Page 1 of 1

Vehicle hacking.

PostPosted: Thu Jul 23, 2015 4:54 pm
by Syncopator
Many of you will have read about this vulnerability in modern vehicles.

The article in this link is a bit of an eye-opener http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Re: Vehicle hacking.

PostPosted: Thu Jul 23, 2015 5:43 pm
by trashbat
It's pretty bad.

Vehicle systems are kind of a perfect storm for security problems.

The actual exploit - buffer overflow - is very old. You flood software with more data than it expects, and the extra data ends up in places where it gets used by other, normally unexposed bits of the software. The net effect is you're essentially able to rewrite the software on the fly.

This is widely known about, and if you were writing safety critical software, or even something you felt had security requirements, you would probably consider it. You possibly wouldn't consider it, however, if you felt it was guarded against by someone else (like the operating system) or if what you were doing seemed innocuous. Like, say, you're ACME Inc and you're making a satnav. Who cares about securing that, right?

And at the other end of it, when you're Wonka Industries and you've designed an electric steering controller and you need to link it to other unspecified car systems, because of course everyone wants automatic parking, well of course you'd use CANBUS, and that's an open, unsecured standard right, so the responsibility for protecting it must be someone else's problem, like the integrator.

And then when you're Chrysler and you come to build a car with these different companies' products, and the satnav needs to talk to the speedometer, of course you use CANBUS for that too, and surely you don't need to worry about security because what harm can come of a satnav or that little link you just made, and anyway surely ACME thought about this when they made it anyway.

But the satnav connects to your phone and now you can use that to steer the car. Whoops.

Re: Vehicle hacking.

PostPosted: Fri Jul 24, 2015 8:34 am
by jont
StressedDave wrote:It's no excuse for missing a simple buffer overflow though...

I was looking at some code recently (from a major tier 1 who does lots of ECUs, ABS, ESP controllers etc) where a simple while loop had no bounds checking and the line above had:
Code: Select all
#pragma disable misra check //needs to be fast

:lol: :roll:

Re: Vehicle hacking.

PostPosted: Fri Jul 24, 2015 8:51 pm
by superplum
You'll get much more interest if you transfer this topic to Facebook!

:lol: :lol: :lol:

Re: Vehicle hacking.

PostPosted: Fri Jul 31, 2015 11:00 am
by jont

Re: Vehicle hacking.

PostPosted: Fri Jul 31, 2015 11:16 am
by Silk
StressedDave wrote:
It's a shame I understand all this, given that I actually stop buildings falling down for a living...


Is there anything you *don't* do for a living? :shock:

Re: Vehicle hacking.

PostPosted: Fri Jul 31, 2015 2:57 pm
by Silk
StressedDave wrote:At the moment my boutique career consists of structural engineering, driver coaching and automotive suspension development.


Gosh! No wonder you're grumpy.