Cheers to safety!
:cheers:


Cars hacked through wireless tire sensors

By Peter Bright (http://arstechnica.com/author/peter-bright/) | Last updated August 10, 2010 3:20 PM
The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina. The wireless sensors, compulsory in new automobiles in the US since 2008, can be used to track vehicles or feed bad data to the electronic control units (ECU), causing them to malfunction.
Earlier in the year, researchers from the University of Washington and University of California San Diego showed that the ECUs could be hacked (http://arstechnica.com/security/news/2010/05/car-hacks-could-turn-commutes-into-a-scene-from-speed.ars), giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator.
The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.
The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.
Unlike the work earlier this year, these attacks are more of a nuisance than any real danger; the tire sensors only send a message every 60-90 seconds, giving attackers little opportunity to compromise systems or cause any real damage. Nonetheless, both pieces of research demonstrate that these in-car computers have been designed with ineffective security measures.
The Rutgers and South Carolina research will be presented at the USENIX Security conference later this week.




http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars

Hmmmm...
"...giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator."

Well, now they can test how Toyotas have problems....
Now, if they could just hack the steering....
:hammer:

OK, I'm old school and don't understand this new electronics age of computer management in a car, I understand possibly the TPS and ABS getting hacked but....how do they get to the wipers and horn....aren't those manually operated switches?

OK, I'm old school and don't understand this new electronics age of computer management in a car, I understand possibly the TPS and ABS getting hacked but....how do they get to the wipers and horn....aren't those manually operated switches?Not on vehicles like Lexus where eveything is automated. switches are merely there for backup. Horn i can of doubt, but most of the systems in newer cars are all ran through a processor.

Not on vehicles like Lexus where eveything is automated. switches are merely there for backup. Horn i can of doubt, but most of the systems in newer cars are all ran through a processor.


I know on my 08 Grand Cherokee the horn option is set through the dash menu, so it does not suprise me that the horn is wired to the PCM or brain-box. Just about everything goes through one central module at this point.

I'm amazed at what the ECM controls in my 1989 Suzuki.

I think it's safe to say that today's technology in cars is light years ahead of what 99% of the general public can comprehend.

why would you be able to disable the brakes via the PCM? as far as i know, that's required to be a solid mechanical linkage in case the electronics fail.
maybe you can screw with the ABS, which would be able to stop fluid flow to the calipers.

these new cars are getting too high tech- i'm pretty sure they could build cars that pass all emissions, safety, and noise standards without having everything controlled by a computer- it would weigh 500 pounds less and cost half as much..

You can cause the horn to honk by entering the car into re-learn mode on some models, this is a quick beep, and can only be done 4 times per ignition cycle. You can turn the ABS off by faking the signal from one of the tires, and making them look like its low, and the ABS will not function because it thinks one tire is incapable of adequate braking and there are no tables in the module for that. I call BS on turning the wipers on through the TPS, there's more to that story. Tracking a car based on a RF signal that has MAYBE a 15 foot range is a joke.

This is a compete waste of time and effort. The professors involved in this really need to be fired. Someone in that position could be thousands of times more usefull by researching and inventing new technologies and innovating existing ones. There are thousands of inovations out there waiting to be discovered, and these are the people sitting in a perfect position to investigate the more risky and weird ones.

I've read the article, however there's no real meat to it. I look forward to the full exploit coming out. If they truly can take over the PCM though a pressure sensor expoit (which I seriously doubt) it would only effect whatever PCM's ran on that code base. Full PCM control would require either the PCM itself to allow controls wirelessly, or you would relay the payload through the tire pressure sensors. I can see possibly causing an overflow which could crash the pcm, but I find it highly unlikely that they can take total control of vehicular function.
If you're vulnerable, and get picked on, your car engine dies, you restart it and you're on your way.

The tasks behind getting this to work on the majority of cars on the road is a truely Herculean effort.

Yeah the fact is the TPMS isnt that complicated a system, now could they ,maybe use the RFID to gain a toe hold to crack the factory code for the BCM, yes, will it cause a car not to run ,,,maybe. Reason so many cars can have push button start is the key sends a signal to ECM/BCM and that part engages the start relay and that cranks engine.
Honestly I wouldnt worry too much, because honestly you can pick up a wheel lift for say $2000 make it a slide on to a hitch frame welded to a ton truck and a couple of wheel dollies, like used if your car was badly wrecked and the car is gone in short order. Good thieves know where the main cables are and can cut them or blow the main mega fuse and tada stolen car easy.
Heck most of the current alarm/remote start tech is tied to the BCM/PCM.