Wired is reporting that Jeep Cherokees are vulnerable to the following
Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?mbid=social_twitter
I'm sorry if this was already discussed.....I did look, and didn't see a prior thread
Spooky stuff. Sure, they've spent a lot of time on it, but if a large group of people tried, i bet they could find the problems in significantly less time. I'll take my old car with no computer and no internet connection, but I'll sure as heck be watching all the new Jeep Cherokees drive by with a cautious eye (haha).
The jeep is a proof of concept. If a vehicle has an internet connection, drive by wire, and the onboard computers communicate via CAN, it's possible that it could be vulnerable
So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles’ technical manuals and wiring diagrams. Using those specs, they rated 24 cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers: How many and what types of radios connected the vehicle’s systems to the Internet; whether the Internet-connected computers were properly isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital commands could trigger physical actions like turning the wheel or activating brakes.
Based on that study, they rated Jeep Cherokee the most hackable model. Cadillac’s Escalade and Infiniti’s Q50 didn’t fare much better; Miller and Valasek ranked them second- and third-most vulnerable.
[ .... ]
But the opportunities for real-world car hacking have only grown, as automakers add wireless connections to vehicles’ internal networks. Uconnect is just one of a dozen telematics systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.
This goes a bit further than the report released a year or so ago. They needed to plug a computer in, but could, in the end, completely control the vehicle's electronic interfaces via computer.
Yup, same people.....they can now do it over the sprint wireless network....all they need is the jeep's IP address. they now remotely upload firmware into one of the computers on the CAN bus, allowing the entertainment system to communicate with other computers
I knew it was coming. I called it. Now if only they didn't delete all my podcasts. 
It also frustrates me no end how the automotive/aironautical/marine/etc manufacturers keep their heads in the sand regarding this problem. "Nope, it just can't happen."
That reminds me. What ever happened to that deal where the guy claimed to have hacked the airplane and control the engine speed. They said it wasn't possible and the story just disappeared. 
Yep..I'm an IT guy and the last thing I want is a glitchy computer connected to the internet controlling my engine, transmission and brakes.
N Sperlo wrote: That reminds me. What ever happened to that deal where the guy claimed to have hacked the airplane and control the engine speed. They said it wasn't possible and the story just disappeared.
The feds sat him down for a nice chat last time I heard...
It isn't rocket science to keep these things secure, but I guess it might as well be to the big auto manufacturers. These are Idiocracy-level mistakes being made to allow this to happen.
In reply to GameboyRMH:
Lots and lots of opportunities here in Detroit. Come and work.
In reply to alfadriver:
That really isn't a bad idea at all except the Detroit part.
In reply to Giant Purple Snorklewacker:
For this specific example, FCA's HQ is up in Pontiac. 20 min north of that is the middle of nowhere.
Detroit is for the hipsters, anymore.
Still, for all of the complaining and experts out there, come help. Put money in your bank accounts instead of just typing about it.
alfadriver wrote: In reply to Giant Purple Snorklewacker: For this specific example, FCA's HQ is up in Pontiac. 20 min north of that is the middle of nowhere. Detroit is for the hipsters, anymore. Still, for all of the complaining and experts out there, come help. Put money in your bank accounts instead of just typing about it.
It would be easy enough to hire those two to keep doing what they're doing....
GameboyRMH wrote: It isn't rocket science to keep these things secure, but I guess it might as well be to the big auto manufacturers. These are Idiocracy-level mistakes being made to allow this to happen.
Yea, but rather than use an industrial protocol that has been in use for decades, auto-manufacturers decided CANBUS was the way to go. Built in monopoly!
When we were getting our last round of buses delivered their was a guy running around with a laptop updating software so the would start every morning. He was explaining how many computers were on board and what they controlled. I asked him how long he thought it would be before someone came up with an app that someone could use that would keep the doors open until they got on. I looked excited like maybe there could be another update they could sell us.
how in the world is a drive by wire system allowed to have 2 way communication with something outside its critical function?
Thats appallingly stupid design.
And people wonder why I abhor the idea of self driving cars...
Curmudgeon wrote: And people wonder why I abhor the idea of self driving cars...
Yup, there's talk of having cars in front "tell" cars behind that they're braking instead of depending on proximity sensors to figure that our. If that is implemented, we'll soon have people working on ways to spoof a signal and activate the braking system.
madmallard wrote: how in the world is a drive by wire system allowed to have 2 way communication with something outside its critical function? Thats appallingly stupid design.
Seems to me an air gap would be reasonable. One system for the powertrain/chassis, one to entertain the meat. Does the throttle really need to know what DVD is playing?
JoeyM wrote:Curmudgeon wrote: And people wonder why I abhor the idea of self driving cars...Yup, there's talk of having cars in front "tell" cars behind that they're braking instead of depending on proximity sensors to figure that our. If that is implemented, we'll soon have people working on ways to spoof a signal and activate the braking system.
This thread is giving me flashbacks. If I only remembered everything I talked about that day. I had this E36 M3 down to the science. It got kinda creepy.
I dunno, cables and linkages worked well enough, and can't be hacked.
It's a creepy scenario, and makes one wonder about the possibilities.
I think we might have discussed this a couple years ago:
http://m.nydailynews.com/news/national/conspiracy-theories-abound-michael-hastings-death-article-1.1377392
There were theorists discussing the possibility then. It appears that it's even easier to do now.
Keith Tanner wrote:madmallard wrote: how in the world is a drive by wire system allowed to have 2 way communication with something outside its critical function? Thats appallingly stupid design.Seems to me an air gap would be reasonable. One system for the powertrain/chassis, one to entertain the meat. Does the throttle really need to know what DVD is playing?
Isn't that sort of the, at least in my mind, the major design flaw of the whole CAN bus architecture - that a malfunctioning radio can give you a non start condition. Everything is interlinked. Good for Bosch on the patent front but not so good for everyone else.
In reply to oldtin:
Bosch supplies most of the industry. Especially the electronic throttles. If they have it, most everyone has it.
You'll need to log in to post.
