Bruce Schneier reports
on yet another worrisome attack against systems we rarely consider when looking at security problems: automobile "safety" systems. He quotes from two articles that cover a recent paper [PDF]
about the vulnerability, including this from an article
at The H:
"Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle's system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle's on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US.
to post comments)