YetanotherHackerNewsdigest.com
HN Theater | HN Academy | HN Books

HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.
Rankings: this week · month (aug/sep) · year (2024) · all time
digests · search

Hacker News Comments on
Comprehensive Experimental Analyses of Automotive Attack Surfaces

USENIX · Youtube · 4 HN points · 5 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention USENIX's video "Comprehensive Experimental Analyses of Automotive Attack Surfaces".
Youtube Summary
Refereed Paper presented by Stephen Checkoway (University of California, San Diego) at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA.

Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, University of California, San Diego; Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, University of Washington

Abstract: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model — requiring prior physical access — has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Some high-end luxury cars are remotely exploitable, to the point where attackers can control the breaks/engine/locks using a cell connection: http://youtu.be/bHfOziIwXic
A few years back, a joint UW-UCSD team showed that car systems are remotely exploitable. They were able to literally call the car's cell phone number and control the brakes/gas/door locks remotely.

http://youtu.be/bHfOziIwXic

anologwintermut
The above paper is one of two the UW/UCSD group wrote.
gcr
(oops, sorry about gratuitous use of "literally" -- i should learn not to editorialize better)
Jul 05, 2013 · 2 points, 1 comments · submitted by thomas-st
gcb0
Is this resurfacing because of the journalist "killed" in his Mercedes while investigating the government?
Jun 22, 2013 · 2 points, 0 comments · submitted by angersock
This is a video from a UCSD researcher on malicious attacks on modern automobiles http://www.youtube.com/watch?v=bHfOziIwXic

Examples of what can be done: Insert in the radio a CD containing a malicious WMA file that would play fine on the computer but once in the car could completely compromise the car electronics...

scotth
Well that was eye-opening.
contingencies
Link to the original paper and one additional paper: http://www.autosec.org/publications.html

The money shot - single image comparing all attack vectors: http://i.imgur.com/ylXoPmz.png

There's a third angle: Exploits.

UCSD and UW researchers have demonstrated the ability for an attacker to take full control of many modern cars just by dialing the car's 3G modem.

By "full control", I mean everything from "unlock the doors and start the engine" to "engage/disable the brakes and stop the engine"

    Over a range of experiments, both in the lab and in road tests, we
    demonstrate the ability to adversarially control a wide range of
    automotive functions and completely ignore driver input — including
    disabling the brakes, selectively braking individual wheels on demand,
    stopping the engine, and so on. We find that it is possible to bypass
    rudimentary network security protections within the car, such as
    maliciously bridging between our car’s two internal subnets.
http://www.autosec.org/pubs/cars-oakland2010.pdf

Edit: No, they really did demonstrate these vulnerabilities on real cars, it's not a theoretical analysis. Here's a link to their full research talk: http://www.youtube.com/watch?v=bHfOziIwXic

Finster
Unfortunately, the article you cite is similar to OP's article.

  In this paper we intentionally and explicitly skirt the question 
  of a “threat model.” Instead, we focus primarily on what an attacker 
  could do to a car if she was able to maliciously communicate on the 
  car’s internal network. That said, this does beg the question of how 
  she might be able to gain such access.

  While we leave a full analysis of the modern automobile’s attack 
  surface to future research, we briefly describe here the two “kinds” 
  of vectors by which one might gain access to a car’s internal networks.
So, no, they didn't ACTUALLY dial a car's 3G modem. That is merely a theorized attack vector. There is no proof of concept here.
tptacek
The comparison here oversimplifies. Avionics engineers are on this thread saying there's no physical/logical connectivity between RF and flight control systems. But that's not true of cars; we know cars do have at least some RF controls, and we're far less certain of the connectivity between CAN devices in a car than the avionics people are of the connectivity between ACARS and flight control.
dguido
Here is a video of a similar attack being performed on a real car by another researcher who discovered the same vulnerabilities/attack vector in parallel to the academic team (1m30s):

https://www.youtube.com/watch?v=bNDv00SGb6w

NOT theoretical.

gcr
No, they really did demonstrate these vulnerabilities on real cars, it's not a theoretical analysis. Here's a link to their full research talk: http://www.youtube.com/watch?v=bHfOziIwXic

I've been to both the UW and UCSD security labs and have seen their videos. It's real.

This is ongoing work and honestly I cited the first article I could find.

HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.