Oh what a feeling to Pwn! (What’s next, auto malware?)

Posted by in Analysis on Sep 8, 2010

So, there’s been some interesting analysis done by folks over at University of Washington and University of California San Diego about security attacks against the firmware in modern automobiles.

I came by it by way of HelpNet (so thanks to them), but I recommend that you go directly to the original paper to get the real meat on this thing.

The deal is that they are able to attack (in many cases wirelessly) the automobile to do all kinds of crazy crap; I won’t steal their thunder, check out what they say about it in their paper:

We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input—including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

Um…  ”adversarially control… disabling the brakes” ???  Oh noes!  That’s not good.

It’s interesting to me the type of work being done here – and UW seems to be behind much of it.  From the pacemaker h4x0ring study put out a while back by those folks to this, they’re up to some really interesting stuff.  I’ll keep my eye open for more of what they do.  In the meantime, please to enjoy the automotive malware – and the potential for hackers to up the road rage

Search
  • http://REMOVED new cars news

    Without any doubt this is my favorite car blog. :) I subscribed to your feed.

  • http://www.securitycurve.com Ed

    Um… car blog? I’m assuming this is spam and removing your name/link. Apologies if you were for real, but if so FYI that this isn’t a car blog.

  • Todd

    I agree 100%

TwitterRssFacebook