Hackers can pwn a Jeep Cherokee from the brakes and steering to the AC and radio

Originally published at: http://boingboing.net/2015/07/21/hackers-can-pwn-a-jeep-cheroke.html

1 Like

uh-huh, but the Michael Hastings crash was just a freak car accident. /s


I have the sneaking suspicion that there’s a successor to the Ford Pinto Memo floating around upper-management on this, regarding the costs of actually hardening their systems against hacking intrusion, versus the costs of just suing anyone that publishes an exploit and paying off death benefits for the people who get hacked and driven into a pillar at 90 mph. I imagine further that the part advising the latter tactic will have very little to do with observable reality, as the whole thing was likely written by an accountant or a lawyer, and not a software engineer.


This was always coming. I’ll just link to my previous comment:


Why the hell is the engine control CAN bus accessible from the entertainment unit?


The control units in a car talk via one or more CAN buses. There is no reason (other than minute increases in complexity and cost) to have all nodes be on the same bus, or for all nodes on a bus to be equally privileged.

In other words: You don’t need to hook the infotainment system up so it has control over the transmission. If you do, it’s because your design is flawed.


I talked to my friend who has overseen various manufacturing plants in the automotive industry and he says that it is done because “it is cheap and simple. That is the overriding prerequisite for automotive.” Also “it was designed 10 years ago by an automotive engineer, not a network person”.


Cheap is relative. You can buy a lot of twisted pair cable for the price of one NYT story about how unsafe your cars are.


So then we are pretty sure the NSA has backdoor access to all this right now.


You mean that memo which was never used or consulted internally by Ford. The memo that was attached to a letter written to NHTSA? The one that the judge in the case said couldn’t be used to support punitive damages?
[the supposed “smoking gun” document that plaintiffs said demonstrated Ford’s callousness in designing the Pinto was actually a document based on National Highway Traffic Safety Administration regulations about the value of a human life — rather than a document containing an assessment of Ford’s potential tort liability.][1]

So you mean this is all a show to attack Jeep and has no actual substance?
[1]: http://%20https://en.wikipedia.org/wiki/Ford_Pinto#Schwartz_paper

Especially since the bus is likely etched onto silicon somewhere centrally-located instead of being actual wires that need to support their own weight and be protected physically and conductively from their surroundings.

cruising with gunhead;

http://www.voidspace.org.uk/cyberpunk/virtual_light.shtml#2 Cruising with gunhead

Nope, the CAN bus is an actual wire data bus, connecting all the little computers in the car to each other. It costs money, although having two CAN busses doesn’t cost much more than having one CAN bus. It does require the designers of the car’s computer network to seriously think about which parts need to talk to which other parts of the car, though.

For example, the car likes to be able to display warnings about its safety systems on the LCD screen in the dashboard, although that screen’s main function is to show you what radio stations are playing or where you are on the GPS map.

Having the computer that controls the brakes on the same CAN bus as the one that receives satellite radio is disconcerting.


Heh heh heh… paging Michael Bay!

Worse, he suggests, a skilled hacker could take over a group of Uconnect head units and use them to perform more scans—as with any collection of hijacked computers—worming from one dashboard to the next over Sprint’s network. The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.

I’d totally watch that movie. Badass Dragons of Interstate 5.

Myself, I don’t think I’m gonna retire my old Cougar anytime soon, even if (when) gas hits $10/gallon.


And therein lies the problem.

I’m not entirely sure I’m happy about my phone being a smart phone. I do not want my car to be a phone.

But one day, when my current cars die, that will be forced upon me and I’ll have no choice, I guess…


I’m completely unsure as to why a car needs to be internet enabled, as in, has an IP address and open ports listening.

I know nothing about CAN bus.

But, on a slight tangent, can this allow manufactures to ‘degrade’ your car, y’know, when they feel should be buying their new model after a year?


Could there be a DIY solution, generic and available for all cars? Something along the lines of physically spliltting the bus to two parts, and put in a SoC (Raspi?) based CAN proxy that’d let only some messages pass in only some directions?


Essentially, a differential bus not unlike RS485. With defined format of packets, and addressability of individual endpoints. It is a nonswitched, shared bus, so every node gets every message and it is their responsibility to ignore what’s not for them. All of this is unsecured. The rest is at the levels above - what can talk with what.



I don’t yet have a CAN bus in my 1958 Chevy. I think I’ll keep it that way.


Ah, car drones. Involuntary, but drones.

1 Like