But who drives a Jeep?
Car hackers Charlie Miller and Chris Valasek have again hacked a 2014 Jeep Cherokee, this time by physically linking a laptop to commandeer its steering and kill the brakes. The duo have captured the hack to be presented at Black Hat Las Vegas this week in video proof-of-concept demonstrations. The compromise requires …
If you get physical access to the internal bus in the car, then you can control the car. So what? The same is true of lots of machines.
A danger that CANbus access can be used in some sort of bizarre movie plot assassination threat? If someone has that sort of access they could just put a bomb in the car or just tamper with the brakes. Actually, they don't even need that sort of access, or effort, to do those things.
The flip side of a pointless proposal for locking down the bus in the name of "security" will of course lock out legitimate uses for tapping the CAN bus, just in case someone somewhere might become the victim of some fantastical Hollywood plot perpetrated by Dr Evil.
This is the important point. Back in the old days, you could get this access via OBDII. It's actually a read & write interface. In my car it's writeable when the key is in the ignition and the battery is on, but the engine is not running. If the engine is on, it's read only.
Which I think is a perfectly sensible way of dealing with this, personally. It prevents all sort of attacks, including the "person walked past with a laptop, did a factory reset, unlocked the door, started the engine and an accomplice drove off with your car without needing the key.
I am sure that most cars still have a direct mechanical link in the steering. The SERVO may be controlled over a canbus but unless you are a 35Kg weakling you can overcome it. I know my car does because although it has electric steering, you can still steer it while pushing it unpowered. I am sure this is a matter of primary safety. I think that even cars with self drive capability still take the steering wheel position as the main control input and only self steer if you are not holding the wheel. Admittedly it would be rather unnerving and extremely distracting if the car tried to turn without your input.
The brakes are also physically linked to the mastercylinder as a matter of primary safety. It is only the servo system which is driven electrically rather than old fashioned vacuum assist.
Drive by wire accelerator is another matter since without power the engine will not be running so no need to have a physical link.
The main problem with having no security is the likelihood of theft. I am sure lots of script kiddies would think it a real hoot to be able to play GTA with real cars (especially someone else's).
The brakes are also physically linked to the mastercylinder as a matter of primary safety.
Well yes, sort of ...
Pretty well all cars these days have ABS, and that ABS system has the ability to let pressure out of each brake line - that's how it "unbrakes" a wheel that locks up. In normal operation, the system will then re-pressurise the line using pressure from an electric pump.
Take over the system, and it's perfectly capable (in principle) of holding all the dump valves open and letting all the pressure out of the brake lines - leaving you with the brake pedal on the floor and absolutely no braking whatsoever. Whether the system will ever allow that would be down to how well the developers catered for all possible situations - including malicious attack.
Conversely, it is most likely possible for the system to apply the brakes fully using pump pressure - thus locking up the wheels and leaving you sliding to a stop in a cloud of tyre smoke, and hoping there's nothing too close behind you.
And add in that many modern cars now have electronically controlled handbrakes, many of which (as I read some stuff I've come across) will use the service brakes (as above, but not full pressure !) if you apply the handbrake while moving.
As to steering, given the ever increasing over-servoing that seems to go into modern cars, I think if the steering decided to go to full lock, few drivers could a) work out WTF is going on, and b) over-ride it before you are well into the scenery ! I'm guessing that the steering takes inputs from other systems (road speed, angular acceleration) and is part of stability control - thus if you fake inputs saying the car is going into a serious upset, then it will apply "corrective" measures to (as it thinks) keep you on the road.
Even the throttle is a killer. So many cars no longer have any physical link between a key and the fuel system having power. So you could be going down the road, no brakes, full power and unable to "switch it off" and with someone else in control of the steering.
I think this leads to a questionnaire for next time I'm looking for a new car :
Is there a physical connections such that removing the key will remove power (without the involvement of electronics) to at least part of the fuel system ? Please show me the schematics and show the path that proves this ? (Yes, I can read schematics/wiring diagrams)
Is the ABS system physically capable of removing all braking effort ? Supplementary questions : When you said no, why were you lying to me ? When you said yes, what measures are in place to avoid "interference" on (eg) the CAN bus from triggering this ?
(If an auto) Is there a way to force the system (not involving any electronics) into neutral ?
And lastly ... Please get a senior director of <manufacturer> to sign to say that these are true and correct answers.
I think that should get me thrown out of the showroom :-)
Any hack which requires a physical connection to the CAN bus is not really a hack. I could 'hack' an old fashioned hydraulic brake by inserting a valve which could be controlled remotely and release all the hydraulic fluid on command.
The ability to do this sort of thing without physical access would be a concern but that does not appear to be present.
Any hack which requires a physical connection to the CAN bus is not really a hack.
Whilst this is true, we've already seen attacks where the CAN bus is taken over by way of the car radio. They didn't do that in this case - but does that mean it can't be done? That's not something I'd bet on without further information.
Take over the system, and it's perfectly capable (in principle) of holding all the dump valves open and letting all the pressure out of the brake lines
Nope. ABS units are required to fail safe; that means that any failure that would lead to such a situation - including being taken over - would lead to the watchdog being triggered and the ABS unit disabled. This leaves you without ABS, but with brakes.
Is the ABS system physically capable of removing all braking effort ?
Supplementary questions : When you said no, why were you lying to me?
Not ever embedded devloper is a completely clueless numpty; many of us have actually thought through how out kit can fail. Now I've not worked on ABS, so I can't quite chapter and verse of the design requirements - but this is standard practice. Before you decide you know exactly how every unit is implemented, I suggest you do some background reading.
 But I did employ someone who had.
Nope. ABS units are required to fail safe; that means that any failure that would lead to such a situation - including being taken over - would lead to the watchdog being triggered and the ABS unit disabled.
Yes, the hardware is perfectly capable of completely draining the brake lines - hold the dump valves open = no brakes. Note that I did specifically add the proviso that it depends on how well the developers did their job - and yes, I would hope that they did make it fail-safe.
But as we've seen, there are already safety critical flaws being found - so I think it's a bit too much of an over-statement to say that it "is impossible". I strongly suspect that an ABS system doesn't get quite the same level of (say) a nuclear reactor control system or an aircraft fly-by-wire system. Incidentally, there have been aircraft crashed by the very expensively engineered and supposedly fail-safe flight control systems.
But you are correct to say I haven't studied ABS systems in depth. One interesting avenue to look at might be the purge/bleed cycle. I know (some) ABS systems have a mode entered via diagnostics to do the bleeding in (at least) the valve block and pump. That probably takes the system out of it's normal road-safe envelope so there's the first avenue I'd be looking at.
Not ever embedded devloper is a completely clueless numpty
Indeed. Unfortunately, it seems that that plenty are, and car (or systems) manufacturers are employing them - otherwise we wouldn't be reading about Jeeps that can have the steering turned 'remotely' while driving.
"I think that even cars with self drive capability still take the steering wheel position as the main control input and only self steer if you are not holding the wheel."
Generally the exact opposite - they will only work if you are holding the steering wheel and deactivate if you let go.
"The main problem with having no security is the likelihood of theft."
Not really. The vast majority of hacks require physical access to the inside of the car. Potentially they could open up more ways to get around anti-theft systems, but there isn't a car on the planet that's theft-proof if you already have full access to every part of it.
> Why can a car without any self-drive or collission-avoidance tech even turn its own steering wheel?
The 2014 Jeep Cherokee has self-park, so can turn it's own steering wheel when hands-off. So now you just have to disable the safeties that say "engage only in reverse, at low speed and when guided by sensors". Q.E.D. ;-)
I was quite happy my power-assisted steering and ABS would at least fail gracefully until SImon Hobson gave me new nightmares by pointing out how even they could be weaponised :-(
Christine icon, obviously ->
If you have physical access to the car you can weaken the steering or brakes mechanically. This has the added advantage of not leaving a traceable device for law enforcement to track. Fingerprints and DNA anyone?
It is possible but not likely. I'd be more worried about errors from aftermarket devices.
Biting the hand that feeds IT © 1998–2022