Hackers Remotely Control Jeep Cherokee
July 21, 2015 10:12 AM   Subscribe

Security researchers Charlie Miller (@0xcharlie) and Christopher Valasek (@nudehaberdasher) have found an exploit for Chrysler's Uconnect infotainment system allowing for remote control of many vehicle functions including climate control, audio, braking, and under certain conditions, steering. They plan to release details during a talk at next month's DEFCON 23 hacking conference. Chrysler has already issued a patch for the vulnerability, but it requires a manual update.
posted by Small Dollar (133 comments total) 28 users marked this as a favorite
 
Why yes, this is the glorious connected future we were promised in science fiction.
posted by RedOrGreen at 10:13 AM on July 21, 2015 [27 favorites]


Just a reminder, strong encryption is solely used by terrorists. And there's no reason to expect it on consumer grade hardware or communication equipment.

(I do realize encryption alone won't prevent software bugs.)
posted by DigDoug at 10:14 AM on July 21, 2015 [10 favorites]


Obviously we need to make sure that our vehicles' computers are not connected into a larger network, to prevent against hacking. We've known this for a very, very long time and I'm not sure why we've so quickly forgotten Commander Adama's wisdom.
posted by Tomorrowful at 10:15 AM on July 21, 2015 [81 favorites]


(I was actually going to post this same story, although with more bitter snark, so I'm glad Small Dollar got to it first. Here's a companion link to go with this story - they're forming a committee to consider bolting the barn door real soon now. For real!)

The legislation ... would call on the National Highway Safety and Transportation Administration and the Federal Trade Commission to together create new standards that automakers would be required to meet in terms of both their vehicles’ defenses from hackers and how the companies safeguard any personal information such as location records collected from the vehicles they sell.
posted by RedOrGreen at 10:16 AM on July 21, 2015 [1 favorite]


Just a couple of week ago, I was driving my 2014 Dodge Dart (with UConnect) and made a note to add to a list of nefarious inventions: a car that detects when you're tired and then screws with you by changing the climate control or subtly changing music volume.

Now people can do the same without it having to be an evil invention!
posted by bookdragoness at 10:16 AM on July 21, 2015


"Let's steal a Jeep!"
"Yeah! Let me get my laptop and this hacker code and this antenna..."
"Oh. Well..."
"What?"
"I was gonna use a coat hanger."
"Yeah, that's much easier, you're right, what was I thinking."
posted by Cool Papa Bell at 10:19 AM on July 21, 2015 [2 favorites]


It seems borderline insane that the driving/safety systems of cars aren't just air-gapped from the entertainment and climate and communication systems. Maybe a remote starter or whatever needs to send a message across that gap in some very specific isolated circumstance, fine, but as a basic matter of design this is something that's baffled me for more than a decade. People tell stories about, like, cars whose stereos break in some specific way that floods the communication bus and sends the whole car into panic limp-to-the-mechanic mode and it's just, like, how was everyone who'd design a system that could fail that way not already fired?
posted by RogerB at 10:21 AM on July 21, 2015 [45 favorites]


This is via @SwiftOnSecurity by the way.
posted by Small Dollar at 10:22 AM on July 21, 2015


A coat hanger doesn't really make a great antenna at those frequencies, but whatever floats your boat.
posted by phooky at 10:24 AM on July 21, 2015 [23 favorites]


...why is the "infotainment system" [1] even linked in any way to the steering and brakes

I can't even make complete sentences here

Just

Why


[1] Also, whoever came up with that portmanteau...
posted by seyirci at 10:25 AM on July 21, 2015 [5 favorites]


They demonstrated as much on the same day as my traumatic experience on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.

I'm surprised they did something as idiotic as shut off the transmission while actually on the freeway. Seems like a good way to get someone killed, particularly in light of the issues the trucking industry has with reasonable hours/rest for their drivers.
posted by Existential Dread at 10:27 AM on July 21, 2015 [27 favorites]


@seyirci: because almost no manager ever asks for a demonstration of the security features of a software system. Car starts? A/C works? Good enough, let's ship it!
posted by sbutler at 10:28 AM on July 21, 2015 [1 favorite]


Sometimes there's nothing quite like running a live exploit of a critical vulnerability to demonstrate its significance... but I must say that I'm utterly appalled that the reporter and Miller and Valasek apparently did their stunt with the Jeep on an open highway in traffic. That ditch Greenberg ended up in could easily have been the back of another car.

On preview: what Existential Dread said, possibly eponysterically.
posted by metaquarry at 10:28 AM on July 21, 2015 [19 favorites]


Of course, it becomes much easier for people to have "untraceable" accidents remotely if all you need to do is send a signal to their cars to deactivate them.......
posted by lalochezia at 10:29 AM on July 21, 2015 [2 favorites]


..why is the climate control even linked in any way to the steering and brakes

I can't even make complete sentences here

Just

Why


No way, man--there are no drawbacks to more interconnectivity! None! Ever! Everything wants and needs to be one, man! Get out of here with your compartmentalized, modular way of thinking, you bunch of squares!

No, but seriously, yeah the default impulse in engineering seems to be to network everything now, whether it really serves a need or not.
posted by saulgoodman at 10:31 AM on July 21, 2015 [2 favorites]


...why is the "infotainment system" even linked in any way to the steering and brakes

CAN Bus, note especially the Security section.

And this is why you don't allow governments to own car companies.
posted by Confess, Fletch at 10:32 AM on July 21, 2015 [4 favorites]


a car that detects when you're tired and then screws with you by changing the climate control or subtly changing music volume.

I have actually seen designs for this multiple times - it seems to be an evergreen 4th year engineering design project. A camera mounted on the rear-view mirror doing eye detection & tracking, a microcontroller, a tie into the stereo system. Or it just sets of a klaxon.
posted by GuyZero at 10:33 AM on July 21, 2015 [2 favorites]


Tangentially related, this excerpt from Philip K. Dick's UBIK nails the other reason that the Internet of Things will probably end up being terrible. Car manufacturers probably won't pay real attention to this kind of security until our cars are charging us per-ignition, at which point DRM will be taken very seriously indeed.
posted by dialetheia at 10:34 AM on July 21, 2015 [4 favorites]


And you all have been clamoring for flying cars....
posted by GenjiandProust at 10:39 AM on July 21, 2015 [5 favorites]


This should be a perfect counter example towards the FBI request for backdoors. We can do hard encryption. Data streams that are mathematically provable uncrackable. It's not easy and key management is a challenge and getting the code right and audited is non-trivial, but we can keep the hackers out. We can not keep the hackers out if the software is compromised by bad choices by government agencys.


* oh gosh I wish the term hack was not appropriated as a term for badnicks, but that's language.
posted by sammyo at 10:42 AM on July 21, 2015 [4 favorites]


This is my second biggest fear about the self-driving cars we're being told are coming. The first biggest fear applies not exclusively to cars, but to all appliances, and to me having seen Maximum Overdrive at much too young an age.
posted by Hoopo at 10:42 AM on July 21, 2015 [4 favorites]


Of course, it becomes much easier for people to have "untraceable" accidents remotely if all you need to do is send a signal to their cars to deactivate them.......

Yes.

Perhaps the only thing worse than being strapped into a one-man death pod that you control is being strapped into a one-man death pod that you don't control.

Arguably the arms race between murderers and victims, which victims have been doing okay in (because of improvements in emergency response and medicine), is going to get massively destabilized soon. This is just one development that could do it. Tiny lethal drones will probably get used in military applications soon, and the costs can probably be pushed pretty low.

What price tag on untraceably killing someone is high enough to make you feel safe? $10,000? $100,000? For most potential victims in the US, the figure probably runs to the millions right now, but it's going to come way down.

And if you remember that US intelligence and police orgs only decades ago used to run black ops against domestic political opponents, and that only stopped because of what looks like a temporary jump in oversight (Church hearings). ... When oversight is physically impossible those temptations are going to be tough to resist.
posted by grobstein at 10:44 AM on July 21, 2015 [10 favorites]


It's not just infotainment systems you need to worry about. There was a software analysis done on the Toyota Camery that found 10k global variables, among other things

“a systematic software malfunction in the Main CPU that opens the throttle without operator action and continues to properly control fuel injection and ignition” that is not reliably detected by any fail-safe. link

This is going to get worse when self-driving cars become popular.
posted by hellojed at 10:48 AM on July 21, 2015 [3 favorites]


It occurs to me that law enforcement might find it quite useful to have a remote kill switch for a suspect's car.
posted by Songdog at 10:50 AM on July 21, 2015 [3 favorites]


Alternatively: ATMOS.
posted by Songdog at 10:52 AM on July 21, 2015 [3 favorites]


Yeah I think the security engineering problems involved are stuff that basically no one is prepared to spend on and the talk of provable security and airgaps vastly understates the difficulty.

(And airgapping the "infotainment" from the drive system does not even begin to solve the problem for self-driving cars.)
posted by grobstein at 10:52 AM on July 21, 2015 [2 favorites]


I'm just glad that meatbags are finding these exploits before our robot-overlords do.
posted by blue_beetle at 10:55 AM on July 21, 2015 [4 favorites]


So, a bike it is then!
posted by Brandon Blatcher at 10:56 AM on July 21, 2015 [7 favorites]


Recent experience suggests that powerful agencies will find exploits and then hoard them for their own use, oblivious to the damage caused by leaving them unpatched. In fact, powerful agencies will try to subvert design processes to inject vulnerabilities that they can later exploit -- again oblivious to the harm to the rest of us.
posted by grobstein at 10:57 AM on July 21, 2015 [1 favorite]


For what its worth:

If you were actually going to do this ("untraceable accident"), you'd really likely need some form of persistence (as in, you can run code when the device is not connected) on the device. I guess it's possible to do something only in volatile storage, but it would likely lower your efficacy. The problem with non-volatile storage is that it leaves traces for forensics to pick up on, and then attribution becomes really easy (because honestly, how many people are going to be doing attacks like this currently). This is compounded by the fact that each car's micro controllers are going to be reasonably unique, and the software r&d to write such an implant is going to be really, really expensive.

Basically, I doubt people have/will be killed this way, because there a ton of way cheaper ways to do it.

On the other hand, remote tapping of the microphones in cars has probably been happening for a while. Likely way more useful, and definitely connected to the telesmatics unit for 911 reasons. Way less noticeable (as in, the car doesn't crash).

Also, because air gaps are a good idea, if you're interested the prior work these guys have done, they mapped out the CAN/other buses inside a car. From memory, Toyota notably (and most others I think?) airgaped their ECU unit from their telesmatics unit, meaning it wouldn't be vulnerable to this style of attack.
posted by yeahwhatever at 11:00 AM on July 21, 2015 [2 favorites]


Brandon beat me to it.
posted by entropicamericana at 11:01 AM on July 21, 2015


I thought this was going to be BS - other exploits have been - but it seems to be real. However I share the concern of others in the thread that this would be tested on a public highway at high speed. Someone over at Hacker News already called the highway patrol and some people are giving him flak for it, but this was extremely dangerous.
posted by BlackLeotardFront at 11:02 AM on July 21, 2015 [2 favorites]


It occurs to me that law enforcement might find it quite useful to have a remote kill switch for a suspect's car.

Many years ago I worked at a go-kart track and I can attest that yes, it was very useful to have a remote kill switch for a suspect's car. Of course, our suspects were "douchey teenagers pretending go-karts they'd paid five dollars to drive on our track were bumper cars" and not "adults in their own vehicles" so there is a world of difference.
posted by Mrs. Pterodactyl at 11:05 AM on July 21, 2015 [5 favorites]


...and this is why I won't own a car with a CAN bus.
posted by Mars Saxman at 11:07 AM on July 21, 2015


1,000x "fuck these guys" for doing their little experiment at 70mph on a public highway in traffic. You code jockeys want to start playing in the real world? Take it to a track, where you're mostly just endangering the lives of people who've consented to take part in your amateurish publicity stunt.
posted by indubitable at 11:08 AM on July 21, 2015 [10 favorites]


I'm not saying they're involved, but this is exactly the sort of security hole the NSA would love to exploit. It's easy to wonder if they're involved with making sure it happened.
posted by LastOfHisKind at 11:10 AM on July 21, 2015


Chrysler has already issued a patch for the vulnerability, but it requires a manual update.

Illustrates the tradeoff in allowing remote firmware updates -- you can patch known exploits, but if someone compromises the firmware update process they can add arbitrary badness, including disguising the fact that the firmware update process has been compromised.
posted by RobotVoodooPower at 11:18 AM on July 21, 2015 [2 favorites]


I'm pretty sure every car made today has a CAN bus. This issue isn't the bus, it's that there are mircocontrollers on it that have RF capabilities.

For example, your engine and your brakes are connected via the CAN bus so that the two can communicate and not work against each other. This is a good thing. Wiring a cellphone to this bus is a bad thing.
posted by yeahwhatever at 11:21 AM on July 21, 2015 [6 favorites]


Many years ago I worked at a go-kart track and I can attest that yes, it was very useful to have a remote kill switch for a suspect's car.

You are, like, part of the Police State!
posted by GenjiandProust at 11:21 AM on July 21, 2015 [4 favorites]


There's a lot of noise going around about this.

Why would they use a single bus? Cost, of course. If there's any location where both the ECM and Entertainment busses needed to be, you have to run two sets of wires. Use one bus, you only need one. Carmakers are all about saving pennies because YOU are all about saving money on cars.

Seriously. You are. Cost is one of the big drivers in cars. The reason Chrysler still exists? They make cheap cars. You buy them. LOTS of them.

Plus, the remote system may well have been designed to acquire information from the ECM *and* connect to the entertainment system. GM's system, OnStar, automatically calls in in certain circumstances, like a detected crash. This requires that it know a crash has happened, which means it has to see those tell tales, and since OnStar has a phone component, it has a path to the entertainment system.

Can you use a single bus securely? Yep. You sure can. It takes work -- just like it takes work to implement an air gap, or worse, multiple air gaps, doubly so if you then need paths around those gaps.

For example -- the transmission software should have been built to never accept a command from anything but the engine ECM How do you do that? Lots of ways, actually. I'll elide the actual details because really, you don't care. But they have a common factor. They all take work, which costs *money*, which makes your car COST MORE, which, by and large, YOU WILL NOT ACCEPT.

So, you are happy to have the fancy entertainment system, even though it's fully of security holes. We know this, because boy howdy, you buy the cars with them, and you don't buy the ones without them unless you're really poor. Security holes be dammed, you want entertainment systems, remote start, pushbutton start, and all that remote jazz.

And we *know* you don't care, because you buy computers and phones and thermostats and garage door openers and remote controls and tons of other things that are *full* of security holes, and no matter how many times we point this out, no matter how many times your confidential data gets stolen, no matter how many billions of dollars get stolen, YOU KEEP ON BUYING THEM!

So, really, the message is clear.

Y'all don't care. You really don't.
posted by eriko at 11:21 AM on July 21, 2015 [28 favorites]


I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Did anyone else notice this oblique HST reference?
posted by ZenMasterThis at 11:21 AM on July 21, 2015 [18 favorites]


Pardon my naivety, buy why are all of these functions wirelessly available in the first place? Seems like a very limited use case other than for diagnostics...and if so, why is it "always on" by default? You would think a good design would be to have a physical switch to turn that capability on or off...
posted by samsara at 11:22 AM on July 21, 2015


and i mean if you truly wanted to murder someone and get away with it, just wait for them to get on a bike and then running them over with a car is niiiiice and legal*. at least with a car crash there's the possibility of an investigation and charges being brought.

*unenforced, which is the same thing, practically.
posted by indubitable at 11:22 AM on July 21, 2015 [3 favorites]


It's not that difficult to design systems without these obvious vulnerabilities, it's just slightly more expensive.
It's as easy as two separate processing domains connected by a communication/control bus limited to essential commands only. Under no circumstances should the active driving functions be remote upgradeable.
There's really no excuse for this.
posted by rocket88 at 11:22 AM on July 21, 2015 [1 favorite]


"So, a bike it is then!"

That's fine. Imma hack your bike's GPS so you go by the most delicious ice cream store in town every time you ride. See you get fit then!
posted by Samizdata at 11:22 AM on July 21, 2015 [5 favorites]


The CAN bus itself is not the problem here. A network internal to your car has been in almost all cars for around 10 years. The problem is that something IP connected, like the infotainment system, should never be connected to the bus that is sending signals to control transmission and throttle. This is a basic security measure that Jeep didn't follow. Getting your climate control or radio hacked could be an acceptable risk -- shifting into park on a highway is not.
posted by demiurge at 11:22 AM on July 21, 2015 [1 favorite]


HST reference?

Looks confused.
posted by Samizdata at 11:24 AM on July 21, 2015


Thanks, internet of everything!
*gets eaten by anthropomorphic video monitor*
posted by Theta States at 11:26 AM on July 21, 2015 [3 favorites]


And this is why you don't allow governments to own car companies.

I'm not sure what this has to do with GM or the US government. Chrysler is a wholly owned subsidiary of Fiat. Like GM, it was indeed bailed out in 2008 but repaid loans a couple years ago. Looking at the bus description, it seems like this was more like a fundamental design flaw with Bosch's technology. Is that not correct?
posted by a lungful of dragon at 11:27 AM on July 21, 2015 [3 favorites]


'Thingernet' is the new term for the Internet of *.

Make it happen guys.
posted by yeahwhatever at 11:30 AM on July 21, 2015 [3 favorites]


Cybersecurity has been a big topic in the area of connected vehicles and automated vehicles for a while, especially with the policy, data, and programmer wonks. I've participated in a few workshops about the intersection of open data/open source in this area and security. It's hard to balance innovation and research with very legitimate IP and safety/security (liability) concerns. Especially with federally funded/coordinated research with auto manufacturers and OEMs. It's not surprising UMTRI has lab in this area.

(Of course there's the other area of cybersecurity of the transportation infrastructure...)
posted by kendrak at 11:31 AM on July 21, 2015


I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

I remember saying something like "I feel a bit lightheaded; maybe you should drive..." And suddenly there was a terrible roar all around us and the car started driving itself and I thought "Jesus, what kind of drugs did I pack on this trip?"
posted by delfin at 11:31 AM on July 21, 2015 [8 favorites]


1,000x "fuck these guys" for doing their little experiment at 70mph on a public highway in traffic.

Someone on Hacker News called the Missouri State Highway Patrol if it makes you sleep a little better.
posted by JoeZydeco at 11:32 AM on July 21, 2015 [2 favorites]


Looking at the bus description, it seems like this was more like a fundamental design flaw with Bosch's technology. Is that not correct?

CAN-bus has been around such a long time it's a de facto standard in almost all cars. It's very low-level and not meant to be secure. It's like blaming DARPA for bugs in MSIE.
posted by RobotVoodooPower at 11:33 AM on July 21, 2015 [1 favorite]


Many years ago I worked at a go-kart track and I can attest that yes, it was very useful to have a remote kill switch for a suspect's car.

You are, like, part of the Police State!


It was definitely my single summer working at a go-kart track at the age of eighteen that cemented my authoritarian tendencies that I totally have.

You are from Rhode Island so maybe you've been to that go-kart track!
posted by Mrs. Pterodactyl at 11:33 AM on July 21, 2015


'Thingernet' is the new term for the Internet of *.

Make it happen guys.

I will compromise with 'Thingternet', OK?
posted by Theta States at 11:38 AM on July 21, 2015


And we *know* you don't care, because you buy computers and phones and thermostats and garage door openers and remote controls and tons of other things that are *full* of security holes, and no matter how many times we point this out, no matter how many times your confidential data gets stolen, no matter how many billions of dollars get stolen, YOU KEEP ON BUYING THEM!

Other things that are cheap: not redesigning your product line to be more structurally sound in a crash, not including ABS, no seatbelts. It's a wonder, then, that these things just magically appeared one day in the notoriously penny pinching auto industry.
posted by indubitable at 11:39 AM on July 21, 2015 [16 favorites]


shifting into park on a highway is not.

Can't happen. Not that you can send the command, but even if you could get the park selector to move with the drivetrain in motion, the park pawl would shatter if it somehow managed to slot into place. They're deliberately designed that way, *just in case* they did manage to wedge into place, but usually, the pawl will just skip off the slot on the output shaft until the car is moving very slowly or stopped. Locking the drive wheels at speed is great way to crash in a way that gets the car company sued, so the thing is mechanically designed to not engage even if you grab the lever at 70 and yank it into P.

There's also software safeties nowadays, but we'll assume you can compromise those.

Now, what you could do is a big downshift on an automatic transmission, that would force the engine to overspeed to try to match the output shaft, and might result in the engine redlining. Hopefully, the ECM would prevent that, redline protection is a pretty basic safety and there's *no* reason for an engine on an slush box transmission to need to rev past the redline, so the ECM should have a hardcoded rev limit. On a stick controlled manual, of course, how would it shift?
posted by eriko at 11:43 AM on July 21, 2015


For example -- the transmission software should have been built to never accept a command from anything but the engine ECM How do you do that? Lots of ways, actually. I'll elide the actual details because really, you don't care.

No, I just wouldn't expect they'd do otherwise. The manufacturers don't care.

(Although I expect that'll change once every driver in a ditch claims they've been hacked.)
posted by ChurchHatesTucker at 11:47 AM on July 21, 2015 [1 favorite]


It's a wonder, then, that these things just magically appeared one day in the notoriously penny pinching auto industry.

Yeah. It's almost as if we told capitalism to go to hell.

Oh wait, we did. It was called regulation. You know, that thing we used to do.
posted by eriko at 11:48 AM on July 21, 2015 [5 favorites]


To those questioning the CANBUS technology involved here, here's a badly-written simplification of what's going on:

Think of CANBUS like a conference call on a speakerphone. Everyone can listen in AND everyone can also talk. There's no secure way of knowing who is speaking and who is listening. If someone that sounds like the CEO says "you're fired unless you turn off the room lights and flip the table over", you're gonna just do it.

The designers never anticipated that random speakers could join the call ad-hoc and start blurting out messages. The (more) secure solution is to have two conference phones in two adjoining rooms and someone that knows better take the important messages from the public room into the private one and vice/versa.
posted by JoeZydeco at 11:48 AM on July 21, 2015


For example -- the transmission software should have been built to never accept a command from anything but the engine ECM How do you do that? Lots of ways, actually. I'll elide the actual details because really, you don't care. But they have a common factor. They all take work, which costs *money*, which makes your car COST MORE, which, by and large, YOU WILL NOT ACCEPT.

But as a consumer, it's not really something I should have to think about and most of it is over my head to begin with. That's what we have the NHTSA and DOT for. They can come in and say, "Look, consumers are too stupid to demand that your car's software be secure so we're going to demand it on their behalf."

Having sold cars for a living, there are already enough things to think about when buying a car, we shouldn't be placing the burden of evaluating this highly technical detail on consumers.
posted by VTX at 11:49 AM on July 21, 2015 [14 favorites]


And we *know* you don't care, because you buy computers and phones and thermostats and garage door openers and remote controls and tons of other things that are *full* of security holes, and no matter how many times we point this out, no matter how many times your confidential data gets stolen, no matter how many billions of dollars get stolen, YOU KEEP ON BUYING THEM!

So, really, the message is clear.

Y'all don't care. You really don't.


Maybe instead of blaming individual consumers who need things like phones and computers and cars for their jobs which enable them to pay for, you know, food and stuff, as well as to allow them to do things like keep in touch with their families, for not having perfect information, you could blame something like the corporations that do a shitty job with security or the lack of sufficient regulations and sufficiently funded regulatory oversight? It's not that I don't care, it's that I don't have the time or ability to look into every aspect of security for every item I buy and, even if I did, in many cases I wouldn't have options and "not having a computer or smartphone" is not a choice that's going to work for me if I want to keep paying my rent. Of course I care! I want to be safe, I don't want my information stolen, I want my family to be safe, but I don't have the ability to make a full-time job out of checking into every single piece of technology I buy, and this is harder and harder as more stuff is "smart".

Seriously, blaming individuals for their imperfect consumer behavior when they have, of necessity, imperfect information and limited choices lets corporations (and potentially legislators and regulatory agencies) off the hook and puts the blame on the very people who are suffering. Please don't do it.
posted by Mrs. Pterodactyl at 11:52 AM on July 21, 2015 [50 favorites]


So, really, the message is clear.

Y'all don't care. You really don't.


gmail is free and yet probably one of the most secure email systems on the planet.

Most people don't even know the electrical code exists and yet most of them manage to buy houses that are fully compliant with modern code and are pretty unlikely to burn down from an electrical fire.

Car companies have been lazy on this front, but I'll cut them a tiny bit of slack by saying that security is hard and I think that we (collectively) are only beginning to realize the economics calculus of security-through-obscurity is not working. Corporations have an incentive to fix these issues.
posted by GuyZero at 11:58 AM on July 21, 2015 [2 favorites]


I'll keep saying it ... the internet of things is a fucking stupid idea.
posted by GallonOfAlan at 11:59 AM on July 21, 2015 [7 favorites]


Can't happen. Not that you can send the command, but even if you could get the park selector to move with the drivetrain in motion, the park pawl would shatter if it somehow managed to slot into place. They're deliberately designed that way, *just in case* they did manage to wedge into place, but usually, the pawl will just skip off the slot on the output shaft until the car is moving very slowly or stopped. Locking the drive wheels at speed is great way to crash in a way that gets the car company sued, so the thing is mechanically designed to not engage even if you grab the lever at 70 and yank it into P.

If you're driving at 70mph and grab the lever and yank it into Reverse, what happens?
posted by zarq at 12:00 PM on July 21, 2015


"the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015."

Right around the same time they decided to supplement the QNX base with a Microsoft layer.
posted by CynicalKnight at 12:02 PM on July 21, 2015 [3 favorites]


Didn't Missy Elliott write a song about this?
posted by 7segment at 12:03 PM on July 21, 2015 [3 favorites]


Answering my own question.
As a way of protecting us from ourselves, automakers design a function called Reverse Inhibit into transmissions to prevent inadvertent selection of reverse. "Putting it into reverse [in modern cars] when going forward has no action at all, the car just ignores the request until you get down to a proper speed," said [Craig Renneker, Ford's Chief Engineer], using Ford's six-speed automatics as an example; "It'll just say 'hey, I know you want reverse pal, but I'm just not going to give it to you until the appropriate time.'"

Manual transmissions have physical locks in the shift mechanism to make selecting reverse an active exercise. Barring lockout rings or pushing down on the stick shift, deliberately trying to select reverse while driving forward at normal speeds is basically impossible with a manual. "The main problem you're going to be fighting is what you're trying to get the thing to do is something it really does not want to do," Renneker continued. The gearset would likely growl at you if you tried, and if the protest of the machinery doesn't instantly deter you, it could be injurious to your transmission. Ford's Trans guru elaborated that the synchronizer mechanism in manuals is only designed to change the speed of transmission internals enough for smooth engagement. Attempting reverse at road speed would force the synchros to try matching shaft speeds, building up lots of heat and potentially causing damage. "It won't be effective, it won't do anything for you, and secondly, you're going to be putting a lot of extra stress on that synchronizer," he told AOL Autos. In other words, it's best not to try it.

Older Cars? Well That's A Different Story
Modern electronics systems in automobiles tie all the systems together, so the right hand always knows what the left hand is doing. This modern architecture in systems like Control Area Networks is what enables the vehicle's electronically controlled automatic transmission to ignore a request from a driver for something that may cause damage, or worse, injury. Older, less-sophisticated cars may not have the reverse-inhibit function, though Renneker explained that there were hydraulic reverse inhibit systems in the past. The march of technology has made it easier and less expensive to design a car that protects itself.

When your transmission doesn't know any better, selecting reverse during forward driving is still less exciting than you might imagine.

"If the transmission was not designed with a reverse inhibit feature, engaging reverse while driving forward will, most likely, stall the engine," Renneker said. "The car won't lock-up or skid, but it will slow down a bit and act like the transmission is in neutral."

Losing engine power while driving means you're bombing down the blacktop without the benefit of power-assisted brakes or steering. Emergency maneuvering will be much harder, and brakes without vacuum assist require significantly more pedal pressure. Adding significant difficulty to controlling the car is a big safety concern that should keep your hand off the shift knob.

Fascinating.
posted by zarq at 12:04 PM on July 21, 2015 [3 favorites]


They'll pry my 1985 automobile out of my cold dead hands. Just enough computerization that it optimizes fuel delivery to minimize emissions and maximize fuel economy, but old enough computerization that you can diagnose and solder in new parts when the old ones fry.
posted by hwyengr at 12:06 PM on July 21, 2015 [1 favorite]


They'll pry my 1985 automobile out of my cold dead hands.

The door is ajar.

NO IT'S NOT IT'S A DOOR YOU DUMB CAR.
posted by GuyZero at 12:12 PM on July 21, 2015 [11 favorites]


The door is ajar.

The other benefit of older cars, the door/seatbelt buzzer is a relay that's currently sitting in the basement. Take that, FMVSS!
posted by hwyengr at 12:21 PM on July 21, 2015 [1 favorite]


So when the aliens come and turn our machines on us, only those with 20th century cars will survive the Road Hogs -styled wars?
posted by Theta States at 12:23 PM on July 21, 2015


Basically, I doubt people have/will be killed this way, because there a ton of way cheaper ways to do it.

Don't be so sure.
posted by furtive at 12:26 PM on July 21, 2015


Might serve to fan to brief flame any lingering embers of doubt about the fiery single car crash which killed investigative journalist Michael Hastings when he ran his Mercedes (Mercedes owned Chrysler 'til 2008[?]) into a tree at high speed a couple of years ago:
Soon after his death, some described the circumstances surrounding the crash as suspicious.[66]

Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard A. Clarke said that what is known about the crash is "consistent with a car cyber attack". He was quoted as saying "There is reason to believe that intelligence agencies for major powers—including the United States—know how to remotely seize control of a car. So if there were a cyber attack on [Hastings'] car—and I'm not saying there was, I think whoever did it would probably get away with it."[67] Earlier the previous day, Hastings indicated that he believed he was being investigated by the FBI. In an email to colleagues, which was copied to and released by Hastings' friend, Army Staff Sergeant Joe Biggs,[68] Hastings said that he was "onto a big story", that he needed to "go off the radar", and that the FBI might interview them.[69][70] WikiLeaks announced that Hastings had also contacted Jennifer Robinson, one of its lawyers, a few hours prior to the crash,[71] and the LA Weekly reported that he was preparing new reports on the CIA at the time of his death.[72] His widow Elise Jordan said his final story was a profile of CIA Director John O. Brennan.[73] The FBI released a statement denying that Hastings was being investigated.[60]

Motor Trend technical director Frank Markus said that the ensuing fire was consistent with a high-speed car crash.[74]

There are conflicting opinions as to Hastings' death. After his death, some media outlets recalled that Hastings claimed to have received death-threats from the military after the McChrystal article.[75] Hastings' widow Elise Jordan has said she believes his death to be "just a really tragic accident".[76][77] His older brother, Jonathan, said he believed Michael was experiencing a "manic episode" shortly before his death, and that he may have had suspicions were it not for this observation.[78]

Cenk Uygur, friend of Hastings' and host of The Young Turks, told KTLA that many of Michael's friends were concerned that he was "in a very agitated state", saying he was "incredibly tense" and worried that his material was being surveilled by the government. Friends believed that Michael's line of work led to a "paranoid state".[79] USA Today reported that in the days before his death, Hastings believed his car was being "tampered with" and that he was scared and wanted to leave town.[80]
posted by jamjam at 12:29 PM on July 21, 2015 [8 favorites]


I had a strong feeling that would happen.
posted by jamjam at 12:30 PM on July 21, 2015 [1 favorite]


You could buy a car that's older than a Millenial, or you could buy a new car that doesn't have an Internet connection. Hackers would have to physically hack your car, in which case they're already poised to do serious damage.
posted by Monochrome at 12:31 PM on July 21, 2015


I got here too late, you guys already commented on the best stuff! Michael Hastings, check. HN commenter called the cops, check.

But there's still the 60 Minutes video from Feb. showing what sounds like almost the same sort of hack, and I think this stuff was already demonstrated as far back as 2011: "Comprehensive Experimental Analyses of Automotive Attack Surfaces"

We know that despite a heavily regulatory environment, and an industry that regularly faces big lawsuits, they still write code that's probably on par with what is in your TV cable box, and it kills people. Now they've exposed much more convenient attack surfaces!

There has been some skepticism expressed that aircraft software could ever be vulnerable to similar attacks. I don't share that skepticism.
posted by jjwiseman at 12:43 PM on July 21, 2015


You know what's less expensive than having the entertainment system bridge an external connection and the CAN bus? NOT bridging them. There's literally no reason to bridge them in the first place - There is no crossing of purposes there. In fact, not only is it extra expense to have it bridge them, but it's extra expense to develop any feature that would translate between CAN and the external network.

This isn't expense, it's idiocy in the name of adding non-desirable features.
posted by MysticMCJ at 12:46 PM on July 21, 2015 [1 favorite]


It's interesting to think about what would have to change to get organizations to worry about security in a serious way.

Is this an Upton Sinclair-type thing, where we need enough popular attention to get a president to create a federal agency to protect us? "Sony Pictures, OPM, Hacking Team, Ashley Madison, The Fappening… so many hacks… What have we actually learned from them?" Add United Airlines and now Chrysler to the list.
posted by jjwiseman at 12:51 PM on July 21, 2015 [2 favorites]


Also, saying "y'all don't care" and implying that we are idiots who don't want to pay for this is really victim-blaming here. Even amongst those who know a great deal about cars, no rational person would ever think that the entertainment system was in any way connected to engine control systems. I also don't seem to recall any extensive consumer demand for vehicles with any form of external connectivity, and it's the manufacturers who are at war with each other and providing these fucking extravagant and excessively feature-rich entertainment systems. You want to cut costs? Start there. Nobody needs these bullshit systems that are all out-of-date in a couple of years.... What do you think the licensing cost is on Windows Embedded for cars, and all the other unneeded mobile systems? There is literally no reason to do that other than an attempt to tap into a desire that isn't there in the first place and differentiate yourself as more "technologically savvy" than the other manufacturer.

But even with all of that, for the manufacturers to think that providing a method for these extravagant and complicated systems to talk to the CAN bus is a desirable feature and worth spending money on is completely inexcusable, and 100% the fault of the manufacturers -- and most definitely an unneeded cost. There is literally no valid reason to do that.
posted by MysticMCJ at 1:02 PM on July 21, 2015 [4 favorites]


It's interesting to think about what would have to change to get organizations to worry about security in a serious way.

from Spocko at digby today:
Jay and I discussed the massive Office of Personal Management breach quite a bit but not much about privacy. Part of that was because of a question Jay poised:

'What will it take for people to take this computer security and cyberterrorism seriously?"

My first response was, "An effective attack on the power grid by a non-state actor in which important people die."

I quoted from Shane Harris' book @War, (page 52-53)...If people die, and those attacks get pointed to ISIS as the entity behind it, that would give certain groups a "Cyber 9/11!" power that they want. But it has to be pointed at a group or individuals that aren't a huge trading partner.

Today I realized that my answer was incomplete. There needs to be multiple attacks on the right kind of infrastructures, in the right regions, and from the right sources. So for example, power grids, in media dense areas. There needs to be TV visuals. Innocent and powerful people or children need to be hurt. The source needs to be an individual or an entity without state backing

...Maybe I'm like Richard Clarke running around with my hair on fire, telling people to do something on this issue and they can't see the fire...But I guess they need to wait until a cyber attack or computer breach leads to physical deaths to do some deeper investigations into failures and make changes to secure our systems and people's private data.
posted by j_curiouser at 1:03 PM on July 21, 2015 [1 favorite]


HST reference?
Looks confused.


It's a takeoff on the opening line in Hunter S Thompson's Fear and Loathing in Las Vegas:
"We were somewhere around Barstow, on the edge of the desert, when the drugs began to take hold."
posted by scalefree at 1:04 PM on July 21, 2015 [2 favorites]


> 'What will it take for people to take this computer security and cyberterrorism seriously?"

For the companies that develop these flawed systems to actually be held accountable.

A "cyber 9/11" will just result in a ton of mandates that provide an illusion of security without actually fixing the problems.
posted by MysticMCJ at 1:05 PM on July 21, 2015 [7 favorites]


And that's the best case - Worst case, say goodbye to network neutrality, and be prepared to welcome even more control and restrictions from the private providers - in the name of security, of course - and more surveillance than the NSA ever dreamed possible.
posted by MysticMCJ at 1:08 PM on July 21, 2015 [3 favorites]


You know what's less expensive than having the entertainment system bridge an external connection and the CAN bus? NOT bridging them. There's literally no reason to bridge them in the first place - There is no crossing of purposes there. In fact, not only is it extra expense to have it bridge them

that's not entirely true. you could have some statistics about the car displayed there so it doesn't take up room on the drivers' console/ instrument cluster.

also I think the big issue here isn't that the systems are programmed to accept commands over the cell network. it's that for some incredibly stupid reason it's possible to a) write firmware from over the cell network and b) write arbitrary firmware using that method.

my two scenarios for this being possible:
1) they were told to put in a backdoor
2) they put in a backdoor on their own in some sort of corporate doomsday scenario cover-their-ass move.
posted by ArgentCorvid at 1:14 PM on July 21, 2015 [1 favorite]


well, i don't see any regulatory approach getting traction - i mean - how would that program even work? gov't sponsored white hats do x amount of penetration testing and apply a seal of approval? line-by-line code review (a la Fortify) for every patch and promotion?

Hell, the industry is still fixing sql injection.
posted by j_curiouser at 1:15 PM on July 21, 2015 [1 favorite]


It's an interesting intersection. Almost all commercial software disavows all consequential damages and is built to patch itself, in anticipation of it being broken already. Meanwhile, things that break in a car can kill you or others.

I can't think of any computer program that I'd really prefer to trust with my life, but I guess I don't really have much choice.
posted by Huffy Puffy at 1:20 PM on July 21, 2015


If there is one bright spot, it's that you do have to at least be on Sprint's network to access the Chrysler cars. NAT for the...not-quite-win?

Not that there is a high bar involved in that. Pretty much "be in the country and have $20" is enough.
posted by wierdo at 1:20 PM on July 21, 2015


This is the intersection of two Marc Andreesen-esque themes:

1) software is eating the world
2) software is shit
posted by GuyZero at 1:25 PM on July 21, 2015 [4 favorites]


> that's not entirely true. you could have some statistics about the car displayed there so it doesn't take up room on the drivers' console/ instrument cluster.

You could, but that's totally unneeded, it's added expense, it opens up the door for gauge tampering, and also has the added bonus of not allowing the entertainment system to be replaced. If it's an important statistic, it belongs on the drivers console so you don't have to look far from the road to see it.

As far as a regulatory approach - I do not think there's a good, sustainable approach for software in general along these lines, but if you restrict it initially to software used by vehicles and public utilities -- I think a substantial fine for any vulnerabilities disclosed by a third party (with some of that acting as a bounty for the finder) for any software that interfaces between an external network and any network providing control of any mechanical, maneuverability, or other 'control' software would go a long way, along with holding both manufacturer of software and the equipment that interfaces with it liable for incidents caused by these flaws.

I know this isn't a perfect plan, it's off the cuff, and there's probably quite a bit wrong with it - but the bottom line is that there's no incentive for a large auto maker to try to hunt down security flaws.... But if it costs them less to bring in audit teams/skilled security folk and track down and plug these holes than it does for them to be found, you can guarantee that things will change rapidly.

I don't think this approach makes sense for software in general, but I believe something along these lines is needed for things like water treatment, power generation, and public and private transportation. If it isn't going to be profitable to secure the functionality on its own, we need to ensure that the lack of security carries a substantial financial burden in these cases.
posted by MysticMCJ at 1:28 PM on July 21, 2015 [1 favorite]


That's actually an explicit Maciej Ceglowski theme: "But what if after software eats the world, it turns the world to shit?"
posted by jjwiseman at 1:28 PM on July 21, 2015 [1 favorite]


The CAN bus itself is not the problem here. A network internal to your car has been in almost all cars for around 10 years.
Yes, and that's one of the reasons I won't buy such a car. I'd rather spend the money upgrading and maintaining older, safer cars.

Teslas are cool but there is no way no how no never no goddamn get the hell OUT of here that I will ever buy a car which comes pre-rooted by the manufacturer with a system that lets them take control of it wirelessly and upload new firmware, as Tesla seems to think reasonable.

I don't want a car that has any way to change its firmware, at all, for any reason. Airgap those microcontrollers and seal them up in epoxy. If you can't be sure it's done when you ship it, you shouldn't be putting it in a car in the first place.

I used to do embedded firmware development for a living and still hack around with microcontrollers for fun every now and then. I know exactly what a mess these kinds of systems are and exactly how totally insecure the low level networks used to connect them are. I don't want anyone getting any kind of network stack anywhere near these devices because there is no way that is ever going to be secure.
posted by Mars Saxman at 1:29 PM on July 21, 2015 [4 favorites]


As far as a regulatory approach - I do not think there's a good, sustainable approach for software in general along these lines.

My gut says this is just one of those things that the free market cannot handle, and if we actually care about security the federal government is going to have to oversee it. I also realize that one problem is that we don't have very good ideas about how to actually write super secure software, except possibly at huge expense. But there is definitely some low hanging fruit: Imagine if using a programming language that allowed for buffer overflow attacks opened you up to federal fines!
posted by jjwiseman at 1:37 PM on July 21, 2015 [1 favorite]


I don't want anyone getting any kind of network stack anywhere near these devices because there is no way that is ever going to be secure.

But 6 week update cycles! OTA updates are the crack fucking cocaine of software development. You try ti once and you're hooked for life.
posted by GuyZero at 1:38 PM on July 21, 2015 [1 favorite]


> My gut says this is just one of those things that the free market cannot handle, and if we actually care about security the federal government is going to have to oversee it.

I agree to an extent, let's just hope it doesn't have to go through this congress. I can't really think of another way of having regulatory oversight, though - I don't see the same factors being in play for, say, PCI compliance - where a group has gotten together to form standards for their end-users to use when it comes to software, in order to reduce the damage to themselves.

It says something that the mutually agreed upon security standards we use for websites that accept credit card payments are amongst the strictest in the industry, and come with potential for fines as well as losing the ability to do business -- yet, we don't have any security standards or accountability for the software running our vehicles and infrastructure.
posted by MysticMCJ at 1:52 PM on July 21, 2015 [1 favorite]


Nobody needs these bullshit systems

Well, maybe nobody needs them but lots of people want them. Infotainment systems get dumped on a lot, especially by the slightly older "cars today are so ugly why did they ever stop making the E46 BMW 3-series" crowd, but they are clearly popular. I'm actually in the market to buy a new car within the next year or so and having a decent infotainment system is on the short list of "must have" features. The Uconnect system that FCA uses, the one mentioned in the article, is considered one of the best, right up there with iDrive.
posted by LastOfHisKind at 1:53 PM on July 21, 2015 [4 favorites]


Actually I'm kind of curious about this, since I don't own a car new enough to have one: what do these things do that you can't do with a smart phone?
posted by indubitable at 1:55 PM on July 21, 2015


You would have thought that car manufacturers would have figured out that using digital certificates to digitally sign and authenticate any CAN bus controlled parts means they can lock out any and all independent repair shops for a good chunk of repair services along with a good chunk of third party parts manufacturers.
posted by Talez at 2:12 PM on July 21, 2015


Nothing! Everyone who buys a new car is an ignorant sheep who isn't as savvy as I am because I have a smartphone! /s

The big feature is that you can use it while driving, of course. And it's a feature that you can use steering wheel controls with. And you never have to worry about leaving it behind. And the screen is big. And it is loud enough to be heard over road noise. And you don't have any sexts on it so you can let someone else use it without a problem. And lots of reasons.
posted by Monochrome at 2:14 PM on July 21, 2015 [1 favorite]


punative approach: any private entity or govt agency that stores personal information has a duty to protect the information. any unauthorized release (hacking, lost laptop, whatevs), pays the individual $100,000 per data element that is released (e.g. name and address == $200,000; name & address & phone == $300,000). $1,000,000 for SSN. $10M for SF-86. Must be paid within 72 hours of breach.

only occurance matters. no leniency for 'due diligence' or 'reasonable precautions'.

shoot - i'd chase my own data for that ;-)
posted by j_curiouser at 2:15 PM on July 21, 2015 [1 favorite]


> having a decent infotainment system is on the short list of "must have" features

I get that, I should have clarified - Having something bluetooth enabled (but NOT bridged to other networks), with steering wheel controls, that plays music, takes calls, etc - I think those are good features, and I see why someone would desire them.

External connectivity into your car? App compatibility? The ability to use your car as a hotspot?

I'm looking through the list of connect services. Most of it requires a smartphone to begin with, plus so many of these things won't allow you to use them while the car is moving anyways. Other than that, it's a redesigned onstar, remote start, and a bunch of reports. While I agree those are nifty, are those honestly features that would push you to one car over another?
posted by MysticMCJ at 2:25 PM on July 21, 2015


More to the point, are those features that you would opt out of and pay less for if given the chance?
posted by MysticMCJ at 2:26 PM on July 21, 2015 [1 favorite]


And finally (and I'll stop) - are any of the features that you actually want things that need to interface from the CAM bus, or benefit from it in anyway?
posted by MysticMCJ at 2:28 PM on July 21, 2015 [1 favorite]


"Would a university Ethics Review Board (IRB) approve a car hacking demo on a public highway similar to Wired's demo? My guess is no."--Christopher Soghoian

"We did ours on a closed runway. @supersat, @franziroesner, and @aczeskis had to sign waivers indemnifying UW."--Stephen Checkoway, first author on the paper I linked above.
posted by jjwiseman at 2:48 PM on July 21, 2015 [2 favorites]




The door is ajar.

Hey man, someone stole your batt'ry.
posted by The Bellman at 3:11 PM on July 21, 2015 [3 favorites]


And finally (and I'll stop) - are any of the features that you actually want things that need to interface from the CAM bus, or benefit from it in anyway?

It's actually really nice for the navigation system to be aware of fuel consumption and fuel remaining so that, when you've programmed a destination, you can easily see if you're going to need to stop for fuel. A really clever system would then use published pricing data to find and recommend refueling stops.

I live where it's about a thousand degrees outside in the summer and the ability to, using your phone, remote start the car to cool down the interior for a few minutes is one of those features I'd probably only use a few times a year but, when I do, it would be damn nice. Same with a headlight flash or horn beep when I've misplaced the car in a giant lot.

Being able to disable or hobble my car, and track it, if it were to be stolen is a great feature and might even be worth an insurance discount.

I think there are good reasons to have this technology but it does need to be implemented securely and that clearly hasn't been a priority so far.
posted by LastOfHisKind at 3:25 PM on July 21, 2015 [1 favorite]


More to the point, are those features that you would opt out of and pay less for if given the chance?

You say that now, but the model on the lot has the exact color you want and the sport suspension package.
posted by RobotVoodooPower at 4:23 PM on July 21, 2015 [3 favorites]


You would have thought that car manufacturers would have figured out that using digital certificates to digitally sign and authenticate any CAN bus controlled parts means they can lock out any and all independent repair shops for a good chunk of repair services along with a good chunk of third party parts manufacturers.

Actually there has been legislation (or rather, memorandums) addressing this issue recently. But it still excludes modern "telematics" systems like those discussed in the FPP.
posted by RobotVoodooPower at 4:29 PM on July 21, 2015


ha ha what why are the brakes and steering attached to the mp3 player
posted by turbid dahlia at 9:07 PM on July 21, 2015 [1 favorite]


In related news: Car hack uses digital-radio broadcasts to seize control
posted by indubitable at 6:55 AM on July 22, 2015


The term 'CAN bus' reminds me of the time I heard someone calling a poorly-designed CAT-5 network a 'reefer-net'.
posted by MtDewd at 7:58 AM on July 22, 2015


> It's actually really nice for the navigation system to be aware of fuel consumption and fuel remaining so that, when you've programmed a destination, you can easily see if you're going to need to stop for fuel. A really clever system would then use published pricing data to find and recommend refueling stops.

Thanks for the answer - I realize it may not have seemed like a sincere question, but it was. While I think you'd be able to have remote start (as well as remote disable) w/o touching the CAN bus, anything that tracked mileage consumption would definitely need to talk to one or many of the components on that bus - and that's a much more real world use than anything else I've heard.

There's probably no good way to prevent bridging of the network completely in that scenario, which would be my preferred choice - It's much easier to isolate a network than it is to secure the communication of two or more. Thinking about this for a while... I can't imagine why the entertainment system would talk to the CAN bus in anything other than a "read only" mode - likely limitations of the CAN bus itself prevent that from being something that can be implemented natively. Realistically, there should be a "firewall" living on the CAN bus as an interface to external systems - A component that is incapable of sending anything other than an ACK. I don't know enough about the CAN bus to know the specifics of how to do this, but typically this sort of circuitry is relatively inexpensive - I'm thinking of something similar to the USB "condoms" that will allow for charging or read only access.

This, again, is not something a consumer would know to ask for - but it is criminally irresponsible to do otherwise.
posted by MysticMCJ at 8:23 AM on July 22, 2015


Separating two CAN buses is a solved problem. All modern cars have multiple CAN buses and a gateway (or gateways, most likely) that sits in-between buses and knows which messages from bus A should go to bus B and vice versa. A gateway would know not to bridge messages from the Entertainment bus that appear to be coming from the Engine over onto the Engine bus.

Normally the radio/infotainment system living on the Engine bus is perfectly fine, but somewhat dropped the ball on not realizing adding remote firmware flashing meant it should no longer be on the Engine bus.

That said, it's completely possible that remote firmware flashing wasn't intended at all by Chrysler's engineers, so who knows, it's possible this wasn't a design failure but purely a security one.
posted by ReadEvalPost at 11:01 AM on July 22, 2015 [1 favorite]


More to the point, are those features that you would opt out of and pay less for if given the chance?

Every year, it gets more and more impossible to find the new car that I would theoretically like. Popular automobile features I would willingly pay a bit more to NOT have installed: Anything described as "infotainment", any and all touchscreens and LCD displays, automatic seatbelts, automatic headlights, automatic windshield wipers, automatic transmission, automatic braking system, keyless ignition, power locks, power windows, power mirrors, more than one button on the steering wheel, A-pillars thick enough to contain airbags, drive-by-wire throttle, electric power steering, and obviously any kind of wireless network connection. It's not that I'm opposed to all high-tech gadgets in cars, some are good. For instance I don't mind air conditioning and I do like to have a stereo. Also, ABS is kinda nice sometimes although it would be nice to have a switch to turn it off when driving on surfaces where it doesn't work.

That attitude may make me an old curmudgeon, but as the FREDs inevitably proliferate, and connection to the V2V iRoad Traffic Information and Safety Network goes from commonplace to mandatory, I expect more of you will be joining me. It's going to take less and less knowledge of and cynical opinions about cars to find yourself feeling like they're all badly designed for suckers who don't have enough of either.
posted by sfenders at 12:50 PM on July 22, 2015 [1 favorite]


I think it takes you past curmudgeon to full-on crank.
posted by entropicamericana at 1:13 PM on July 22, 2015 [4 favorites]


What's great is that there is no shortage of classic cars for people who would rather drive them. People who prefer to drive modern cars can do that too.
posted by LastOfHisKind at 2:45 PM on July 22, 2015


I think it takes you past curmudgeon to full-on crank.

For reference, that point is somewhere between referring to devices which have been commercially available in cars for more than 50 years as "high-tech gadgets" and using an inscrutable/unhelpful acronym (Fucking Ridiculous Electronic Devices, I guess?).
posted by Copronymus at 2:55 PM on July 22, 2015 [1 favorite]


Well if I'm going to get labeled a crank for preferring a hand-operated crank that can be replaced for $10 in 15 minutes when it breaks, instead of a collection of sensors, motors, and switches that on my car have so far required 3 factory recalls and will most likely cost several hundred dollars and a trip to the mechanic when they eventually break... then I may as well rant a little more. You know how to make a Jaguar F-Type look ugly and misshapen? Park it next to an E-Type from 1971. It's not as if there isn't at least some kind of market for cars not encumbered with excessive electronics; look at classic car prices. Even some cars that were fairly ordinary in the 1970's that are in good enough condition to be anything like they were when new are selling for at least the same price range as today's new cars. On the one hand they're a bit more valuable just for being rare, but on the other hand they come with actual substantial disadvantages from being designed and built with 1970's technology. Take a real classic and give it a makeover with modern suspension, engine, transmission, etc. and people will pay $zillions for it.

Anyway, bear in mind that I didn't suggest I would refuse to consider the other merits of a car with some stupid but largely harmless misfeature like power door locks; it's worth just a little less to me than one that doesn't have that minor flaw. So in practice, I'm part of the problem too.
posted by sfenders at 3:17 PM on July 22, 2015


A Jaguar with repair issues, you say?
posted by entropicamericana at 3:38 PM on July 22, 2015 [2 favorites]


What price tag on untraceably killing someone is high enough to make you feel safe?

Speaking of things unreliable, the talk of using this nonsense to attempt to murder people one at a time seems a little optimistically small-scale. More exciting will be the first time some script kiddie decides to simultaneously disable 80% of the cars on one of those insane six-lane highways filled with cars following each other three feet apart at 75 mph.
posted by sfenders at 3:54 PM on July 22, 2015 [2 favorites]


I'm really on the end of the spectrum. Most of the "FREDs" bring a lot of value to me. My first car (A 1996 Plymoth Neon) had power locks, cruise control, an automatic transmission and not much else. I hated cranking the windows up and down, especially after pulling away from a drive-through while dealing with food or money or whatever.

-Automatic typically work better than manual transmissions (compare 0-60 times on the same car with auto vs. manual, they get really close).
-It's a PITA to have to try and contort yourself around to unlock the rear doors without power locks
-Cruise control makes easy to keep yourself from excessively speeding on accident and you get better gas mileage


My next car (a 2005 Nissan Altima) had every option short of a navigation system. So now I could:

- Fiddle with the radio without taking my eyes off the road
-Open the locks with a remote
-Roll down the windows with the remote on really hot days
-Flick the power window switch once to roll the window up (why some car have one-touch auto down windows and not one-touch UP continues to boggle my mind)
-Adjust the seat properly (8-way power seats + adjustable lumbar, the Neon was manual just slid back to front and reclined), though some cars keep the adjust-ability but make you do it manually.
-A power moon-roof for a quasi-convertible experience without the added weight and loss of stiffness that normally comes with losing the roof. And it's just nice to have that extra light coming in from above.
-Automatic climate control, one less thing to mess with while I'm driving. I just set the temp I want and let the car figure out the rest. In the Neon, I was fine-tuning the temperature constantly (wait for the engine to warm up, blast the fan, now I'm too hot, turn it down, a bit too cold, turn it back up).


The 2010 Toyota Venza that replaced that car added:
-Voice activated NAV (which has saved me more time than I care to admit)
-Blue-tooth which lets me stream music from my phone and make hand-free calls using the car's microphone and speakers
-Automatic headlights, they just stay in auto and come on when it gets dark
-Keyless entry and ignition (as in, the key-fob stays in my pocket) which is REALLY convenient. Mrs. VTX and I really notice it when one of us has to drive our other car and dig the keys out of a pocket
-Hill-start assist where I can push the brake peddle all the way down until the car beeps, it then holds the brakes for about 2 sec. after I take my foot off the peddle to give me time to get on the gas and keep from rolling backwards down a hill and into another car (which can be a big problem with a manual transmission BTW)
-Dual-zone automatic climate control, I have yet to meet a couple that are both perfectly comfortable at the same temperature. Men typically like it a bit cooler, women a bit warmer.
-MP3 player/iPod USB interface, we have an iPod that just lives in the car and is full of music since we don't always listen to the radio and streaming pandora/spotify via phones uses a lot of data.

After almost exactly 250,000 miles across those three cars, I had ZERO issues with any of those features. All the problems (pretty much just with the Neon) were mechanical (a couple of head gaskets, two A/C blower motors, a leaky cooling system, and a blown transmission.

I really hope that our next car has memory power seats (keyed to the remote so that when I get in the car, the seat is automatically adjusted for me if my spouse drove it last and vice versa), a power tilt-telescoping steering wheel, and better music features, better NAV (and thanks to Nokia, it probably will), radar adaptive cruise control.

I would also point out that beyond ABS, traction control, and dynamic stability control are great safety features. The safest collision is the one that you can avoid and, even if you're an expert driver, those systems make it a lot easier to avoid a collision. And sometimes they just make driving in the snow easier. Electronically assisted steering needs some work, I'll grant you that, but so did power steering when it was first developed and it's getting a lot better a lot faster. Drive by wire throttles are necessary both for performance and efficiency as are a bunch of the other electrical gizmos under the hood (variable valve timing, direct injection, etc.).

It's also commonly said in the car business that the least reliable car today is still more reliable than the most reliable car from 10 years ago. One of these days, I'm going to dig into that to see if I can find some data to back that up or refute it but I'm pretty sure it's generally true that cars today are more reliable than cars were a decade ago.

What will be really nice is when the infotainment systems start to work well enough that they create a more seamless experience. Sort of like how early computers needed to be run by people who really knew what they were doing but now your grandma can use an iPad. The systems today are starting to add a lot of useful functions (have your text messages read to you and use voice commands to reply without taking your hands off the wheel or your eyes off the road!) but they're still kind of clunky. Right now they're like Windows 95, they'll start getting into iOS/Windows XP/Windows 7 levels of maturity eventually and then they'll actually work better and you'll notice them less.
posted by VTX at 7:29 AM on July 23, 2015


- Fiddle with the radio without taking my eyes off the road
-Open the locks with a remote
-Roll down the windows with the remote on really hot days
-Flick the power window switch once to roll the window up (why some car have one-touch auto down windows and not one-touch UP continues to boggle my mind)
-Adjust the seat properly (8-way power seats + adjustable lumbar, the Neon was manual just slid back to front and reclined), though some cars keep the adjust-ability but make you do it manually.
-A power moon-roof for a quasi-convertible experience without the added weight and loss of stiffness that normally comes with losing the roof. And it's just nice to have that extra light coming in from above.
-Automatic climate control, one less thing to mess with while I'm driving. I just set the temp I want and let the car figure out the rest. In the Neon, I was fine-tuning the temperature constantly (wait for the engine to warm up, blast the fan, now I'm too hot, turn it down, a bit too cold, turn it back up).
...
-Voice activated NAV (which has saved me more time than I care to admit)
-Blue-tooth which lets me stream music from my phone and make hand-free calls using the car's microphone and speakers
-Automatic headlights, they just stay in auto and come on when it gets dark
-Keyless entry and ignition (as in, the key-fob stays in my pocket) which is REALLY convenient. Mrs. VTX and I really notice it when one of us has to drive our other car and dig the keys out of a pocket
-Hill-start assist where I can push the brake peddle all the way down until the car beeps, it then holds the brakes for about 2 sec. after I take my foot off the peddle to give me time to get on the gas and keep from rolling backwards down a hill and into another car (which can be a big problem with a manual transmission BTW)
-Dual-zone automatic climate control, I have yet to meet a couple that are both perfectly comfortable at the same temperature. Men typically like it a bit cooler, women a bit warmer.
-MP3 player/iPod USB interface, we have an iPod that just lives in the car and is full of music since we don't always listen to the radio and streaming pandora/spotify via phones uses a lot of data.


Yeah, I would use 2 or maybe 3 of these features.

ABS, traction control, and dynamic stability control...
I agree with you there. Happy to have them.

It's too bad you can't pick and choose. (see 'if Microsoft made cars...')
The radio in my first car ('61 Beetle) had 2 round knobs and 4 or 5 push buttons, and I could fiddle with it without taking my eyes off the road, too.
posted by MtDewd at 2:52 PM on July 23, 2015


I would just like to say that I also very much enjoy the geegaws enabled (out made less expensive) by the CAN bus. On the 2015 Fusion I've been driving the last few weeks, I can roll down all the windows and start the aircon with the remote. Very nice in the super hot Florida summer. It avoids much sweating at a cost of only 0.4 gallons per hour to idle the engine with the AC on. And yeah, global one touch up/down on the windows is pretty sweet, as are per-driver power seat and mirror memories. (Thank you to the CAN bus for both of those things)

And Sync with MFT has finally gotten pretty decent. The voice recognition usually works now. Much better than the 2015 Camry, in that respect.

That said, it has also made me very lazy. I get annoyed when I have to drive a car that have to unlock and start by fishing around in my pockets for a remote and putting a key in an actual ignition. Or when I have to physically adjust the rear view mirror to keep from being blinded by people behind me. Even when I remember to toggle the mirror to dim, it is invariably dimmer than it needs to be, so I'm blind to everything but the headlights in the rear view. It also has auto dimming side mirrors (also enabled by the CAN bus), which I never even knew existed and love to death.

The only problem is that all the crap has made me loathe to finally buy a new car because by the time you add all the options that make the experience nit-maddening after having gotten used to the gadgetry for a while, you're looking at somewhere north of $30,000 for anything bigger than a tin can.

If you don't want gadgetry, you can still get a decent car for $25000 or less, but it really is easy to get used to the good stuff.
posted by wierdo at 1:04 AM on July 24, 2015


Don't buy new, that's where you've gone wrong. A 2012 Sedan from any of the non-luxury brands (Honda, Nissan, Toyota, Chevy vs Acura, Infiniti, Lexus, Cadillac) with less than 25,000 miles should cost less than $30k and you can probably find some examples for less than $25k even fully loaded.

You can probably even get into the entry level luxury range with that budget. Something like a lease return Audi A4 or BMW 3 series should be in or around that price range. I just plugged a 2012 328i with 25k miles a every option into KBB.com's valuation tool and it's price range came back at $27,338 - $31,633. An Audi A4 (which has AWD for those of us who live where it snows) is just a bit more than that. You'd likely find a two-year old lease return which is basically the same thing as a brand new car anyways.

I'd bet you could find a similarly equipped sedan from Acura, Lexus, or Infiniti for a bit less and cars from more mainstream brands should be an even better value. The only problem is that you need to stick to more "tried and true" gadgets. The bleeding edge stuff (especially voice recognition) improves a lot faster than gadgets that have been around a while so the version in a two-year-old car might be total junk but seat heaters, memory seats, and a lot of other stuff is pretty refined at this point so the one in a 2012 Chevy works about as well as the one in a 2016 BMW (though sometimes missing an especially extravagant feature like cooling in addition to heating seats or something).

Take it from someone who sold new cars for a living, for most people, buying a brand new car is a sucker's game. Used cars is where the value is.
posted by VTX at 7:09 AM on July 24, 2015


VTX, you don't have to tell me about the benefit of letting someone else take the depreciation hit. I have yet to buy a brand new car in my life. ;)

However, the market has been all kinds of jacked up the past few years and it is not at all uncommon to see new cars, inclusive of incentives, going for the same price or less than a couple of year old used version of the same car. The market appears to be slowly pulling its head out of its behind, but it isn't normal yet.
posted by wierdo at 7:44 AM on July 24, 2015


I keep thinking about how it's just a matter of time until similar vulnerabilities are found in passenger jets. It's even possible, perhaps likely, that these vulnerabilities have already been found--My guess is that a lot of top security researchers are focusing on this question right now. I bet within a year we hear about confirmed remote exploits of aircraft computers.

I know there are supposed to be air gaps and regulations, but if we know anything about software security it's that people screw up every time, at every level: design, regulation enforcement, implementation. My intuition is that a system that hasn't yet experienced the focused attention of an attacker is going to have a vulnerability, every time.
posted by jjwiseman at 11:34 AM on July 24, 2015




Love my 98 Camry!
posted by oceanjesse at 9:45 PM on July 24, 2015


I keep thinking about how it's just a matter of time until similar vulnerabilities are found in passenger jets.

FBI And United Airlines Shoot The Messenger After Security Researcher Discovers Vulnerabilities In Airplane Computer System
posted by ChurchHatesTucker at 10:23 AM on July 25, 2015 [1 favorite]


Fiat Chrysler recalls 1.4 million cars after Jeep hack

They are not actually recalling. They are sending USB sticks to customers to update firmware through their entertainment USB port.

This is the craziest thing ever. Their firmware can be updated by anybody who plugs a USB device in the accessory port? That means anyone using the USB port on the car is vulnerable to malware from your iPod, phone, memory stick or whatever.

It shouldn't be that easy to update firmware. It should require an actual physical jumper in the electrical system to allow that.
posted by JackFlash at 7:38 PM on July 25, 2015 [1 favorite]


"Black Hat USA 2015: The full story of how that Jeep was hacked"
the Wi-Fi password is generated automatically, based on the time when the car and it’s multimedia system — the head unit — is turned on for the very first time.
Except...
The problem is, that you need to follow that very Jeep for that hour to stay in touch with its Wi-Fi connection. The researchers tried to find another way. And — surprise, surprise! — they found one: it turned out, that the Wi-Fi password for Chrysler’s cars is generated before the actual time and date is set and is based on default system time plus a few seconds during which the head unit boots up.
This is consistent with my experience with supposedly air-gapped systems:
The multimedia system is not connected to CAN bus directly. This is the thing that all the manufacturers always refer back to when it comes to IT-security of cyber-physical systems: there is an isolation they say, the air gap between connected and physical parts of these systems.

As it turned out, this air gap is not that thick, at least in Chrysler’s cars. Despite the fact that multimedia system’s controller itself can’t communicate directly with CAN bus, it actually can communicate with another component which is connected to CAN bus, the V850 controller. He knows a guy, who knows a guy situation, simply put.

The V850 controller’s software was designed in some cautious way, making it possible to listen to CAN bus, but not to send commands over it. But you know, it’s a computer after all. And if there’s no capability you need out-of-the-box, you can simply add one by reprogramming the computer.

Researchers discovered an opportunity to change firmware of the V850 controller for their maliciously crafted version through the connection to multimedia system’s controller. This firmware ‘upgrade’ can be done without any checks or authorizations. Even if there was authorization, researchers have found a couple of vulnerabilities that make possible taking control over this V850 controller.
posted by jjwiseman at 4:44 PM on August 13, 2015 [5 favorites]


« Older Music always finds a way...   |   "If it's for the money, you're not doing art.... Newer »


This thread has been archived and is closed to new comments