Increasingly computerized and connected autos
#1
Registered User
Thread Starter
Join Date: Mar 2003
Location: Philly
Posts: 2,129
Likes: 0
Received 0 Likes
on
0 Posts
Increasingly computerized and connected autos
Very interesting research. These types of threats are real, not just theoretical. This should be a wake up call to automakers.
Whitepaper:
http://www.autosec.org/pubs/cars-oakland2010.pdf
Research website:
CAESS - Home
NY Times article:
Cars? Computer Systems Called at Risk to Hackers - NYTimes.com
Andrew
Whitepaper:
http://www.autosec.org/pubs/cars-oakland2010.pdf
...Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input— including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash. ...
CAESS - Home
NY Times article:
Cars? Computer Systems Called at Risk to Hackers - NYTimes.com
Cars’ Computer Systems Called at Risk to Hackers
By JOHN MARKOFF
Published: May 13, 2010
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry.
“We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on,” they wrote in the report, “Experimental Security Analysis of a Modern Automobile.”
In the paper, which will be presented at a computer security conference next week in Oakland, Calif., computer security specialists at the University of Washington and the University of California, San Diego, report that while modern cars have extensive safety engineering in the design of their computer control systems, little thought has been given to the potential threat of hackers who may want to take over the networks that increasingly control modern cars.
“We noticed the extent to which automobiles were becoming computerized,” said Stefan Savage, a computer scientist at U.C.S.D. who was a member of one of two groups that have been studying the electronic control units of two different cars to look for network vulnerabilities that could be exploited by a potential attacker. “We found ourselves thinking we should try to get in front of this before it suddenly becomes an issue.” ...
By JOHN MARKOFF
Published: May 13, 2010
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry.
“We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on,” they wrote in the report, “Experimental Security Analysis of a Modern Automobile.”
In the paper, which will be presented at a computer security conference next week in Oakland, Calif., computer security specialists at the University of Washington and the University of California, San Diego, report that while modern cars have extensive safety engineering in the design of their computer control systems, little thought has been given to the potential threat of hackers who may want to take over the networks that increasingly control modern cars.
“We noticed the extent to which automobiles were becoming computerized,” said Stefan Savage, a computer scientist at U.C.S.D. who was a member of one of two groups that have been studying the electronic control units of two different cars to look for network vulnerabilities that could be exploited by a potential attacker. “We found ourselves thinking we should try to get in front of this before it suddenly becomes an issue.” ...
#2
I like ABS (barely) and fuel injection (sometimes), but all these other electronic gizmos are nothing but a way to charge more for a car and to allow the unroadworthy to drive. If the road is too crowded, put a $2 per gallon tax on gasoline, if people can't drive their cars well enough to handle them and they need traction control and networked driver aids, then make the road tests harder.
I'm increasingly more in love with my carburated, no-ABS, no-power brakes, no electronic ignition, no catalytic converter 40 year old chevy. It seems like in the very near future if you want to be an enthusiast you either have to get a classic car or get a sportbike.
I'm increasingly more in love with my carburated, no-ABS, no-power brakes, no electronic ignition, no catalytic converter 40 year old chevy. It seems like in the very near future if you want to be an enthusiast you either have to get a classic car or get a sportbike.
#3
Originally Posted by fishfryer,May 14 2010, 06:02 AM
I like ABS (barely) and fuel injection (sometimes), but all these other electronic gizmos are nothing but a way to charge more for a car and to allow the unroadworthy to drive. If the road is too crowded, put a $2 per gallon tax on gasoline, if people can't drive their cars well enough to handle them and they need traction control and networked driver aids, then make the road tests harder.
I'm increasingly more in love with my carburated, no-ABS, no-power brakes, no electronic ignition, no catalytic converter 40 year old chevy. It seems like in the very near future if you want to be an enthusiast you either have to get a classic car or get a sportbike.
I'm increasingly more in love with my carburated, no-ABS, no-power brakes, no electronic ignition, no catalytic converter 40 year old chevy. It seems like in the very near future if you want to be an enthusiast you either have to get a classic car or get a sportbike.
#4
I think some of it is scare tactic. I mean hackers? Cmon, you need to get into the car first, link up to the ecu, and then work on it which all takes alot of time even if the ecu is cracked. These same hackers could do that or just cut a brake line or spray a lot of wd 40 on your tires or something to that effect.
But I do somewhat agree. I mean things like fuel injection and ABS (or at least less modern systems) react to driver's inputs, but isn't part of the input. But things like DBW mimic inputs, so there is opportunity there for a computer to mess up.
But I agree with above, we need to start having more stricter tests, or at least have people have to apply for a special license to drive a full size SUV or something. Imo, the test really isn't the answer, but a road course class, not just driving around for a certain amount of hours but actually setup a course and make people have to pass certain tests. Driving is one of those things that going through the motions vs. memorizing what you should do makes a huuuuge difference.
But I do somewhat agree. I mean things like fuel injection and ABS (or at least less modern systems) react to driver's inputs, but isn't part of the input. But things like DBW mimic inputs, so there is opportunity there for a computer to mess up.
But I agree with above, we need to start having more stricter tests, or at least have people have to apply for a special license to drive a full size SUV or something. Imo, the test really isn't the answer, but a road course class, not just driving around for a certain amount of hours but actually setup a course and make people have to pass certain tests. Driving is one of those things that going through the motions vs. memorizing what you should do makes a huuuuge difference.
#5
Registered User
Originally Posted by fishfryer,May 14 2010, 07:02 AM
I like ABS (barely) and fuel injection (sometimes), but all these other electronic gizmos are nothing but a way to charge more for a car and to allow the unroadworthy to drive.
This level of complexity, this level of efficiency, and thus today's levels of specific output (hp / L) and/or fuel economy would be impossible without computer control.
Originally Posted by TheDonEffect,May 14 2010, 08:04 AM
I think some of it is scare tactic. I mean hackers? Cmon, you need to get into the car first
#7
Registered User
Originally Posted by fishfryer,May 14 2010, 06:02 AM
I'm increasingly more in love with my carburated, no-ABS, no-power brakes, no electronic ignition, no catalytic converter 40 year old chevy. It seems like in the very near future if you want to be an enthusiast you either have to get a classic car or get a sportbike.
Trending Topics
#10
Registered User
Originally Posted by GinoGT,May 14 2010, 11:52 AM
Yeah, let's connect our cars to the internet. Awesome. That's really what they need. Can we stop finding new ways to distract already horrible drivers?
- OnStar-like emergency response
- Automated monitoring of vehicle health and maintenance status (e.g. instead of fixed oil change intervals, your car emails you when its oil is getting grody)
- Always up-to-date navigation off of the internet
- Navigation that takes real time traffic data into account
- Automatic carpool arranging?
Regardless of whether it's "right" or "good", it's going to happen.