According to the authors of \u201cComprehensive Experimental Analyses of Automotive Attack Surfaces\u201d (Checkoway et al) not only are modern cars changing rapidly on an ongoing basis, adding new features and becoming more and more pervasively computerized, but they have real networks inside and a plethora of system interfaces to boot.\u00a0 Despite this threat model research has been reluctant to keep up with the Joneses, as it were (I also learned after looking at various resources that there is a Center for Automotive Embedded Systems Security<\/a>.\u00a0 You learn something new every day.)<\/p>\n A whole lotta lines of code make up the distributed network that lives under the hood, and last year the same researchers demonstrated that once in, it\u2019s over \u2013 all computer and control systems are compromised \u2013 including the engine, breaks, locks, you name it.\u00a0 This is due to a lack of any sort of control or security architecture inside.<\/p>\n Modern cars are controlled by a loosely coupled set of digital components called Electronic Control Units (ECUs), which are in charge of the pretty much everything you care about \u2013 the engine, drive train, brakes, stereo, and the like.\u00a0 An article[2]<\/a> claimed that there are up to 100 ECUs in your typical car with perhaps 100 million lines of code.\u00a0\u00a0 That\u2019s a lot of code.\u00a0 To put that in perspective, a brand new Airbus 380 jetliner has about the same number of ECUs (including the entertainment system), and our current jet fighter, the F22 raptor, has \u201conly\u201d 1.7 million lines.\u00a0 Automobile manufacturers have clearly embraced computerization in a big way.\u00a0 As we know from operating system and application security, there is just no hope in trying to secure that much code.<\/p>\n It is somewhat analogous to computer networks and applications that we build, which are all too often binary.\u00a0 And while once on a computer network you\u2019re really into a lot of resources by default, but at least on computer networks we have some monitoring, logging, and auditing going on (in theory ;))\u00a0 The older attacks required physical<\/em> access, however, to plug into the car\u2019s bloodstream and inject the attacks.\u00a0 Critics of their previous paper said that you could get similar results by simply cutting or mucking with the brake line, for instance.<\/p>\n So the researchers started to get nasty.\u00a0 What ways can a car communicate with the outside world?\u00a0 There\u2019s actually quite a few, including radio (digital and analogue), remote key fobs, CD\/media players, cell phones (things like OnStar actually work by placing a GPS and cell phone imbedded in your dash), Bluetooth\u2026 even your tires get into the action, with TPMS (Tire-Pressure Monitoring System, mandated for all US cars since 2007), which relays data in real time back to the rest of the car.<\/p>\n These all are run by software; you might guess what comes next.\u00a0 The little bits of software listening on these ports in the air get attacked; buffer overflows, protocol errors, fuzzing, all kinds of attacks.\u00a0 They took a couple of cars and tried to break various systems \u2013 the ones that proved most fruitful were CD, Bluetooth, and cellular:<\/p>\n Reading between the lines it seems that just about all entry points could be broken \u2013 again, they\u2019re just software, and not particularly hardened against attack.\u00a0 After reading the paper and listening to the talk I started to suspect that they could bend the car to their will just by staring at it<\/a>, but they decided not to publish that bit for fear of mass hysteria (or were stopped by various three-letter agencies.)<\/p>\n![\"\"](\"https:\/\/trouble.org\/wp-content\/uploads\/2012\/09\/nasty.png\" "\\"nasty\\"")
<\/a><\/p>\n
![\"\"](\"https:\/\/trouble.org\/wp-content\/uploads\/2012\/09\/goats1.png\" "\\"goats\\"")
<\/a><\/p>\n