A little scary

In news that touches on the industry I work in, a pair of computer programmers show what a knowledgeable person can do to a modern car.

Of course, the methods shown in that article require a physical, wired connection to the CAN bus on the car. (CAN is the usual abbreviation for Controller Area Network, the most common architecture used to connect micro-controllers in automotives.)

Most cars have one such connection, the ODB-II port. Usually, this can be found in the driver-side footwell.

However, many cars also have a Bluetooth-enabled entertainment unit, which is connected (often via a subsidiary microprocessor) to the car's CAN bus. I don't know how easy it is to trick the BT-processor into feeding unintended signals onto the CAN. In theory, it is possible. In practice, this likely requires a great deal of inside-industry knowledge, and access to a Bluetooth device that is already, or will be, paired with the car's electronics.

(Pro tip: if your car comes with a mechanically-operated clutch or emergency brake, you can stop it from moving even if a hacker has control of steering, throttle, and ignition. However, a mechanically-operated clutch is usually only found on manual transmissions. And a mechanical emergency brake is usually seen on vehicle with drum brakes. If your car has disc brakes on all four wheels, you may have an emergency brake that depends on the electronic controllers in your car to activate. An emergency brake that is electronically-controlled may be vulnerable to a hacker. My currently daily drive has a mechanical emergency brake, but an automatic transmission. However, it is old enough to have no wireless-connection-capable electronics on-board.)

The potential danger from this kind of hacking is frightening.

One note: among the top 6 car manufacturers in the world, I am not aware of any two that use the same definitions for data and instructions on their CAN bus. (The design for CAN separates the data definitions from the transmission protocols, and allows any manufacturer to write their own data set and instruction set.) But I might not be well-informed; my specialty doesn't require me to know those details.

However, any hack against one car manufactured by one company will likely work against most vehicles offered by that company. And once that hack is publicly-available, it will be very hard for the affected company to recall and fix every affected vehicle.

Electronic security on cars is a new thing, and is currently in its infancy. I hope that it will improve faster than the security in Windows-branded Operating Systems did...

No comments:

Post a Comment

I like thoughtful feedback; I prefer polite feedback.

I don't like screeds.

Comments older than a few days will have comments go into moderation.