http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

Hacker Disables More Than 100 Cars Remotely

By Kevin Poulsen
March 17, 2010
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.

Texas Auto Center began fielding complaints from baffled customers the last week in February, many of whom wound up missing work, calling tow trucks or disconnecting their batteries to stop the honking. The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts, says Garcia. Then police obtained access logs from Pay Technologies, and traced the saboteur’s IP address to Ramos-Lopez’s AT&T internet service, according to a police affidavit filed in the case.

Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

“Omar was pretty good with computers,” says Garcia.

The incident is the first time an intruder has abused the no-start system, according to Jim Krueger, co-owner of Pay Technologies. “It was a fairly straightforward situation,” says Krueger. “He had retained a password, and what happened was he went in and created a little bit of havoc.”

Krueger disputes that the horns were honking in the middle of the night; he says the horn honking can only be activated between 9 a.m. and 9 p.m.

First rolled out about 10 years ago, remote immobilization systems are a controversial answer to delinquent car payments, with critics voicing concerns that debtors could suffer needless humiliation, or find themselves stranded during an emergency. Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.

Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.

in the future will those crazies try to implement a central control to control the top speed vehicles can get to in the state, i.e. they say no faster than 55 mph and they'll enforce it centrally.

Future?? That technology is in place now...

Got OnStar, Sync, Safety Connect or Enform?

Future?? That technology is in place now...

Got OnStar, Sync, Safety Connect or Enform?


We just purchased a VW Jetta TDI, w/turbo diesel

(ask me about my mileage,, 60 Miles Per Gallon around town :eek::eek:).

While reading the manual, I spotted a disclaimer paragraph.

VW "does not have a Black Box installed in this vehicle" It goes on to say they do have computers recording info for maintenance purposes and to actively tune the engine, as it is driven.

I thought it odd, as the current Toyota's and other vehicles do have something to capture data and use it for law enforcement.

Odd in that the manual was written quite some time ago.. I am wondering if there is some kind of EU law preventing manufactures from doing what you speak of??

:confused::confused:

I think that is what is going on with the Toyota matter.


EMI or bad software.... Fly by wire.. I rather have fly by cable..


:munchin

Ret10Echo, nice pic, carried it used it loved it...

I think that is what is going on with the Toyota matter.


EMI or bad software.... Fly by wire.. I rather have fly by cable..


:munchin

Ret10Echo, nice pic, carried it used it loved it...

I will not argue the merits of fly or drive by wire,, but I'll offer a view.

Software that is used for PLC's (programmable logic units) is very basic. It is generals installed in it's binary form. A bite is 8 bits and it is aligned on a word or double word boundary.

EG: 0100 0110 0101 0101 0100 0011 0111 0101

It is looking for or at switches that are either on "000 0001" or off "0000 0000".

In the case of the Toy Pruis system and just about all others, there is a unit that is looking at the brake peddle and one looking at the gas peddle.

The logic goes something like this "If the brake and the gas peddle are depressed at the same time, Then DO: TURN THE ENGINE OFF".

This is as simple as it gets. If there was an EMI bomb or something else changes the logic to the extent that the unit no longer functioned,, it's dead, fried, kaput, gone to the big junk yard in the sky.

It can not fix itself and the error would be repeatable.

Now could it be a lose wire, or another PHYSICALLY busted mechanical part. Yes, but again it would stay busted.

The guy in California is playing to quiet.

If I wanted to set up a multi-gazillion $$ court action.


I would pick a court's jurisdiction near a car factory that just went under or a hi-unemployment area.. California has both..
I would take the car out and ride the shit out of the brakes to have physical evidence of an attempt to stop the car
Get a good lawyer on retainer
Using my newly retained L3 and their pre-trial facilitator, determine the best answers to selected questions that the CHIPs & Toyota will ask at deposition


But don't quote me.. I'm just a simple minded, doubting Thomas, low rent, out of work, FOG, with a paranoia complex, to much time to dream and plenty of beer in the cooler...

Are you a Turtle???

Software that is used for PLC's (programmable logic units) is very basic. It is generals installed in it's binary form.

Kindly permit me to quibble some.

The only meaningful difference between a PLC and a general purpose embedded microprocessor, of which there are many in every car, is the computer language used. PLCs are programmed in a ladder diagram language. This was meant to make the device "programmable" by electrical engineers used to thinking in ladder diagram terms.

I have seen and developed very complex systems in both ladder diagram form and more traditional software languages. The language is not necessarily determinative of the complexity of the problem.

It's been several years since I practiced this kind of engineering, but when I did, not all embedded systems run out of non-volatile memory. When the system was energized or otherwise rebooted, the program was copied into volatile memory for execution. We learned that unless protected, cosmic rays could, in fact, modify the program in non-reproducible ways.

Kindly permit me to quibble some.



I'll defer, The last time I work with these things is was burned in permanently for security reasons, both as you stated and the 2 legged varity.

I don't think I would even call this reject a hacker. He had valid login information, not his own, but valid nonetheless. The software problem in this article is in no way related to the software problems with the Prius, this was a poorly coded web application that did not enforce proper access controls.

He probably didn't even have to enter a 14 character password!

We just purchased a VW Jetta TDI, w/turbo diesel

(ask me about my mileage,, 60 Miles Per Gallon around town :eek::eek:).

JJ_BPK I've been wanting to upgrade the wife’s car to a diesel. I have heard they get great millage but the VW site only claims 40 on the highway and I haven't gotten any feedback from an actual owner yet so I'm glad you said something, so you're getting 60 MPG around town, very nice. I'll have to take another look at VW, the better half really wants a more efficient vehicle than she has, I'm wanting to get her a diesel (partly so we’ve got a vehicle that can burn something other than just gas) and she really wants a wagon, and IIRC VW makes one that's both, thanks for the info.

I don't think I would even call this reject a hacker. He had valid login information, not his own, but valid nonetheless. The software problem in this article is in no way related to the software problems with the Prius, this was a poorly coded web application that did not enforce proper access controls.

He probably didn't even have to enter a 14 character password!

You're exactly right. He is just a thief, and a pretty poor one at that as he didn't even take pains to disguise his internet address that he used for this mischief. He gives hackers a bad name.

So if there is some guy you don't know with a laptop hooked up to your car...you should question what he is doing there. I'm thinking he flies off the hood when I go around that sharp turn near the house.

Hack attacks mounted on car control systems

Page last updated at 12:35 GMT, Monday, 17 May 2010 13:35 UK

The computer systems used to control modern cars are very vulnerable to attack, say experts.

An investigation by security researchers found the systems to be "fragile" and easily subverted.
The researchers showed how to kill a car engine remotely, turn off the brakes so the car would not stop and make instruments give false readings.
Despite their success, the team said it would be hard for malicious attackers to reproduce their work.
Locked in
The team of researchers, led by Professor Stefan Savage from the University of California-San Diego, and Tadayoshi Kohno from the University of Washington set out to see what resilience cars had to an attack on their control systems.
"Our findings suggest that, unfortunately, the answer is 'little,'" wrote the researchers from the Center for Automotive Embedded Systems Security.
The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs.
Individual control units typically oversee one sub-system but ECUs communicate so that many different systems can be controlled as the situation demands. For instance, in a crash seat belts may be pre-tensioned, doors unlocked and air bags deployed.
The attackers created software called CarShark to monitor communications between the ECUs and insert fake packets of data to carry out attacks.
The team got at the ECUs via the communications ports fitted as standard on most cars that enable mechanics to gather data about a vehicle before they begin servicing or repair work.
The researchers mounted a series of attacks against a stationary and moving vehicle to see how much of the car could fall under their control.
All modern cars are fitted with computer control systems
"We are able to forcibly and completely disengage the brakes while driving, making it difficult for the driver to stop," wrote the researchers. "Conversely, we are able to forcibly activate the brakes, lurching the driver forward and causing the car to stop suddenly."
In one attack, the team transformed the instrument panel into a clock that counted down to zero from 60 seconds. In the final seconds the horn honks and as zero is reached the car engine shuts off and the doors are locked.
They found that almost every system in the car, including engine, brakes, heating and cooling, lights, instrument panel, radio and locks was vulnerable.
The team concluded that the car control software was "fragile" and easy to subvert. In some cases simply sending malformed packets of data, rather than specific control code, was enough to trigger a response.
The team are presenting a paper on their results at the IEEE symposium on Security and Privacy in California on 19 May.
"Cars benefit from the fact that they are (hopefully) not connected to the internet (yet) and currently are not able to be remotely accessed," said Rik Fergson, a security analyst at Trend Micro. "So in order to carry out a successful attack you would already need to have physical access to the vehicle, as a break-in or as a mechanic, seem the two most likely scenarios."
"As cars, and everything else in life up to and including even pacemakers or fridges, become steadily more connected and externally accessible, research such as this should be taken increasingly seriously by manufacturers," he added.
"This represents an opportunity to head off a problem before it starts, in the not-too-distant future it may represent a real risk to life."

So if there is some guy you don't know with a laptop hooked up to your car...you should question what he is doing there. I'm thinking he flies off the hood when I go around that sharp turn near the house.

These are freak'n idiots.

To propose that they can "attack" a car's ECU while sitting in the front seat and readily disable the safety features is a complete and utter FAIL.

Echo has the fix,,
I have space on my hood, trunk, & roof for several,,
where are these educated AH's???

:rolleyes::eek::cool::mad:

*