Fun Stuff > CLIKC
Shellshock and other assorted computer security stuff
bhtooefr:
Well, that's terrifying.
And, really, I'm not surprised - even my 1999 Golf has a network upon which all devices can see everything else (while it's a year before VW put everything on a CAN bus, there is the K-line (essentially RS-232 at weird baud rates) that every control module in the car is sitting on for diagnostic purposes), and there's no access control other than matching the baud rate, sending the command to the correct control module address (but everything sees everything on the K-line), and occasionally 5 digit passwords that are, for the most part, printed in the workshop manuals).
Even things like the instrument cluster, which contains the immobilizer (well, on US-market cars it's not active until 2000), can be attacked with readily available software, the ROM dumped (on some clusters, this takes an hour of brute forcing a password, but most, it gets in immediately), the secret key code decoded, and the immobilizer protections are effectively defeated.
For all I know, there's a buffer overflow in the central locking (for manual windows)/central convenience (for power windows) module that can be used to attack other K-line or CAN-bus modules, for a wireless attack.
When modern cars don't even bother to isolate the infotainment from the powertrain/safety CAN bus, and have long-range wireless protocols in their infotainment systems... and even when they do (some cars use FlexRay or Ethernet for infotainment instead), they put infotainment data on the instrument cluster, which communicates with the powertrain/safety CAN bus anyway, and is therefore an attack surface on the powertrain/safety bus. And, don't forget the steering wheel/column controller, which is often on the powertrain/safety bus for things like cruise control (typically the airbags are directly connected to the airbag module) and the infotainment bus for infotainment control... And, then, you've got telematics systems that directly have a need to access the powertrain/safety bus to do what they do (crash detection to call emergency services, remote diagnostics, remote unlock (although central locking could be put on another bus), remote shutdown for police)...
ankhtahr:
Yep. I know of cars which have the control unit for the side mirror adjustments in the mirror, and this lead the whole CAN bus out of the vehicle. Those cars can actually be opened by opening the mirror casing, which is only clipped on and attaching to the CAN bus, which of course also controls the central locking. You can take control of a whole vehicle by opening the side mirror casing.
cesium133:
The car I bought a few weeks ago was recalled because of a bug in the radio software that causes the seatbelt chimes to not work. I guess I can sort of see them being related (and seatbelt chimes aren't exactly critical), but why on earth should the entertainment system software have access to the critical functions of the car like the engine and brakes? :psyduck:
Masterpiece:
Is it weird that I find this hugely fascinating
ChaoSera:
--- Quote from: Masterpiece on 21 Jul 2015, 17:54 ---Is it weird that I find this hugely fascinating
--- End quote ---
Not at all.
And cesium - it's probably a cost thing. If you wire everything up on one bus you don't have to put in additional cabelage, which saves money.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version