Jeep breach: Scared? You should be, it could be you next Other vehicles may be at risk from hacking following the Jeep Cherokee incident, according to one of the two researchers who pioneered the spectacular auto exploit. Renowned car security researchers Charlie Miller and Chris Valasek remotely hacked a Jeep Cherokee over a mobile network and found a way to control critical …
>The Uconnect system allows motorists to start their engines, unlock doors or flash their headlamps via their computer or the Uconnect Access smartphone app from anywhere
I cannot believe there isn't a huge e-mail archive somwhere within Fiat Chrysler of engineers pointing out how dangerous this could be and being successively overruled by ever higher echelons of management.
It was ever thus:
The greatest test of an engineer is not his technical ingenuity but his ability to persuade those in power who do not want to be persuaded and convince those for whom the evidence of their own eyes is anything but convincing.
Extract from "Plain Words" in The Engineer 2nd October 1959
what the fucking fuck? Why did ANYONE think it was a good idea to network CRITICAL SYSTEMS to an external app? I mean seriously? Someones head should roll, unfortunately it will be some poor tech whose idea it was originally (ignoring all the engineers who said it was bad but wanted to be paid).
Re email archive: probably not.
I expect the development of all of this was outsourced to some third party who near-sourced it to a bunch of poorly paid 22 year olds who've grown up thinking that being constantly connected to the internet is both a necessity and a right.
They wouldn't understand how dangerous putting everything on a single insecure, publicly accessible network is, because they live their lives doing just that.
"I cannot believe there isn't a huge e-mail archive ..."
Where have you worked? How easy would it be for your colleagues to find another job?
I am familiar with one household UK name company making safety critical stuff where the kind of discussions you envisage have gone on.
There is no email archive. The discussions, such as they were, were never formally recorded and were typicaly verbal, occasionally whiteboard. The discussions may as well never have taken place.
The management made it very clear what they want. Discussion is not welcome, dissent is not tolerated, there is no need (or place) for an email audit trail. Orders are orders, whether written or not. Don't like it, find another job.
http://www.academia.edu/288635/The_Ethics_of_Safety-Critical_Systems
See also: Charles Haddon Cave, Leadership and Culture, Lessons from the Nimrod Review
http://www.oilandgasuk.co.uk/templates/asset-relay.cfm?frmAssetFileID=3317
No, I'm not reassured, but the article is inaccurate. No, it's not a relief, but there is a measure of segregation that would prevent any random hacker from easily gaining access. I haven't seen this mentioned anywhere, but I know for other Sprint implementations over their CDMA and LTE networks, they use it as an extension of the MPLS service, so a general PAYG 3G/4G modem wouldn't even slightly help without a lot of social engineering to get the right authorizations in place.
Why does everything have to be wirelessly connected? Why do we constantly have to be "jacked in" 24 hours a day? Skynet won't be T2s coming down and wiping out humanity, we'll simply join every gadget we have to every other gadget on the planet and then slowly wipe each other out with disabled brakes, exploding laptops and all manner of other exploits in various gadgets!
[quote]Fiat Chrysler Automotive – manufacturers of the Jeep Cherokee – were aware of the hack before it was demonstrated and had already released firmware patches for vulnerable vehicles.[/quote]
Yes but if you keep quite about the problem how many cars are running the old firmware. A quick search shows that while the fix is relativity easy I can not see a recall to fix this problem.
[quote] “To FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorised remote hack into any FCA vehicle,” Fiat Chrysler said.[/quote]
They may as well have said "To FCA’s knowledge, no one is dead yet."
We seem to be currently going through a particularly daft period of digital evolution, where the common answer to the above question is "because we can".
My TV packed up recently after 7 years of service (not great, if you ask me), so off I went to John Lewis to pick up a new one. I returned home with a shiny new Sony number, and very nice it looks too, incredible picture quality. But there's just one problem - it runs Android. Yup, a TV now runs an OS. What they didn't explain in the shop is that it takes about 45 seconds to start up from cold.
Seriously, why? Who in their right mind thought it would be a good idea to make you wait for nearly a minute before a bloody TV has to boot up? And then once it's on you're bombarded with a completely crazy smorgasboard of an interface you have to navigate before it will allow you to watch a channel. And then when you do select a channel, it takes at minimum 10 seconds before you can see a live picture.
But hey, the picture quality is amazing.
It's the same with oscilloscopes.
In the old days we had to wait 30~60 seconds for the Cathode Ray Tube (CRT) to warm up, then with 1st-generation LCD products it was near instant-on, ... now we're back to waiting - this time for digital bootups. :-(
"...digital bootups."
Must. Rebuild. OS. From. Scratch. Each. And. Every. Time.
Even the damn Hibernate algorithm is daft...
Must. Save. And. Reload. All 8GB of RAM. Image. Because I (the f'ing OS). Have. No. Idea. Which. Part. Is. In. Use.
When I'm King, coder drones will be very well paid. At least those very few remaining that don't have their heads installed on pikes at the city gates.
Hell man I had someone at work tell me yesterday how Samsung smart TVS listen in on you, a couple of months ago they were thinking I was daft/paranoid saying I wouldn't go near a smart TV if I could find a dumb equivalent.
Web 2.0 is boiling the frog for people on privacy, everything is now facebook connected whether it should be or not, and now its boiling the frog on the common sense of whether we need things connected, possibly tied in with the whole privacy thing again, how long before your movement stats are sold away?
Keep turning up at this supermarket car park, sure the rivals would like to know and start sending you vouchers. I am short on sleep and may be getting a bit ranty, but I wish the marketing people who keep thinking this is a good idea and those who keep wanting to monetise us, when they ahve already taken the money for the product as well, would just fuck off.
Have an upvote. Not nearly sweary enough but adequately, although in a slightly bland manner, reflects my feelings on the matter.
Neither of my cars even have ODB - well, the Sportrak does but it's an advanced photonic system used in WWII: You short a link on the diag connector and a little man in the dashboard flashes out the fault codes, if any, on an Aldis lamp cunningly disguised as an EML. I'm quite happy with that, knowing that all the bits that make them go, stop, turn and dodge Nissans are connected to the controls either physically or hydraulically and I can examine, verify and rectify any of them without a proprietary interface plugged into a high-end laptop with a very expensive version of the little man in my dashboard at the keyboard.
As for television and entertainment in general, now that Top Gear has gone ginger and they're allowing some fool to commit the ultimate sacrilege of remaking Dad's Army, I have a clear desk policy of fucks to give about televisions and similar nonsense.
It's all related, of course. Modern motoring and broadcasting are squarely aimed at the lowest common denominator because that's where the bulk of "civilisation" sits these days. Soon they won't be able to scratch their arse without a smartphone app to tell them how, measure the efficacy of the act on the irritated orifice in question and upload that metric to Twitter along with a little carefully chosen politically correct anecdote about the event just in case anyone thinks anus scarification is discriminatory or the result promotes competitiveness.
Bootnote: This commentard does not advise the unsupervised scratching of arses. This activity should only be undertaken under the advice of your family medical practitioner. If symptoms persist, please consult a healthcare professional.
@perlcat "That's reassuring. I had thought that the builders of trucks and airplanes were more sane than auto manufacturers. My faith in universal corporate stupidity has been restored! Now I can sleep at night. Wait a minute..."
As mentioned CANbus itself (or one of the many competing "industry standard" layers running on top of this like FieldBus and the like) is not secured. Security comes from the implementation. In aviation that security is actually pretty well thought out. There is the option of having uni-directional links. Ports will SEND specific data but will not accept any input data. This means interference and cross-communication between systems is minimized. Without physical access to the main programming ports (usually on the electronics deck below the cockpit, only accessible from there) you're not going to get anything done. And then even if you DO have access you probably won't get much done as security and tamper protection is actually a thing in the aviation world.
Unfortunately in the truck business the situation is not much better than in the car business. No-one in the industry has ever had to give a rats ass about security, they have never done it before so they are not going to start until forced to by the market or by the bodies piling up and the wrongful death suits flooding in.
CAN Bus is a great implementation given the age of the standard and the fact that it has to operate in an electrically horrible environment with as cheap as possible (e.g. as few a wires as possible and as little heavy duty shielding as possible - and often cheap wire as well). However as noted above, by other posters, it's not designed for security as it's just a relatively low level transport mechanism.
To implement security in a CAN bus network you don't connect anything remotely insecure to the CAN bus network; it's that simple and is a simple method of implementing security. Unfortunately in this instance some numpty brain dead fool decided that a good feature would be "remote start", "remote control of lights" or similar utility functions which while not bad as such, their implementation would have to be extremely well thought out. In this case it's very clear that the implementation wasn't thought out at all and a relatively direct connection between the public Internet and an internal CAN bus device was established, most likely for ease of development and cheapness of implementation. What should have happened is that the public Internet device was connected solely to the CAN bus through a dedicated communication route, i.e. communicating with a CAN IO module that simply fired specific messages across the CAN network in response to the IO signals. The worst that could happen in this case is that the specific remotely enabled functions could be triggered and no more however it's plain that the Internet connected device is directly connected to the CAN bus network and can therefore send whatever CAN network messages it wants. Such as an implementation is flexible (in case UConnect want to add interaction with other systems), cheap to develop, implement and support but utterly, fucking stupid.
There is no inherent security in CAN bus or Profi bus or RS485 or RS422 or USB or Token Ring, or Ethernet or any traditional industrial bus. The assumption was a separate system was used for any out of building communications. I've been pointing out the error in this since Token Ring and Ethernet and Internet arrived. With direct dialup connections we always configured that it hung up and rang back to pre-decided number for that account. That layer of security vanished with Internet.
But I can't see all that much advantage over a dealer version.
When you update the car firmware you also program the version number into the entertainment system - then it can notify you that there is new firmware available from your garage.
"“The controls needed to drive the car should be completely isolated from any external facing system, so no Bluetooth, no Wi-Fi, no 3G, no attack surface at all,"
Well precisely.
But what even marginally-competent vehicle designer would ever think anything else? Why does it take a consultant?
I imagine the government must be behind this; only with clout of that power would a manufacturer risk their reputation by implementing something so obviously insane. Or should we, like Napoleon, be careful to "never ascribe to conspiracy that which is adequately explained by stupidity"?
I never gave the dealership my mobile number, just home landline
Last year I went to Birmingham during the only real bit of icy weather
at 5am, I got a text, warning of icy condition on the roads locally.
The text said my reg number and was from from a number I didn't know
I can only guess my car swipped my mobile number by bluetooth when connected to the handsfree system.
What concerns me is that nowhere is there any mention of a mobile connection from my car or anything about mobile numbers. when I called the number it just said "Incoming calls not supported"
You could be right but there are loads of other ways of matching up you to your mobile number.
For example, if you use Facebook or Google+, both of those are really, really keen for you to lodge your mobile number for "security reasons" - prove yourself to them, recovery codes etc. Nothing to do with linking you up. Chrome to Phone offers a similar hook up between your browser (and hence your PC and you) to your devices.
Even your home phone number provides a link to you, that after jumping an index or two via joined up big data will get your mobile number.
Combine that lot with GPS on your mobe plus bookmarks etc synching, bluetooth and wifi AP watching and you, along with the rest of us are pretty well pwned in a marketing sense.
'when I called the number it just said "Incoming calls not supported"'
Next time, bung the number into your search engine of choice. It might find the number listed on the relevant company's website, or maybe the search will lead you to one of the various sites dedicated to identifying the companies hiding behind non-geographic numbers (most especially those that make annoying sales calls).
Either way, there's a chance you'll be able to identify the company that owns the number, and from that work out how they got it. As gerdesj says, it might not be what you initially suspect.
Some lovely explanations there. Using Occam's Razor, it's more likely the the car Bliutooth, which reads and stores the phone book, will also get the phone number of the connected phone. Once the car goes in for service, they probably scrape all the data they can from the systems. No Internet required.
There doesn't seem to be any disclaimers on the service sheet you sign when taking the car in for service which allows them to read, store and use personal data from the car, nor is there any disclaimer that says they will update the on-board firmware which might change the car handling and not even tell you they did it to YOUR car. I wonder if the mechanics who do the firmware update even know what the fixes/changes are.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
