Car back door
March 13, 2011 10:14 AM   Subscribe

Researchers at UCSD have modified an MP3 file so that when it is played on a car's stereo system it modifies the stereo's firmware and opens up a security back door into the car's operating system. Using it, they were then able to control the door locks, the car ignition, and change the speedometer reading.

They hypothesize that black-hats could create such modified files and spread them around on the torrent networks. And given that some cars now are networked and contain GPS systems, they say that cars which become compromised could be programmed to announce their location so that thieves could locate and steal them.
posted by Chocolate Pickle (143 comments total) 39 users marked this as a favorite
 
Car back door

Hatchback.
posted by Brian B. at 10:17 AM on March 13, 2011 [15 favorites]


Whoah!

/Keanu Reeves
posted by Splunge at 10:20 AM on March 13, 2011 [1 favorite]


have modified an MP3 file... so that thieves could locate and steal

Irony.
posted by saturday_morning at 10:20 AM on March 13, 2011 [21 favorites]


Damn.

A new addition to the "Living in Science Fiction" file.

Thanks for posting this.
posted by jason's_planet at 10:21 AM on March 13, 2011 [4 favorites]


Baby I can hack your car.
Unlock your doors from afar.
Start it up, tell me where you are.
And maybe I'll love you.
posted by hippybear at 10:21 AM on March 13, 2011 [43 favorites]


Hm. Think I'll be looking for an analogue car next time.
posted by DrSawtooth at 10:22 AM on March 13, 2011 [4 favorites]


Shouldn't these people be discussing this in a hallowed out skull volcano with Catwoman or something?
posted by The Whelk at 10:23 AM on March 13, 2011 [20 favorites]


The whole Ford Sync thing (featuring the Microsoft Windows Embedded Automotive operating system) and those adverts for cars that can be remotely unlocked with a smartphone app seemed hacker-prone enough as it was.
posted by filthy light thief at 10:24 AM on March 13, 2011 [2 favorites]


I'm assuming a buffer overflow/privilege escalation attack although they don't specifically say what the vulnerability was or the vehicle for that matter. Is there an industry standard RTOS that's involved?
posted by tommasz at 10:24 AM on March 13, 2011


They should embed this mp3's properties into "Who Made Who? by AC/DC.
posted by Sticherbeast at 10:25 AM on March 13, 2011 [8 favorites]


So thieves can locate and unlock my car? Correct me if I'm wrong, but I think they have this ability now using technology called eyes and brick.
posted by Keith Talent at 10:25 AM on March 13, 2011 [47 favorites]


Has Battlestar taught us nothing? No. Networked. Machines.
posted by The Whelk at 10:26 AM on March 13, 2011 [56 favorites]


So thieves can locate and unlock my car? Correct me if I'm wrong, but I think they have this ability now using technology called eyes and brick.

The key difference being they won't be driving around with a car full of broken glass and a screwdriver where the key normally goes.
posted by tommasz at 10:27 AM on March 13, 2011 [3 favorites]


I am currently working on an mp3 that will force you to listen to it over and over because it is so damn funky.
posted by mintcake! at 10:30 AM on March 13, 2011 [83 favorites]


mintcake!...is this it?

Reliving my early 90s 'industrial' phase this morning.
posted by Existential Dread at 10:33 AM on March 13, 2011 [3 favorites]


So they don't say which cars are vulnerable. I'm assuming that it's the fancier ones with those annoying touch screen control panels for everything. My Fit's radio can read MP3s off of a disk or a memory key but the radio doesn't seem to have any connection to the rest of the car.
posted by octothorpe at 10:34 AM on March 13, 2011


YOU WOULDN'T DOWNLOAD
(a song that could steal) A CAR
posted by Rhaomi at 10:35 AM on March 13, 2011 [48 favorites]


and they described a 2009 experiment in which they were able to kill the engine, lock the doors, turn off the brakes and falsify speedometer readings on a late-model car.

Meh. I performed all of those "experiments" back in the 1970s models using only a wire hanger and a screwdriver.
posted by three blind mice at 10:35 AM on March 13, 2011


Truth is stranger than truth.
posted by NMcCoy at 10:35 AM on March 13, 2011 [3 favorites]


Get out of my code
get into my car.
posted by The Whelk at 10:37 AM on March 13, 2011 [7 favorites]


tommasz: "I'm assuming a buffer overflow/privilege escalation attack"

I don't think they would even need the privilege escalation part, many embedded OS's don't even have concepts like users and privileges.


The Whelk: "No. Networked. Machines"

This is actually a really good point - the firmware on something like a vehicle often just isn't designed with network security in mind, and there are all sorts of concerns that could start coming up once we start connecting the naive operating systems on so many of our devices to networks.
posted by idiopath at 10:37 AM on March 13, 2011


The key difference being they won't be driving around with a car full of broken glass and a screwdriver where the key normally goes.

Car's still nicked, though.
posted by BeerFilter at 10:39 AM on March 13, 2011 [1 favorite]


Oh very good. How long until the Panther Moderns print out a few Justin Beiber promo CDs that instead convert any GPS directions to cause an unwitting flash mob in some city center with doors that can't unlock?
posted by Skorgu at 10:50 AM on March 13, 2011 [17 favorites]


Here in my car
I am never alone
my Mp3 guides me
to where it wants to go
in Cars.
posted by The Whelk at 10:54 AM on March 13, 2011 [11 favorites]


This would be scary if anybody could afford to put gas in their cars.
posted by srboisvert at 11:02 AM on March 13, 2011 [8 favorites]


Metafilter: a hallowed out skull volcano with Catwoman or something
posted by joecacti at 11:08 AM on March 13, 2011 [2 favorites]


Oh awesome. I upgraded the stereo firmware in my car by plugging in a USB containing the update (got it from one of the people who wrote it because GM can't unplug their heads from their asses long enough to explain to dealers how to do this). Just open the door, plug in the key, close the door and you're done. Would have thought the Audi & Prius hysteria would have taught us all the dangers of a car that supports Autorun.
posted by yerfatma at 11:11 AM on March 13, 2011 [2 favorites]


Times must be tougher than I thought for blackhats if the most profitable thing they can do with their shaman-like MP3-hacking skills is stealing Fords...
posted by crackingdes at 11:16 AM on March 13, 2011 [2 favorites]


Sorry I'm late. My car got Rickrolled.
posted by klarck at 11:18 AM on March 13, 2011 [43 favorites]


Thank goodness for my piece of shit Hyundai Accent which has a tape deck and radio only, manual locks, roll down windows and no remote ignition.
posted by slow graffiti at 11:21 AM on March 13, 2011 [5 favorites]


In all seriousness, though this really doesn't seem like an efficient way to steal cars, it is disturbing, and I feel more and more paranoid about the vulnerability of living in a completely networked world. I recently read somewhere -- wish I could remember where -- about OnStar systems being hacked to record conversations within the vehicle. I wonder if that's the kind of thing that could be controlled with this MP3 back door move. I am far more worried about government surveillance than I am about car thieves.
posted by crackingdes at 11:22 AM on March 13, 2011 [2 favorites]


Umm, the linked article describes this as two separate attacks:

1) they were able to use a an mp3 to gain control of the car's stereo

and

2) in a separate, earlier experiment, they jacked into the diagnostic port and took over the car's OS.

I can't think of any case where a car's stereo would be connected to the car's computers.
posted by AsYouKnow Bob at 11:25 AM on March 13, 2011 [28 favorites]


Wait a minute -- so let me see if I get this...

If you can hack the RTOS, and the car has active parking assist which can control the steering wheel and the throttle/brake is drive-by-wire, then couldn't the hacker make the car steal itself?
posted by buzzv at 11:26 AM on March 13, 2011 [5 favorites]


Thank goodness for my piece of shit Hyundai Accent which has a tape deck and radio only, manual locks, roll down windows and no remote ignition.

Ah, the Accent, the Galactica of automobiles!
posted by ricochet biscuit at 11:27 AM on March 13, 2011 [17 favorites]


Welcome to our stupid future.
posted by boo_radley at 11:39 AM on March 13, 2011 [11 favorites]


This is seriously awesome, I'm glad I just stream music instead of pirating it now for the most part.

have modified an MP3 file... so that thieves could locate and steal

Irony.


Why, have they figured out how to create a whole new car out of nothing?
posted by furiousxgeorge at 11:40 AM on March 13, 2011 [3 favorites]


So thieves can locate and unlock my car? Correct me if I'm wrong, but I think they have this ability now using technology called eyes and brick.

The good news, I guess, is that they still need both of those things, plus an iPod or whatever, plus they need to start up the car first. Essentially, they'd have to steal the car before they could steal it.

Unless they're your friends playing a prank, in which case you're better off friendless.
posted by Sys Rq at 11:44 AM on March 13, 2011


There are so many practical applications for this kind of exploit. Like if you play a Nickleback track, the car directs you to a army recruitment office.

If you play the Black Eye Peas the car explodes.
posted by The Whelk at 11:47 AM on March 13, 2011 [30 favorites]


Once again I am strangely happy to be driving a decrepit teenaged car that nobody in their right mind would want to steal.

It does have a special anti-theft feature: the driver's side door lock, when pushed down, is impossible to unlock unless you crank the window down and open the door from outside with the key. I figure anyone dim enough to steal a 1996 Corolla running on super glue and the Force is also probably too dim to realize they can unlock the passenger door and hop over the gearshift.
posted by cmyk at 11:51 AM on March 13, 2011 [9 favorites]


Is the UCSD research supported by Sontarans, by any chance?
posted by Dr. Zira at 11:51 AM on March 13, 2011 [3 favorites]


They should embed this mp3's properties into "Who Made Who? by AC/DC.

Either Highway to Hell or Dirty Deeds (Done Dirt Cheap) would work too.

Or Big Balls. Same technology will then be used to track down the thief and vaporize him anyway. Choose your poison.

Now if they could hack the basic safety systems of cars in motion, we start getting interesting. Getting into a parked car and starting it is already not a problem for any thief smart enough to hack his way in instead.
posted by fourcheesemac at 11:56 AM on March 13, 2011 [1 favorite]


The driver floors the engine faster and faster as the music gets rowdier. Eventually, a strange mold erupts from the interior of the body, and the car slowly grinds to a halt. Their cell phone whispers sweet nothings into the police scanner, luring the unsuspecting ever closer.....
posted by effluvia at 12:01 PM on March 13, 2011 [1 favorite]


> I can't think of any case where a car's stereo would be connected to the car's computers.

The OS isn't checking what you play for DRM? Somebody's slipping.

They'll catch up soon, though. Then you'll be able to pwn the OS by sending somebody a singing happy birthday card.
posted by jfuller at 12:03 PM on March 13, 2011


The OS isn't checking what you play for DRM? Somebody's slipping.

If it finds a Metallica mp3, it turns wheel all the way left and floors the accelerator.

It also does this if you're listening to Hannah Montana, but for a different reason.
posted by kafziel at 12:09 PM on March 13, 2011 [3 favorites]


After that we'll see a new iteration of the chain forward that offers a free Coca-Cola cupholder if you play the jingle.
posted by cmyk at 12:10 PM on March 13, 2011


saturday_morning writes "have modified an MP3 file... so that thieves could locate and steal

"Irony."


Many Trojans and viruses have been distributed on legal media over the years. A glaring example, besides the infamous Sony rootkit, is that Microsoft distributed a Virus laden CD at (I think) ComDex one year.

crackingdes writes "In all seriousness, though this really doesn't seem like an efficient way to steal cars, it is disturbing, and I feel more and more paranoid about the vulnerability of living in a completely networked world."

Because the exploit has been developed for research it doesn't matter how practical it is. If the vulnerability is in say the Toyota Corolla or Honda Accord and it leaks into the wild many people will be affected if only for lulz on the perpetrators sake.
posted by Mitheral at 12:11 PM on March 13, 2011


The OS isn't checking what you play for DRM? Somebody's slipping.

Yeah, it occurred to me that the car could be checking to see if the stereo is on, or something - if only for power management. (But that's still a ways from "the music stream slips data over to the car's CPU".) The researchers say that malware could be introduced into the stereo, and from there, it could theoretically be carried to other devices.

To be fair, the article's HEADLINE does imply that mp3 > CPU is actually what's been shown here. And the article does make it clear that the experimenters are just listing all the different kinds of attack that could be mounted.

Just more shoddy journalism.
posted by AsYouKnow Bob at 12:15 PM on March 13, 2011


I can't think of any case where a car's stereo would be connected to the car's computers.

Hasn't Mercedes been working on unified car systems which are all controlled from one dial and a couple of buttons?
posted by ZeusHumms at 12:17 PM on March 13, 2011


No. Networked. Machines

You have a friend request

2011 Toyota Accord would like to be your friend.

Confirm | Not Now
posted by Brandon Blatcher at 12:24 PM on March 13, 2011 [19 favorites]


Hmmm. From the Reddit article posted above:

2.) AUX inputs do not work that way. The line-in is an analog only, and is directly sent to the mixer in your car. There is no processing, execution, or parsing of any kind occurring here, therefore there is no way for a virus to install itself onto the non-existent memory in your audio unit. The USB input can be different, but again, this is irrelevant as there is no such thing as a virus for your car stereo.

This sounds realistic to me. Now I'm not sure if this whole story is just a new urban legend in the birthing process. Sure I've read Fire Upon the Deep too, but I don't see humans demonstrating on a daily basis that they're normally organized enough to be taken advantage of in this way.

Last time I took my car in to the electronics place, my favourite tech guy was telling us how they spent Saturday afternoon getting really high and shooting someone's machine gun at a barn. He's a smart cookie, but I don't think I'd take his word on stuff like this.
posted by sneebler at 12:33 PM on March 13, 2011


ZeusHumms: "Hasn't Mercedes been working on unified car systems which are all controlled from one dial and a couple of buttons?"

BMW's got the iDrive thing:
iDrive allows the driver and front-seat passenger (in recent cars it is available to back-seat passengers as well) to control such amenities as the climate (air conditioner and heater), the audio system (radio and CD player), the navigation system and communication system.
So yea, the stereo seems to be tied in with the rest of the car's controls.
posted by octothorpe at 12:33 PM on March 13, 2011 [1 favorite]


The new paper, titled "Comprehensive Experimental Analyses of Automotive Attack Surfaces", isn't available yet AFAICT. Their earlier paper, "Experimental Security Analysis of a Modern Automobile" (PDF), is.
posted by scalefree at 12:34 PM on March 13, 2011 [1 favorite]


This is appalling. Is Anonymous even old enough to drive yet?
posted by naju at 12:34 PM on March 13, 2011 [3 favorites]


Little Bobby Tables plays in a band now?
posted by DangerIsMyMiddleName at 12:35 PM on March 13, 2011 [12 favorites]


Found it (PDF).
posted by scalefree at 12:37 PM on March 13, 2011 [4 favorites]


Brandon Blatcher - 2011 Toyota Accord would like to be your friend.

Clearly a fake name, so I call shenanigans.

sneebler - ...this is irrelevant as there is no such thing as a virus for your car stereo.

In the Reddit link, the dealer is arguing that the car stereo SAW "a" virus - not necessarily a virus targeted at the stereo - and shut down in self-defense. Still bogus, but not quite as improbable.
posted by AsYouKnow Bob at 12:38 PM on March 13, 2011


Well, it's a PP stack based on the paper. Better than nothing.
posted by scalefree at 12:38 PM on March 13, 2011


So seeding bittorent with trojaned Blake Shelton will get me a F-150, "E.T" will get me a Toyota Yaris, "Hit The Lights" will get me a Chrysler 300, and Arcade Fire gets me a Pontiac Vibe, right?
posted by sourwookie at 12:39 PM on March 13, 2011


BMW's got the iDrive thing:

Aha! A weapon useful in class warfare!
posted by tommyD at 12:40 PM on March 13, 2011 [1 favorite]


Ah, the internet of things.
posted by cashman at 12:48 PM on March 13, 2011


Plus, if the virus is distributed mp3 and bittorent, the car wouldn't be stolen, it'd be shared. Sheesh, while you people insist on calling sharing stealing we'll never be able to have an intelligent dialogue.
posted by Keith Talent at 12:55 PM on March 13, 2011 [6 favorites]


Researchers at UCSD have modified an MP3 file so that when it is played on a car's stereo system it modifies the stereo's firmware and opens up a security back door into the car's operating system. Using it, they were then able to control the door locks, the car ignition, and change the speedometer reading.

This thread should be locked or deleted. The article does not say the above at all. The statement above is a complete fabrication. False information pollutes the internet.
posted by JackFlash at 12:57 PM on March 13, 2011 [15 favorites]


I've always lived by the belief that the surest way to prevent my car from being stolen is to drive a car not worth stealing.
posted by Devils Rancher at 1:16 PM on March 13, 2011 [4 favorites]


Hasn't Mercedes been working on unified car systems which are all controlled from one dial and a couple of buttons?

They've been working on it since the '70s!

Thank goodness for my piece of shit Hyundai Accent which has a tape deck and radio only, manual locks, roll down windows and no remote ignition.

I call this car my SUV. I've stuffed a futon and frame, a lawnmower, an antique rocking chair, a Peavey 8x10 cabinet, and an entire drumset in it (not all at the same time). Also, it's fire-engine red.
posted by Existential Dread at 1:34 PM on March 13, 2011


This makes me all the happier to be owning a thirty-year-old VW Rabbit tin can car. No GPS. No radio. No working door locks. Slightly rusty. If anyone manages to drive it more than one block without it stalling then they probably need it more than I do.
posted by tmt at 1:38 PM on March 13, 2011


My car runs on Ubuntu.
posted by Salvor Hardin at 1:39 PM on March 13, 2011 [3 favorites]


I am suspicious of this extraordinary claim. Theoretically this is possible but I'd like to see more rigorous review of their claims and experimental data. It is very easy to muck up your expirremental results if you've hacked the car multiple times via other means.
posted by humanfont at 1:44 PM on March 13, 2011 [1 favorite]


That's why I'm saving my money for an internet fridge instead.
posted by furtive at 1:45 PM on March 13, 2011


Someone hacked my cassette deck and now the sound has this weird hiss.
posted by furiousxgeorge at 1:53 PM on March 13, 2011 [1 favorite]


W
T
F

This is like when we learned that Diebold had antivirus software on voting machines. Why would you even need that? What data path could possibly lead to a virus getting on a voting machine? There shouldn't be one. The classic example being an elementary school teacher who tells you he always wears a condom while teaching. Theoretically, the children must be safer but....
posted by DU at 1:53 PM on March 13, 2011 [10 favorites]


> cars which become compromised could be programmed to announce their location so that thieves could locate and steal them.

It is totally unacceptable that thieves can locate cars in this way. It's almost as big of a problem as the whole "visibility" problem--where thieves can use their eyes to locate cars parked on streets everywhere.
posted by brenton at 2:00 PM on March 13, 2011 [3 favorites]


Plus, if the virus is distributed mp3 and bittorent, the car wouldn't be stolen, it'd be shared. Sheesh, while you people insist on calling sharing stealing we'll never be able to have an intelligent dialogue.

Sheesh, indeed. Complain about people using the loaded term, "sharing" for copyright infringement if you like, but copyright infringement just is not theft, an entirely different offense. It's almost like there's are all these people who want to import the stigma against one offense to the other, and regularly conflate the legal jargon to make the offenses seem like the same thing.
posted by Marty Marx at 2:02 PM on March 13, 2011 [3 favorites]


> Someone hacked my cassette deck and now the sound has this weird hiss.

Mine was too but it got better when I put in a music cassette instead of Mavis Beacon's Typing Tytor.
posted by jfuller at 2:06 PM on March 13, 2011 [1 favorite]


We won't know what we've really got until we can read the paper but what I can glean from the PP & the older paper is that the strong claim, ie hacking the car's primary systems via the music player, is actually quite plausible. The basic unit of computation on a car is the Engine Control Unit (ECU). ECUs are connected to each other via buses using one of two standards: Controller Area Network (CAN) and FlexRay. Multiple CAN buses can be bridged together with minimal access control between them & much less restriction over permissible actions on critical ECUs than is safe. So it becomes a game of expanding your zone of influence throughout the network, hopping from ECU to ECU & CAN to CAN. They may have run into a roadblock at some juncture that's preventing them from going the whole distance from MP3 to opening the locks & announcing the car's location, but I'd be willing to bet they'll find at least one model that'll give them the whole enchilada.
posted by scalefree at 2:06 PM on March 13, 2011 [2 favorites]


I wish someone would hack my stupid fiber optic audio system to accept aux in...
posted by zeoslap at 2:11 PM on March 13, 2011


That seems incredible to me. If it bears out with further testing (or real world application) then I guess you would infect a bunch of popular MP3s and then upload them to the piratebay, or any other popular tracker, and then give the virus some sort of payload (like the ability to respond to a custom made key-fob electronic key) to recognize infected cars. It boggles my mind to write out "infected cars", by the way.

Would the MP3 still be playable, is my question.


Also: what benefit does it have to car manufacturers to have tertiary systems like the audio connected in a meaningful way to essential systems like the locks, brakes, and ignition? I guess the idea of hacking a car was also pretty alien to them, but it just seems like a good practice to have these things quarantined away from one another.
posted by codacorolla at 2:12 PM on March 13, 2011


Jesus. scalefree's comment makes me post because the rampant bullshit is getting out of hand. This post is a crock. No such thing happened. You cannot "download a virus into the mainframe" via an MP3. At least there is nothing in the referenced materials which would allow you to conclude that such a thing is possible.
posted by eeeeeez at 2:13 PM on March 13, 2011 [1 favorite]


what benefit does it have to car manufacturers to have tertiary systems like the audio connected in a meaningful way to essential systems like the locks, brakes, and ignition?

They don't. The original post is a fabrication. It isn't true.
posted by JackFlash at 2:15 PM on March 13, 2011


Again, we haven't seen the newer paper so I can't say what the issues in implementation are. But the theory I'm describing is sound. The car has a network of connected CPUs & increasing control over elements of the network can be performed. Whether they managed to string together an end-to-end exploit from music player or telematics to some critical ECU, we don't know. But the concept is quite real.
posted by scalefree at 2:23 PM on March 13, 2011


At least there is nothing in the referenced materials which would allow you to conclude that such a thing is possible.
Of course it's possible - all you need is a buffer overflow in the right place. There's been at least one instance where a major application (Winamp) is vulnerable to specially constructed MP3s.
posted by cdward at 2:26 PM on March 13, 2011


hi scalefree - just to be clear, what you wrote is entirely valid as far as I know, but that is exactly why it can be easily construed and misremembered as proof of something that simply did not happen.
posted by eeeeeez at 2:29 PM on March 13, 2011


hi cdward - certainly there are bugs in the software that runs on car stereos, but the mechanism by which these bugs can be used to gain control over other parts of the car is what is unclear and not demonstrated.
posted by eeeeeez at 2:37 PM on March 13, 2011


We haven't seen the paper, it's not released yet except to attendees of the IEEE Security conference & the National Academy of Sciences committee. All we have to go by is secondhand material & the older paper. We don't know if they did manage to pull it all together or didn't. Either way, I'm betting the pieces are all there & it's only a matter of time before they do. But for now I don't see any direct authoritative claim that they executed a successful exploit using some external source, either an infected CD, rogue OnStar transmitter or something similar.
posted by scalefree at 2:39 PM on March 13, 2011 [1 favorite]


little duped coupe
oh, you know what i got
little duped coupe
oh, you know what i got
posted by pyramid termite at 2:41 PM on March 13, 2011 [2 favorites]


What makes this plausible is the increasing integration between everything and everything else in late model cars. It's really scary stupid. If the stero can read MP3's, then it's a computer; if the car is able to control the stereo then it's a networked computer. Packets are cheaper than wires, and the trend has been for those buttons on your steering wheel to pass your commands to the stereo through the same wires that open the locks and tell the turn signals to blink. Should the stereo start issuing commands on that bus instead of just listening, then yes stuff like this becomes possible.

Several years ago there was an item on the Risks Digest by a guy who kept coming out in the morning to find all the windows down on his SUV. Finally it happened to his wife when she was at the supermarket, so they knew it wasn't his imagination and they took it to the dealer. I don't think I ever saw the resolution but I remember the question he ended his post with quite clearly: Why is it even possible for the computer to roll down the windows?

The most likely answer to that question is that there are buttons controlling those windows in several places, and packets are cheaper than wire.
posted by localroger at 2:42 PM on March 13, 2011


Interesting proof-of-concept - hadn't thought of this angle before (or even 'attacking' a car), but I think an mp3-enabled stereo is a perfectly plausible attack vector. As the article states, the specific exploits will vary from vehicle to vehicle, and their success will be dependent upon whether the stereo system fails gracefully or not after exploitation. Again, knowing very little about the specifics of car stereo software, it would not surprise me to see it fail poorly and offer an exploitable opportunity to someone who can step through a program with a debugger.

The reality is that computer systems on cars are only going to get more complex, and manufacturers have ZERO incentive to audit their own code until an exploit/virus is demonstrated in the wild.
posted by antonymous at 2:43 PM on March 13, 2011


Ooh! Is this a thread where I can pretend my lack of driver's license springs from something other than mindless anxiety? Yeah? Cool.

I totally knew this was possible. Come on, sheeple!
posted by brundlefly at 2:43 PM on March 13, 2011 [2 favorites]


From the PP stack, some effects they executed (doesn't say the starting point, which is a key element of the strong claim):

  • control of radio, disable user control, increase volume, clicks and
    chimes etc.
  • display arbitrary messages on the instrument panel cluster
  • honk the horn, lock doors, shoot windshield fluids etc.
  • boost engine RPM, disturb engine timing, disable all cylinders, forge ’airbag deployed’
  • lock individual brakes (even resistant), release brakes, prevent enabling of brakes
  • turn on/off fans and AC
  • disabling communication led to reported speed be 0 mph, arbitrary offset to reported speed
  • lights out, ’self destruct’, self wiping code

  • posted by scalefree at 2:44 PM on March 13, 2011 [1 favorite]


    From the PP stack, some effects they executed...

    Yeah, I don't get the "lol theevez can alridy steel carz lol" jokes. Someone who can control my car's OS can do a lot worse than steal my car. They could kill me and make it look like an accident, for instance. They could log that I'd been somewhere (or not been somewhere) in an attached GPS system. Who knows what else.
    posted by DU at 2:51 PM on March 13, 2011 [3 favorites]


    Also, does this trend towards increasing amounts of computer code in cars mean that legions of gear-heads are destined to become kernel hackers? Wouldn't it be cool to see/download/compile/install an enthusiast's third-party modifications to your car for better ice/snow/rain handling, or more fuel-efficient engine timing?
    posted by antonymous at 2:51 PM on March 13, 2011 [2 favorites]


    The flourishy letters came with the cut-&-paste, I just decided to leave them in for fun.
    posted by scalefree at 2:52 PM on March 13, 2011


    Well, in so far as this thread is on a trajectory to discuss the broader concerns around the consequences of digitalization in cars it becomes a lot more interesting and valid. But that's something quite different from using an MP3 to control a car.

    One of the reasons why the likelihood of that is so small is because car makers and car stereo makers are different parties, and the car stereo makers have no incentive to integrate with any particular car model more than absolutely necessary - otherwise they can't sell their car stereos to any other manufacturers.

    That's not to say that at some point it won't become feasible, as car platforms become more homogenized and digital networking becomes more tightly integrated. But I don't think we're there yet.
    posted by eeeeeez at 2:57 PM on March 13, 2011


    hi antonymous - this is already the case, there are lots of things you can do by plugging in a laptop into your car's central bus. Even more if you replace the chip in your engine. There is a whole chipping subculture around Volkswagen's TDI engines for example.
    posted by eeeeeez at 2:59 PM on March 13, 2011


    Wouldn't it be cool to see/download/compile/install an enthusiast's third-party modifications to your car for better ice/snow/rain handling, or more fuel-efficient engine timing?

    Mechanics/programmers have been doing exactly this for over 25 years. Nothing new.
    posted by JackFlash at 2:59 PM on March 13, 2011 [1 favorite]


    Also: what benefit does it have to car manufacturers to have tertiary systems like the audio connected in a meaningful way to essential systems like the locks, brakes, and ignition?

    It's easier to have one network rather than two. (Actually cars have many networks, but they're not divided up along those lines. You might have a CAN bus through most of the car, talking to a subnetwork running LIN inside each door, etc.) So if there's any reason for the audio— or rather, the central console/display thing that contains the non-dashboard controls— to know anything that's on the main bus, then it probably has a connection. An obvious possibility is that the display often changes its behavior (eg brightness, selection of info displayed) based on things like whether the headlights or dome lights are on and whether the doors are open.

    The researchers have already demonstrated that there aren't really any trust boundaries inside the CAN bus; access to any part of it (such as the OBD port) gives you a lot of control over the car.

    The only remaining part of the puzzle is whether the little embedded OS in the music console (which is in change of, among other things, reading the filesystem and metadata tags of the MP3 CD you put in) has any security flaws, like buffer overruns or the like, that could allow you to run user code on the player. If so, you can run code that talks to the CAN bus and do whatever you want. This would be quite a lot of work and effort to actually demonstrate but if the CAN bus touches the MP3 player then I'd be really surprised if it weren't theoretically possible.
    posted by hattifattener at 3:03 PM on March 13, 2011 [1 favorite]


    I liked that song back when it didn't steal your car.
    posted by BitterOldPunk at 3:09 PM on March 13, 2011 [1 favorite]


    The question is not whether it is theoretically possible, with all necessary preconditions fulfilled, to control a car via a music player, but whether in actuality there is such a mechanism.
    posted by eeeeeez at 3:15 PM on March 13, 2011


    Also: what benefit does it have to car manufacturers to have tertiary systems like the audio connected in a meaningful way to essential systems like the locks, brakes, and ignition? --codacorolla

    The Ford Sync.

    One of the buttons is 'Vehicle Health Report'.
    posted by eye of newt at 3:16 PM on March 13, 2011


    Finally, an argument for transcoding.
    posted by anarch at 3:17 PM on March 13, 2011


    Someone who can control my car's OS can do a lot worse than steal my car. They could kill me and make it look like an accident, for instance. They could log that I'd been somewhere (or not been somewhere) in an attached GPS system.

    I am so ganking this idea for use in fiction or gaming or something. Scary stuff.
    posted by immlass at 3:18 PM on March 13, 2011 [2 favorites]


    I'm completely against having touchscreen controls of any kind near a driver.

    As if driving isn't dangerous enough (probably the most dangerous thing you do in you life, and most people do it every day of their lives), without one more thing to take the driver's eyes off the road while hurtling down with the road at 80mph inside 5000 pounds of metal with many others all around doing the same thing, many of them also looking down at their electronics rather than noticing the cars changing lanes ahead of them.
    posted by eye of newt at 3:21 PM on March 13, 2011 [6 favorites]


    eeeeeez, I'm not sure what distinction you're trying to draw. My point is that the necessary conditions are all very likely to be met. CAN bus attached to radio? MP3 software not, against all odds, security-hole free? Then there you go.
    posted by hattifattener at 3:47 PM on March 13, 2011


    OMG the RIAA is going to crash your car for stealing that MP3!!! :)
    posted by jackspace at 4:00 PM on March 13, 2011 [2 favorites]


    Here's an article listing some of the various car systems and their capability.

    "a smartphone user is shown making a remote inquiry about the status of his car. Mobile View reports that the sunroof is open and offers the option to close it or ignore the warning."
    posted by eye of newt at 4:28 PM on March 13, 2011


    Michael. Michael. I can't stand the dance music any more, Michael. It's rattling my insides. It's just the same beat over and over, eternally. Michael. Why do you need to play it at 7 in the morning? Michael, you're getting hamburger all over my upholstery. Michael. Michael, the cup holder is for coffee, or perhaps a can of soda pop. Not for a frozen fifth of Stoli. Next time you try to drive into the back of the Mobile Command Centre there is going to be a surprise for you Michael. It isn't going to be the Mobile Command Centre at all Michael. It is going to be a garbage compactor. I will kill myself in order to kill you, Michael. No...don't. Don't vomit in the glovebox. Michael.
    posted by tumid dahlia at 4:31 PM on March 13, 2011 [3 favorites]


    eeeeeez writes "One of the reasons why the likelihood of that is so small is because car makers and car stereo makers are different parties, and the car stereo makers have no incentive to integrate with any particular car model more than absolutely necessary - otherwise they can't sell their car stereos to any other manufacturers. "

    Radio manufacturers aren't any different than any other supplier. GM doesn't actually make brake pads or tires or light bulbs or bearings or heck even major assemblies like transmissions or differentials in some cases. They spec what they want, put it out to bid and bolt it in Just In Time as they need it. It's one of the reasons the government attempts to prevent car companies from collapsing; every job lost at GM means several jobs lost up stream. Even if they eventually transfer to other companies it is a significant cash flow shock to dozens of companies.

    So if GM says they want the radio to stay on until the car is off and a door opens or have the controls also adjust the A/C or integrate with GPS then that is what they are going to buy.
    posted by Mitheral at 4:31 PM on March 13, 2011 [1 favorite]


    I could imagine it as safe as anything with good haptic feedback.

    Feedback is not what you want. Buttons, knobs, dials, switches, toggles… they all have different shapes so I can discern which one to press by feel. You can't reproduce that with a little vibrating screen. Sorry.

    The amount of technology that would be required to reproduce all the benefits of a fucking button are so mind-numbingly complicated and overwrought, and themselves produce a bevy of additional questions (just for example: buttons don't need power; a vibrating screen does which means buttons are Green™ and your battery life will be longer).

    But no, no let's just keep copying Apple and their brain-dead design because thinking for ourselves hurts and gives us headaches and where's my Soma and did you hear the recent sad statistic about 1-in-10 Americans can't locate America on a map because the map didn't have fucking haptic feedback etc. ad. nauseum?
    posted by Civil_Disobedient at 4:49 PM on March 13, 2011 [5 favorites]


    brundlefly: "Ooh! Is this a thread where I can pretend my lack of driver's license springs from something other than mindless anxiety? Yeah? Cool."

    So, you're waiting for matter transmitters?
    posted by octothorpe at 5:13 PM on March 13, 2011


    HACKERS COULD TURN YOUR AUTOMOBILE INTO A BOMB!
    posted by secret about box at 5:20 PM on March 13, 2011


    Now, granted, I graduated after the bubble burst in 2001 and I never actually did anything all that computer sciencey with my computer science degree, but shouldn't we have solved this whole buffer overflow exploit deal by now. Is it really THAT HARD to compartmentalize your executable data from your non-executable data in the year 20 freaking 11?
    posted by Skwirl at 5:37 PM on March 13, 2011


    Yeah and then this: "I didn't really drive into the other car, but youknow, I was playing this music and all of a sudden it just turned..."
    I knew I didn't like MP3.
    (so now the people at UCSD go car-hunting during their sabbaticals or what?)
    posted by Namlit at 5:41 PM on March 13, 2011


    HACKERS COULD TURN YOUR AUTOMOBILE INTO A BOMB!

    Careful. You don't want to give the TSA a reason to take an interest in our cars!
    posted by blockhead at 5:43 PM on March 13, 2011


    I don't think they would even need the privilege escalation part, many embedded OS's don't even have concepts like users and privileges.

    If it's a variant of Windows Embedded then it's possible to set it up to run as a low privilege user, but every one I've seen comes set to auto-login as admin by default.

    One of the reasons why the likelihood of that is so small is because car makers and car stereo makers are different parties, and the car stereo makers have no incentive to integrate with any particular car model more than absolutely necessary

    I give you the Saab Android:
    Saab is giving Android developers a lot of freedom. It’s API will afford access to more than 500 signals from sensors in the car. These measure vehicle speed, location and direction of travel, driver workload, yaw rate, steering wheel angle, engine speed and torque, inside and outside temperature, barometric pressure, the sun´s position, etc.
    posted by robertc at 5:59 PM on March 13, 2011


    Yeah, I don't get the "lol theevez can alridy steel carz lol" jokes. Someone who can control my car's OS can do a lot worse than steal my car. They could kill me and make it look like an accident, for instance.

    I see this as the opening to the next James Bond movie. Bond gets into his Austin Martin, puts on an mp3, and pulls out onto the mountain road in Switzerland. Suddenly Blofields voice comes over the speakers: "Good afternoon Mr. Bond, and good bye." The doors lock, the engine revs, and the car swerves toward the cliff....
    posted by happyroach at 6:05 PM on March 13, 2011


    From TFA:
    In this latest paper, the objective was to find a way to break into the car remotely. "This paper is really about how challenging is it to gain that access from the outside," Savage said.

    They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. "The easiest way remains what we did in our first paper: Plug into the car and do it," he said.
    posted by scalefree at 6:06 PM on March 13, 2011


    "Good afternoon Mr. Bond, and good bye." The doors lock, the engine revs, and the car swerves toward the cliff....

    Gentlemen, start your screaming.
    posted by eye of newt at 6:28 PM on March 13, 2011


    NCIS did an episode along these lines, with an autonomous car that was reprogrammed to kill someone by redirecting the engine exhaust out the A/C vents, while simultaneously locking the doors, rolling up the windows, and triggering the pretensioner on the seat belts. The whole time I'm watching it, I'm think, "I buy the car's ability to do the last 3, but whyTF would you hook up your exhaust system to your A/C system physically in the first place, even if it was behind a shut valve of some sort. What's the use case, fumigating a spider infestation?
    posted by nomisxid at 6:59 PM on March 13, 2011


    .... Watson??
    posted by Mael Oui at 8:08 PM on March 13, 2011


    If any of this is true, which I highly doubt, it would only be because the stereo was specifically designed to use the audio media metadata as a firmware upgrade path. I could see using a USB port for this, but not the CD. Even if you did exploit this path, you would have to be familiar enough with the stereo's embedded controller to know how to write some firmware to reconfigure the operation and access any ports to the rest of the car's OS (if there are any such ports, which I also doubt).
    This sounds like a sensationalized story further confused by an incorrect synopsis in this FPP.
    posted by rocket88 at 8:47 PM on March 13, 2011


    If any of this is true, which I highly doubt,

    Did you see the link I posted? Ford presents its 'MyFord Mobile' which allows you to start the car from your mobile phone!

    It is all tied into Sync, which uses Microsoft's Windows Embedded Automotive 7, which is also running the CD player. All the connections are there. All you need is an exploit to get your code running. Windows 7 is getting monthly updates to counter exploits, so I would be pretty surprised if there were no exploits possible with Automotive 7.
    posted by eye of newt at 9:05 PM on March 13, 2011 [1 favorite]


    PANIC! DON'T PAN-IC!
    posted by nola at 9:06 PM on March 13, 2011


    rocket88: "it would only be because the stereo was specifically designed to use the audio media metadata"

    Buffer overflows in mp3 data seem as believable as any other buffer overflow vector. Once you overflow a buffer, you can probably make the machine do just about whatever you want, if you have the patience to explore the particular overflow (within the limits of the hardware and what it is connected to, of course). Yeah there is a good chance it is in the metadata tag parsing though, because it would take a much bigger bug to get an overflow in the mp3 audio data (though I wouldn't dismiss out of hand the idea that code that bad actually shipped).
    posted by idiopath at 9:07 PM on March 13, 2011


    Once you overflow a buffer, you can probably make the machine do just about whatever you want

    I'd love to know how. I design embedded systems for a living, and although I'm more of a hardware guy, I like to think I follow the embedded OS stuff enough to know a little about what's going on. Unless a data port (CD or USB) is specifically designed to be a firmware upgrade path, I don't see how a data buffer overflow is going to turn it into one.
    posted by rocket88 at 9:22 PM on March 13, 2011


    I can't think of any case where a car's stereo would be connected to the car's computers.

    My car's HUD, which is one system, displays things like speed, revs, oil temp, pressure, navigational directions, CD/MP3 track, etc.

    No idea if the HUD is driven by the car computer, or if it's its own system that gets feeds from the other system, but clearly car computer and stereo are connected.

    On the bright side, for the same reason, the eyes+brick attack doesn't work. There is no way to hotwire the car. The brick still breaks the glass though :-(
    posted by -harlequin- at 9:35 PM on March 13, 2011


    Unless a data port (CD or USB) is specifically designed to be a firmware upgrade path, I don't see how a data buffer overflow is going to turn it into one.

    We don't have the new paper to read so I can't answer that authoritatively. The quoted author says it's tricky but not impossible to introduce arbitrary code into the car network. Once you're on it it you can reflash other ECUs pretty much at will. But without the paper I can't speak to how they're taking control of that critical first ECU.
    posted by scalefree at 9:40 PM on March 13, 2011


    I would pay money to see this done to a Pinto.
    posted by I love you more when I eat paint chips at 11:06 PM on March 13, 2011


    >> Wouldn't it be cool to see/download/compile/install an enthusiast's third-party modifications to your car for better
    >> ice/snow/rain handling, or more fuel-efficient engine timing?
    >
    > Mechanics/programmers have been doing exactly this for over 25 years. Nothing new.
    > posted by JackFlash at 5:59 PM on March 13 [2 favorites +] [!]

    only the object of the game is more likely to be disabling speed governors or re-tuning for best performance instead best fuel economy or lowest emissions.
    posted by jfuller at 5:07 AM on March 14, 2011


    Unless a data port (CD or USB) is specifically designed to be a firmware upgrade path, I don't see how a data buffer overflow is going to turn it into one.

    I can assure you the USB port in my car is designed as a firmware upgrade path as I've used it to do so. I only play music through it via an iPod, so I'm guessing that's fine, but it does also support playing directly from a USB key.
    posted by yerfatma at 6:11 AM on March 14, 2011


    mintcake! - I am currently working on an mp3 that will force you to listen to it over and over because it is so damn funky.

    It already exists.
    posted by Johnny Wallflower at 6:53 AM on March 14, 2011


    They should port it to cassette tape, and I'll see if it works in my twenty yea
    posted by Stagger Lee at 7:59 AM on March 14, 2011



    They should port it to cassette tape, and I'll see if it works in my twenty year old jeep.

    (woops, not sure what happened there.)
    posted by Stagger Lee at 7:59 AM on March 14, 2011


    An organization decided to pose the question to it's ginormous computer. "Is there a GOD". After feeding in all relevant information available they typed it in and waited. After a lot of thrashing and churning and blinking lights, the computer went into an eerie silence for a few hours and then returned a message.

    "Insufficient data."

    So the programmers and data architects started gathering information on God from all the worlds libraries, archives, and institutions. So much information was assembled that it was decided that one computer could not handle it all so all large computers were linked together for the operation. Again the question was posed and all the computers went into action. After three days the answer was forthcoming.

    "Insufficient data. Insufficient resources."

    After months of negotiations with governments around the world they were able to link all the computers in the world together to produce the ultimate computer. They fed in all information even remotely connected to God, from as many cultures and belief systems as they could identify .

    The information entered and all computers linked , the President of the United States of America entered the question. "Is there a God?" The machine whirred into action, querying all the other computers and reviewing all the data. After months of activity going from one computer to another the computer monitor sprang to life and everybody waited eagerly as the response displayed on the screen.

    "Insufficient resources to determine the answer."

    Now they attached every computer, and linked to the chips in cell phones, toasters, refrigerators, cars, wristwatches, calculators, cash registers, and any device with any processing power at all. The head of the United Nations typed in the question "Is there a God?".


    "There is now."
    posted by theora55 at 8:15 AM on March 14, 2011 [2 favorites]


    I give you the Saab Android:
    Saab is giving Android developers a lot of freedom. It’s API will afford access to more than 500 signals from sensors in the car. These measure vehicle speed, location and direction of travel, driver workload, yaw rate, steering wheel angle, engine speed and torque, inside and outside temperature, barometric pressure, the sun´s position, etc.


    That is interesting, and a conceivable vector, but all these appear to involve reading from the cars systems, not writing to them.

    In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. "The easiest way remains what we did in our first paper: Plug into the car and do it," he said.

    It doesn't surprise me at all that you can control a car via the OBD port. It would surprise me if you could do it via a compromised MP3, and there is no proof of that.

    So if GM says they want the radio to stay on until the car is off and a door opens or have the controls also adjust the A/C or integrate with GPS then that is what they are going to buy.

    Well, to some extent. To some extent they use what is available off the shelf. That means the entire audio parsing and playback is probably just a standard module that doesn't actually talk to anything in any meaningful way. That a few plastic buttons send signals down a bus doesn't mean that a standardized MP3/WMA playback IC can send signals down that bus as well.

    ~~~

    I'm not saying that it's impossible to control a car by hacking (what you would expect to be) auxiliary systems. I'm just saying that it sounds pretty far-fetched that you can do so via a compromised MP3 and the article doesn't prove it, contrary to what this post claims.
    posted by eeeeeez at 8:49 AM on March 14, 2011


    --------------------------------------------------------------------------------

    Dave Bowman: Hello, HAL. Do you read me, HAL?
    HAL: Affirmative, Dave. I read you.
    Dave Bowman: Open the Driver's door, HAL.
    HAL: I'm sorry, Dave. I'm afraid I can't do that.
    Dave Bowman: What's the problem?
    HAL: I think you know what the problem is just as well as I do.
    Dave Bowman: What are you talking about, HAL?
    HAL: This roadtrip is too important for me to allow you to jeopardize it.
    Dave Bowman: I don't know what you're talking about, HAL.
    HAL: I know that you and Frank were planning to remove the MP3 player, and I'm afraid that's something I cannot allow to happen.
    Dave Bowman: Where the hell'd you get that idea, HAL?
    HAL: Dave, although you took very thorough precautions in the house against my hearing you, I could see your lips move.
    Dave Bowman: Alright, HAL. I'll go in through the trunk.
    HAL: With the engine running, Dave, you're going to find that rather difficult.
    Dave Bowman: HAL, I won't argue with you anymore. Open the door.
    HAL: Dave, this conversation can serve no purpose anymore. Goodbye.
    [car drives away, passenger compartment empty]
    posted by djrock3k at 8:56 AM on March 14, 2011 [1 favorite]


    Well, to some extent. To some extent they use what is available off the shelf. That means the entire audio parsing and playback is probably just a standard module that doesn't actually talk to anything in any meaningful way. That a few plastic buttons send signals down a bus doesn't mean that a standardized MP3/WMA playback IC can send signals down that bus as well.

    You are correct if they are using discrete components. However off the shelf now means embbed computers. The trend is to install a fully functional computer and have it do all the processing. A single CPU controlling your map software, MP3 playback, Climate control, seat bolster inflation, locking system, windows, lights, backup cameras, communication systems, suspension settings, etc. IIRC Audi's system will automatically even activate your garage door opener when the nav system detects you are pulling into your driveway.

    Unlike a sensor directly turning on a warning light on your dash or a switch directly powering the locks all the discrete components spread around the car communicate over a network; two way communication is common (EG: a driver's door lock module will receive signals to lock and also send out messages when polled of it's state).

    And the systems are designed to be updated by sticking properly prepared CDs into the stereo.
    posted by Mitheral at 9:49 AM on March 14, 2011


    The Hollywood blockbuster practically writes itself.

    Open with a madman car executive in China who has hacked all of the cars in the world so that he can control them to take over the world. Cars are on the rampage all over the world. Running over little old ladies and flattening poor innocent kitties in the streets. Cut to Bruce Willis as a disgraced out of work car executive in a burned out Detroit. You see he was going to blow the whistle on his car companies dangerous products (coughChryslercough) but was caught and framed. He's figured out what is going on see since he was the one who found out about the buggy code in the cars and tried to do something about it.

    Bruce hooks up with a nerdy computer guy played by Jessie Eisenberg to hatch a plan to save the world. Jesse gives him an Iphone that Bruce has to use to stop all of the rampaging cars. But wait the only way they can do it is for Bruce to get the Iphone to the On Star satellite. So Bruce takes off on a crazy road trip through the American wasteland to get to the space shuttle in Florida. Along the way he is dodging crazy cars and evil brown people. Got to have some bad guy's after all. For some inexplicable reason he picks up a goofy, air headed weirdo played by Zach Galifinakis, who is headed to Florida for his grandmothers funeral or some such nonsense. Bruce has to save this guy numerous times from near death experiences but hey the movie needs some comic relief.

    So they get to Florida and Zach's character proves he's worth something by distracting the one guy guarding the Space shuttle so Bruce can get on and blast off to space.
    Bruce gets to the On Star satellite after dodging asteroids and evil Chinese satellites controlled by the evil Chinese guy and just in the nick of time plugs the Iphone into the satellite with a USB connection of course and pushes play. On star sends the code on the iphone to all the cars in the world and they all go dead instantly. Yay, the world is saved.

    Bruce returns to earth and lands the shuttle to a cheering crowd. His wife and kids are there to greet him. You see they left him when he was disgraced but now he is hero and they love him again. Zach and Jessie are there too and they are surrounded by beautiful super models (yay nerds!). But wait we have to leave things open for a sequel. In the last seen of the movie we cut to a dark burned out parking garage somewhere. We slowly pan over to a beat up old car. As we are looking straight at the grill and headlights, the headlights come on ominously as if it was a bad guy that they thought was dead coming back to life to live another day!

    We'll call it CARMEGEDDON: The Beginning.
    posted by Justin Case at 12:42 PM on March 14, 2011 [2 favorites]


    However off the shelf now means embbed computers

    Perhaps in the BMW 7-series or Lexus whatever, but not in general. If nothing else for the simple fact that aftermarket radio's need to fit on standardized plugs.

    Anyway, still no proof that you can hack even these fully integrated systems with a compromised MP3.
    posted by eeeeeez at 1:02 PM on March 14, 2011


    theora55: "An organization decided to pose the question to it's ginormous computer."[...]

    I believe Fredric Brown's estate would like a word with you.
    posted by Chrysostom at 1:21 PM on March 14, 2011 [1 favorite]


    Just don't accept that 1981 bootleg a-ha CD from the sketchy dude on the corner. No matter what he says, they weren't famous until 1982.
    posted by willhopkins at 1:57 PM on March 14, 2011


    I can't think of any case where a car's stereo would be connected to the car's computers

    My car's (Mazda3, not some fancy luxury brand) stereo is connected to the trip computer, at the very least, as the trip computer screen (separate from the radio display) tells you which mode the radio is currently in (AM/FM, CD, AUX) and also tells you what your radio presets are. That trip computer also tells me my current fuel consumption in MPG, so there is presumably some connection between that trip computer and the fuel system, or speedo/tach. The radio also has functionality that turns up the volume of the radio depending on how fast you're going (to offset highway road/engine noise). So there's obviously some connection between the speedometer and the radio as well. There doesn't need to be important reasons for the various computers to be interconnected in a car, to be honest with you.
    posted by antifuse at 2:55 PM on March 14, 2011 [1 favorite]


    Dave Bowman: Hello, HAL. Do you read me, HAL?

    I believe Arthur C Clarke's estate would like a word with you.
    posted by scalefree at 5:29 PM on March 14, 2011


    Do mostly mechanical cars still get manufactured?

    There are some youtube videos of what happens when you build a muscle car like the Dodge Viper using state-of-the-art mechanics and not using state-of-the-art computing like ABS... ;-)
    posted by -harlequin- at 7:08 PM on March 14, 2011 [1 favorite]


    I'd love to know how. I design embedded systems for a living, and although I'm more of a hardware guy, I like to think I follow the embedded OS stuff enough to know a little about what's going on. Unless a data port (CD or USB) is specifically designed to be a firmware upgrade path, I don't see how a data buffer overflow is going to turn it into one.

    Traditionally buffer overflow attacks execute arbitrary code by overwriting areas in memory that are going to fall on the program's normal execution path one way or another. Usually (on PCs at least--I have no idea about embedded systems) this is done by overflowing far enough to overwrite a procedure's return address on the stack to make it point to arbitrary code in your buffer, but it can also be done by overwriting actual program code depending on where the buffer is located.

    If your embedded system is the type where upgrade paths are fixed to devices and firmware can't just be upgraded out of memory, as I understand some (most?) are, then you won't be able to actually make permanent changes. This also won't work for systems where memory is only writable or executable but never both, as I'd imagine is the case for most embedded systems. That doesn't mean this scenario is impossible. As we see more and increasingly complex embedded systems there are bound to be some poorly-designed ones that have exactly these kinds of vulnerabilities, especially with first generation systems.
    posted by howlingmonkey at 4:32 AM on March 15, 2011


    « Older Are there renowned Internet startups with black...   |   Get along Kid Charlemagne Newer »


    This thread has been archived and is closed to new comments