Researchers Discover That Cars Can Be Hacked With Music

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

32 thoughts on “Researchers Discover That Cars Can Be Hacked With Music

  1. KEY here is SOME… I’m betting in reality it’s ONE. and a poorly designed one at that.

    Honestly this is all overhype. It’s a group of researchers trying to keep in the limelight for their “research”… most of us in the car engine and system modding scene have known about their “exploits” for a decade.. and they are not exploits, no matter how “leet” they want to be. Its sending commands on the data bus, nothing more.

  2. Maybe it is just “sending data on the data bus”, but the fact is – downloaded content from the internet, when burned to a CD and plugged into an in car media device should not be able to access the same data bus as key safety devices such as speedo or brakes.

    Maybe you have known about this for 10 years, but this research in question was carried out on a 2009 vehicle. So obviously the motor manufacturers are not as clued up as yourself.

    Personally I think that it is a good thing that this research is carried out and published so the manufacturers can design out these bugs before they become a real issue.

  3. It’s not really music though, is it? I mean, most in-car CD players have had a firmware upgrade feature for a while. What’s the easiest way to upgrade the firmware on a CD player? Save the binary file to a CD and let the CD player load it.

  4. I have a lot of doubts of their claims. They’ve been working on exploiting GM’s GMLAN thus far. Having dabbled in this myself (I own a GM vehicle that’s highly connected), the accessory bus is NOT connected to the same bus that the critical systems are. Sure, they can play with the windows, locks, and TPMS (Tire Pressure Monitor System), but the PCM and TCM (what control the engine and transmission) are not accessible through the means they describe.

    Now, if they figured out how to call in to the onstar box, that’s a different story. OnStar has access to both the GMLAN highspeed (engine/trans) and lowspeed (body control, entertainment) and could wreak some serious havoc.

    End of the day, nothing to see here, move along.

  5. Whew, it is a good thing h3llphyre is here to clear everything up. Obviously he is far better versed in this sort of thing than a group of researchers that have PHDs because he “owns a GM vehicle that’s highly connected”.

    Please.

    The fact that I own a Hi-Def TV or a microwave doesn’t make me an electrical engineer, even if I have dabbled in a few microwave dinners.

    You don’t really need access to the engine, just the same bus on which the ignition sits – which is the same as windows, locks, etc. – especially in cars that are keyless.

  6. what they are talking about “specially crafted MP3” means that they have found a buffer overflow exploitation vector in the media system’s MP3 player stack, so they have control over that micro processor, and then they can send data to anything connected to that (over the shared bus).

  7. adding all this crap like WiFi to cars is just f|_|cking nonsense. it’s just like computers. a p4 3ghz with windowsxp is all you really needed 4 or 5 years ago. however, the industry wants you to keep buying and they have to have some justification for you to keep buying and for the prices to stay stationary instead of going down…add more sh!t.

  8. what we really need are light-weight, fuel-efficient cars. if we need cars that are connected to the internet and can park or drive themselves, we should be on a f |_|cking train or bus.

  9. if your cars have OBDII system then you have the same CAN bus system. Its just your cars are old and busted so they don’t have all the nice bluetooth and mp3 playing shit connected to the car’s computer. But your power locks and windows would be in question for an attack vector!

  10. program the car to stall at a given distance, say in the desert, and then you have a sitting duck victim. I for one don’t like the idea of some punk robbing me, literally or “for services rendered,” and I certainly wouldn’t like to die because I couldn’t unlock the doors or roll the windows down in the hot sun.

  11. @KebertXela

    I’m actually an electrical engineer, I’ve done professional work with CANBus, I just happen to tinker with my own equipment at home. I’ve read their paper (both of them) and although their results are real, it’s not to the level that the news is sensationalizing it.

    In GM vehicles, there are two systems that bridge the two buses (Known as GMLAN highspeed and lowspeed). OnStar is one and it’s relatively secure. The other is the DIC (Driver Information Center) which is a display on the dashboard. The DIC can only be reprogrammed by taking it out of the car and connecting to the unpopulated headers on the PCB itself. OnStar is the same way, except the physical box is MUCH easier to access (mounted in the trunk, held on with plastic tabs).

    The ignition system is NOT part of the body control module (BCM), it is tied to the PCM (Powertrain Control Module). The factory remote start is also tied to the PCM (GMLAN Highspeed bus). The factory remote start actually sends a message over the CANBus to the PCM to initiate a start procedure (the locks are hardwired to the remote start module, not on the bus).

    All of that being said, what they’ve shown is that if you can get a device connected to the GMLAN Highspeed Bus, you can wreak havoc. It *is* a concern, as 99.99% of people would NEVER notice something plugged into the OBD2 connector (it’s in the driver foot well) and it’s a lot more dangerous than the old tried and true “cut the brake lines” as it’s not noticeable until it’s triggered.

    Either way, figured I’d give more information, rather than feed the troll.

  12. I can see it now, Jailbreak your car and get better gas mileage. I know if I ever get a car newer than 1985 Ill probably be hacking it myself, and who knows play a CD to remove the system governor would be pretty cool.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.