FBI issues car-hacking warning, tells drivers to keep their cars' patch-levels current

Car mechanics, computer scientists, and owners have been asking for this for years.

However…

It seems that the Automaker’s Alliance is extremely interested in making it illegal for you to modify your vehicle. Their justification for doing so is that “you could make the car unsafe”. If they properly partition the safety, control, and infotainment systems, they will not be able to get those laws passed; so it’s in their economic interest to make your car more dangerous and hackable.

6 Likes

I’m not sure separating the systems would affect their ability to lobby against people modding their own cars. They would still be able to make arguments that people should not be able to modify the main control computer and related systems.

(I don’t like those arguments at all, but they could still hold some weight with lawmakers.)

1 Like

re-tooling be 'spensive and they ain’t in business to make you safe. Associations like that are strictly about serving the bottom line of the corporations that pay them.

They probably have a (de)motivational picture framed in the boardroom, with some motto like “Protect the status quo cause the boss said so!” captioning a picture of a white man masturbating with a fistful of one hundred dollar bills. Or something.

1 Like

re-tooling be 'spensive and they ain’t in business to make you safe.

Correct, which is what the prior comments about liability and lawsuits were about. They’d certainly come about easier in a market with a machine that could kill you, than with consumer grade electronics where the manufacturer has virtual no incentive to correct such issues.

The auto industry has actually been pretty good about items that can be shown to relate to safety. (See airbags, crumple zones, seat-belts, etc.)

That was irony, right?

I remember how hard they fought seat belts when I was a kid - Detroit spent millions and millions of dollars trying to prevent cars having seat belts. And Lee Iaccoca literally got the president of the United States to veto the air-bag bill… I’m pretty sure domestic automakers fought against every single safety improvement of the entire 20th century.

5 Likes

Our Leaf does not, and I think more and more new cars do not. No key for the “ignition” / start button, either.

That is precisely the problem. Power up a bidirectional transceiver/amplifier next to it on the right frequencies, and potentially that may change to:
Anybody can just put their hand in the door handle and it will unlock as long as I have the fob within a couple hundred feet - like in the house on my bedside nightstand, or walking out of the parking garage where I just parked, etc.

2 Likes

I haven’t been able to get ours to work unless within like 5 feet of the car maybe 10. Pressing the buttons which requires the battery that can be a long distance.

1 Like

What I’m saying is despite the fighting, they eventually had to do it. They had to because they were pressured, and they were pressured because the risks involved death, as opposed to the kind of pressure you can put on a home router manufacturer just because some one can break in and download songs in your name or whatever.

It’s 2 different arenas, and the chances of getting an automaker to comply with security standards is greater than a company in consumer electronics, due to what can be leveraged against them.

3 Likes

OK, I looked at this a little more and it sounds like the news story I’d previously read may have been overblown, had the technology wrong, or both. Big surprise, I know.

Here’s a partial debunking: The $17 Car Key Hacking Device Does Not Exist

On the other hand, there is this, which seems to be for real: A hacker made a $30 gadget that can unlock many cars that have keyless entry. Essentially a simple MITM jamming/replay attack, supposedly he demoed it at DefCon 23.

OH WAIT, here we go: Newer news on the topic - [This Group Defeated Keyless Entry Cars With Simple Homemade Devices] (This Group Defeated Expensive Keyless Entry Cars With Cheap Homemade Devices | The Truth About Cars)

5 Likes

You could, but which option makes the most money?

1 Like

Does anyone else feel like the FBI is trying to freak us the fuck out right now? Why?

Always ask why.

What is the motivation of this speaker?

I don’t mind the software in my 2004 Honda – with all those sensors and feedback and stuff it still runs really well, much, much better than cars of the same age from the 60’s and 70’s did (for those like me who don’t have the skills to work on it). But it’s not connected wirelessly (AFAIK), so I don’t think I need to worry about hacking and what not – except through the mechanic’s diagnostic thingy. I dread the day it finally wears out.

or you might keep it running for the foreseeable future because it is a 58 Chevy.

1 Like

the thought of planned obsolescence for automobiles…

Did you mean “thought” or “longstanding practice.” Coders didn’t come up with this shit, it was started well before the OSRAM cartel of incandescent lightbulbs of all things.

2 Likes

I suspect an actual brick would be more useful in brick-usage situations, making your router less useful than a brick.

2 Likes

While the keyless stuff can be cheaply hacked, so can conventional car locks. Has no-one here ever used a coathanger to break into an old car? Or had some toerag put a screwdriver through the lock?

A physical backup key for the keyless system makes sense from a “what if it doesn’t work?” POV, but it also introduces an extra point of failure into the security.

I can see valid reasons for keeping the mechanical key, but I can also see defensible reasons for elimnating it.

1 Like

Oh heck my old 94 Saturn had a fun one… The key if worn down enough had an 80% chance of opening up any other Saturn from that year. And I have coat hanger opened cars when l locked keys in them so I don’t give the old methods of locking the car any points for being more secure.

3 Likes

The thought of being able to apply those longstanding practices to automobiles. At will, no less.

Yes, I can see it all now, in my crystal ball…

Urgent Security Update notice

Please upgrade to iOS^w GM-OS 11.0.1 immediately to address urgent CVEs for iOS^w GM-OS 10.3.
GM will not be liable for any theft or damage due to running obsolete versions of GM-OS

[Two hours later…]

Security Update Failed

We’re sorry, your car is more than 2 years old and is not capable of running GM-OS 11.0.1.
Please contact your dealer about purchasing an upgraded model.

[Substitute Ford, Nissan, Chrysler, Toyota, etc. at will; this is likely to play out the same for all of them.
Money has its own inexorable logic.]

6 Likes