vw computers can be hacked

kasper

http://www.foxnews.com/leisure/2013/07/30/volkswagen-stops-academics-from-revealing-car-hack/?intcmp=obnetwork

a bit worrying that they want to publish information that would only be helpful to criminals

Wibbs

Not just VW's http://www.dailymail.co.uk/sciencetech/article-2377841/Hackers-hijack-software-CAR-remotely-control-steering-brakes-horn-using-laptop.html?ico=sciencetech%5Eheadlines and last year rake of BMW's were stolen when a hole in the OBD security was exploited. Rumours suggest Audi's may be vulnerable too.

Chimaera

As the article mentions, any vehicle using the chip in question is vulnerable.

As is standard academic practice in these situations, the researchers disclosed the vulnerability to the manufacturer well in advance of their proposed publishing date to allow them to correct the vulnerability.

The fact that the manufacturer has not corrected the vulnerability but instead resorted to gagging orders in the courts is reprehensible at best. There are plenty of smart and well equipped criminals around who could discover this vulnerability (and may already have) without ever disclosing it.

If the manufacturer does not take steps to address the vulnerability, it remains a security risk for the millions of vehicle owners using the system regardless of how many gagging orders VW obtains.

darragh o meara

Chimaera wrote: »

As the article mentions, any vehicle using the chip in question is vulnerable.

As is standard academic practice in these situations, the researchers disclosed the vulnerability to the manufacturer well in advance of their proposed publishing date to allow them to correct the vulnerability.

The fact that the manufacturer has not corrected the vulnerability but instead resorted to gagging orders in the courts is reprehensible at best. There are plenty of smart and well equipped criminals around who could discover this vulnerability (and may already have) without ever disclosing it.

If the manufacturer does not take steps to address the vulnerability, it remains a security risk for the millions of vehicle owners using the system regardless of how many gagging orders VW obtains.

Even if the manufacturer changed the system it used which I'd imagine they will now that its public, they still can't change the thousands of cars out there at the moment and there in lies the problem.

That information in the wrong hands would be disastrous for any owners of any marques it's fitted to.

Chimaera

Of course they can, it's called a recall. It may be as simple as a software update.

As things stand the information is not public, so there's still a window of opportunity for this.

Wibbs

It took ages for BMW to admit the very real security issue with many of their models. Hundreds were nicked in the UK alone, yet t took a watchdog programme to light a fire under them and AFAIK they didn't issue a general recall it was an upgrade as part of a normal service interval. I'd not be surprised to find Irish Beemers that are still vulnerable.

The PR from BMW stated clearly that this security hole wasn't just theirs alone, just that because their cars were premium market stuff this is why they were targeted. In London in 2012 of all the cars stolen just over half were stolen without keys. How did that happen if modern key immobilisers are "foolproof". Makes you wonder.

dr.fuzzenstein

Well, this whole thing stinks of slapp to me.

Popoutman

It's a real pity that the manufacturer has requested a gag order on this one. I'm of the view that any security holes should be responsibly disclosed, and if the manufacturer does nothing about it then the details of the security hole to be made public so that it can be both verified and worked around so that those affected can be protected. I'd say though that the gag order will be lifted in court and the publication will be allowed by the English co-author at least.

In this case VW got caught with their pants around their ankles, using an ineffective set of security protocols that were flawed and now are proven to be flawed. Given the vast number of cars affected, it is responsible to make it known what the problem is. As part of the academic process, enough information has to be given in order to recreate the process, otherwise the veracity of the paper's claims cannot be shown.

At least in this case, there is a lot of public exposure to the ability to break the vehicle security - so there is an onus on the manufacturer to fix this before the insurance companies start to refuse cover to owners of affected cars. I'd say though that VW will drag this through the courts as long as possible until the paper is allowed to be published. It is already available as it was provided to the conference organisers, and the Streisand effect is going to ensure its availability.

You can be absolutely sure that the problem is known to the manufacturer, and is certainly known to elements of the criminal community. I certainly would want my car patched to prevent this attack vector!

Security through obscurity is not effective security at all. Anyone that thinks differently doesn't understand the issues involved. The best security systems are those that are completely open in design and use, and rely on the proven mathematical non-feasibility of breaking the proven protocols involved. (see Diffie-Hillman key exchange, or elliptic key cryptography as examples)

Cuddlesworth

Wibbs wrote: »

The PR from BMW stated clearly that this security hole wasn't just theirs alone, just that because their cars were premium market stuff this is why they were targeted.

It isn't just a BMW problem. The whole way they all designed their internal network is just nuts. Zero security on a system that controls everything. As long as you know what signal to send and have access to the network, there is nothing you can't do in theory.

And then they started putting wireless adapters on it.

m5ex9oqjawdg2i

Wibbs wrote: »

It took ages for BMW to admit the very real security issue with many of their models. Hundreds were nicked in the UK alone, yet t took a watchdog programme to light a fire under them and AFAIK they didn't issue a general recall it was an upgrade as part of a normal service interval. I'd not be surprised to find Irish Beemers that are still vulnerable.

The PR from BMW stated clearly that this security hole wasn't just theirs alone, just that because their cars were premium market stuff this is why they were targeted. In London in 2012 of all the cars stolen just over half were stolen without keys. How did that happen if modern key immobilisers are "foolproof". Makes you wonder.

For that reason alone, I think i'll scratch the BMW 116D off the list.

Popoutman

Cuddlesworth wrote: »

It isn't just a BMW problem. The whole way they all designed their internal network is just nuts. Zero security on a system that controls everything. As long as you know what signal to send and have access to the network, there is nothing you can't do in theory.

And then they started putting wireless adapters on it.

There's an EU mandate that the electronic control systems on cars with OBD-II ports to be accessible to non-manufacturer mechanics, to allow competition between the indies and main dealers. This would apply to the likes of clearing fault codes and reading fault codes. It wouldn't necessarily apply to the security systems or the ECU itself. The VW security hole shows that inadequate security was provided for in the authentication between the key and the car. Having said that, BMW have made it far too easy to clone keys at the car. At least the other premium marques require contact with head office to get the correct codes generated for a particular key for a particular car.

Anan1

Katie Pitiful Brake wrote: »

For that reason alone, I think i'll scratch the BMW 116D off the list.

And the Skoda too?

dr.fuzzenstein

Katie Pitiful Brake wrote: »

For that reason alone, I think i'll scratch the BMW 116D off the list.

But why? It's the cheapest, smallest Beemer money can buy!:P

Stallingrad

Should us hapless VW owners be asking our dealers to do anything about it while under warranty, are they doing anything about it?

syklops

Stallingrad wrote: »

Should us hapless VW owners be asking our dealers to do anything about it while under warranty, are they doing anything about it?

You could tell your VW dealer why you won't be returning to buy your next VW.

lomb

I think its the insurers who should be kicking up a fuss rather than owners. After all most high value or even low value new cars are comprehensively insured so they are the real losers. Perhaps they dont care as long as the thefts are spread equally across insurers and the premiums are just jacked up to cover it.

Cuddlesworth

Popoutman wrote: »

There's an EU mandate that the electronic control systems on cars with OBD-II ports to be accessible to non-manufacturer mechanics, to allow competition between the indies and main dealers. This would apply to the likes of clearing fault codes and reading fault codes. It wouldn't necessarily apply to the security systems or the ECU itself. The VW security hole shows that inadequate security was provided for in the authentication between the key and the car. Having said that, BMW have made it far too easy to clone keys at the car. At least the other premium marques require contact with head office to get the correct codes generated for a particular key for a particular car.

I don't think you understand the gravity of the situation.

In a car with assist park, I know that the ECU has direct control over the throttle, brakes and steering in order to complete those actions. But in general the actual device that controls the assist park, is somewhere else in the car and talks to the ECU via the ODB network. In fact, on a modern car, practically everything uses the network.

The ODB network is 100% un-encrypted and a ring network. So by plugging into it, you can see exactly what is being sent. And since there is no security on the network from the whitepaper I read, there is nothing stopping another device from sending the same commands.

Then you get to the biggest issue, the fact that manufacturers starting putting wireless points on the network to talk to things like wheel pressure sensors. Again to point out, there is 0 encryption on these things. So now you don't even need to be in the car at the port, you can stand outside the car.


If you really wanted to, in theory you could set up a transmitter broadcasting engine kill commands(or worse) from various manufacturers, over the specific frequency's their wireless points use beside a motorway.

I'm going to assume some elec Engineer did something similar and now its being blocked from releasing the whitepaper. Most of all, in order to stop it from happening you would pretty much have to replace the entire way the ODB networks work or start removing features from cars on a huge scale.

Wibbs

lomb wrote: »

I think its the insurers who should be kicking up a fuss rather than owners.

Well from reading on UK forums about the BMW screwup the insurance companies were up in arms about it and were passing this on to their end user in the form of sky high renewal premiums or refusing cover point blank. Some were placated if the owners fitted approved aftermarket alarms. Then again the UK insurance industry has always been more reasonable that way with discounts for Thatcham approved security. Here? I have a multilayered security system I defy you to bypass in under an hour (even if I give you the keys) and what discount do I get? Nada.

dr.fuzzenstein

It's OK, the upgraded model can't be hacked:

Popoutman

@cuddlesworth
I don't think you understand how it all works.There's more protocols and comms buses than the OBD protocol

One thing to note is that there is no access to the security system (key entry and immobiliser control) via OBD. There isn't any exposure to the security systems directly using OBD-II. The OBD-II port is used for access to the car systems, but it isn't the same protocol at all that is used. In the VW systems, the inter-module comms are on the CAN-Bus. There is a subset of the commands that then comprise the protocol that satisfies the requirement for OBD. Not all modules on the CAN-Bus are accessible via OBD protocol. See http://ross-tech.com for some experts in gaining access to the VW group cars.

There are two very separate security issues here, one with VW and the other with BMW, and it appears that people are conflating them.

The issue here with the VW security hole is that the entry to the car from outside can be gained without needing the keys. Then the car can be started again without needing the original keys. All of this is possible without any connection to the CAN-Bus comms network in the car, nor is there any connection to OBD. This is the security hole referred to in the paper that is being gagged. I am of the view that the gag order cannot be sustained, and VW needs to move fast to plug the hole, and then to properly fix the hole, as it's a manufacturing defect that the security on entering and starting the car was shown to be not good enough.

The BMW security hole is three-part from what I have seen.
a) there are problems with the interior sensing that allows free movement within the car and possibly the breaking of a window to allow this access, all without the alarm being triggered.
b) the generation of new keys can be paired to the car's immobiliser without any oversight or control by the manufacturer, by a lack of security on the key matching algorithms. This is *not* related to any security on OBD, as the systems are separate protocols using the same physical connector.
c) it's possible to open the windows on some BMWs by forcing the lock and tipping a switch in the clock that rolls the windows down the exact same way that it happens with opening and holding the key in the open position.

You are correct that there is no security and encryption on the OBD protocol - this is by design to allow common access to the systems used to read and clear fault codes, so that non-franchise garages can work on cars, guaranteeing proper and correct competition in the car repair industry. Otherwise the main dealers would have even higher prices as they would have a monopoly on ordinary car servicing. In most marques, the OBD protocol is not available unless the car ignition is on, necessitating the presence of a key for any reading or changes to work. BMW made it too easy to access the systems without a key being present.

VW have used a third-party product that is faulty, and not up to its purpose. The academic paper being gagged has the correct description on how to prove that this the case. Not good for VW as ot proves they screwed up, but it's better in the long term for the owners of affected cars to have this information in the open, so that they can take appropriate action in the meantime such as using further physical security measures on their vulnerable vehicles.

The wireless sensors should not be active unless the car is running, and it's an already-known separate security problem with the tire pressure sensors as the output from these is easily spoofed. See here http://ftp.cse.sc.edu/reports/drafts/2010-002-tpms.pdf - note that this issue is not relevant to the bypassing of the designed-in security on entry and starting. There's not supposed to be access to CAN-Bus through the tire sensors as the CAN-Bus protocols are not exposed on the wireless link. The wireless connection between the tire pressure sensors and the corresponding receiver is supposed to be separated from the actual comms bus. There have been exploits on the receiver that allow spurious communications on the CAN-Bus and this is not good, but it's not exposing the car comms to outsiders. It's a different problem.

Wibbs

The tyre pressure "hack" is interesting. IIRC? researchers were able to spoof the car into thinking the tyres had lost all pressure and do it without a direct connection to the car.

On the security front with certain styles of keys it seems the security holes are exploitable .

from article wrote:

Using ten different borrowed models from eight manufacturers (without the automakers' input), the Swiss team was able to unlock and start all of their test vehicles, showing that hacking the smart fobs is "feasible and practical."

That's a tad worrying. If that gets out to the real world scum like the BMW issue did, it's open season for car theft, especially as nowadays folks are (naturally) more confident that in order to steal a modern car you need to steal the keys.

Stallingrad

This is quite concerning, what measures do people suggest to avoid theft?

My only current deterrent is that it is a post 2008 petrol.

dr.fuzzenstein

Stallingrad wrote: »

This is quite concerning, what measures do people suggest to avoid theft?

My only current deterrent is that it is a post 2008 petrol.

Looks like these will become popular again:

Wibbs

If you wanna get serious about security? IMHO, think like a scumbag and think in separate layers. More layers = more time + hassle + plus fear of being caught. The built in security being just one layer. One of those wheel locks as above another layer. Some people fit steel posts in their drive.

A good quality aftermarket alarm properly installed would be another, NOT with the brain under the drivers dash attached to the ignition wires, with the siren in the engine bay. Bury the siren in a wing or bumper. Canbus alarms now make it near plug and play. So even if they can clone your main key the alarm is still armed and will alert you if tampered with. Plus it's now separately immobilised. Use one of the immobiliser circuits to isolate the OBD socket, so even if there is a future hack it'll be useless to them. BTW don't put a sticker advertising the type of alarm you have. This is silly, why give any information away? If you have one of those newer ones that lights up with the makers name, stand in the corner wearing a hat with a D on it.

OK so then they have to nick your keys, so what can you do then? For a start look to your home security first. Back to the car, in the old days you could fit a separate kill switch that would stop the fuel/ignition, so even with keys they'd have to find and bypass that. I dunno how easy that would be with a modern Canbus system though? I presume a circuit is a circuit so can be interrupted.

Another layer is a so called antihijack device that shuts down the car a preset distance away and blares the siren if the owner doesn't disarm it(only the owner knows how), even if they took your keys. Clifford Blackjax is one, but I prefer the autowatch ones(the clifford is fiddly, it's obvious it's installed and can be bypassed). Personally I'd fit it so it doesn't blare the siren or flash the lights, so the car feels like it's on the blink and breaking down.

And finally if they get past all that and get away trackers are becoming cheaper by the year so they're another layer which will allow you/Gardai to find your car.

A car set up with that lot will be a right bastid to steal and there will be far easier targets.

Chimaera

Modern vehicles do a lot of stuff at software level so there are fewer 'circuits' that can be attacked for security stuff like this. A good target would be the ECU power supply relay: if the ECU can't power up the car won't start no matter what - this is how the stock immobiliser systems work on many cars. The immobiliser controller is contained in a different part of the car and communicates with the key before allowing the ECU to power up and start the vehicle.

Another useful target might be the fuel pump: no fuel means no start. On older diesel engines with a distributor injection pump, the fuel shutoff solenoid is a good target.

Disabling the starter motor is a good option too, though it still allows the engine to be bump started.

Ideally a good immobiliser setup will combine a number of targets to make things more difficult for the would-be thief.

Amalgam

You do read about surreal situations, where a car can be compromised through a wheel sensor, part of the car's 'network'.. with the engineers not feeling the need to provide encryption, to a lowly wheel.

Popoutman

Amalgam wrote: »

You do read about surreal situations, where a car can be compromised through a wheel sensor, part of the car's 'network'.. with the engineers not feeling the need to provide encryption, to a lowly wheel.

There shouldn't really be any requirement for encryption between the pressure sensor receiver (actually connected to the car network) and the in-wheel pressure sensors. If the pressure sensor is correctly built, the worst that should be possible would be seeing a lack of pressure in the tyres. This could be fairly easily cross-checked with the outputs from the ABS sensors and the various crash sensors that would show if one wheel is rotating faster than the others when going in a straight line.

One problem with putting proper encryption (proper long key-based) between sensors and receivers is that the computational power requirement is a lot higher, as is the "pairing" e.g. if changing wheels. Don't forget that a lot of Germans usually have a set of winter wheels for their shiny cars.

It's a 2 week injunction I think on the paper being published, so we can all hope that the injunction is lifted and the publication allowed to go ahead. This way then, the other security experts can get a look at the issue to see if it is realistic or not, and if the VW hole is realistic then they'll have to step up and get things fixed. Short term solution would be a physical immobiliser like the wheel locks above, worst case would be a replacement set of keys and a replacement module in the car with updated software to properly close the security hole. It'll be interesting to see how the recalls will be handled and to what extent the issue is present and across which models.

Cuddlesworth

The white paper I read showed that with BMW's from 2005 to 2012 had full wireless access to the car from the outside using tire pressure sensors while off. Its also responsible for the huge range of thefts recently, with devices to unlock, start and recode new keys available from China after 8 months. They surmised most other high end makes had similar flaws. It's because there was no separation of the networks like you described, although I have no doubt that's changed in the last 2 years.

I'm looking forward to seeing this info on VW, being in IT its interesting to see how far behind security car manufactures are. If its the exact same flaw, then I have no doubt other marques will start to see pressure too.