Vehicle hacking.

Forum for general chat, news, blogs, humour, jokes etc.

Postby Syncopator » Thu Jul 23, 2015 4:54 pm


Many of you will have read about this vulnerability in modern vehicles.

The article in this link is a bit of an eye-opener http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Equal rights for equal responsibilities.
Syncopator
 
Posts: 4
Joined: Sat May 20, 2006 11:07 am




Postby trashbat » Thu Jul 23, 2015 5:43 pm


It's pretty bad.

Vehicle systems are kind of a perfect storm for security problems.

The actual exploit - buffer overflow - is very old. You flood software with more data than it expects, and the extra data ends up in places where it gets used by other, normally unexposed bits of the software. The net effect is you're essentially able to rewrite the software on the fly.

This is widely known about, and if you were writing safety critical software, or even something you felt had security requirements, you would probably consider it. You possibly wouldn't consider it, however, if you felt it was guarded against by someone else (like the operating system) or if what you were doing seemed innocuous. Like, say, you're ACME Inc and you're making a satnav. Who cares about securing that, right?

And at the other end of it, when you're Wonka Industries and you've designed an electric steering controller and you need to link it to other unspecified car systems, because of course everyone wants automatic parking, well of course you'd use CANBUS, and that's an open, unsecured standard right, so the responsibility for protecting it must be someone else's problem, like the integrator.

And then when you're Chrysler and you come to build a car with these different companies' products, and the satnav needs to talk to the speedometer, of course you use CANBUS for that too, and surely you don't need to worry about security because what harm can come of a satnav or that little link you just made, and anyway surely ACME thought about this when they made it anyway.

But the satnav connects to your phone and now you can use that to steer the car. Whoops.
Rob - IAM F1RST, Alfa Romeo 156 JTS
trashbat
 
Posts: 764
Joined: Wed Jun 22, 2011 11:11 pm
Location: Hampshire

Postby jont » Fri Jul 24, 2015 8:34 am


StressedDave wrote:It's no excuse for missing a simple buffer overflow though...

I was looking at some code recently (from a major tier 1 who does lots of ECUs, ABS, ESP controllers etc) where a simple while loop had no bounds checking and the line above had:
Code: Select all
#pragma disable misra check //needs to be fast

:lol: :roll:
User avatar
jont
 
Posts: 2990
Joined: Fri Jul 07, 2006 9:56 pm
Location: Cambridgeshire

Postby superplum » Fri Jul 24, 2015 8:51 pm


You'll get much more interest if you transfer this topic to Facebook!

:lol: :lol: :lol:
superplum
 
Posts: 73
Joined: Fri Nov 30, 2012 12:31 am

Postby jont » Fri Jul 31, 2015 11:00 am

User avatar
jont
 
Posts: 2990
Joined: Fri Jul 07, 2006 9:56 pm
Location: Cambridgeshire

Postby Silk » Fri Jul 31, 2015 11:16 am


StressedDave wrote:
It's a shame I understand all this, given that I actually stop buildings falling down for a living...


Is there anything you *don't* do for a living? :shock:
Silk
 
Posts: 1033
Joined: Sun Apr 13, 2008 2:03 pm

Postby Silk » Fri Jul 31, 2015 2:57 pm


StressedDave wrote:At the moment my boutique career consists of structural engineering, driver coaching and automotive suspension development.


Gosh! No wonder you're grumpy.
Silk
 
Posts: 1033
Joined: Sun Apr 13, 2008 2:03 pm


Return to General Car Chat Forum

Who is online

Users browsing this forum: No registered users and 7 guests


cron