"edu-petrolhead" (edu-petrolhead)
07/24/2015 at 10:22 • Filed to: blog, tech, smart car | 1 | 23 |
There are a lot of people excited with these new infotainment operating systems. “It will facilitate the communications between your smartphone and your car, wooooo!”. But there’s something I don’t think anyone had yet thought about: In car computer viruses.
They said, years ago, smartphones were invulnerable to viruses. Yet the hackers (and the NSA) discovered how to exploit small breaches to get full control of the device. They said Macs couldn’t get viruses, but yet again the hackers (and probably the NSA too) discovered how to exploit small breaches to get full control of the computers. Heck, there are even !!!error: Indecipherable SUB-paragraph formatting!!! viruses.
After the recent news about a Chrysler’s Uconnect security breach which can, in theory, (which means it will be used IRL by a 14 year old script kiddie ) give total control of the car to a hacker. I heard before what sounded an anachronism alert in my head: “Infotainment systems are invulnerable to viruses”, which according to the last examples, probably means they’ll begin discovering viruses for them in the next months.
So, with more and more drive-by-wire systems and the inevitable security breaches in these infotainment OS, it isn’t hard to imagine a malware programmed to infect Android Auto / Apple CarPlay, exploit a breach to gain access to the ECU and wrecking havoc in throttle control, steering wheel sensivity or, in worst cases, disabling air bags and cranking the throttle to eleven. Depending on the level of connectivity of the engine’s systems, someone could code a virus similar to !!!error: Indecipherable SUB-paragraph formatting!!! (a computer virus who could physically damage the computer) to disable the oil/water pump and physically damaging the engine.
This is one of the reasons I like older cars. They’re mechanical. They can’t be hacked. Fear the future.
spanfucker retire bitch
> edu-petrolhead
07/24/2015 at 10:26 | 0 |
This is assuming that Android Auto and Apple CarPlay are even built to have access to any of the car’s ECUs.
Anything electronic can be exploited, it’s as simple as that. However, the advantage that CarPlay and Android Auto offer (that so far only Tesla has been able to do) is enable quick updates. They’re just apps that run from your smartphones, anything and everything is done wirelessly from your handset. Meaning you don’t have to take it into the dealer to get a patch installed to fix something.
RamblinRover Luxury-Yacht
> edu-petrolhead
07/24/2015 at 10:26 | 2 |
It used to be that embedded systems weren’t vulnerable to many attacks because they didn’t have to interface on a code-sharing level with any external devices. That was a
nice
15 minutes.
Steve Zissou
> edu-petrolhead
07/24/2015 at 10:33 | 0 |
This is one of the reasons I like older cars. They’re mechanical. They can’t be hacked. Fear the future.
How to hack the brakes on your mechanical car:
spanfucker retire bitch
> RamblinRover Luxury-Yacht
07/24/2015 at 10:36 | 1 |
Embedded devices (like machine controllers) still wouldn’t be vulnerable if the people who installed them actually did it right. I can’t tell you the number of articles I’ve read of embedded systems at power plants that were exposed to the internet without:
Being behind any Firewalls.
Having changed the admin password
Having changed the admin log-in name
Having ever been updated, despite the updates adding numerous improvements in terms of performance, features, and security updates.
It’s almost like they still think the embedded systems have no communications capabilities.
Stapleface-Now Hyphenated!
> edu-petrolhead
07/24/2015 at 10:39 | 1 |
I’m just thinking out loud here, but can’t/shouldn’t the infotainment system be completely walled off from the rest of the vehicle? Why does the in car computer need to care what station I’m listening to? While I see the potential there to hack the infotainment system, to me it should stop there. People screwing with my radio is a nuisance, but that's about it. They shouldn't have access to the other systems in the car. If they are all integrated, that just seems really dumb to me, and just asking for trouble.
RamblinRover Luxury-Yacht
> Steve Zissou
07/24/2015 at 10:41 | 0 |
...and any other car that’s not ancient enough for mechanical brakes, and even some of them.
CalzoneGolem
> Steve Zissou
07/24/2015 at 10:41 | 0 |
Bad Idea Hat
> edu-petrolhead
07/24/2015 at 10:45 | 0 |
SCARY HACKER
SummerFun
> CalzoneGolem
07/24/2015 at 10:45 | 0 |
edu-petrolhead
> Stapleface-Now Hyphenated!
07/24/2015 at 10:55 | 0 |
But many systems in industrial computers, smartphones and you name it are (in theory) independent of the rest of the machine. However, who wants to exploit them
always
find a breach. These softwares are enormously complex, with dozens of thousands of lines of code. It’s impossible to code a perfect code, without leaving a breach somewhere. The
STUXNET
worm, for example, was engineering to infect a Windows computer and find its way through the intranet until it reached a Siemens computer with the Step7 (not Windows, not Linux), in theory walled from anything else, and physically destroy uranium-enrichment usines in Iran.
edu-petrolhead
> Steve Zissou
07/24/2015 at 10:56 | 0 |
Haha, that’s true.
Brian, The Life of
> edu-petrolhead
07/24/2015 at 10:59 | 2 |
I’ve been using iOS since the original iPhone and have yet to see a single virus. That said, I’ve also never jailbroken any of my phones so that may have something to do with it.
Stapleface-Now Hyphenated!
> edu-petrolhead
07/24/2015 at 11:10 | 0 |
Okay, what you're saying makes a good deal of sense. But, I guess my question is why does the infotainment have to even talk to the car? Why aren't they completely independent? I bring my smartphone into my car, it doesn't control the cruise control, no matter how hard I try. Why should an infotainment system be any different at all?
For Sweden
> Brian, The Life of
07/24/2015 at 11:19 | 2 |
Life is safe in Oceania
scoob
> edu-petrolhead
07/24/2015 at 11:23 | 1 |
THIS IS WHY OLDER CARS ARE THE BEST.
*Shakes fist at cloud*
Nibbles
> edu-petrolhead
07/24/2015 at 11:40 | 0 |
You know, there is one OS that has yet to be compromised...
edu-petrolhead
> Nibbles
07/24/2015 at 12:26 | 0 |
This one?
Or this one?
edu-petrolhead
> Stapleface-Now Hyphenated!
07/24/2015 at 12:30 | 0 |
Yes, they should be completely independent. But I don’t believe they would be like that, in the real deal. Probably someone (or even some company) will speak to Google/Apple to get the SDK to make a ODBII app, or something akin to a gauge cluster, by reading information from the car systems. If this isn’t very well coded, it could have a security breach.
edu-petrolhead
> Brian, The Life of
07/24/2015 at 12:32 | 0 |
That made me think: And when people jailbreak their cars? Imagine the street ricers of 2050, coding their cars to go faster.
But you got a valid point. I’m not a big
coinoisseur
of iThings, but Android can get viruses even without jailbreak.
Nibbles
> edu-petrolhead
07/24/2015 at 13:36 | 0 |
Clarification:
You know, there is one current mobile OS that has yet to be compromised...
edu-petrolhead
> Nibbles
07/24/2015 at 13:38 | 0 |
A-ha, Maemo Linux!
Nibbles
> edu-petrolhead
07/24/2015 at 13:42 | 0 |
swaptastic
> edu-petrolhead
07/24/2015 at 16:12 | 0 |
I have thought about this for a while. The “everything connected” ecosystem is going to be a rough path for us. Computer security is a cat-and-mouse game and it took a while for computers companies to realize this. I fear the same learning curve for car manufactures. But eventually certain car manufacturers will rise above the rest in terms of strong security while others will lag behind. I consider this to be the auto industry’s new “dependability” test.