After reading about hackers taking control of a new Jeep remotely, I was wondering if the same thing would not be possible through our cell phones when paired to our cars? I'm thinking if it can be reached wirelessly from any source, it can be hacked? Someone please tell me I'm wrong.


Just because I'm paranoid, doesn't mean someone won't try it............

 

It is unlikely on our XKs, because they do not have internet access like the Jeep with Uconnect.

Previous attacks these guys demonstrated required embedding equipment in the target cars, which was widely criticized as 'reaching'. They are onto something more plausible now, but it really only applies to some of the very latest models of some brands.

 

Depends on the (car's) network(s) to which the phone module connects. Also depends on whether that module can be hacked (who knows?).

E.g. on my car it's not on the CAN but is on the fibre optic. So you'd have to hack the phone module and then also have it send something over the optic that hacks another module (and possibly more modules) to get to the CAN. I think that's unrealistic but who knows (I think no-one).

Probably easier to chuck a large rock off a bridge as I drive under (don't!). Or a large EMP (electro-magnetic pulse). Also please don't. Caltraps (aka caltrops) would also work - again please don't.

 

That certainly gives you IP access to the vehicle, so why not? The real challenge is the interface from there into the vehicles systems.

I'm glad these guys publicised this exposure, it will make the manufacturers look more seriously at how they are designing this stuff. Issues like this and the enthusiasm for automated vehicles certainly make you think. I wonder how this would interface to a Glock carrying drone?

 

Like was mentioned, the odds of it happening on our cars is very low. You need something that accesses both the internet and the CAN bus at the same time. To the best of my knowledge, our Jags do not have something like that, even if you assume that your cell phone is paired to the radio.

Unfortunately, Chrysler/Fiat is using the radio a bit more involved that our Jags as as they are using it as an interface to be able to control engine functions (look into what you can do with a Hellcat via the radio). This is where the bridge was built and since they are looking to make this available on future vehicles, they are already starting to add it into the lower budget vehicles.

What surprises me is that this hasn't been mentioned about the OnStar vehicles. That system has the ability to access the engine management system remotely. I know the system can send you updates on error codes, engine health, etc. If I remember right, it can even remotely turn off the engine. That sounds like a big hole that someone could exploit to me.

 

This just in...

OnStar hack remotely starts cars, GM working on a fix

 

All the more reason that if I get a newer vehicle, it will not have any sort of Wi-Fi or like system in it. Why open up the world that you try to keep private to anyone that has a "less than desirable" intention. If I am not given an option, then I have a feeling a radio is going to come up missing in my vehicle shortly after I buy it or I am going to find the chip that runs the system and have it suffer an "over current fault". Gotta love knowing electronics and where to place the right signal to do what you want.

 

The idea that any vital computers in a vehicle are connected even indirectly to WiFi / the internet (etc) is plainly mad. Marketing must have overridden the techs who no doubt said so.

Driverless cars using similar connections are even crazier. Hello google....

Imagine 10 million cars all deliberately crashed at max speed by a foreign government hacker (or a kid in his bedroom).... Needs to be SciFi ONLY, not real life.

 

But it will be the car manufacturers fault because they gave the people what they wanted. I say make the people responsible for the vehicle if they want that technology and if the car gets into a wreck, guess what, it is the owners fault, not the car manufacturers. I bet you make a person sign a slip of paper saying that, very few of those cars will get sold. Problem solved. Just saying.

 

I think the ordinary car driver wants the WiFi/etc but does NOT want (or even understand) it connecting to any safety-critical system. It's irresponsible of the car makers to connect the two entirely separate subsystems (as they should be) together.

Time to jail a CEO for running Fiat badly.

 

They should be going down the defence red/black road. Entertain, navigate and do fluffy stuff on the red network. Anything to do with control and surviving on the black network. But they wont as it costs money in mass production.

Interesting this surfaces at the same time as driverless vehicles hitting the front page. Glad I wont be around to see it go mainstream, at least at the current rate of progress.

 

If by "techs" you mean programmers, likely not.

There are a lot of programmers who are pressed into service writing
code for secure systems who have no idea of what they are doing
and should not be doing it.

The result is security theater which would not pass the scrutiny
of those who really are capable of doing the job.

 

I meant hardware/electrical/electronic/system designers in a broad sense. The two subsystems simply should not share any network connections, whereas I suspect they are both on (the same) CAN.

It's never going to be safe to assume the programmers have zero defects in something as complex as these things, but it can't matter if the network simply doesn't connect both to safety-critical and non-safety-critical subsystems.

There's also the chance if they are connected that someone deliberately inserts a way to compromise the software. Keep them disconnected and that risk goes away.