General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCould terrorists remotely crash your car?
yes, that is the original headline
http://www.usatoday.com/story/driveon/2013/06/23/terrorists-crash-car/2446151/
Could a 14-year-old computer hacker in Indonesia remotely take over control of your car as you drive down the Interstate, cause the car to dangerously accelerate and and kill you by crashing it?
That's the scenario raised and explained by AOL Autos in a story about the threat of terrorists and cars -- and one that drew a fairly quick rebuke from auto site Jalopnik as unwarranted "fearmongering."
The government is taking threats of carhacking seriously enough that the National Highway Traffic Safety Administration opened up a "cyber terrorism department" to sort out software issues that could make cars vulnerable to attack, AOL Autos says.
When Sen. Jay Rockefeller, D-W.V., raised the issue of cyber car terrorism at a Senate Commerce Committee hearing, he was told that university researcher had succeeded in hacking into car's electronics systems and were able to perform stunts like turning the engine on and off.
graham4anything
(11,464 posts)Monkie
(1,301 posts)is what many are.
without hackers we would never have known that the US chamber of commerce was paying contractors to smear activists and journalists.
without hackers we would not know that the current head of the IAEA was a US puppet.
i could do this for hours, but i think its much simpler to just say, without ethical hackers fighting to expose wrongdoing we would be less free. you cant banish a idea, information wants to be free, most people want to be free, to see wrongdoing by the state or corporations exposed.
hacking is also a philosophy, they are the tinkers, the people who try new things, new ideas, disassemble and re purpose.
the whole internet is basically one big hack.
some people want to stick their head in the sand, others wish to be informed.
the difference between now and 70 years ago is the public can no longer say "ich hab es nicht gewust" unless they are being willfully ignorant.
graham4anything
(11,464 posts)there are one million bad things that can happen
of course a few good things, but the bad far outweighs the good
Look at the person who invented the gun. I bet that person thought good would come out of it.
Or the person who invented the bomb. Spent his whole life wishing he didn't do it.
Think of Chevy Chase in Christmas Vacation and how his lights didn't work.
Someday, the plug won't be put back in and the lights will never come back.
then there will be total anarchy and chaos
no, the bad far outweighs the good.
One cannot go into a deli and steal a piece of bubblegum.
Same as one cannot go into a bank and rob a million dollars.
there has to be protection against it.
just like there should be something to instantly bar a phone from calls and texting while driving.
it is deadly, and not only for the driver, but for the school bus with 100 kids in it that the texter ends up hitting
Monkie
(1,301 posts)your are right there has to be protection against illegality, but some of the greatest moments in the history of mankind also came from doing something "forbidden".
a hacker is someone who wants to know how something works, a rule breaker sometimes, but most security experts, people like steve jobs, they consider themselves hackers.
a script kiddie is a digital vandal, often an teen, and all they are doing is picking up a rock and throwing it at a website.
and criminals, well obviously they should be in jail.
hobbit709
(41,694 posts)Then why are the jails full?
Downwinder
(12,869 posts)Skidmore
(37,364 posts)do is much different than what the government does. In the course of all their tinkering, just how much information about private citizens do they gain access to? I see nothing ethical about hacking. I put a lock on the doors of my home for a reason and it would not be to invite someone to break into my house.
Monkie
(1,301 posts)and sometimes should, but sometimes they are right, and deserve immunity, more so than say the telecoms spying on us.
most of the early hacking was purely to see how the lock works, using your comparison. most hackers, then and now, then send the info to the lock company so they can improve the locks, in some cases the lock company ignores this (security through obscurity) in the hope the "problem" goes away and they dont have to spend profits improving the product and safety of their customers, this lead to hackers starting to leak hacks onto the internet to force companies to upgrade their locks.
in recent years there has been a rise in criminals being involved in digital crime, but this is not the origins of hacking, nor what most hackers do.
many of the worlds most "famous" hackers go on to work for large security firms or big software companies.
hacking is not only just confined to software, it could be described as learning by playing, by experimentation, when your dad first gave you a engine or something mechanical to play with, that is hacking in the traditional sense of the word.
this is how Richard Stallman one of the pioneers of open source software and "the internet" had to say about hackers
What they had in common was mainly love of excellence and programming. They wanted to make their programs that they used be as good as they could. They also wanted to make them do neat things. They wanted to be able to do something in a more exciting way than anyone believed possible and show "Look how wonderful this is. I bet you didn't believe this could be done."
marmar
(77,114 posts)I guess I should have expected no less.
Fire Walk With Me
(38,893 posts)ABCNT عبسنت ?@ABCNT1
@MLKstudios @cenkuygur @endarken
Hacking into cars
http://www.caranddriver.com/features/can-your-car-be-hacked-feature
|
think
(11,641 posts)I'm not sure what else to say....
Ichingcarpenter
(36,988 posts)These scientists proved it is quite possible.
Experimental Security Analysis of a Modern Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno
Department of Computer Science and Engineering University of Washington Seattle, Washington 981952350
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage
Department of Computer Science and Engineering University of California San Diego La Jolla, California
AbstractModern automobiles are no longer mere mechan- ical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advance- ments in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.
We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our cars two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a cars telematics unit and that will completely erase any evidence of its presence after a crash
. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.
http://www.autosec.org/pubs/cars-oakland2010.pdf
Long range cyper attacks discussed here
bemildred
(90,061 posts)steve2470
(37,457 posts)Ichingcarpenter
(36,988 posts)because it leaves no trace and things are left as an accident.
The Boston Brake scenario came to attention of the public at the death of Lady Diana when x intelligence officers revealed that it was possible to rig a car to cause an accident.
DreamGypsy
(2,252 posts)...that you could apply to every car - oh, let's say every one leaving the teachers' parking lot at your high school on Friday afternoon:
(from Table II in the pdf linked by IChingCarpenter above)
Continuously Activate Lock Relay
Windshield Wipers On Continuously
Pop Trunk
Release Shift Lock Solenoid
Unlock All Doors
Permanently Activate Horn
Disables Headlight in Auto Light Control
All Auxiliary Lights Off
Disable Window and Key Lock Relays
Windshield Fluid Shoots Continuously
Control Horn Frequency
Control Dome Light Brightness
Control Instrument Brightness
All Brake/Auxiliary Lights Off
Force Wipers Off and Shoot Windshield Fluid Continuously (my person favorite)
Be careful though, there are some things you could do that might have more serious consequences:
Our fuzzing of the Electronic Brake Control Module (see Table IV) allowed us to discover how to lock individual brakes and sets of brakes, notably without needing to unlock the EBCM with its DeviceControl key. In one case, we sent a random packet which not only engaged the front left brake, but locked it resistant to manual override even through a power cycle and battery removal. To remedy this, we had to resort to continued fuzzing to find a packet that would reverse this effect. Surprisingly, also without needing to unlock the EBCM, we were also able to release the brakes and prevent them from being enabled, even with cars wheels spinning at 40 MPH while on jack stand.
This is a very disturbing problem and just a small indication of the risks associated with rapid deployment of a technology without a serious attempt to understand the safety, security, and societal implications.
As Bill Morrissey recommends: I ain't getting up, it's dangerous out there.
hobbit709
(41,694 posts)I'd be far more worried about TPTB doing it.
MADem
(135,425 posts)It's almost thirty years old!
Junkdrawer
(27,993 posts)bemildred
(90,061 posts)This would also apply to planes, too, and anything else that was computer controlled.
To make hacking feasible, the computer in the vehicle would need to be accessible (WiFi) and hackable (a slam dunk, making networked computers un-hackable is very expensive.) So the potential is there, and has been for a while now.
But also because there should always be a mechanical off switch.
NoPasaran
(17,291 posts)GeorgeGist
(25,326 posts)Pelican
(1,156 posts)Downwinder
(12,869 posts)Ichingcarpenter
(36,988 posts)The x file spin off show.
The first episode which was in March 4, 2001 had a story where a US plane was hacked to fly into the World Trade Center and the lone gunmen saved the plane at the last secured.
PoliticAverse
(26,366 posts)CanSocDem
(3,286 posts)...why this series never got going. And another good example of why 'blowing the whistle on government malfeasance' is in the eleventh hour.
The 'all-in' style of modern day whistle blowers is because the industrial ruling class doesn't want us getting any ideas from mainstream conspiracy-style television shows.
.
MineralMan
(146,345 posts)Practically, not so much. While it would certainly possible to do some of that, especially with cars that have an integrated communications system built into the vehicle, such as OnStar, and some of the monitoring systems now being used by auto insurance companies to track clients' driving behavior.
However, I'm not sure there is enough benefit for anyone in doing this. Currently, the capability is only latent, and alterations would have to be made to make interference with vehicle operation actually possible without physical modification.
The question I'd ask is: "Who benefits and to what degree?" There is money available to hackers of other systems, and massive disruption possible for the vandals. Why mess with autos?
It's all too unpredictable, really. I can imagine that the police would like to have the ability to shut a car down in some progressive way to end a high speed chase or to prevent a crime. It's already possible, on many cars, to track the vehicle's location, and that capability may be more widely used by law enforcement in the future.
But just hacking? I'm not seeing how it has much benefit, even though it's potentially possible.
snot
(10,540 posts)From http://www.caranddriver.com/features/can-your-car-be-hacked-feature :
"While there are no reported cases of cars being maliciously hacked in the real world, in 2010, researchers affiliated with the Center for Automotive Embedded Systems Security (CAESSa partnership between the University of California San Diego and the University of Washington) demonstrated how to take over all of a cars vital systems by plugging a device into the OBD-II port under the dashboard.
"It gets worse. In a paper thats due to be published later this year, those same researchers remotely take control of an unnamed vehicle through its telematics system. They also demonstrate that its theoretically possible to hack a car with malware embedded in an MP3 and with code transmitted over a Wi-Fi connection.
"Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
"Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network thats not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached."
From http://jalopnik.com/5539181/carshark-software-lets-you-hack-into-control-and-kill-any-car :
"CarShark's a computer program that'll let someone hack into a car's onboard computer system to kill the brakes, disable the engine, blast music and otherwise wreak electronic havoc. It's both clever and absolutely frightening. Here's how it works.
"A team of researchers led by professors at the University of Washington and USCD hacked the Controller Area Network (CAN) system installed on all new cars built in the United States to show how potentially vulnerable the system is. The CAN is supposed to allow onboard vehicle systems to communicate so problems are easier to diagnose, but the hands of these hackers it's the open door to disabling a vehicle.
"The researchers connected to the car via a simple OBD-II computer port and using the CarShark program, identified the packets of information being trafficked across the CAN. For some hacks they used a process called "fuzzing" and sent random bits of code to disrupt them. This caused horns to blow, trunks to pop and even the brakes to stop functioning. There's supposed to be a failsafe override for the brakes, but jamming the ABS solenoids could lock up the brakes so they're not usable.
"The most frightening attack is called 'self-destruct' and essentially counts down from 60 seconds on the dash clock and then shuts off the engine and locks the door."
More at the links.
The Mercedes that Hastings was driving has been described as "brand new" and "late model," so presumably would have had the usual load of computerization. I'm curious to know when/where he acquired it and whether it had been worked on lately.
FarCenter
(19,429 posts)Nimajneb Nilknarf
(319 posts)Arctic Dave
(13,812 posts)Hacking.
Car crash.
Seems like an awesome way to kill someone you want dead and leave no trace.
Vinnie From Indy
(10,820 posts)Researchers Show How a Cars Electronics Can Be Taken Over Remotely
With a modest amount of expertise, computer hackers could gain remote access to someones car just as they do to peoples personal computers and take over the vehicles basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington.
Although no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered last Friday to the National Academy of Sciences Transportation Research Board, described how such unauthorized intrusions could theoretically take place.
Because many of todays cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features like the car locks and brakes as well as to track the vehicles location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety.
This report explores how hard it is to compromise a cars computers without having any direct physical access to the car, said Stefan Savage of the University of California, San Diego, who is one of the leaders of the research effort.
More at
http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0
Turbineguy
(37,396 posts)Lucas electronics, nobody would even notice!
Egalitarian Thug
(12,448 posts)BlueToTheBone
(3,747 posts)hunter
(38,342 posts)... the very first being "Keep it Simple, Stupid!"
In my utopia most people wouldn't even bother with automobiles. They'd be able to walk, ride a bicycle, zip around on electric legs or scooters, and use pleasant public transportation to get to anywhere they wanted to go.
Throd
(7,208 posts)It might be possible on them new-fangled kinds.
DirkGently
(12,151 posts)Floyd_Gondolli
(1,277 posts)Or so I was told.