Sufficiently Advanced Tech: Has Bugs

Arthur C. Clarke said that “Any sufficiently advanced technology is indistinguishable from magic”. He was a sci-fi writer, though, and not a security guy. Maybe it should read “Any sufficiently advanced tech has security flaws”. Because this is the story of breaking into a car through its headlight.

In a marvelous writeup, half-story, half CAN-bus masterclass, [Ken Tindell] details how car thieves pried off the front headlight of a friend’s Toyota, and managed to steal it just by saying the right things into the network. Since the headlight is on the same network as the door locks, pulling out the bulb and sending the “open the door” message repeatedly, along with a lot of other commands to essentially jam some other security features, can pull it off.

Half of you are asking what this has to do with Arthur C. Clarke, and the other half are probably asking what a lightbulb is doing on a car’s data network. In principle, it’s a great idea to have all of the electronics in a car be smart electronics, reporting their status back to the central computer. It’s how we know when our lights are out, or what our tire pressure is, from the driver’s seat. But adding features adds attack surfaces. What seems like magic to the driver looks like a gold mine to the attacker, or to car thieves.

With automotive CAN, security was kind of a second thought, and I don’t mean this uncharitably. The first goal was making sure that the system worked across all auto manufacturers and parts suppliers, and that’s tricky enough. Security would have to come second. And more modern cars have their CAN networks encrypted now, adding layers of magic on top of magic.

But I’m nearly certain that, when deciding to replace the simple current-sensing test of whether a bulb was burnt out, the engineers probably didn’t have the full cost of moving the bulb onto the CAN bus in mind. They certainly had dreams of simplifying the wiring harness, and of bringing the lowly headlight into the modern age, but I’d bet they had no idea that folks were going to use the headlight port to open the doors. Sufficiently advanced tech.

74 thoughts on “Sufficiently Advanced Tech: Has Bugs

    1. Yes indeed the human body and mind are both chock full of literally crippling bugs and we are most certainly not sufficiently advanced to handle much of anything more complicated than a rock or a stick.

    1. Depends – The Autopian article this is from pointed out that Porsche Cayenne headlights are/were comically easy to steal and briefly become the #1 source of cheap Xenon lamps for drug farms.

      Some cars the head/tail lamp assemblies can be popped out by a sharp blow from the hand (or attach a sucker and tug), that was actually the factory prescribed method for the tail lights on my partner’s old Seat.

      1. Nobody uses Xenon lamps to grow.
        Spectrum isn’t great but mostly they’re not efficient enough. The hype is on LED but in reality it’s HPS as indoor dies off in favor of outdoor where legal.

        Stolen fat pig Porsche parts were no doubt sold to owners of other fat pig Porsches. You gotta wonder about people who walk into a Porsche stealership looking for their heaviest vehicle with the thinnest Porsche veneer (over VW).

        1. It used to be said that there were two kinds of Harley Davidson owners.
          One group bought replacement parts from the dealers,
          And the other group got theirs from the first group.

    2. I cannot understand why no automotive communication architect uses the skill of routing properly.

      Messages that are not relevant on a particular subbus should just be ignored and also not forwarded from elsewhere. Why is this so difficult?

      This isnt even a security measure, just a architecture!

  1. I”m surprised that this same old quote by Clarke is repeated/hyped over and over again.
    The statement itself is nothing to write home about, it’s self-explanatory. Or so I thought.

  2. I’m still not sure why cars need computers in the first place. Speed control and steering aren’t the most complicated of tasks, surely they can be achieved by analog or mechanical means. All these computerized cars remind me of projects that use an arduino to blink an LED.

    1. Its just “mine goes to 11”.
      I heartfully hate new cars, for the bad visibility from inside, the fleshburning strong headlights completely blinding me an all those motors and sensors. Everyting to distract me from the basic task at hand: not hitting people and things traveling from A to B

    2. It started with replacing carburetors and distributors, because there are lots of advantages to injecting exactly the right amount of fuel at exactly the right time, and in lighting the spark at exactly the right moment. You might be surprised how many different compensations come into play for just those two functions.

      Then came convenience features like remote lock/unlock, with dome lights that come and go accordingly. Or thermostatic climate control. Sure you could automate that stuff mechanically too, but sensors are cheap and software costs are negligible when amortized across an entire production run.

      Consider the dead-light indicators mentioned in this article. The low-tech approach would require running wires from every light sensor to the indicator lights on the dashboard. Whereas the canbus approach only requires wiring from each each sensor to the nearest bus stop. The cost savings in materials and installation labor probably far outweighs the cost of writing code to read the bus and display a message on the dashboard as needed. (The costs associated with the resulting vulnerabilities are another matter, of course.)

      Software is eating the world, as Andreessen said.

          1. Ok what about stop lights/ numberplate lights and running lights ? On my car there all powered from a rear module, that itself is then on the canbus, the lights are traditionally wired

          2. Let’s see. What does the rear module need in terms of signals?

            Power, that’s mandatory. Left blinker, right blinker, brake, park/reverse. The blinkers can be multiplexed on the same signal wire using analog means, and so can the brake/park signals, so the whole setup can be built with a minimum of three wires, using no micro-controllers, no serial bus, nothing but old fashioned diode-transistor logic.

          3. Dude: you forgot running lights, rear defog, rear wiper, maybe hatch window, hatch/trunk auto open, hatch/trunk auto close (mechanic full employment feature), fuel door open and child smacker for each seat.

          4. >I guess that means you don’t brake and indicate while you’re reversing.

            If you switch between the functions rapidly and add a capacitor to delay the switch relay, both can be on at the same time.

          5. >you forgot running lights

            No. That’s what the power wire does. If the power is on, the car is quite probably running.

            >fuel door open

            Mechanical cable in my car. Works without power, which is a kind of a must if you ask me.

        1. The arguement is that peole are too lazy to check their lights manually so we need the dash to tell them.
          But people are then just too lazy (or tight) to change the bulb or pay for it to be changed because these days people are too lazy to learn skills beyond watching cat videos.

    3. You are right. But having a CANbus means three wires (+12V and CAN D+ and D-, assuming chassis for ground) can go between the dashboard and the headlight assembly, while controlling bout 5 different beams and signals, control whether any of those are broken and maybe directional control. Not Running 10+ wires, half of them multi-amp-current-carrying, can lead to a significant cost saving, while making it easier to add options or model updates. All significant advantages, mainly to the carmaker.

      1. With chassis ground, you need one wire for regular lights, one for high beams, and one for the blinker. That’s three wires. Four if you want a parking signal. You can detect if the light is broken by the fact that it doesn’t draw current. Five wires maximum if you also want electric beam level adjustment.

        I don’t see where you get ten.

        1. it’s more a difference in topology than just wire count. think of it like USB. in my livingroom i have a 10′ USB cable going to a USB hub, and then a bunch of 3′ device cables going to my joystick / keyboard / mouse. ideally, in a fully-digitalized car, you might have one bus going everywhere and you just put branches in it whereever makes the most sense. it can simplify the wiring harness tremendously. to control all of the functions of all of the lights, there might be only a single wire leaving the control unit, even though yeah it will have to branch out to reach them all.

          i’m not sure how it’s really going. my friend’s 2017 F150 has roughly a 20-wire bundle going to the bed for all of its lights and so on, and i think it feeds the trailer lights too. and if you disconnect that bundle, then a bunch of unrelated functions break too, including electric windows and door locks. so they introduced all of the delicacy of the most poorly-designed digital interface you can imagine, and simultaneously completely failed to reduce the wire count. not sure how that happened but clearly there are some hitches along the way :)

          1. Sure, but with the digital bus you still need one power cable and two signals. I can do analog headlights with one power cable and two signals just the same. One signal wire selects between high/low beams and with a bit of diode steering logic you can tri-state the second wire to turn on the direction signal or the parking light.

            There’s literally no reason to pull a CAN bus to your headlights.

          2. Dude, i don’t think you got what i said. yes, you will need to have a similar number of wires going into the light module. but you’ve got *at least* 4 light modules (at the 4 corners). with digital buses, you can conceivably have one wire leaving the control unit that goes to all 4 of those. without digital, it would be very difficult to achieve that — there would tend to be *at least* 4 wires leaving the control unit.

            the question is just whether each peripheral’s control signal has to be a home run directly to the control unit, or if they can be much shorter runs to localized branching points (hubs). it is an advantage. immediately, it simplifies the wiring harness. and in the future, it allows the number of peripherals and control functions to grow much faster than the complexity of the wiring harness, which is a big deal as cars gain features.

          3. >whether each peripheral’s control signal has to be a home run directly to the control unit

            Yes. Otherwise, if your bus breaks then all your lights are out, which is a worse problem than spending a few extra dollars of wire.

        2. If you want to detect through using current, you need to be able to detect if the light is supposed to be on, which at minimum is adding another wire and probably micro. This is for brake lights. Because you don’t want to only show the broken brake light warning when the brakes are pressed.

    4. Seriously! And these modern jet liners are the worst too with the auto pilots, ILS, and ability to go from LA to NYC in like 5-6 hours. I’ve literally flown an airplane. Yoke foreward, nose goes down. Stick left or right, plane banks left or right. I can do it without computers and stuff. How hard could it really be?!

  3. “Sufficiently advanced” technology is often so fragile that fine china looks at it in envy – look at any project that goes through several layers of web-based abstraction /subscriptions/setup parameters before doing something simple and how often it fails.

    The engineers actually were driven by financial analysts doing the simple calculation that $X invested in a CAN bus system design saves ¥ in harness/parts costs while offering €Z in “features” to attract more customers to a higher priced vehicle. Unless the vehicle is so soludicrously easy to steal that you get sued years down the line. the rest of it isn’t their problem. If it is (looking at you,Hyundai), it’s legal’s problem, not yours and will be obfuscated and delayed into obscurity.

      1. Actually, I always thought that relevant companies or very reputable companies are wise insofar that they do employ tinkerers/researchers that come up with ideas/concept without the need for them to have money on the mind. They just have to experiment, do their research. Perhaps that’s not true, not sure. 🤷‍♂️ As an European, I suppose, I don’t measure everything in money and I don’t define myself through a job. But maybe that’s just me. 🤷‍♂️

      2. Electricity was “high-tech designed to appeal to futurists” when it was introduced to public, cars themselves was “high-tech designed to appeal to futurists” when they was introduced to public and so was many other “high-tech” we know today.

        “Cost-cutting” is not a bad thing either – most of it is done because of competition and therefore is translated to lower prices of products.

        When Ford wanted to achieve his “car for everyone” idea, he needed to take extreme cost cutting measures to accomplish that. And sure there were many people, that was claiming “who need this car when horse is just fine?”

        Moving from mechanical to digital, from hardware to software allows you to create more complex and feature rich systems – which would be borderline impossible or too expensive when done “the old way”.

        We now use automation to make physical products instead of making them “the old way” – “by hand”. We write software for this automation by hand. Maybe in the future we will stop doing that as well and will use “AI” instead for doing so.

        1. The fact that you see no problems with any of the things you posted lets me know you’re in too deep to bother arguing with. Enjoy your future AI hellscape, I’m sure it’ll be very efficient (at doing whatever it wants to, and marketing itself to you as products).

        2. When electricity was introduced, at very first it was a magic trick of floating a bunch of feathers and shocking people to “cure” them of imaginary diseases, for money, by a bunch of quacks. It took a long time and a lot of learning to even begin to consider it as a “technology” that could be applied to any practical use.

          That is the story of most high-tech : at first it is merely a gimmick to separate fools and money. Then at the next step you get something that is very expensive and works poorly, and then on the third step you get something useful. This is also captured in the Gartner’s Hype Cycle: peak of inflated expectations, through of disillusionment, plateau of productivity.

        3. >And sure there were many people, that was claiming “who need this car when horse is just fine?”

          Difference being, Ford designed the Model T quite cleverly to have a PTO for belt driven machinery, so you could use it to run a threshing machine, a water pump, a sawmill… all of which couldn’t be done with a horse and required a big stationary engine or a water mill to operate. Ford cars were commonly used as tractors and self-propelled farm engines. This was at a time when most people were still living in rural settings, and mass production hadn’t yet reached the countryside, so that made a big leap in productivity.

          And the cars solved a major issue: horses poop. Everywhere.

        4. Weren’t the steam engine and the electric motor both predating the gasoline engine?
          I remember watching a documentary, in which the electric car almost made it. The gasoline driven car won because of political and economical reasons, not because it was superior. Rather the contrary, it was loud and it stank.

          1. Never trust the source of that documentary again. You can’t let them get away with telling such outrageous lies and keep trusting them.

            Hint: Batteries aren’t really practical for cars yet.

            Also hint: ‘Economic reasons’…those are the good ones. The fact the documentary uses that as a dig tells you more about the documentarians than anything else.

          2. Electric cars “almost made it” when the standard performance for cars was toodling around town at a brisk walking pace. Surfaced roads outside of cities and towns weren’t built yet – there were no motorways – so you couldn’t really go anywhere else and that’s why the 20 odd miles you could get out of an electric car was enough – it was on par with what the average horse would go in a day.

            https://www.youtube.com/watch?v=sHkc83XA2dY

    1. “Fine” China needn’t be fragile. Multiple firings in the kiln will align the molecules making final product resilient to drops and impacts.

      1. They do this. One’s for the engine, one’s for the fluff, but the headlight and the door lock are both considered fluff.
        FWIW at least some manufacturers have their ecu/canbus set up so that if anything hinky happens on the fluff channel, the engine channel shuts down. A friend was looking at using a Chrysler Viper V10 engine for a project, a transplant into a 1960’s Chrysler, and we found that the way it was set up, if the Viper ECU didn’t detect the right number of door sensors, for instance, it would conclude that someone had cut into the wiring harness during an attempt to disguise a forced door, and the ECU would turn itself off and refuse to run, and required a reset only able to be performed by factory service technicians at a handful of places in the US.
        It had a definite “Jipi and the Paranoid Chip” feel to it, like the Stevenson novella.

    1. That at least some of CAN devices in your car have been programmed by underpaid junior developers working for outsourcing companies in Poland. And because of unreal schedules promised by said outsourcing company to another outsourcing company (sic!) any kind of code review was a four letter word. I’m saying that based on first-hand experience. Some of my truly abysmal C and C++ code written in 2019 and 2020 is now present in thousands of cars made by certain Big American Brand and certain Big French Brands.

  4. as the posts above are saying, they are doing this as it’s cheaper than running all the wires around..
    But I agree that making everything ‘smart’ has is a problem in this context – apart from security it probably puts up to cost of replacement parts, and is only a short step to being a tractor (or iphone) where your car might ‘reject’ none ‘original’ parts…

    Mind you I’m doing this on electronic things that I’m currently helping designing – having a ‘bus’ wire going to a daughter board sure beats a 20 wire connector… It is not only cheaper to make (despite the controller on the daughter board) it’s way easier to debug and test.

    1. Thing is, you don’ t extra wires to detect whether a light is on or off, because you can put the sensor in the relay box that switches power to it. No matter what type of light it is, it’s going to draw power, and if it doesn’t draw power when the light is supposed to be on, there’s only the conclusion that the light isn’t working.

    2. To be fair, people whine about cost of replacement parts since the late 1970s or so.
      It started with the fuses, finding suitable bulbs for the lights, then there were defective motor sensors/exhaus gas sensors (lambda probe etc) that were hard to fix/replace etc.

      An electric motor doesn’t have all those quirks that come with a combustion engine, it doesn’t need intelligent engine management.

      I just hope that the traditional gasoline engine will rest in pieces soon. It should never had been invented in first place, imho.

    3. Cheaper to build, more expensive to repair when the warranty runs out.
      More like to scrap the car sooner and buy another one.

      Classic cars keep running.
      Imagine a time not too far away when the art form is not about restoring the body, it’s about fixing the electronics.

  5. How many software updates to Navy F-35 fighters?

    Feb 27, 2023. 4:41?PM (2 days ago)
    to me, DONFOIAPublicLiaison@navy.mil

    Good evening, Mr. Payne,

    Per our phone conversation, I recommend that you consider the following as points of contact possibly relevant to your concern of ensuring the safety of the avionics of the F-35:

    1. The U.S Naval Safety Command, which conducts investigations of naval aviation mishaps. Quarterdeck: 757-444-3520. To report a mishap (or in this case, possibly, a potential mishap), Staff Duty Officer: 757-444-3520v ext. 7017.

    2. The U.S. Fleet Cyber Command/ U.S. Tenth Fleet, 9800 Savage Road, Suite 6586, Fort Mead, Md 20755. To send them a message, go to https://www.fcc.navy.mil/Contact-Us/

    As to making a request of the Department of the Navy under the Freedom of Information Act (FOIA), the main way to do so is to use FOIAonline. This is a website that you can find simply by searching the internet for the term “FOIAonline” (the correct site should appear as the top hit, and it will contain “foiaonline.gov” as part of the URL). FOIAonline is intended to be easy to use by the public; nevertheless, if you have any further questions or concerns, do not hesitate to let me know.

    Regards,

    Christopher Julka
    Freedom of Information Act
    Policy Coordinator & Public Liaison
    Department of the Navy
    Office of the Chief Information Officer

    Christopher.a.julka.civ@us.navy.mil

    (703) 697-0031

    And the 737 MAX, of course.

  6. This is always true. The more advanced a system is, the more complex it will be to find all the possible flaws and the more difficult it is to service it. There is no 100% predictable system. You can switch a bulb with a switch, or through TCP/IP.
    Advanced technology brings new great possibilities, at the expense of the security or servicing or sometimes health risks.
    I confirm that every day.
    Pick up your way.

  7. My 09 VW Passat (EU spec) had the Radar Sensor for adaptive cruise control in the Front, easy reachable, demountable from the outside and connected to the CAN-Bus.

    But VW did a little trick: There was a double relay inside that disconnected the two CAN wires to that Sensor when the ignition was switched off.

    So no messing around with a live Bus

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.