Connected cars made plenty of headlines in 2015; the fact that they’re able to be remotely compromised is by no means a surprise. As cars become one with the Internet Of Things (IoT), this was a foregone conclusion.
One needs to strongly consider why they require a vehicle that exposes itself to a worldwide public network; a network through which a malicious third-party can compromise personal safety.
It’s actually a paradigm never seen before. Where before IoT an attacker could “only” quite seriously mess up your personal and financial well-being, now there is the threat of actual bodily harm. This may be a moment where we might want to assess the trajectory of technological progress.
But say you have one of those old-fashioned dumb cars, built after January 1, 1996 — the line in the sand after which every single car and truck in the US was required to be equipped with an OBD-II interface.
The ubiquitous ELM 327 — there are similar such dongles available — provides wireless access to said interface. I chose the 327 for this example because my iPhone will talk to it.
Once plugged in, the ELM 327 broadcasts an access point which requires no authentication. Any iPhone on Earth, within range (admittedly, a quite limited range), can connect to it.
And of course by virtue of iPhone, I have access to the App Store, where I can select any one of a number of free OBD-II scanning applications. Alternatively if I am particularly talented, I write my own application.
Let’s presume the application is crudely written, or written in a manner that is designed to overwhelm the CAN bus in a vehicle — effectively, the car’s integrated neural network.
Pretend you have installed an ELM 327 in your own car, and you leave it installed, because you enjoy monitoring the parameters of your car. Perhaps you drive a mechanically interesting vehicle, such as a Subaru WRX, and keep tabs on the components of your forced induction powerplant.
Now pretend I am a bad actor, stuck with you and hundreds of others in the death-and-taxes gridlock of the 405.
Sitting there, going nowhere just like everyone else, I simply scan for available wireless access points; surely in the sea of cars around me there are a few.
And when I’ve found a dongle, I initiate the application on my iPhone. I connect to each one I find, and I relentlessly query the vehicle. I don’t tell the vehicle to do anything — I merely keep asking it for information over and over until it loses its mind.
And when it does, the car goes into a famous failsafe mode — “limp home mode” — where the car has greatly reduced power, rendering it all but useless on the highway.
So what though. We’re all stuck in traffic, crawling along at 10mph.
Let’s say we’re not. Let’s say we’re at highway speed, flying along some stretch of highway that is not the 405, that actually moves.
That’s how you make traffic, crawling along at 10mph.
Alternatively, pretend I don’t like you very much. And I have access to your car. And I plug a Wi-Fi dongle into your car, and for good measure I tape over the LEDs so you’re unlikely to notice it’s even there. Now I can make you really, really unhappy at a time of my choosing.
It’s great time for the bad guys. Let’s not make it easy for them. Be judicious in your use of these wireless scan tools. Think long and hard about your need for an internet connected mode of transportation.
A good article. Nice to see others warning about automotive cyber security issues. To read more see the BLOGS at http://www.autocyb.com