[HN Gopher] Tesla Car Hacked Remotely from Drone via Zero-Click ...
___________________________________________________________________
Tesla Car Hacked Remotely from Drone via Zero-Click Exploit
Author : vanburen
Score : 283 points
Date : 2021-05-05 10:34 UTC (12 hours ago)
(HTM) web link (www.securityweek.com)
(TXT) w3m dump (www.securityweek.com)
| sjaak wrote:
| The future will be interesting. Imagine what havic you could
| wreak with a worm that _is_ able to control a car (this worm was
| not).
|
| Let the worm spread for a while through the fleet and activate a
| malicious piece of code at a set moment that accelerates and
| steers the cars into an object. There's not enough medical
| personnel to tend to all these accidents. Total chaos.
|
| Am I wrong in thinking that with the passing of time the
| probability of such an event tends to 1?
| kvz wrote:
| Agreed, and there are other viable attack vectors too. Instead
| of a worm, an unfriendly state or other bad actor with deep
| enough pockets could hack the update servers that cars get
| their over-the-air updates from. Employees of the car
| manufacturer could be compromised to make that easier.
|
| Tesla is a software company and probably has a lower chance of
| getting hit due to expertise and funds being poured into
| security (even tho not infallible as this post shows), but
| there's a race to the bottom and soon enough Car companies that
| couldn't pull of decent navigation will have some form of
| computer-controlled-steering as stockholders are looking at
| Tesla stock price and breathing down their necks.
|
| I have been worrying about this for some time, even tho I am
| also a tech lover and Tesla driver. was thinking of writing a
| blog post about this, but seeing this comment, maybe it isn't a
| new thought and everybody is already aware of this risk.
|
| I think you are right about medical personel. But also: if you
| make everyone crash around rush hour, you take out a
| significant share of the working population. And how do you
| clean up the infrastructure to let trucks and ambulances
| through again. Not to mention the catastrophe of cars crashing
| into stores and pedestrians in city centers.
| adamhp wrote:
| Can we not introduce some sort of hardware short-circuit? Hit
| this button and it cuts all power and engages brakes at full
| force.
| kvz wrote:
| Terrorists would probably have an easier time exploiting
| this button, which isn't exactly safe either, than update
| servers. Or not, but it does introduce yet another attack
| vector, or technology that could have a bug that makes it
| trigger by accident.
| LinuxBender wrote:
| On a general aviation aircraft this would be the power
| switch for the ECM. Super easy to add a kill switch, if the
| car manufacturer chose to do so. No idea what a self
| driving car would do if it lost its ECM and related
| controllers.
| gorpomon wrote:
| You're not wrong, that scenario was in a Fast & Furious movie.
| I'm guessing it's something numerous parties are considering in
| some capacity.
| indigochill wrote:
| > Am I wrong in thinking that with the passing of time the
| probability of such an event tends to 1?
|
| You're forgetting to factor in the human element. Technology
| doesn't progress independently. There are dampening effects
| when the "real world" decides technological possibilities don't
| fit the world they want (for example, copyright applies
| artificial limits to the infinite copying potential of digital
| assets, or the recent EU politics around AI).
|
| So I suspect relatively isolated cases like this will
| eventually lead to a push for legislation on automotive digital
| security. Cynically, I suspect in a way that raises barriers to
| entry to the market after the incumbents have secured their
| market share, but that's still probably better than the
| alternative.
| EricE wrote:
| I dunno - you don't need much more control than killing the
| engine, which can be done remotely on many vehicles today.
|
| Yeah, if you have visions of the Joker hacking control of the
| Batmobile turning into a large RC car then we are safe from
| that. But that's far from saying that remote control isn't an
| issue.
| ifdefdebug wrote:
| I think it should be possible to have two mandatory
| requirements for all car designs: the steering wheel and the
| brake pedal override everything else, and that has to be hard-
| wired in a way impossible to bypass without modifying the
| hardware.
|
| No good for self-driving cars though.
| anotha1 wrote:
| You're wrong. Computer "worms" as people think of them are not
| the problem here. They're actually well understood. And while
| propagation seems like it _could_ be so fast it 's
| overwhelming, I think there are a lot of reasons to consider
| that exceedingly unlikely. These "worms" are the equivalent of
| catching a communicable illness that is *physically
| manipulating* the car (even if it's just software).
|
| What's the bigger issue?
|
| Adversarial manipulation of the sensor inputs. This can be
| equated to verbal or visual manipulation in humans, something
| that becomes much harder to detect. While most of these attacks
| would be against a local target, I could also see a widespread
| deployment that goes unnoticed and slowly degrades many neural
| networks, and those being erroneously propagated.
|
| The latter is a much bigger problem than "worms" because it's
| effectively invisible. We can audit and identify malicious
| code, there's an entire industry built around that. But, neural
| networks are for the most part still a black box solution. How
| does one detect and solve manipulation in a black box solution?
|
| Well, maybe my Tesla will meet your Tesla in therapy and they
| can talk about it.
| bsanr2 wrote:
| In short: Google still hasn't figured out how to stop black
| people from showing up in Photos searches for "gorillas"
| (hence, such searches return no results; go ahead, try it).
| The irrevocable "poisoning" of computer vision systems is a
| real threat.
| anotha1 wrote:
| Yes, that's exactly my point.
|
| No code required.
| bsanr2 wrote:
| The real fun will begin when some new technology comes
| along that appears similar but operates differently from
| what it's replacing, leading to complications with the
| vision systems. We already had a traffic-related version
| of this happen: when LEDs began replacing incandescent
| bulbs in streetlights, engineers had to add heaters to
| make up for the fact that LEDs didn't melt the snow that
| accumulated on the housing.
| xorfish wrote:
| > "I think there are a lot of reasons to consider that
| exceedingly unlikely"
|
| What are those reasons?
| anotha1 wrote:
| The code-based manipulations are relatively well understood
| by cyber security professionals, which Tesla undoubtedly
| has on staff. There are existing solutions to at least slow
| the spread of these, even if it's as rudimentary as an
| emergency shutoff as soon as Tesla recognizes an anomaly.
|
| Edit: downvote for what?
| buran77 wrote:
| Don't forget that the "Move fast and break things" motto
| was born out of the software world. So claiming something
| is a software company works both for and against them in
| this case. Think of Heartbleed to understand why having
| software engineers and literally millions of eyes on a
| problem might still mean nothing in the grand scheme of
| things. And understanding a problem only takes you one
| step closer to solving it. How you solve it, and how you
| keep doing this day after day going forward makes a lot
| of difference either way.
|
| The truth is the moment it's technically possible to hack
| a car remotely, cars will be hacked remotely. We've had
| computers of all kinds for decades and couldn't manage to
| make them "hack-proof". Consoles are as close as it gets
| and I'm sure if they were as critical as a car they would
| have been thoroughly hacked by now.
|
| Having any kind of "self driving" feature means safety
| critical systems (acceleration, braking, steering) can be
| controlled entirely by the car's computer. And having OTA
| updates means there is _some_ link between that critical
| computer and the outside world. And in that outside world
| people managed to hack airgapped computers in a military
| nuclear facility. If only that facility was "a software
| company"... they could have CI/CDed the malware in their
| infrastructure.
| ceejayoz wrote:
| Iran has cyber security professionals - and physical
| controls over the hardware - but thus far that doesn't
| seem to be perfect protection against stuff like Stuxnet.
| The idea that cars can't be effectively and rapidly
| hacked seems overconfident.
| pmontra wrote:
| Am I alone in thinking that in case of a war between
| advanced countries every single one will come to a halt
| because of no power, no gas, no water no anything? No
| bombs required.
|
| Contingency plan: go back to the technology of 50+ years
| ago. Remember the old unwired unhackable Battlestar
| Galactica vs the newer ships hacked by Cylons.
| ceejayoz wrote:
| I think the scary scenario is advanced countries thinking
| a sneak attack will succeed and/or be deniable.
|
| Something like https://www.wired.com/story/how-30-lines-
| of-code-blew-up-27-... applied on wide scale to a
| developed nation's power infrastructure has the potential
| for enormous numbers of deaths without the "well
| obviously the rest of the world will hate us"
| consequences of nuking someone.
| anotha1 wrote:
| Iran has insufficient resources compared to the nations
| targeting it. Unless a nation state decides to target
| Tesla, we're probably alright.
| ceejayoz wrote:
| > Unless a nation state decides to target Tesla...
|
| I would imagine that's a certainty.
| anotha1 wrote:
| It should read:
|
| "sufficiently capable nation state..."
|
| Which I doubt is as many as you're implying given the use
| of the term "certainty."
| ceejayoz wrote:
| I doubt it's few enough to conclude "we're probably
| alright".
| anotha1 wrote:
| Then you should read it further as:
|
| "... with the intent to directly harm average citizens."
|
| Which yes, I'd argue is a negligible amount.
| teachingassist wrote:
| That's the case today, sure.
|
| But, private corporations can be wound up. Nobody is
| ultimately obligated to maintain this kind of work.
|
| If shit hits the fan, then it's not obvious that "Tesla,
| Inc." will stick around to deal with the consequences.
| (If it becomes medium-term unprofitable, then it seems to
| me obvious that it won't.)
| drewmol wrote:
| >(If it becomes medium-term unprofitable, then it seems
| to me obvious that it won't.)
|
| I'll add that while I think it's unlikely ANY
| incorporated publicly traded business would stick it out
| to deal with the consequences... TESLA seems to have
| treated medium-term unprofitablity as a consequence of
| failing to meet quality and production goals without
| heavy divergence from long-term profitability plans.
| _Microft wrote:
| > The future will be interesting. Imagine what havoc you could
| wreak with a worm that is able to control your _brain-computer
| interface_.
|
| Fixed that for you.
| aboringusername wrote:
| I certainly think we'll have a new cause of death "computer -
| AI", whether malicious or not it's something we need to start
| tracking and keeping tabs on.
|
| I wonder if, as we do at the moment with human piloted cars,
| we'll just shrug it off and offer a passing "poor human" (in
| the case of injury/death) and continue with our day.
|
| Death is around us 24/7 and I am not convinced even if cars
| were hacked and told to drive into objects we'd care very much,
| we'd probably fix the bug and move on.
| colechristensen wrote:
| Yes but when you can sue for wrongful death... problems get
| taken care of. Insurance companies will learn that their
| bottom lines are deeply connected to car computer security
| and then either the network or the vulnerabilities will be
| gone. A $10 insurance surcharge can move mountains.
| colechristensen wrote:
| This is why I intend to keep my 2009 car for decades. The only
| thing it does for me is a bit of traction control and the only
| radio it has in it plays music and jesus stations.
| baybal2 wrote:
| > Intel was also informed since the company was the original
| developer of ConnMan, but the researchers said the chipmaker
| believed it was not its responsibility.
|
| ...
|
| Very strange position when Intel sinks 7 digit sums into salaries
| of top tier computer programmers working on it.
|
| Does it do it for nothing then?
|
| It's these situations when people can't tell what the heck they
| are doing what they do for for $200k a year which signal of
| company's dysfunction.
| boblivion wrote:
| They weren't the maintainers anymore. That's the reason. OSS is
| tricky sometimes in that regard.
| baybal2 wrote:
| Connman _is_ maintained by Intel, it 's pretty much nobody
| needs it, but them.
|
| It's desktop usage is abysmal with no GUI supporting its up
| to date API.
| LargoLasskhyfv wrote:
| Hm. While I usually avoid Wifi where- and whenever I can,
| recently I couldn't. Booted some live Distro into RAM,
| fiddled whith settings(because not used to WiFi, got it?),
| almost had screaming fits, until I discovered I could
| switch from that Networkmanagercrap to Connman and
| everything worked. The GUI which enabled that was this
| https://github.com/andrew-bibb/cmst
|
| Where the use-case was a simple connect to that fucking
| T-Offline hotspot at the edge of reception and
| automagically point some browser tab to the captive portal,
| FAST! Also RECONNECT fast!
|
| That worked for me.
| ajross wrote:
| That's not fair. ConnMan was written primarily by Marcel
| Holtmann while paid by Intel to work on Moblin and Meego back
| when they were a thing. But it is, was, has been and was always
| intended to be a 100% open source effort provided to the
| community (including Tesla!) under the GPLv2 free of charge and
| with a warranty disclaimer included in the license.
|
| Demanding that employers be somehow magically responsible for
| the community contributions of their employees in perpetuity is
| the easiest way to make sure employers never let their
| employees contribute to the community.
|
| Whether ConnMan, which is semi-abandonware now, was a good
| choice for Tesla to have integrated is sort of a different
| question. Personally I was never a fan. But that's the magic of
| free software, we all get to choose what works for us.
|
| Seriously, the warranty disclaimer is is really clear in the
| GPL. They even put it in caps:
|
| NO WARRANTY
|
| 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
| WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
| LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
| HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
| WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
| INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
| MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
| ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS
| WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE
| COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
| 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO
| IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO
| MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE,
| BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
| INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
| INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS
| OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED
| BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
| WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY
| HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
| eingaeKaiy8ujie wrote:
| I use ConnMan on my desktop. I wonder if there is something for
| me to worry about and if I should switch to NetworkManager.
| Kognito wrote:
| Fascinating as the exploit itself is, it makes me wonder how long
| manufacturers will "support" these newer connected vehicles.
| Having an outdated smartphone is one thing, you risk your
| personal data being targeted if the manufacturer decides to no
| longer support it after a few years - but the risk seems much
| larger if you've got say, Teslas (though I'm sure it applies to
| most other vehicles these days), with unpatched, well documented
| vulnerabilities which could endanger the life of the occupants if
| exploited.
|
| The one saving grace here is perhaps "This attack does not yield
| drive control of the car"... I'd be fascinated to know what the
| separation of systems looks like in a modern connected vehicle.
| I'm assuming it's not likely to be physically possible to gain
| drive control of the vehicle through its infotainment system?
| 988747 wrote:
| That is why my next car will probably be vintage Corvette C1,
| from 1962. Zero electronics onboard.
| rataata_jr wrote:
| I'm going to get a cheap econobox from 10 years ago. No new
| cars for me.
| GhostVII wrote:
| Pretty sure the increase in risk due to worse crash safety
| outweighs the lower risk of being hacked by about 5 orders of
| magnitude.
| jjav wrote:
| Absolutely does not. 10 years ago is 2011, very recent.
| Every useful safety technology is already there, just no
| remote drive by wire exploits.
| rataata_jr wrote:
| I ride motorcycles. So there's that.
| pudmaidai wrote:
| The chances of dying in an accident in a vintage car far exceed
| the chance of being hacked. Choosing to drive that car is fine,
| but definitely not "for safety"
| [deleted]
| mrtksn wrote:
| Newer cars are extremely safe compared to the old cars. It's
| like night and day difference.
|
| In Cuba, I got a chance to ride on some 60's cars. Looks
| amazing but it's essentially a pretty metal can accelerated to
| highway speeds.
|
| There's no going back to pre-electronic, even pre-computers era
| if safety is a concern.
| jjav wrote:
| Safety, against remote vulnerabilities, is literally the
| topic that favors older cars.
|
| Also, you don't need to get a 60s car. Any car up to early
| 2000s (and many models even into earlier 2010s) is still safe
| from remote exploits while having all the benefits.
| stevehawk wrote:
| A lot of the big safety wins (seat belts, airbags, side
| airbags, backup cams, crumple zones) came before the start of
| the electronics takeover. You can easily find a decently safe
| car that doesn't spy on you. And for a few hundred bucks you
| can easily install a new stereo in them that'll work with
| Carplay and Android Auto.
| mrtksn wrote:
| Sure, you can do with no electronics but with electronics
| you can do that and more.
|
| These days, even the cheapo cars have stuff like ESP, Crash
| Prevention, Blind Spot monitoring, Lane assist and more
| systems that compensate greatly for driver skills and human
| errors.
|
| The electronics are good at crash prevention and in the
| pre-electronics, the crash prevention is non existent
| besides for lightning, markings and the horn.
| throwaway0a5e wrote:
| This. The safety improvement from successive features is
| logarithmic or close to it. Seatbelts win you the
| overwhelming majority of the safety. Bucket seats with
| headrests get you most of what's left. Stiff passenger
| cabin (i.e. the difference between a car from 1981 and
| 2001) gets you most of the remainder.
|
| Airbags, crumple zones, belt pre-tensioners and all the
| other high tech stuff that the internet worships are
| basically a rounding error compared to "a strong cabin and
| some basic stuff to keep the occupants in the right place
| inside it".
| judge2020 wrote:
| I don't know, small overlap crashes (which include impact
| on only about one fifth of the bumper on the driver-side)
| have only recently been prioritized (circa 2014) and
| that's when all of the technology seeped into every car
| model, even on the low end of the new car market.
|
| https://youtu.be/TZC8Ykl1esE
|
| https://www.iihs.org/api/datastoredocument/status-
| report/pdf... (starting page 4)
| jonathanstrange wrote:
| That's a beautiful car. My favourite vintage car is the Renault
| Alpine A110. But these cars are not very safe if you get into
| an accident in comparison to modern cars.
| antattack wrote:
| Tesla fixed the exploit in 2020 by replacing ConnMann with
| Dnsmasq.
| bsanr2 wrote:
| It has always upset me that development of vehicle software
| hasn't been aporoached with the same care and unyielding
| professionalism as that of the space shuttle.
|
| https://www.fastcompany.com/28121/they-write-right-stuff
|
| The software running our cars should be the most bulletproof in
| existence. Literally millions of lives hang in the balance.
| LinuxBender wrote:
| _It has always upset me that development of vehicle software
| hasn 't been aporoached with the same care and unyielding
| professionalism as that of the space shuttle._
|
| Maybe it has. Could it be that you could remotely hack the
| current space crafts, but nobody is allowed close enough for
| bluetooth to work?
| bsanr2 wrote:
| Probably not.
| w0mbat wrote:
| Is navigation not part of the infotainment system? I'm imagining
| a hack that puts the empty parked car into self-driving mode and
| makes it drive away, effectively stealing itself.
| twobitshifter wrote:
| This headline is very cyberpunk and reminds me that we really do
| live in the future.
|
| When I was younger a "Tesla car" would have been Nikola Tesla's
| rumored car that drew its power from the earth.
| whydoyoucare wrote:
| I would design a "kill switch" in the car that makes it a "dumb"
| car as in 1990s. In the event of a detected compromise, flip the
| switch and enjoy the drive!
| davedx wrote:
| "Tesla patched the vulnerabilities with an update pushed out in
| October 2020." Begs the question, how or when did his hack take
| place given article is from this month? Unpatched Tesla?
| amelius wrote:
| What is so hard about putting all your services behind a port
| that requires proper encryption? Genuine question.
| csours wrote:
| The ALL part of all your services.
|
| General purpose computers do general things. As much as people
| say things like 'safety first' or 'security first' (do people
| even say security first?) it is quite clear that getting
| products to market is the priority. If you don't get to market,
| then security doesn't matter.
|
| As you add components to a computer enabled product, you add
| surface area vulnerable to attacks. This would indicate that
| you should have a small number of well designed and tested
| components, but remember your product does not exist in a
| vacuum, a competitor will release a product with more
| capabilities; customers cannot easily compare security, but
| they can easily compare a feature list and a price point.
| data_acquired wrote:
| My biggest fear with these scenarios is not really the hacking
| but law-enforcement agencies undermining civil rights by forcing
| Tesla or other self-driving car-makers to redirect cars against a
| customer's will. I feel like an episode of Westworld alluded to
| this scenario at some point. I come from a country where
| minorities have historically had a bad time at the hands of
| authorities, and I can see said authorities salivating at this
| prospect.
| _pmf_ wrote:
| > law-enforcement agencies undermining civil rights by forcing
| Tesla or other self-driving car-makers to redirect cars against
| a customer's will
|
| Seems safer for the customer than a spike mat or a shot to the
| tyre.
| jpindar wrote:
| See Cory Doctorow's Car Wars for a fictional treatment of this.
| I can't seem to find the full text online at the moment.
| jpindar wrote:
| Found it.
|
| https://limn.it/articles/car-wars/
| gregoriol wrote:
| Cars can already be stopped when stolen, it has been available
| for many years I think, it's not about Tesla or self-driving.
|
| The new thing with some current and most future cars is that
| everything will be controlled by a computer that has software
| that is connected to internet and even Wi-Fi, which makes it
| prone to "computer hacks" we know so well.
|
| From that point, the problems being faced come from both
| worlds: car world (stealing, accident, ...) and computer world
| (access to location or cameras, ransomware, ...).
| data_acquired wrote:
| That's true. Do you know of prominent cases where law-
| enforcement abused the ability to remotely stop a car?
| spicybright wrote:
| Either way, I'm sure police would push hard to stop any car
| chase, or sometimes simple pull overs I'd imagine.
| judge2020 wrote:
| For reference: https://www.globenewswire.com/news-
| release/2019/12/17/196155....
| bagacrap wrote:
| Car chases are dangerous, seems like it would be good to put a
| stop to them permanently. Cops can already mess up your day
| pretty badly if they decide you're a threat; if anything,
| taking over the steering of my car would be the most non
| violent option.
| radarsat1 wrote:
| I know little about Teslas, so:
|
| > _A hacker who exploits the vulnerabilities can perform any task
| that a regular user could from the infotainment system. That
| includes opening doors, changing seat positions, playing music,
| controlling the air conditioning, and modifying steering and
| acceleration modes. However, the researchers explained, "This
| attack does not yield drive control of the car though."_
|
| Two things.
|
| I feel the title of the article should have included this
| information, eg. "Tesla Car's Infotainment System Hacked
| Remotely.." to make the headline a little less scary.
|
| Secondly, though, can someone explain how "modifying steering and
| acceleration modes" does not "yield drive control"? This sounds
| like it does affect the driving of the car.
| fuzzy2 wrote:
| > Secondly, though, can someone explain how "modifying steering
| and acceleration modes" does not "yield drive control"? This
| sounds like it does affect the driving of the car.
|
| I have a car (2019 Seat Leon) with Dynamic Chassis Control.
| Modes are Eco, Normal, Comfort and Sport. Of these, only Eco
| really has any special characteristics like reduced
| acceleration. So while it may indeed affect how the car drives
| and steers, it's nothing dramatic. I'm sure it's relatively
| similar in a Tesla. But maybe I'm just numb. :-)
| spinny wrote:
| It might have some effect. On a car with electronic steering
| the drive mode changes how "heavy" the steering wheel feels,
| same for electronic suspensions (google drive-by-wire). my
| non expert assumption is that the wheels are controlled by
| some electronic system and the feedback provided through the
| steering wheel actuator.
| dawnerd wrote:
| Tesla's are not real drive by wire so currently there's no
| possibility of taking independent control over the wheels.
| sleepybrett wrote:
| How does autopilot work if it doesn't have 'real drive by
| wire'
| fuzzy2 wrote:
| The same way lane assist worked before: using the
| actuator that is already present in virtually all modern
| cars for the power steering system. You can easily fight
| against it by holding the steering wheel.
| dawnerd wrote:
| Someone already mentioned but wanted to say it is
| surprising that theres essentially no real drive-by-wire
| car in production. And really there doesn't need to me.
| It's just added complexity and liability. Eventually
| they'll migrate that way as they work towards getting rid
| of the steering wheel but as long as thats around, the
| wheel will be directed connected to the power steering
| systems.
|
| This becomes obvious in a Tesla when you play that racing
| game on the MCU with the steering wheel as input. It
| moves the wheels. If the car was drive-by-wire they
| wouldn't move as thats just causing excess wear for no
| reason.
| ajross wrote:
| Those modes are calibration settings. "Sport" mode allows a
| stiffer feel to the steering wheel, "Chill" acceleration
| prevents access to the top end of motor power, etc... You
| cannot command the car to turn or accelerate with them, they
| just change how it responds to command input from the user.
| magicalhippo wrote:
| There's been at least one car[1] where hackers gained access to
| the car electronics through the infotainment system.
|
| Not sure about the Tesla, but several other cars[2] have their
| infotainment connected to the rest of the control systems. So
| in general, it's not "just" the infotainment system.
|
| [1]: https://www.youtube.com/watch?v=MK0SrxBC1xs
|
| [2]: https://www.bleepingcomputer.com/news/security/volkswagen-
| an...
| EricE wrote:
| I also remember a fairly recent (within last couple of years)
| where a hacker remotely killed a journalists Jeep while he
| was on the freeway. It was part of the story he was working
| on so thankfully it wasn't unexpected. But I think they
| should have been in a parking lot and not on a freeway
| screwing around like that.
| magicalhippo wrote:
| That would be the video I linked to :)
|
| I linked the video as the Wired article was behind
| subscription wall.
| matt_s wrote:
| A headline less scary gets less clicks. Clicks is money to
| them.
| lenitabinol wrote:
| Changing the drive settings from "chill" to "sport" will
| increase the acceleration by 15% or so. This doesn't allow
| control of the steering wheel.
| WesolyKubeczek wrote:
| > opening doors > changing seat positions >
| modifying steering and acceleration modes
|
| > However, the researchers explained, "This attack does not
| yield drive control of the car though."
|
| These researchers must have a very unorthodox opinion on what
| driving safety actually is. Hint: it's not only about the
| driver's safety.
| Smashure wrote:
| Tesla's have steering modes (comfort, standard, racing) and
| acceleration modes (chill, standard, sport). That's what
| they're referring to.
|
| I may have the titles of the modes wrong. But the gist is the
| same.
| sleepybrett wrote:
| ... insanity.
| ACS_Solver wrote:
| I've worked on autonomous driving / ADAS, and have read a few
| university lectures on related software engineering subjects. On
| one occasion, my presentation was followed by that of a military
| researcher whose job is basically to study new threats enabled by
| digital technology.
|
| To my surprise, the military researcher wasn't particularly
| concerned about software vulnerabilities in cars and similar
| vectors. We discussed some specific instances of remote car
| software exploits. His point was, in essence, that all cars with
| advanced software can potentially be exploited, but that it's not
| a real threat because all such exploits require special
| knowledge, equipment and money. For someone looking to
| assassinate a specific individual, there are far cheaper and
| simpler methods that are also more reliable, including several
| methods that involve physically tampering with a car. For someone
| who wants to cause mass chaos, such as attacking many vehicles in
| an area, the researcher estimates it requires the capabilities of
| a state actor or at least a large organization, and they also
| have cheaper and simpler ways to plunge a city into chaos.
| diamondhandle wrote:
| This sounds like an extremely naive and optimistic outlook.
| Large scale command and control situations are getting
| increasingly close to reality. Anyone who has followed US
| foreign policy and the like won't be too surprised that this
| guy worked for the military (which is sad, really).
| ACS_Solver wrote:
| That's not the US military by the way - despite persistent
| rumors to the contrary, other countries do exist.
|
| I also find the outlook a bit optimistic admittedly, but
| there are definitely plenty of better targets than cars for a
| sophisticated actor. Car software is very different from
| model to model, and there's a large variety of models on the
| road - even if you can cause all cars of model X in an area
| to accelerate to dangerous speeds (something far beyond the
| capability of current exploits), that will only affect a
| small proportion of all cars in the area. It will undoubtedly
| cause chaos, but nothing on the scale you can get by
| attacking some weaker systems.
|
| Even a coordinated attack against traffic lights is easier to
| pull off and has no less potential damage.
| angry_octet wrote:
| But it only takes one car (or truck) to cause chaos on a
| freeway.
|
| As to versions, you may be familiar with Cellebrite? Their
| stock in trade is having a huge database of exploits for
| every popular phone. And cars frequently have common
| software and computing components. It's just a matter of
| time before script kiddies can pop an unpatched car -- as
| soon as their is an external wifi / 3g connection. At the
| moment most only have Bluetooth to the stereo.
|
| I'm curious as to what weaker systems they were thinking
| about. Obviously the OT at various plants, but that can be
| air gapped. Most traffic light systems have in built low
| level safeguards to prevent conflicting states, and the
| high level system is centrally managed and patched.
| Attacking requires a multi-stage attack, maintaining access
| requires continual maintenance, so it just doesn't have the
| impact an unpatchable vuln in embedded devices does.
| ACS_Solver wrote:
| > But it only takes one car (or truck) to cause chaos on
| a freeway.
|
| And that's back to the original point, if you are looking
| for such small scale problems, make a spike strip and
| deploy it on the highway. Same scale of destruction as
| taking one car over, orders of magnitude less skill and
| money required.
|
| Cars have standard components, but even for cars that
| don't take digital security seriously (Tesla has that
| reputation), no driving functions should be on the same
| network as the external 3G/4G. Yeah you have the
| infotainment or door opener there, but any ECU running an
| ASIL-qualified function should be on a separate network,
| and treat anything connected to the external world as
| untrusted. That was definitely one of the core
| architecture assumptions in all car software I've seen.
| The infotainment system is considered to be compromised
| and possibly sending malicious data. All the important
| communication happens on a different network, where
| internal signing and authentication mechanisms are also
| used.
|
| And at that level, the internals are too different for
| the same exploit to work everywhere. What you need to
| send on the network to make the car brake, or what data
| format represents the gearbox position, those are
| different.
| EricMausler wrote:
| I think the major overlooked point is that the modern
| digital world provides a means for people to commit
| crimes they otherwise would not have done, simply because
| they can and because they feel there is low risk of
| getting caught.
|
| A spike strip, you have to be in the area. A remote
| attack, you don't have to particularly care about any
| specific area enough to physically travel to it.. someone
| can cause chaos simply because they are bored.
|
| And immediately after, they can go do something else.
|
| Tech vulnerabilities aren't yet accessible enough to
| these types of people, but soon enough they will be and
| it is not like security is in a temporary poor state. A
| lot of these systems will remain unchanged for a long
| time because they are part of an already working business
| model
| angry_octet wrote:
| Police are quite practiced in finding armed robbers and
| other people who might use a spike strip (which is pretty
| tricky to deploy IRL if you want to hit a specific car).
| But organised crime car theft (with access to key
| cutting/duplication, remote unlock repeaters, engine
| immobilizer bypass codes, etc) is a significant problem.
| I don't see any reason why OCGs wouldn't be enthusiastic
| users of hacks, the same way that card skimmer gangs
| operate.
| Quarrelsome wrote:
| > no less potential damage.
|
| A centralised and timed attack against a tech stack that
| has significant dominance in the market in the future has
| one of the biggest potential ceilings out there. Cars are
| effectively kinetic weapons and if you could say, get 30%
| of vehicles to turn into on coming traffic on a Friday
| afternoon the outcome could be seriously ugly.
| dandanua wrote:
| This kind of assassination has a potential if you want to make
| it look like an accident. Especially when poisoning failed
| Russians so many times.
| Hamuko wrote:
| Can't you also make it look like an accident by physically
| tampering with the car?
| LinuxBender wrote:
| Yes, though your assets may end up on camera tampering with
| the car and their physical modifications may be found. If
| you can do it from a drone or from the internet all digital
| evidence may be destroyed in the fire if you did not
| remotely wipe it already.
| cxcorp wrote:
| Yes, but isn't it more about the message? "We can get anyone,
| anywhere, and get away with it?" If nobody knows it was them,
| does it then work for making an example out of someone?
| jjav wrote:
| > but that it's not a real threat because all such exploits
| require special knowledge, equipment and money
|
| In other words they (that military research lab) have the
| resources and you don't. Sounds like the ideal vulnerability
| from their perspective.
|
| In any case, that overstates the difficulty. Plenty of examples
| of low budget research teams finding remote vulnerabilities in
| newer cars.
|
| Also, remember that a vulnerability is laborious to find, once.
| After it's out every script kiddie can do it.
|
| > physically tampering with a car
|
| That doesn't scale. If you're after one single specific person
| it's done, but if you want widespread ability to cause mayhem,
| you'll take the remote vulnerability.
| jerf wrote:
| "state actor or at least a large organization, and they also
| have cheaper and simpler ways to plunge a city into chaos."
|
| I'm not sure that's true. If I were China or the US, I would
| totally be interested in an exploit that would allow me to hack
| even a single model across the entire country and set the
| accelerator to be unconditionally floored and the car no longer
| able to turn off. Heck, that second one is even optional, given
| how many people are going to panic. Getting multiple models
| would be an even bigger bonus.
|
| As others in the thread point out, we have publicly-known
| instances of companies that collect vulnerabilities. It's
| hardly a stretch to imagine that state actors already have the
| vulnerabilities, or even already have this capability
| essentially turnkey for whenever they need it. I mean, fund a
| decent hacker group of ~10 people for a year and they could
| probably build "the button to crash every Tesla, Ford truck
| between 2018 and 2020, and all Volvos after 2015 on the road in
| the US"... our impression of how hard security work is is
| colored by civilian researchers who are incredibly poorly
| funded. How many of our reports of deeply broken things come
| from people working in their _spare time_? I wouldn 't
| underestimate what someone systematically collecting
| vulnerabilities could do with not much funding, relatively
| speaking.
|
| The problem is, it's not even that you can turn a whole city
| into chaos... you can turn a whole _country_ into chaos for
| cheap enough that it 's worth adding to your portfolio.
|
| In my opinion, the only reason to be unworried about that is
| precisely that there are so many other things that can be done
| that this somehow doesn't even rate as "interesting" and that
| is _far_ from good news!
| lazide wrote:
| I'm sure you're right and it is being added to a portfolio
| somewhere - it's also a valid point that for a state level
| actor, there are some inexpensive and effective ways to cause
| mass chaos that they've already got.
|
| For instance. the Aquaducts that feed water to the city of LA
| go through some deserts north of there that are remote - and
| the giant pipes are exposed. There are no guards, nothing.
|
| For a state level actor, a small explosive charge on one of
| those is probably trivial to do and would lock up LA in fear
| and panic for a long time - and essentially untraceable.
| Every major metropolis has some equivalent to this
| (contamination in a specific water supply, or damage to a
| specific bridge).
|
| Being able to do similar things to vehicles of different
| types is also interesting, but the space is rapidly changing,
| and exploits would lose 'potency' rapidly compared to that
| small block of C4 and knowing someone who would place it for
| you. So more an R&D type interest than a practical
| operational capability one.
|
| It's also easy for us to look at the trajectory, know the
| tech, and say 'this will change the world and we need to be
| prepared' - but most militaries and intelligence agencies
| tend to focus on what they already have experience with, or
| what happened last time. The old quote 'Generals always fight
| the last war' is very applicable. Part of the reason why is
| because until it has happened, you don't have any real data -
| just endless speculative paths, all of which are too
| divergent from each other to prepare for all at once, and too
| theoretical to justify funding because the projected costs of
| it happening are too divergent.
|
| You saw it with COVID - we suspected something like this
| would happen soonish, we'd even had some scares recently like
| H1N1/swine flu - but even if you'd asked the most prepper
| types of us if they'd be willing to spend 100 billion to stop
| what happened - they'd go 'yeah right, that's not going to
| happen', or 'that would be a waste of money'
|
| Now, I'm sure you'd get 75% or more of the popular vote on
| such a measure nation wide and everyone would consider it
| dirt cheap. Even if the odds of a repeat surprise event are
| quite low now.
| jjav wrote:
| > For a state level actor, a small explosive charge on one
| of those is probably trivial to do
|
| Remember Oklahoma city bombing. It's trivial to do for a
| couple guys, never mind anyone more organized.
| lazide wrote:
| For sure - what I was referring to is a state level actor
| can (and almost certainly does) afford to have thousands
| of those 'couple guys' already identified and in an
| action plan somewhere in their top secret list of dirty
| tricks, against pretty much anyone they think likely (or
| even not likely) to want that kind of ability against
| some day.
|
| Someone COULD go to the store, grab a hammer, and smash
| my computer. It's a different type of situation however
| when someone has figured out what model of hammer they
| would want, from which store (and if it is in stock or
| not), how they would pay for it, and who they would call
| to do all these things in a way that I couldn't figure
| out who ordered or paid for it, to smash my particular
| workstation at my home on a specific desk tomorrow at 6am
| - if they wanted to.
|
| It's important to keep in mind capabilities,
| inclinations, and consequences - when that person with
| that plan is playing against me in competitive gaming the
| next day, I need that workstation to win, and I just bet
| them $10k I could beat them in front of all of my
| friends.
|
| Thankfully most of us don't have to deal with this in our
| daily lives, but we can still be collateral damage when
| someone else is playing these kinds of games. And nation
| states do on the regular.
| jerf wrote:
| "For instance. the Aquaducts that feed water to the city of
| LA go through some deserts north of there that are remote -
| and the giant pipes are exposed. There are no guards,
| nothing."
|
| Which is still a body on the ground in one place. These
| hacks can go country-wide pretty easily. It still seems
| like something that would be worth digging into because
| that digital scale can't be replicated by any physical
| action.
|
| Plus attack-in-depth is a thing. If you can cheaply add
| "mess up all civilian automotives", you might want to do
| it, even if you are also blowing up aqueducts and such.
|
| War _sucks_.
| lazide wrote:
| 100% agreed on all points. The cyberwar (hate the term,
| but it's what's used) equivalent of chemical warfare or a
| nuke is going to be..... incredibly nasty.
| cwkoss wrote:
| Some may find 'unconditionally floored' unrealistic, but
| hackers have already been able to activate the parallel
| parking feature while a car is travelling forwards - jerking
| the steering wheel rapidly to the side.
|
| If the hacker could detect speed and make the cars swerve
| when they've been at highway speed for X seconds, it would be
| pretty horrific.
| ajross wrote:
| > I've worked on autonomous driving / ADAS, and have read a few
| university lectures on related software engineering subjects.
|
| For clarity: this exploit isn't to the autonomy or vehicle
| control system, it's to the infotainment system. It can command
| auxilliary systems like wipers and doors, and in theory it
| could do somewhat nefarious stuff like present incorrect data
| to the user or provide faked waypoints to the navigation
| system. But it can't actually drive the car.
|
| Really the security model here is fairly reasonable: car
| control over the motion and autonomy systems is handled by
| distinct hardware that talks only to one system over a
| specified protocol, with audited capabilities. And that system
| then runs the bluetooth and wifi and USB and user interface
| where the attack surfaces lie.
| TeMPOraL wrote:
| > _this exploit isn 't to the autonomy or vehicle control
| system, it's to the infotainment system. It can command
| auxilliary systems like wipers and doors, and in theory it
| could do somewhat nefarious stuff like present incorrect data
| to the user or provide faked waypoints to the navigation
| system. But it can't actually drive the car._
|
| Doesn't sound that reassuring, though. For a self-driving car
| it wouldn't matter, but as long as a human driver is in
| control, the infotainment system _does_ affect motion of the
| car, by proxy of the driver. Could the infotainment system,
| or the wipers, make a driver crash their car? I find it
| highly likely. Imagine speeding down the highway - suddenly,
| your in-car speakers start blasting your ears with 80dB
| music, while the wipers start to dance and the car keeps
| spraying the cleaning fluid all over your windshield.
| pwagland wrote:
| Not to mention what happens if the seat and/or steering
| wheel starts to move while you are driving...
| jclardy wrote:
| Every car that has an infotainment system that could
| potentially be hacked in this way. I have a recent Chevy
| ICE that gets OTA software updates.
| TeMPOraL wrote:
| That only makes this vector more of a threat, not less.
| ajross wrote:
| Obviously security bugs are bad and need to be fixed. But
| the point is that the security _architecture_ seems to have
| made the right choices here. It 's the same defense in
| depth strategy that puts reverse proxies in front of our
| web applications, or runs a database server behind a
| managed protocol such that SQL commands can never come from
| the front end boxes.
|
| Or, for a glib answer: if you need to stop the car safely,
| engage autopilot and unbuckle your seatbelt. The car will
| turn the hazards on and pull over on its own.
| jfrankamp wrote:
| Does anyone know if the glib answer works? Does the
| steering column selector stalk go through the ui (and
| therefore is interceptable by the supposedly compromised
| interface) or is it directly connected to the 'backend'
| below?
|
| Calling the critical ui interface the 'infotainment'
| system for a tesla is slightly misleading.
| filoleg wrote:
| >Does the steering column selector stalk go through the
| ui (and therefore is interceptable by the supposedly
| compromised interface) or is it directly connected to the
| 'backend' below?
|
| It is directly connected to the 'backend' below and
| doesn't go through the infotainment system/UI.
|
| You can manually kick off a reboot of the infotainment
| system on a Tesla while you are waiting at a traffic
| light, and still drive like usual just fine if the light
| goes green a second after. The only non-functional stuff
| will be the visuals on the screen and anything
| infotainment related (like playing music). All driving
| aspects are preserved even with the infotainment system
| being broken/in the middle of a reboot.
| ErikVandeWater wrote:
| Unbuckling your seatbelt at speed when your car suddenly
| acts strangely is a very bad idea.
| labster wrote:
| "My car suddenly accelerated to 110 mph, I know, I'll
| unbuckle my seat belt" doesn't seem like a plausible
| human reaction to me.
| jobigoud wrote:
| Yeah wipers are kind of a security feature, imagine if they
| stopped working while under heavy rain.
| LargoLasskhyfv wrote:
| Imagine said drone hovering in front of your windshield and
| igniting a dozen flashbulbs in short succession STASI-
| style. Apparently they are still available for about a
| dozen bucks per dozen. I remember having much fun with them
| in my youth. Single use, blinding white light, small 9-volt
| battery sufficient to light them up.
|
| _ZAP!!!_
|
| (Now playing: "I wear my sunglasses at night.")
| jjav wrote:
| > But it can't actually drive the car.
|
| Hopefully. Remember this vulnerability:
|
| https://www.csoonline.com/article/2951746/hackers-
| remotely-t...
|
| The initial intrusion was through the infotainment system but
| from there they moved to the more critical systems.
| PragmaticPulp wrote:
| > For someone looking to assassinate a specific individual,
| there are far cheaper and simpler methods that are also more
| reliable, including several methods that involve physically
| tampering with a car. For someone who wants to cause mass
| chaos...
|
| Most of us tech people are good at imagining ways technology
| might be abused, but we're not as good at thinking like actual
| criminals.
|
| It's a simile story with smart home gear: Tech people go to
| great lengths to imagine how their smart locks might be
| compromised by hackers who will break into their homes, but
| real burglars will just break a window and go around it. Tech
| people imagine how their wireless security cameras might be
| vulnerable to WiFi jamming, but criminals will just wear a face
| covering and park around the corner.
|
| I'm sure high value targets have specialized vehicles where
| these systems are removed, replaced, or disconnected. For the
| rest of us, the biggest concern would be if a hack enabled
| vehicle theft, as that would be more likely to be abused than a
| movie-style assassination where someone locks up our brakes
| from a drone or something equally complicated.
| jsight wrote:
| > Most of us tech people are good at imagining ways
| technology might be abused, but we're not as good at thinking
| like actual criminals.
|
| I wouldn't limit it to tech people. I hear the same ideas
| from non-technical folks who are often even more adamant.
|
| And you'd be shocked at how many people don't realize that
| home burglaries are primarily a daytime activity.
|
| I'm not sure if the fact that most people can't think like a
| criminal makes me more or less comfortable. :)
| ehnto wrote:
| Same for car thefts. People imagine it happens in the dead
| of night at their house and that they'll be around to hear
| their alarm, but chances are high it'll be in a carpark
| while you're at work and no-one will think twice about an
| alarm in a carpark.
| Ivoah wrote:
| As always, there's a relevant xkcd: https://xkcd.com/538/
| cigaser wrote:
| It is trivial to secure windows with plastic foil, glass will
| literally become bullet proof.
|
| Real problem is if attackers would activate ALL alarms in
| entire city, night after night. Or your "smart doors" would
| tip attackers that owner is away from home/
| gmadsen wrote:
| This seems to be a mild deterrent at best.
|
| most doors can be kicked down fairly easily. A window with
| plastic foil is only as good as its framing.
| dharmab wrote:
| Deviant Ollam has some great talks on physical pentesting
| and simple, affordable solutions to common attacks. You
| can find them on YouTube.
| dkersten wrote:
| I guess it depends on who is trying to break in and why.
|
| I remember reading a reddit AMA from a former burglar and
| he said that these windows did stop him, because he would
| be looking to get in and out as quickly and
| inconspicuously as possible and these would slow him down
| enough that he would try elsewhere instead.
|
| So, for a random opportunistic burglar, they may work
| quite well, but for somebody determined or someone with
| more time (eg if you live in a secluded area and they
| know you're away for long enough), there's always a way
| in. I've watched enough lockpicking videos to know its
| not that hard and enough defcon talks to know that
| lockpicking is rarely necessary. If someone determined
| wants to get into your home, they will.
| EricE wrote:
| Exactly - it's the old joke about not having to run
| faster than a bear in the woods - just faster than the
| slowest membe of your party :)
| Retric wrote:
| Even the walls of most houses are fairly easy to get
| through.
| cronix wrote:
| > It is trivial to secure windows with plastic foil, glass
| will literally become bullet proof.
|
| Here's some $50k windows that Nordstrom in Seattle was
| using that used that film. The windows couldn't stand up to
| Antifa with hammers, which makes me question the
| bulletproofness claim. It might not be the same exact stuff
| that you're claiming, but I'm guessing it is due to the
| description ("due to their thickness and a protective film
| that internally self-adheres after strikes or damage"), and
| that this has happened numerous times to them in the last
| year and I'm sure they're tired of replacing them and went
| for the best, strongest windows they could. $50k-70k EACH
| seems quite expensive for a single display window.
|
| https://www.seattletimes.com/seattle-news/crime/downtown-
| nor...
| sleepybrett wrote:
| Having worked on those very windows. They are also
| expensive because of other films and treatments to that
| glass that filter certain light that damages the items
| displayed behind it. Also they are just really big pieces
| of thick glass.
| cigaser wrote:
| I find this attitude VERY disturbing. Cars are target
| comparable to industrial infrastructure, but with weak
| security. USA has many enemies, there is constantly some sort
| of hacking scandal.
|
| Next time there is a mass scale hack: a few dozen people die,
| grid lock for couple of days, hardware worth of billions
| bricked.
|
| And US government can bomb any country it marks as an
| attacker....
| spicybright wrote:
| Good thing if that happened there would be outrage for a week
| and nothing actually done about it.
| EricE wrote:
| Think of the chaos if people didn't feel safe driving their
| cars. You don't need full control to achieve that.
| Hamuko wrote:
| One thing that might change this is if V2V, where cars
| communicate to each other on the road, becomes more relevant.
| Then you'd only need to compromise one particular make and/or
| model of a car to start sending false information to a whole
| bunch of cars.
| ACS_Solver wrote:
| V2V and V2X serve as additional ways for a car to get data,
| to complement the car's own sensors. They're not command
| protocols. V2V shouldn't make your car do anything dangerous,
| as all the usual software logic still applies. E.g. your car
| may get info over V2V that an ambulance with sirens is coming
| up behind you, so your car slows down to make room, but
| that's an internal decision of the car, it's not a "slow
| down" command over V2V channels.
|
| In that vein, rogue traffic signs or other objects designed
| to confuse a car's inputs are probably more of a threat.
| angry_octet wrote:
| False V2V inputs could cause a car satnav to divert to an
| alternative route. If the data fusion is done wrong, or if
| external visibility is very poor, it could rely on single
| source data (V2V without confirmation from an on-board
| sensor) and swerve or engage emergency braking. If an
| attacker has access to disable/deceive, e.g., the microwave
| sensors (via software attacks, or by jamming) then it
| becomes quite possible.
|
| There is lots of research in the topic though, so I'm
| fairly confident most V2V systems will be robust, but it
| depends on regulation. If they froze capability at a
| specific 'approved' version then attacks could become
| serious. Especially for systems using lots of ML, at higher
| levels of autonomy. At the moment it seems like Looney
| Tunes attacks (draw a picture of a tunnel with the word
| TUNNEL on it, paint the road markers towards it) work
| amazingly well.
| rini17 wrote:
| Yes, I can totally see how a large organization can achieve its
| objectives in much simpler way - or without actually killing
| anyone.
|
| But on the other hand, this was done only by two dudes (even if
| they did not yield drive control).
| kypro wrote:
| In general the likelihood an exploit will be exploited can be
| thought of as a relationship between it's ease and payoff. Just
| because something is exploitable doesn't mean it's likely to be
| exploited unless it's easy to do so or there is a good reason
| to put in the effort required.
|
| I guess if it was possible to remotely take over or disable the
| brakes on an entire fleet of self-driving cars then we could
| have problems. Likewise, if it was possible for school kids to
| "prank" their teacher by downloading some exploit software from
| the internet we could have problems. But in both cases you
| would hope security would at least be good enough that these
| types of events could not happen.
|
| Remember someone with a bit of knowledge could easily tamper
| with your mechanical car today if they wanted to. Digital tech
| provides new attack vectors for someone seeking to do damage,
| but if designed correctly any new digital attack vector
| shouldn't present any greater risk than the existing mechanical
| attack vectors.
| sleepybrett wrote:
| Everyone is focusing on the assassination angle but I stopped
| when it said that it could unlock the doors and trunks. Sure
| we exist in a world where people break into cars a lot, but
| generally it's at least somewhat destructive. No-one is
| 'picking' locks (because picking increases the time they are
| 'on target' and could get caught), they are smashing windows
| or are forcing locks with leverage. These actions look to an
| observer like what they are.
|
| In this new scenario, someone could have a remote rootkit
| loaded on their phone. Trigger it from across a parking lot
| or approaching the target and then simply walk up to the car
| and pull anything valuable out of it. They would look like
| the owner to most observers.
| MauranKilom wrote:
| Right, but direct physical access is a bit different from
| "can mess with your car from 100 m away". A security camera
| will effectively deter one but not the other.
| angry_octet wrote:
| It's actually quite difficult to tamper with a car. You have
| to find the car in an unattended and out of sight place. That
| opportunity isn't available for high value targets, and
| doesn't scale to 100k cars.
|
| In contrast, there are tens to hundreds of thousands of
| popular car models sold every year. Eg 55k Ford Focus sold in
| the UK in 2019.
| https://www.statista.com/statistics/463148/ford-focus-
| annual...
|
| Just a DOS attack would require every car to be taken by tow
| truck to the garage or visited by a tech to patch it, and the
| resulting reputational damage would be huge. I'm sure
| Ford/Toyota/etc would pay a ransom to avoid that.
| BadOakOx wrote:
| Oh wow.. So Fast & Furious series got it right?
|
| https://www.youtube.com/watch?v=19zeMqh-zqY
| JohnWhigham wrote:
| Did they seriously dub in a lion's roar when the Dodge Ram
| came out? Lol
| Hamuko wrote:
| Looks pretty funny that they have like a 2001 Volkswagen
| Passat, seemingly not even equipped with parking sensors,
| shift itself to D and drive off.
| o_p wrote:
| That was a "move along citizen" move, the US already uses these
| techniques to assasinate targets.
| saint_abroad wrote:
| > there are far cheaper and simpler methods that are also more
| reliable
|
| Reminds me of crypto-nerd reality:
|
| "His laptop's encrypted. Drug him and hit him with this $5
| wrench until he tells us the password." https://xkcd.com/538/
| smnrchrds wrote:
| The good old rubber hose cryptanalysis.
| ebiester wrote:
| This is a descendent of a 1990 Usenet post. "Problem #2: is
| that white noise, or is it a one-time pad ? I dunno. Awfully
| hard to prove, isn't it ? Unless, of course, I left my
| radioactive source and oscillators lying around. Big deal,
| you zap me for a misdemeanor. You still don't get The Master
| Plan, unless you resort to the rubber-hose technique of
| cryptanalysis. (in which a rubber hose is applied forcefully
| and frequently to the soles of the feet until the key to the
| cryptosystem is discovered, a process that can take a
| surprisingly short time and is quite computationally
| inexpensive)"
|
| source: https://groups.google.com/g/sci.crypt/c/W1VUQlC99LM/m
| /ANkI5z... via wikipedia.
| d--b wrote:
| Weird... Spying on high profile individuals through GPS
| position and car microphone is probably worth more than
| assassinations and traffic jams.
| ACS_Solver wrote:
| I guess targeting their phones works better. Phones can
| provide a lot more data, and with iOS and Android you have
| just two platforms that cover the vast majority of phones. If
| you're a state-level actor, you have the NSA, GHCQ or
| equivalent with full-time teams working on compromising both
| platforms, so probably have quite a few options available.
| hoppyhoppy2 wrote:
| Cars are sometimes easier to get data out of though, and if
| the person has linked their phone to their car then it can
| contain much of the same information.
| https://theintercept.com/2021/05/03/car-surveillance-
| berla-m...
| matheusmoreira wrote:
| > car microphone
|
| What?
| xeromal wrote:
| Any car with a bluetooth setup has a microphone. That's
| about any car since 2005ish?
| Hamuko wrote:
| The newest car that I've had without Bluetooth hands-free
| was actually a 2005 BMW. But it was basically the last
| year facelift model based on a 90s design. I think the
| completely new model came out in 2006 and had Bluetooth
| handsfree.
|
| It's probably way later than 2005 when pretty much every
| car included Bluetooth handsfree.
| guitarsteve wrote:
| We have a 2011 Toyota without Bluetooth, for what it's
| worth. Base trim models can skip features which are
| otherwise common.
| Hamuko wrote:
| There's probably not a single new car that doesn't come
| with at least one microphone in the cabin. You need at
| least one for Bluetooth handsfree and for voice commands.
| matheusmoreira wrote:
| I had no idea, I don't use any of those features. I just
| checked my car and it does have phone features. I'm
| honestly shocked. I want to get rid of the microphone.
| bellyfullofbac wrote:
| Cars sold in Europe since 2018 need to have a system to
| automatically call emergency services in the event of an
| accident. So, there's that microphone.
| angry_octet wrote:
| No wonder EU cars are so expensive.
| Hamuko wrote:
| All new cars sold in the United States of America must
| have a backup camera.
|
| https://eu.usatoday.com/story/money/cars/2014/03/31/nhtsa
| -re...
|
| European airbag regulations also allow for smaller
| airbags that explode with less force since US regulations
| require automotive manufacturers to assume an unbelted
| driver. ECE specifications are based on people wearing
| seatbelts.
| EricE wrote:
| Yes - love one size fits all regulations like this. It's
| so rediculous seeing Mazda Miata's with mandatory backup
| cameras :p
| angry_octet wrote:
| That's great. But mandating an embedded cell phone?
| Hopefully it is a fully independent system that only
| turns on after a collision, but it still has a spooky big
| brother aspect to it.
|
| I don't know what your point is about airbags. Some sort
| of weird defence of European safety standards?
| EricE wrote:
| I'm shocked insurance companies aren't demanding access
| to telemetry in order to get decent rates.
|
| The airbag thing was a dig that Americans are too stupid
| to wear seatbelts :p
| Leherenn wrote:
| I have to admit I don't know if you're sarcastic or not,
| but it certainly exists in Europe. You can have reduced
| rates (by quite a bit) if you install some special
| hardware to record how you drive.
| angry_octet wrote:
| I looked at the insurance plans that give a safe driving
| / low km bonus, they use a device that plugs I to the car
| diagnostics port. But it's actually a sham -- you get a
| discount on the next year, not the past year, so it's
| just a trick to get you to renew.
|
| I thought the seatbelt thing was a dig at Americans, who
| I never mentioned, and blatant whataboutism, but
| whatever.
|
| For the countries with the highest death rates
| (~80/million), which are poorer former Eastern Block
| countries, they predominantly occur in urban areas.
| Making cars 0.1% safer for Germans/French/Swedish, who
| have >50% of fatalities in the countryside, makes cars
| more expensive for the whole block, delaying the
| changeover to cars with massive safety features, like
| monocoque passenger safety cells, ABS/ESC and airbags.
|
| Incidentally,10% of US fatalities occured where no seat
| belt was worn.[1] In the UK this was 30%, but with a
| quarter of the fatality rate. All you can say is that
| people without seat belts on die.
|
| [1] https://www.iihs.org/topics/fatality-
| statistics/detail/urban...
| jumboshrimp wrote:
| Lots of cars now have microphones in them for voice
| commands and so on, and not just luxury vehicles. Is that
| what you were asking?
| hellbannedguy wrote:
| Tesla is the last car I would try to steal.
|
| It can be rometely shut down?
|
| It can be found via gps information?
|
| Wealthy owners can afford Lowjack.
|
| (I actually don't know, and to lazy to research. Just going off
| stuff I've heard here.)
|
| If I had a big enough faraday cage, a flat bed, and winch; it
| might be an appealing target though? Oh yea, a lot of motorcycles
| are stollen by two guys lifting the bike onto a pickup--locks,
| and all.
| dawnerd wrote:
| Instead criminals just steal mirrors. They go for decent money
| and are trivial to pop off while walking down the street.
| throwaway0a5e wrote:
| You document and report a vulnerability to Walmart, Northrop,
| some random BigCo that nobody thinks much about and you get
| nothing. You document and report an equivalent vulnerability to
| a tech BigCo and you make the front page of HN.
|
| It's not about having a working exploit you can monetize. These
| hackers aren't gonna steal cars. They're showcasing their
| skills and picking their targets for that purpose.
|
| Had they hacked a Daweoo wearing Chevy clothes or an FCA
| product nobody would blink twice. The comments would all be
| people saying you get what you pay for or repeating the typical
| Reddit tropes about the big3 being crap.
|
| They picked one of the brands that starts with T, ends with A
| because those brands are sacred cows of the upper middle class
| and have rabid online fan-bases who will greatly amplify and
| publicize these hackers work.
| justapassenger wrote:
| > Had they hacked a Daweoo wearing Chevy clothes or an FCA
| product nobody would blink twice
|
| Jeep hack (part of FCA, that doesn't exist anymore BTW - it's
| Stellantis now) was a huge huge thing.
|
| https://www.bbc.com/news/technology-33650491
| tyingq wrote:
| There's usually maintenance or "enthusiast" info available that
| makes it not that complex to defeat.
|
| Here's 2 antennas in a Model S mirror:
| https://teslamotorsclub.com/tmc/attachments/img_0748-jpg.211...
| Black101 wrote:
| Maybe one day car manufacturers will be required to tell you how
| to disconnect your car from wireless networks. Or even better, it
| will be illegal to opt you into them. (but I don't see any of
| those happening with the current government)
| EricE wrote:
| it would be interesting to see if newer cars would even start
| if you removed/disabled the cellular radio.
| Black101 wrote:
| I have heard of some people that would just disable the
| antenna and haven't heard of starting issues.... but I have
| doubts about it being 100% effective. IE: Once I wrapped a
| wireless device in aluminum foil and it could still
| transmit... I think that to be 100% effective as a Faraday
| cage, it needs to be grounded too but of course it is a
| different story for an antenna but...
| EricE wrote:
| Wonder if my parents would let me experiment on their Acura
| RDX :p
| Black101 wrote:
| I would say yes... if you are in a closed loop.
| uKGgZfqqNZtf7Za wrote:
| Most important sentence of the article IMO:
|
| However, the researchers explained, "This attack does not yield
| drive control of the car though."
| EricE wrote:
| Sure - they can't turn your car into the equivilent of an RC
| car but they don't have to. Simply killing the engine while you
| are in the middle of traffic is more than enough to cause
| chaos, sew distrust in our infrastructure, etc.
| EricE wrote:
| I hope to be buried with my 20+ year old cars that are NOT
| connected to the Internet with integrated cell phones.
|
| Egad :p
| deweller wrote:
| Tesla patched the vulnerabilities with an update pushed out in
| October 2020.
| aNoob7000 wrote:
| I believe it is part of the Pwn2Own hacking competition that
| contestants let the vendor know before releasing or talking
| about the exploit.
| nullifidian wrote:
| Does it matter? All these cars are still vulnerable, and state
| actors can probably kill you right now with a byte sequence --
| investigators will find that you weren't using Autopilot
| properly. It's a sad state of things with no foreseeable
| solution.
| klmadfejno wrote:
| State actors can kill you with a variety of common household
| items if they so desire.
| jsight wrote:
| Exactly... if you are so valuable that they'd risk burning
| an exploit for an imperfect chance, there are more
| effective ways.
| nullifidian wrote:
| What more effective ways? Send goons with chemical
| warfare agents? Nothing would happen with the exploit if
| it's done with a fake base station or through other low-
| range wireless thing.
| klmadfejno wrote:
| > Send goons with chemical warfare agents?
|
| Literally yes.
| nullifidian wrote:
| That's not more effective, and much much more risky, and
| this method leaves evidence, while powered off or zeroed
| and rebooted dram contents don't.
| klmadfejno wrote:
| There's a low upper bound on efficacy. You can only kill
| someone once. Realistically both methods leave evidence.
|
| To do a code exploit you need to find something, sit on
| it hoping its upatched, and then hope nobody can figure
| out that you did it when they do their extensive analysis
| of why a car suddenly did something extremely rare and
| dangerous, else you lose the exploit.
| nullifidian wrote:
| >car suddenly did something extremely rare and dang
|
| In absence of anything else, and cleaned up dram + fake
| logs is really an absence, it's always ascribed to driver
| oversight, distraction, loss of control.
|
| >Realistically both methods leave evidence.
|
| Yes, computing leaves "evidence" in form of
| heat(entropy).
| nullifidian wrote:
| killing with a byte sequence is as effortless as it gets.
| And it's one of the more plausibly deniable ways to do it.
| Why create additional ways for state actors to kill people?
| They could at least add "Power off all modems" option to
| all cars, and stop relying on over the air updates.
| klmadfejno wrote:
| > Why create additional ways for state actors to kill
| people?
|
| State actors can destroy buildings, so I guess we
| shouldn't make buildings /s.
|
| Or less sarcastically, state actors can compromise
| laptops, so I guess we should stop allowing "over the
| air" security patches to laptops? Should we just stop
| using computers?
|
| The reality is that state actors murdering people is an
| incredibly low risk threat. If state actor really want to
| kill someone, that is, assassinate someone, they can do
| it with a gun or a poison or whatever. If state actors
| casually want to kill one person, finding novel exploits
| is a pretty expensive way of doing it. If state actors
| want to kill a lot of people, you're basically at war, so
| we can use actual weapons.
| nullifidian wrote:
| >Should we just stop using computers?
|
| Laptops and buildings are a necessity, while cars with
| wireless modems and always on internet connections are
| not. All the usecases are solvable with Apple/Android/Car
| with infotainment serving as a dumb terminal, without any
| connection to anything important in a car. Since we
| already always have government surveillance devices on us
| (mobile phones) why add additional ones, which have the
| ability to crush us into oncoming traffic? Cars also had
| perfectly functional navigation with SD cards.
|
| >"over the air" security patches to laptops?
|
| Yes. Over the air security patches are a very very bad
| thing. The fact that this issue still hasn't been solved
| is a disgrace, with all the formal verification advances.
| Still laptops are a necessity, and can't kill us
| directly.
|
| >State actors can destroy buildings,
|
| That's not very plausibly deniable method. Buildings
| don't collapse or blow up by themselves. It leaves lots
| of material evidence of foul play.
|
| >with a gun or a poison or whatever.
|
| Not if they want to avoid suspicions and make it look
| like it was something natural, which is almost all the
| time.
|
| >murdering people is an incredibly low risk threat.
|
| Not if you are an activist and are up against an
| authoritarian regime, which can even follow you abroad.
| There is also surveillance you can't turn off like you
| can with a phone -- i.e. you can't talk with people in a
| car about anything important.
| EricE wrote:
| "Laptops and buildings are a necessity, while cars with
| wireless modems and always on internet connections are
| not."
|
| Hear hear and well worth repeating.
|
| I'm waiting for the (probably not too distant) day when
| insurance companies demand access to car telemetry in
| order to obtain reasonable insurance rates.
|
| Tick Tock...
___________________________________________________________________
(page generated 2021-05-05 23:02 UTC)