Cars hacked through wireless tire pressure monitors

topher5150

topher5150

Dedicated LVC Member
Joined
May 25, 2008
Messages
3,600
Reaction score
6
Location
Grand Rapids, Michigan
We heard the first reports of researchers proving that you could hack into automotive electronic systems earlier this year. That work was based on tapping into the OBD-II port normally used by mechanics for reading diagnostic codes. That method of car hacking, however, is of limited value to cyber criminals because it requires having physical access to the underside of a car's dashboard.

Another group of researchers from Rutgers University and the University of South Carolina have just discovered that you can hack into a car's electronics wirelessly, which means any modern vehicle could be vulnerable to an attack at any time, even while it's being driven down the road.

The researchers used a car's tire pressure monitoring system (TPMS) as their entry portal. Tire pressure monitoring has been mandatory on new cars since 2008 and uses a sensor on each wheel that transmits data over radio frequencies to a vehicle's electronic control unit.

By sniffing for signals from the TPMS, these researchers were able to track two different vehicles and even interfere with the signals. At this point, the real world implications are limited because TPMS sensors have a very short range and update the car's ECU only every 60-90 seconds. However, these findings underscore how as vehicles get more wireless connectivity, it's important to ensure those wireless connections are secure and encrypted to prevent mischief.


http://www.autoblog.com/2010/08/11/cars-hacked-by-researchers-through-wireless-tire-pressire-monito/
 
So they can make a car tell you the tire is flat for 60-90 seconds at very close range?
Seems pretty useless to me...
 
And what would anyone gain by messing with someone's electrical in their car?
Makes no sense to me.
Bob.
 
Bob Hubbard said:
And what would anyone gain by messing with someone's electrical in their car?
Makes no sense to me.
Bob.
Click to expand...

Why do most people create viruses, because they can and they have nothing better to do with their time. Quite frankly, they get bored.
 
Well as we get more into drive by wire and wireless communication in cars, they'll be able to do more than just tell you your tire's flat. Computer controlled anti skid can apply brake pressure and ease up on the throttle using drive by wire. Kinda like on star applying brakes when your car is stolen.
 
I could see the point in hacking a car to release the loxks on thwe car, then hotwiring it :-D
 
Icarus said:
So they can make a car tell you the tire is flat for 60-90 seconds at very close range?
Seems pretty useless to me...
Click to expand...
The point is that they've found a way to interface with the car's control systems wirelessly. Once they've done that, they can work on exploiting vulnerabilities to do other things using that connection.
 
SoonerLS said:
The point is that they've found a way to interface with the car's control systems wirelessly. Once they've done that, they can work on exploiting vulnerabilities to do other things using that connection.
Click to expand...

No, he is correct. The only part they can address through the TPMS is the TPMS. No way through that system to do anything more than send a low tire signal, and the ECU only snoops for signals every 60-90 seconds. Even with a great deal of wireless connectivity, a car's ECU is a very stable and specialized system. They are notoriously difficult to cause change with, ask anyone who produces tuners.

Though, with systems like On-Star and Sync, especially as these systems have a great deal of access to the vehicles systems, possibilities of attack are becoming more common-place.... though even on those systems, there are not a great deal of vulnerabilities.
 
Yes, I'd be more worried about OnStar as they already have commercials showing them cutting power to an suv that was stolen, unlocking doors for people, etc. If they can do it remotely, a hacker of some kind should be able to find a way eventually. Going through the tpm seems like a wasted effort though...
 
I'm not saying they will necessarily use this as an interface to crack the control systems. Its main significance is that it's the vanguard of a new arena of security research, but the researchers were able to do some things that would be rather undesirable, as described by Steve Gibson in his Security Now podcast:
Steve Gibson said:
Ars Technica talked about it, but I found some other information, and I'll just read from this. It said, "The researchers had found that each sensor has a unique 32-bit ID, and that communication between the tag and the control unit was unencrypted, meaning it could be intercepted by third parties from as far away as 40 meters. 'If the sensor IDs were captured at roadside tracking points and stored in databases, third parties could infer or prove that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs,' the researchers write, in a paper that accompanies the presentation." They're giving a presentation this week at the USENIX Conference.

"Such messages could also be forged. An attacker could flood the control unit with low pressure readings that would repeatedly set off the warning light [in the instrumentation], causing the driver to lose confidence in the sensor readings, the researchers contend. An attacker could also send nonsensical messages to the control unit, confusing or possibly even breaking the unit. 'We have observed that it was possible to convince the TPMS [the Tire Pressure Measurement System] control unit to display readings that were clearly impossible,' the researchers write. In one case, the researchers had confounded the control unit so badly that it could no longer operate properly, even after rebooting, and had to be replaced by the dealer.
-- http://www.grc.com/sn/sn-261.txt
Click to expand...
FIND said:
They are notoriously difficult to cause change with, ask anyone who produces tuners.
Click to expand...
Yet they manage to do so...
FIND said:
Though, with systems like On-Star and Sync, especially as these systems have a great deal of access to the vehicles systems, possibilities of attack are becoming more common-place.... though even on those systems, there are not a great deal of vulnerabilities.
Click to expand...
I would be less concerned about Sync than OnStar. Ford already has security initiatives in place with regards to Sync, and are intent on keeping strong separation between it and the car's control systems.
 
You must log in or register to reply here.

Members online

Total: 167 (members: 1, guests: 166)
Back
Top