Researchers discover that cars can be hacked with music

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

Comments

  1. wosser says:

    So that’s why my Veyron always stalls out when Justin Beiber is on the radio.

  2. Epic fail above…

  3. fartface says:

    KEY here is SOME… I’m betting in reality it’s ONE. and a poorly designed one at that.

    Honestly this is all overhype. It’s a group of researchers trying to keep in the limelight for their “research”… most of us in the car engine and system modding scene have known about their “exploits” for a decade.. and they are not exploits, no matter how “leet” they want to be. Its sending commands on the data bus, nothing more.

  4. holly_smoke says:

    Maybe it is just “sending data on the data bus”, but the fact is – downloaded content from the internet, when burned to a CD and plugged into an in car media device should not be able to access the same data bus as key safety devices such as speedo or brakes.

    Maybe you have known about this for 10 years, but this research in question was carried out on a 2009 vehicle. So obviously the motor manufacturers are not as clued up as yourself.

    Personally I think that it is a good thing that this research is carried out and published so the manufacturers can design out these bugs before they become a real issue.

  5. Aeros says:

    “anti-malware subscription with a new car purchase”..too funny

  6. jeff-o says:

    Let’s see them hack my 98 Mercury Mystique. It’s got about as much electronics as a hair dryer.

  7. La[bRat] says:

    It’s not really music though, is it? I mean, most in-car CD players have had a firmware upgrade feature for a while. What’s the easiest way to upgrade the firmware on a CD player? Save the binary file to a CD and let the CD player load it.

  8. h3llphyre says:

    I have a lot of doubts of their claims. They’ve been working on exploiting GM’s GMLAN thus far. Having dabbled in this myself (I own a GM vehicle that’s highly connected), the accessory bus is NOT connected to the same bus that the critical systems are. Sure, they can play with the windows, locks, and TPMS (Tire Pressure Monitor System), but the PCM and TCM (what control the engine and transmission) are not accessible through the means they describe.

    Now, if they figured out how to call in to the onstar box, that’s a different story. OnStar has access to both the GMLAN highspeed (engine/trans) and lowspeed (body control, entertainment) and could wreak some serious havoc.

    End of the day, nothing to see here, move along.

  9. ChalkBored says:

    Sony rootkit on your Civic.

  10. KebertXela says:

    Whew, it is a good thing h3llphyre is here to clear everything up. Obviously he is far better versed in this sort of thing than a group of researchers that have PHDs because he “owns a GM vehicle that’s highly connected”.

    Please.

    The fact that I own a Hi-Def TV or a microwave doesn’t make me an electrical engineer, even if I have dabbled in a few microwave dinners.

    You don’t really need access to the engine, just the same bus on which the ignition sits – which is the same as windows, locks, etc. – especially in cars that are keyless.

  11. griffon says:

    what they are talking about “specially crafted MP3″ means that they have found a buffer overflow exploitation vector in the media system’s MP3 player stack, so they have control over that micro processor, and then they can send data to anything connected to that (over the shared bus).

  12. yonsje says:

    Does this remind anyone else of the X-files episode “killswitch”?

  13. xorpunk says:

    Heap overflow and OBD..who cares..let them hack the crypto or GPS and someone might not yawn when reading about their research.

  14. Necromant says:

    1. Buy a car
    2. Install gentoo on it
    ???
    3. PROFIT!

  15. jim says:

    Altering the firmware of a CD player has no effect on the ECU, which in turn is unrelated to the locks. It’s just scaremongering for the sake of it.

  16. jim says:

    @griffon: what they most likely found is that how firmware update feature is initiated. My money’s on the CD’s TOC, and that is never uploaded to P2P.

  17. Sodor says:

    1.- Hack your car.
    2.- Add a nokia color LCD.
    3.- try to run DOOM.

  18. paul says:

    i agree. the first time I hear the word mcafee or norton I’m walking

  19. JB says:

    I dare them hack my 1995 Geo Tracker! :P

  20. ewookie says:

    adding all this crap like WiFi to cars is just f|_|cking nonsense. it’s just like computers. a p4 3ghz with windowsxp is all you really needed 4 or 5 years ago. however, the industry wants you to keep buying and they have to have some justification for you to keep buying and for the prices to stay stationary instead of going down…add more sh!t.

  21. ewookie says:

    what we really need are light-weight, fuel-efficient cars. if we need cars that are connected to the internet and can park or drive themselves, we should be on a f |_|cking train or bus.

  22. t&p says:

    if your cars have OBDII system then you have the same CAN bus system. Its just your cars are old and busted so they don’t have all the nice bluetooth and mp3 playing shit connected to the car’s computer. But your power locks and windows would be in question for an attack vector!

  23. Grayda says:

    Sony rootkit in your car? I smell a lawsuit because it’s using Sony products on non-authorized hardware.

  24. Jayson says:

    And so Skynet begins….

  25. Jeditalian says:

    where you see a problem, i see potential..
    GET TO THE BACKTRACKMOBILE!
    Play ‘slow ride’ and your car is speed governed to like 15mph.

  26. Anonymous says:

    This is why I drive a 1967 Dart with the 225 slant six and a two-barrel carb. No Skynet in this car!

  27. zeroTolerance says:

    program the car to stall at a given distance, say in the desert, and then you have a sitting duck victim. I for one don’t like the idea of some punk robbing me, literally or “for services rendered,” and I certainly wouldn’t like to die because I couldn’t unlock the doors or roll the windows down in the hot sun.

  28. h3llphyre says:

    @KebertXela

    I’m actually an electrical engineer, I’ve done professional work with CANBus, I just happen to tinker with my own equipment at home. I’ve read their paper (both of them) and although their results are real, it’s not to the level that the news is sensationalizing it.

    In GM vehicles, there are two systems that bridge the two buses (Known as GMLAN highspeed and lowspeed). OnStar is one and it’s relatively secure. The other is the DIC (Driver Information Center) which is a display on the dashboard. The DIC can only be reprogrammed by taking it out of the car and connecting to the unpopulated headers on the PCB itself. OnStar is the same way, except the physical box is MUCH easier to access (mounted in the trunk, held on with plastic tabs).

    The ignition system is NOT part of the body control module (BCM), it is tied to the PCM (Powertrain Control Module). The factory remote start is also tied to the PCM (GMLAN Highspeed bus). The factory remote start actually sends a message over the CANBus to the PCM to initiate a start procedure (the locks are hardwired to the remote start module, not on the bus).

    All of that being said, what they’ve shown is that if you can get a device connected to the GMLAN Highspeed Bus, you can wreak havoc. It *is* a concern, as 99.99% of people would NEVER notice something plugged into the OBD2 connector (it’s in the driver foot well) and it’s a lot more dangerous than the old tried and true “cut the brake lines” as it’s not noticeable until it’s triggered.

    Either way, figured I’d give more information, rather than feed the troll.

  29. clay says:

    I am assuming that this article has come to light because of this:

    http://www.reddit.com/r/technology/comments/fj04r/reddit_the_dealership_told_me_that_pirated_music

  30. mykeyfinn says:

    I can see it now, Jailbreak your car and get better gas mileage. I know if I ever get a car newer than 1985 Ill probably be hacking it myself, and who knows play a CD to remove the system governor would be pretty cool.

  31. Malikaii says:

    zeroTolerance: You would die before breaking the windows of your car?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,693 other followers