Weekly Edition
Return to the Security page
| |||||||||||||
Schneier: Hacking Cars Through Wireless Tire-Pressure Sensors
Bruce Schneier reports on yet another worrisome attack against systems we rarely consider when looking at security problems: automobile "safety" systems. He quotes from two articles that cover a recent paper [PDF] about the vulnerability, including this from an article at The H:
"Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle's system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle's on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US."
(Log in to post comments)
Schneier: Hacking Cars Through Wireless Tire-Pressure Sensors Posted Aug 18, 2010 23:40 UTC (Wed) by jd (guest, #26381) [Link]
Ah, now this is a problem given that there were earlier reports that the wired network protocols being used in cars are in the clear and that researchers have been able to inject false signals for controlling car steering and car brakes.
The technology is intriguing, but if this kind of a door is being opened then it had better incorporate some security. Disasters are a result of a "perfect storm" of - usually avoidable but trivial - flaws being allowed to build up. This looks like a superb candidate for such a flaw, and it is not a difficult flaw to fix.
A story about the original detection of the flaw was in the Slashdot queue when the news broke, but was voted down as scaremongering because nobody would be so stupid as to allow wireless access to the car network. This would seem to show that not only are there people that stupid, they're also the ones making the regulations.
Schneier: Hacking Cars Through Wireless Tire-Pressure Sensors Posted Aug 19, 2010 0:48 UTC (Thu) by mcgrof (guest, #25917) [Link]
Kudos to Orbit and Winlab for the find.
Schneier: Hacking Cars Through Wireless Tire-Pressure Sensors Posted Aug 19, 2010 17:34 UTC (Thu) by Doogie (guest, #59626) [Link]
As I understand it, the indirect method has been around for a while and is unreliable. For example, it doesn't work if you have low profile tires, it doesn't work if you are driving fast (something like 60mph or greater, depending on the profile of your sidewalls), and it doesn't work if both tires on one axle are low. Personally, I'm not particularly concerned about this "security" hole. I have a far greater chance of getting into an accident simply driving my car than I would ever have of having it hacked via TPMS. As for the worries about being tracked, that's on *just* the wrong side of the "valid concern"/"conspiracy theory" side of things.
Schneier: Hacking Cars Through Wireless Tire-Pressure Sensors Posted Aug 20, 2010 14:50 UTC (Fri) by sorpigal (subscriber, #36106) [Link]
For me it's a matter of control. No, I don't think my car is likely to get hacked. I still like the idea of presenting a low profile and not broadcasting data I don't need to broadcast. It's not paranoia to want secure defaults when they don't cause any harm.
|
|||||||||||||