charlieton

http://arstechnica.com/security/news...m_campaign=rss

Cars hacked through wireless tire sensors

By Peter Bright | Last updated August 10, 2010 3:20 PM
The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina. The wireless sensors, compulsory in new automobiles in the US since 2008, can be used to track vehicles or feed bad data to the electronic control units (ECU), causing them to malfunction.

Earlier in the year, researchers from the University of Washington and University of California San Diego showed that the ECUs could be hacked, giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator.

The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.

The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.

Unlike the work earlier this year, these attacks are more of a nuisance than any real danger; the tire sensors only send a message every 60-90 seconds, giving attackers little opportunity to compromise systems or cause any real damage. Nonetheless, both pieces of research demonstrate that these in-car computers have been designed with ineffective security measures.

The Rutgers and South Carolina research will be presented at the USENIX Security conference later this week.

TRDFantasy

This does apply to all brands, or only some?

I'd like to see them try and crack a Toyota ECU, good luck .

Stormwind

Maybe that is what caused Toyota's to accelerate out of control.

lobuxracer

iTrader: (2)

There's a big difference between running arbitrary code and downloading an entire software library. There'd be more of a challenge just getting from the TPMS ECU to the ECM over the CAN bus to make interesting things happen.

It is an interesting attack vector though.

I8ABMR

God these manufacturers need to get it together. Also these little clowns that do stuff like this need a solid beating...........or spanking in the case of the perps

lobuxracer

iTrader: (2)

??? Obviously you're not familiar with Flagle's Law of the Perversity of Inanimate Objects:This is a hacker's maxim. If I ask this thing to do something the designer never imagined, what will happen? Will it give me access to restricted areas or features?

Are you saying you've never had any interest in modifying your car/computer/phone/house etc.? Never had the urge to know what will happen if I push THIS button?

Just because these guys decided to target their attention on systems the manufacturers failed to secure doesn't mean they deserve any kind of punishment what-so-ever. Would you yell at the child bold enough to announce the Emperor has no clothes? I'd certainly hope not - if you would then all those things I've heard about you must be true.

Threxx

I'm taking this article with a grain of salt. I'm an IT guy and am pretty interested in security concepts in general. I listened to a lengthy podcast and read some articles that dealt specifically with this group's last publication. The recurring theme was that they weren't able to do anything to the car without physical access to the OBDII port while the car was running. So unless somebody with a lot of knowledge and time has managed to break into your car and get it running (or take your keys) then this was of no concern.

For that reason I'm skeptical that this group was able to do much more than send faulty TPMS readings to the ECU, without first getting physical access to the OBDII port and making their own 'customizations'.

I don't see how they'd be able to literally 'crash' the ECU just by talking to the TPMS receiver.

But if this is legit I'm sure I'll be hearing plenty more of it in the next week or two.

Are you aware of some particular reason why Toyota ECUs are more secure, or are you just saying this because you consider Toyota to be superior to other brands in general?

TRDFantasy

Huh? All I meant was that for many years the aftermarket has had huge trouble with trying to crack Toyota or Lexus ECUs for modding purposes. This is very well known among the aftermarket and modders, that it's almost impossible to crack a modern Toyota/Lexus ECU and change parameters for the purpose of modding. Toyota also gives out almost no information regarding its ECUs, unlike other brands whose ECUs are much easier to crack, or in other words much more "mod friendly".

mikez

I wonder whom from Rutgers is doing this research hmm

Dave600hL

This is probably one thing that the authorities should not tell the world about, then make sure the car companies make the sensors secure.