It’s no secret that cars today are run by computers. Services such as OnStar from GM and others also communicate information about the car to other locations. These are marketed as safety tools and for the large part they are. Insurance companies are also promoting dongles that connect to a vehicle’s maintenance port to gather information on how the car is run – presumably so those who seem to operate the car more safely pay lower insurance rates.
These devices have a downside, however. They connect to the car’s built-in network called the CAN (controller area network) bus to gather information. That bus also contains connections to all the vehicle’s systems including the engine and brakes. The devices use mobile networks to communicate with the companies that monitor and manage them. That’s how they can unlock doors, and so forth. Recently, though, some of these devices have reportedly been hacked to allow at least some control of the car by unauthorized – potentially malicious – individuals.
OnStar was reportedly hacked by DARPA (the US Department of Defense Advanced Research Projects Agency) to allow remote braking, along with controlling other vehicle systems. According to the article, GM has been working with them on the project. It is a positive sign to see manufacturers working with researchers to find issues in systems like this.
Researchers also allegedly found vulnerabilities in an insurance company dongle. The dongle plugs into the vehicle’s OBD-II (On-Board Diagnostic) port which is generally located below the steering wheel. This allows connection to the CAN bus and other vehicle systems. ( While references to specific connections such as OBD are US-centric, cars sold in other countries have similar systems and some are mentioned in the Wikipedia article linked above.)
I looked into getting a Bluetooth-based dongle that connected to my SUV’s OBD-II port. I wanted to find out about engine performance and other characteristics of my older car. I decided not to do it as I was unsure of what Bluetooth signals could be sent to the device in addition to the telemetry it would send to my phone.
Taking much control of a car using one of these systems (without assistance from the company managing the device) is probably not easy – at least not now. I hope it doesn’t become easy. But the bigger point is that at least some of these devices, at least to some extent, appear to have been designed without a serious consideration for security. This is true of many older protocols used on the Internet and of many devices in our homes and workplaces. I am excited that researchers are looking into the security of such devices, and I am discouraged that security is still not a critical part of their design. Some of these devices are surely designed with security in mind and I commend those designers!
We talk about the lack of security considerations in software and embedded system design in Learning Tree’s System and Network Security Introduction. Sometimes there are alternative tools that are more secure than others and sometimes there aren’t. I hope to see you on a 468 course soon.
To your safe computing,
Update 19 February 2015: Jalopnik.com reports that at a recent hackathon a 14 year old was able to demonstrate a homemade $15 device that could wirelessly access the CAN bus and control ”Simple stuff…like lights and windshield wipers”. The device was built in one evening with, apparently, little or no advance knowledge of the CAN bus