Hacking Your Car – It Is Not So Hard
Probably many of you saw the 60 Minutes segment on hacking your car (see video here). In the 60 Minutes segment, the researcher/hacker was able to turn on the wipers and washers, blow the horn and disable the brakes in that demonstration. Here is a link to a conversation with the guys who did the 60 Minutes hack (See link. This is a podcast and the part that you may be interested in starts right at 1:00:00 into the video and lasts about 45 minutes)
The NY Times reported about a team of researchers from the University of Washington and the University of California at San Diego who took over the basic functions of a car, including control of the engine, remotely. They delivered their report to the National Academy of Sciences last week.
These particular attacks compromised the telematics systems of these cars – basically a glorified old cell phone system – and took over the cars.
BMW just patched a particular bug a few weeks ago (see post). They were very proud that they patched this vulnerability in only 9 months and sent the patch over this cell phone connection so you didn’t have to take the car to the dealer to fix it. Is it likely that a hacker could do the same thing – you decide?
Today cars have as many as 50 computers in them, most all of which are connected to a “Car Area Network”. Effectively, very similar to the LAN in your office, this CAN Bus (technically CAN stands for controller area network) was designed by Bosch in 1983 and published as a standard in 1986 (see reference). The current version, 2.0, was released in 1991. That would make the standard almost 25 years old. Think about the cell phone you had 25 years ago. Would you want to use that today?
The CAN Bus has no security at all and is very slow (think of accessing the Internet today over a dialup modem from 25 years ago). That is what your car is doing.
In June 2013, Michael Hastings, a reporter in L.A. who wrote some pretty controversial articles was killed in a single car accident. The car exploded in flames and crashed into a tree (it is unclear which order that occurred in) and the accident happened with such force that it threw the engine 50 yards from the car (see article).
Could someone who was unhappy with Michael’s reporting have hacked the car? In the old days you would just attach a bomb to the car. That leaves evidence. Assuming that really happened in this case, there would be no evidence. Those 50 computers in his Mercedes don’t generate log files like your PC can (but probably does not). Way too much overhead.
Richard Clarke, who worked in the State Department under President Reagan, headed up counterterrorism efforts under Presidents Bush 1, Bush 2 and Clinton and was a special advisor to President George W. Bush on cyberterrorism, said (see quote):
I’m not a conspiracy guy. In fact, I’ve spent most of my life knocking down conspiracy theories,” said Clarke, who ran afoul of the second Bush administration when he criticized the decision to invade Iraq after 9/11. “But my rule has always been you don’t knock down a conspiracy theory until you can prove it [wrong]. And in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can’t prove it.”
Just to be clear, Clarke is NOT saying that Hastings’ car was hacked, just that it was possible. Given what we saw on 60 Minutes, that would be hard to argue with.
Also, if that occurred, it would be very unlikely that there was any evidence left behind to prove or disprove the fact. The circuit boards likely burned up in the ensuing fire.
Could a nation state execute an attack like this – absolutely. No question. Richard Clarke said that it was very unlikely that the L.A. police department had the expertise to figure out if the car was hacked – assuming they had any inclination to do so.
I wrote about Senator Markey’s questioning of auto manufacturers on the subject of security (see post) a few weeks ago and only one manufacturer out of 20 responded with anything that remotely dealt with the issue.
What needs to happen is a redesign of the CAN Bus – Bosch has done some work in that area (like CAN FD 1.0) and it can coexist with the old protocols, but adding security would break everything that is already deployed.
That redesign probably won’t happen until a catastrophe occurs.
If you car does not have telematics (like GM’s On Star, Toyota’s Safety Connect, Ford’s Sync, Mercedes MBrace or other systems), then the hacker would have to have physical access to your car. That could be as simple as getting you to play an infected DVD – not very complicated – but the hack shown on 60 Minutes would not have worked.
Finally, there is a privacy concern. For example, these hackers could turn on the in car microphone and eavesdrop on you – the NSA might be very interested in doing that to terrorists.
I don’t know if the 60 Minutes piece is enough to get the car makers in gear (to avoid the threat of Congress “helping” them), but let’s hope so.
Mitch