Results 1 to 11 of 11

Thread: Beemer Bummer?

  1. #1
    Join Date
    Sep 2007
    Location
    Longview WA
    Posts
    27,347
    Blog Entries
    1

    Beemer Bummer?

    This kind of makes me want to go out and buy an old old car:

    The researchers noted that their probing found flaws that could be exploited by an attacker to inject messages into a target vehicle's CAN bus – the spinal cord, if you will, of the machine – and engine control unit while the car was being driven. That would potentially allow miscreants to take over or interfere with the operation of the vehicle to at least some degree.
    https://www.theregister.co.uk/2018/0...security_bugs/

    The idea someone else can hack my car on the road is about as scary as it can get.

    jtk
    "A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty."
    - Sir Winston Churchill (1874-1965)

  2. #2
    Seen several articles like this over the last few years. Some were in reputable sources, others seemed like sensationalism. But it's a concern that's out there and people are investigating just how significant it might really be. One article talked about GM's OnStar system as a potential vector. Another talked about bluetooth. I'm no expert, but I think I know this much - if there is a pathway into any computer system, you've got a risk that someone will exploit it. If they have access, skills and motive.

    Guess we'll see how this all shakes out.

    Fred
    "All that is necessary for the triumph of evil is that good men do nothing."

    “If you want to know what a man's like, take a good look at how he treats his inferiors, not his equals.”

  3. #3
    Join Date
    Sep 2004
    Location
    Jacksonville, FL
    Posts
    859
    Quote Originally Posted by Frederick Skelly View Post
    Seen several articles like this over the last few years. Some were in reputable sources, others seemed like sensationalism. But it's a concern that's out there and people are investigating just how significant it might really be. One article talked about GM's OnStar system as a potential vector. Another talked about bluetooth. I'm no expert, but I think I know this much - if there is a pathway into any computer system, you've got a risk that someone will exploit it. If they have access, skills and motive.

    Guess we'll see how this all shakes out.

    Fred
    Agreed. Luckily most people don't have the skill set needed to do things like that. But that are lots od script kiddies out there that have no qualms about hacking using other people's code. They don't really understand what they are doing but they can do some damage.

    Security is always about the risk involved versus the gain involved.
    Marshall
    ---------------------------
    A Stickley fan boy.

  4. #4
    Join Date
    Dec 2006
    Location
    Toronto Ontario
    Posts
    11,247
    It's the bikes as well, mine has a CAN bus electrical system.............Rod.

  5. #5
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    65,685
    In response to this kind of potential risk, most, if not all of the manufacturers have installed firewalls in the systems. Some have even put a firewall on the physical port in the cabin that actually limits what can be plugged in there to specific tools. The dealers's tools will work, but many 3rd party tools will not work anymore. (Jeep did that with the Grand Cherokee as of MY18) This prevents nefarious code from entering maliciously from a 3rd party tool or application via that physical port. That's in addition to the steps I mentioned for the "over the air" risk.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  6. #6
    Join Date
    Sep 2016
    Location
    Modesto, CA, USA
    Posts
    9,879
    I remember several years ago watching a show about modern big rigs. The maker can read the black boxes over the air and recommend oil change times etc to the dash. They use this to diagnose problems when called even before the truck makes it into the shop. They can also update the software for engine management and transmission over the air.
    I believe Tesla has updated the onboard software several times over the air by cellphone connection. I do not believe the owner was ever asked if they wanted the changes.
    I have to say that the internet and hackers are two things the scifi writers did not predict.
    Bill D

  7. #7
    Join Date
    Feb 2013
    Location
    Tippecanoe County, IN
    Posts
    836
    Quote Originally Posted by Bill Dufour View Post
    ...I have to say that the internet and hackers are two things the scifi writers did not predict.
    You might want to check out William Gibson. He's the scifi author who invented the term "cyberspace", first used in his short story "Burning Chrome". It's about some freelance hackers and was published in 1982. Interestingly enough, the hacking software they used came from Russia.
    Beranek's Law:

    It has been remarked that if one selects his own components, builds his own enclosure, and is convinced he has made a wise choice of design, then his own loudspeaker sounds better to him than does anyone else's loudspeaker. In this case, the frequency response of the loudspeaker seems to play only a minor part in forming a person's opinion.
    L.L. Beranek, Acoustics (McGraw-Hill, New York, 1954), p.208.

  8. #8
    They're all sensationalized and hyped. Almost anything you read about tech in mainstream media is purposely manipulated to instill fear in you and get you to keep tuning in to this garbage.

    Remember the Jeep hacking thing a few years ago? All BS. I ended up working with a rather (in)famous hacker to see if there really was any way to do this remotely. Nope. Basically you had to have full physical access and do a lot of work just to inject simple things into the bus. Silly and useless.

    Our BMW has the service connection in it also. We never paid for it after the free period, so it doesn't actually work. I once had a conversation with the service advisor assuring him that yes, I would add some anti-freeze, and that no, it was not worth an hour of driving (there and back) just to get it free from them.

  9. #9
    (Jeep did that with the Grand Cherokee as of MY18)
    And on the Wrangler with 2015. I can no longer use a programmer to change some settings. They left some open, like the ability to reprogram lockers, gear ratios, TPMS settings, and the like. But I can no longer change what they consider safety or reliability items, like I did with my 2013. In order to get around this, you can send your ECU to companies that will physically open and remove a chip, reprogram it, and put it back together. Then it becomes unlocked and you can change it all you want.

  10. #10
    Quote Originally Posted by Bill Dufour View Post
    I remember several years ago watching a show about modern big rigs. The maker can read the black boxes over the air and recommend oil change times etc to the dash. They use this to diagnose problems when called even before the truck makes it into the shop. They can also update the software for engine management and transmission over the air.
    I believe Tesla has updated the onboard software several times over the air by cellphone connection. I do not believe the owner was ever asked if they wanted the changes.
    I have to say that the internet and hackers are two things the scifi writers did not predict.
    Bill D
    Almost every GE locomotive sold in the last 20 years has this function, but it comes at a price. GE can tell owner how locomotive is working, and what services are needed, and how soon.

  11. #11
    Join Date
    Mar 2015
    Location
    Virginia
    Posts
    1,209
    Thanks for posting Jim. Pay no attention to “the experts.” So far we have seen OPM hacked, Equifax hacked, the Wannacry shutdown of most of Europe, NSA hacked, Facebook scandal and on and on.

    It may not be an issue now (I agree the chances of some 19 year old hacker deciding to try to mess with your particular car are remote) but when we have millions of cars on the roads with wireless update capability some hostile nation state is going to put resources into looking at how to cause chaos through those connections in order to gain leverage. People are not taking this seriously enough.


    Quote Originally Posted by Jim Koepke View Post
    This kind of makes me want to go out and buy an old old car:

    https://www.theregister.co.uk/2018/0...security_bugs/

    The idea someone else can hack my car on the road is about as scary as it can get.

    jtk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •