incompetence though. I am leaving my job working with 'med-tech' because the software standards I experienced made the rushed code for a mediocre game look like NASA code. The software profession tolerates a lot of idiots." -- GameCoder

      The trouble is that software is not a "profession" -- it is a job. We don't need to regulate everyone, but probably those who develop safety critical systems, and possibly those who develop any internet facing systems, should be qualified and/or licensed to do so -- not so much to stop developers misrepresenting themselves, which is fairly rare, but to prevent corporations' simply choosing the 'lowest cost resources' for development, skimping on testing (i.e. avoiding any realistic or significant testing at all) and simply shrugging their shoulders when things go wrong.

  12. Doctor Syntax Silver badge

    Software fix?

    It sounds more like a hardware fix is needed so there's no connection other than the power line.

  13. Sorry that handle is already taken. Silver badge

    "If there's a shiny new Jeep Cherokee sitting in your driveway..."

    ...my condolences.

    1. Paul Hovnanian Silver badge

      Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

      ... I'm still jumping in the '79 Landcruiser.

    2. Mystic Megabyte
      Pirate

      Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

      AFAIR that's the model that should never be taken into a desert. If the air-con pump seizes there is no way to re-route the drive belt to bypass it. So then you die.

      1. AndyS

        Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

        " If the air-con pump seizes there is no way to re-route the drive belt to bypass it. So then you die."

        What?

        What about if the cylinder head cracks, or if the sump plug falls out, or if debris from a repaired radiator blocks the thermostat, or if the transmission fluid leaks out, or or or...

        There are many ways an engine can fail. And even a failed engine is no excuse to die in the desert. Never heard of a back-up plan? If you think a failed aircon pump will kill you, maybe you shouldn't really be driving into the desert to start with.

        And to address that particular one, I'm pretty sure I could un-seize a pump well enough to let the pulley turn again if I needed to that badly. I'm talking from experience, having nursed two 18 year old hiluxes from the UK to South Africa, with plenty of bush repairs including, wait for it, a seized aircon pump, a cracked cylinder head, and all the other failures listed above.

        1. JetSetJim
          Coat

          Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..." @AndyS

          But you can't kill a Hilux

      2. ITS Retired
        Holmes

        Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

        "If the air-con pump seizes there is no way to re-route the drive belt to bypass it."

        Turn the A/C OFF! There is a magnetic clutch involved. Cut the wire to it, if necessary. Finger nail clippers? Knife? Yank the wire out. Just getter done and be back on your way, before you die of thirst because you probably did not bring any water with you.

    3. Hellcat

      Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

      ... It's probably driven away by itself.

  14. Kev99 Silver badge

    Who was the idiot who decided to even allow the vehicle systems to have outside access via radio? He/she/idiot should be held personally liable for any damages. I cannot believe the idiocy of engineers any more.

    1. frank ly

      "... by knowing the car's public IP address."

      That's when I started screaming.

    2. Hud Dunlap
      Boffin

      @Kev99 It wasn't the engineer

      Sounds like marketing or upper management. This reminds me of an old Chevy I had. It had a six cylinder engine and worked real well. Marketing decided that model needed a V8. It fit. So the next years model had a V8. It fit. Sort of. You need to yank the engine to replace the plugs. I think someone figured out how to lift the engine just a little bit to change out the plugs. That wasn't an engineering decision.

  15. This post has been deleted by its author

  16. 404

    New Normal War driving

    Driving the streets of LA/London/personal favorite town actively scanning/collecting comm freqs, searching for IP's, scripting open door attacks, recording everything, in a hardened distributor and points 60's vehicle. Kinda like Google Streetview cars, but more honest about it.

    Racers, sitting at the line, computers doing bruteforce attacks on other drivers' cars, while your systems are defending from the other guys, while the tree counts down.

    Fleets of police cars simultaneously accellerating to 120MPH and making a sudden, gps-guided, left turn into a building/bridge/river/etc of your choice.

    Pretty morose this evening... it's a Brave New World... smh

  17. Christian Berger

    I think you have a far to romantic idea of the industry

    People in the (car) industry don't have much clue about security, in fact they don't even understand basic concepts of what they are doing. I have seen people doing things, every book on embedded software design warns you against and gives alternatives, yet they do it like this anyhow.

    Somehow it seems like, even if you have trivial problems, software developers (and their surroundings) seem to want to "blow it up" into something big, by adding needless complexity.

    This is, in a way like this Czech(oslowakian) animated series:

    https://www.youtube.com/watch?v=OJsFj9exAlc

  18. Anonymous Coward
    Anonymous Coward

    How's that for timing,I commented on the article below yesterday

    The whole movement of computerized control of car engines has gotten completely out of hand. There is very little need for much of it. Of course, it does cause to take our cars in for service more often and enables us to do less ourselves and I guess, ultimately, that's the point. We have lost control of own vehicles to the manufacture and whatever government agency decides to stop our car. As well as, whatever hacker decides to stop our car as I'm sure that can't be far away.

    http://forums.theregister.co.uk/forum/1/2015/07/08/ford_car_software_recall_analysis/

  19. Winkypop Silver badge
    Mushroom

    There's only one Jeep

    Left...

  20. Anonymous Coward
    Anonymous Coward

    Proves my policy about cars

    I always said if I ever bought a car that had OnStar or any sort of equivalent system that connected it to the outside world, I'd permanently disable it, or if that was not possible I'd choose a different car.

    Silly me, I was concerned about invasion of privacy and the potential for the government to remotely shut down my car if they felt like it. I never dreamed anyone could possibly be stupid enough to give a car a public IP address! Once again I underestimate and am astounded by the stupidity of engineers who really should know better.

  21. Mystic Megabyte
    FAIL

    It happens on boats too!

    I was on a runaway 2000HP boat in a harbour. The stupid throttle/gearbox controller had got confused and was programmed so that in an error situation it would put control to a certain station. The problem was that no-one was sitting at that particular station and the throttles had been knocked forward.

    It would have been better to program the the thing to put the engines in neutral and throttles to tickover if an error is detected. Lots of damage was done and the manufacturers denied all responsibility for it but did have a new "improved" version waiting in the wings.

  22. Andy Non Silver badge
    Mushroom

    Terrorists wet dream.

    Terrorists like ISIS are quite computer savvy and these sorts of vulnerabilities are a gift to them. With a zero day exploit and some coordination, they could cause chaos in Europe and the USA causing numerous "accidents". They wouldn't even need to kill many people - just frighten the public and plant the seed of terror in their mind that their cars can be pwned to hurt of kill them.

  23. Ed 13

    System design

    The fundamental problem is the evolutionary design of systems that takes place. The Uconnect will have been added to an existing design. This has meant that no longer does a hacker have to be physically connected to a car which previously was the mitigation to a lot of these risks.

    It's not new for as car system to be hacked via the "information and entertainment" systems. I have heard of specially crafted CDs that when put in the car's CD player will interfere with the car's operation at this sort of level.

    I suspect the issue is a problem in the connection between the network the Uconnect is attached to and the ones the engine management and braking systems live on. They should be segregated, but a fault in the design or implementation of this segregation means that they are not and this then allows data from one in to the other.

    Something that is also of note in this is that the Uconnect is exposed by a public IP address, which is unusual for cellular system. Although I do know that you can buy SIMs with this feature, it's not common.

  24. Doctor Syntax Silver badge

    At the local filling station the other day:

    One slot was occupied by a big, unattended SUV - I think it may have said Jeep on the back but not being interested in mobile bricks I didn't take too much notice. The slot continued to be occupied by it; nobody came out of the shop to drive it away. When I went in to pay I asked the attendant what was happening. It turned out that the driver had put in the wrong fuel and consequently (maybe because the engine wouldn't run) the handbrake couldn't be released.

  25. Gergmchairy

    A long time ago (2000ish) I had a shiny new Ford Exploder. One morning I parked on a slight downhill slope, leaving the engine running I got out to open a gate in front of me - as I shut the drivers door the car rocked slightly and that was enough for it to decide to auto-lock the doors.. cue an hours wait for the RAC (fortunately my phone was in my pocket!) and ever since I've been nervous of too much tech in modern vehicles...

  26. Anonymous Coward
    Anonymous Coward

    Security should be baked in at the start.

    First of all why no verification of sender? Security certificates?

    Why use a "Public" 3G data network? Isn't Sprint is the airtime provider for Virgin?

    Aren't these simple questions to ask at design time?

    1. Doctor Syntax Silver badge

      Re: Security should be baked in at the start.

      "Aren't these simple questions to ask at design time?"

      Probably. And the questioner gets branded as a trouble maker & told he's being negative.

  27. TeeCee Gold badge
    Facepalm

    Words fail me.

    Given that it is well known that anything connected to the Internet will be attacked and had better be 100% bloody bulletproof[1], didn't anyone think that a "connected car" was a Really, Really, Seriously Fucking Stupid Idea?

    In fact, as stupid ideas go, that's one of the more stupid ones as the risk / benefit doesn't even begin to stack up: Benefit: Facebum on the move. Risk: Horrific flaming death.

    [1] Yeah, right. One of the tools you will require here is a reliable crystal ball so that you can have foreknowledge of all the possible attack vectors that will be invented over the lifespan of your product.

  28. The Jester
    Facepalm

    Public IP Address

    One thing that's been missed by a lot of people is that the 'public IP address' isn't really very public.

    The system connects via a mobile network (I believe Sprint) so unless you're also on Sprint's mobile network, you are protected (and I use the term loosely) from the wider internet by the carrier's NAT.

    It's still unbelievable that anyone who designed this thought any incoming connections were a good idea - at least lock incoming connections to known IP ranges and use some bloody authentication!

    1. Anonymous Coward
      Anonymous Coward

      Re: Public IP Address

      Yes but all you need is a PAYG (Burner) phone to access the Sprint network.

      Getting Sprint to provide a M2M MNVO sub network would have prevented this.

  29. Yugguy

    This is no surprise

    Like I said in the other articles on this, the more I hear, the more I want an older car where the only computer is in a black box ECU with NO external connectivity beyond a physical data socket.

  30. Douchus McBagg

    holy fudge. who in their right mind thinks that live control systems need to be connected to 1. meedja systems/satnav/etc, and 2. the bloody internet?!?!

    not just a software patch, but a fudging class action suit needs to happen!

    oh, hey, this airbus A380 thing has an internal network for all the seatback inflight entertainment systems, lets use that for the friggin fly-by-wire shiz too. DUH!

  31. phil dude
    Black Helicopters

    Michael Hastings....

    His death was in a Mercedes C250 coupe, and it did seem strange that the car lost control on a pretty mundane piece of highway.

    These researchers may be the first to publish, but perhaps it has been weaponized by the spooks already?

    Stupid is scary, every time.

    P.

  32. Amorous Cowherder
    Facepalm

    Oh my

    The words "CAR" and "IP ADDRESS" should not appear in the same sentence, at least not when talking about the car on the public highway!

  33. Mage Silver badge
    Facepalm

    I knew DAB was stupid.

    This vulnerability makes the Jeep look sensible!

    http://www.bbc.com/news/technology-33622298

    A crafted DAB broadcast and ALL vulnerable vehicles in range are hacked, e.g. slam on brakes. You can buy a DAB transmitter to hook to PC data under £2000.

  34. Christian Berger

    It might be best if those exploits would be published

    After all while it won't have many consequences now, hordes of cars being taken over could finally beat some sense into automotive (and industrial) developers.

    Unfortunately since the car industry has a mighty lobby the pendulum might swing the other way and the Internet will be abolished.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon