Hackers can take over any Chrysler vehicle from the last 2 years. Yes, fully remotely. Yes, including steering, brakes and transmision.
-
If you design a car's entertainment system with the proper methodology, in a language and environment focused on security (i.e. not C), with quality control, code reviews, safeties, formal verification for the critical parts, and obviously without letting the goddamn brakes take orders from the online media player, there's no way a disaster like this can happen.
There's also a hardware issue at play here -- CAN is a true multi-master bus topology distinctly unlike most other systems in use today. It uses an address-based bitwise arbitration procedure instead of any sort of backoff; this makes bus conflict resolution deterministic, but also causes multiple issues with message filtering based on source addresses. (A "hard switched" system similar to AFDX is actually more secure as the switch can simply drop spoofed packets/messages.)
There's an easy way to fix this: Hardwired routing tables so that the stereo can't send commands to the engine.
Unfortunately, that's physically impossible due to the way CAN works, which is very different from AFDX and its ARINC friends. You'd have to go to an entirely different protocol for this job.Because it beats the bizarro current methods, which are roughly analogous to BIOS beep codes, except they involve turning the key 10 times in succession and then counting the multi-digit flash pattern of the seat belt light.
The car I'm most familiar with has a nice character VFD (oh, 16*2 or the likes) in the instrument cluster -- it normally serves as an odometer display, but would be a much better candidate for outputting fault codes than the blasted radio.
-
people are wimpy enough about the walk to the car
Have you never seen a car be so frozen over you can't get into it? Being able to start it anyway so it can warm up and melt some of the ice is handy.
-
I also have to give them credit for actually replacing my car instead of scheduling an endless series of software update appointments.
Yeah--HP lost my business by (essentially) doing that with me. That is, what you say Mazda didn't.
-
The car I'm most familiar with has a nice character VFD (oh, 16*2 or the likes) in the instrument cluster -- it normally serves as an odometer display, but would be a much better candidate for outputting fault codes than the blasted radio.
Nobody sane is disputing that.
-
Have you never seen a car be so frozen over you can't get into it?
Nope. And I've lived in places that have dumped two feet of snow onto it. A shovel, a brush, and a cup of hot water (or preferably lock de-icer) will eventually get you in.
-
a cup of hot water
During the Polar Vortex, I was pouring kettlefulls of water onto my roommate's car trying to unfreeze the trunk, to no avail. He, alas, did not have a remote start. Also, the door handle snapped off, and come spring, the car wouldn't start.
-
unfreeze the trunk
As opposed to the door? Why? I assume you must have had a reason.
Also, the door handle snapped off,
Not counting the trunk, there should have been one to three additional doors.
come spring, the car wouldn't start.
That is--probably--a different problem.
-
We had an ice storm in Missouri several years ago that was so bad I had a 1 - 1.5" thick layer of ice encasing my truck. I had to use a hammer to break the ice along the door seams and handle to get in.
-
Yeah, I guess I should've mentioned a scraper, too. I have this awesome one that's built like a gas-station squeegee, except it's a scraper. One big, heavy piece of plastic, capable of being used as a hammer for just such an occasion.
-
The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.
That's me on an overpass
Then I get run over by one of those bots.
-
Why?
Because his jumper cables were in the trunk and my car wasn't starting >.>
It was a rough winter.
there should have been one to three additional doors.
yeah, we managed to eventually get in the passenger's side, but it took ages.
-
Man everywhere except where I live is a hellhole.
-
-
The US is really known as a utopia. Happiest/richest/most equal people on earth. Yeah...
-
@HardwareGeek said:
I wouldn't, but I'm guessing it's something along the lines of, "Because it's cold, and I want to start the car remotely so the heater can have the car all nice and warm before I walk from the house to the garage."
I walk past a car every morning that does that. Californian's are fucking wimps. I walk past in a short sleeve shirt.
I remote start my car (with the manufacturer's fob) all the time in the summer, too (I don't live in California). It's nice to have the car warmed / cooled before I get into it.
-
Ina5ter Boeing.
-
I have a remote starter on my car, but since it's a hybrid it doesn't really actually start anything. Just turns on the AC.
-
Can I just say that this thread title is incredibly usable on mobile. Great job op, I was able to click the notification and come to this thread first try.
-
warmed / cooled before I get into it.
I get that, but ...
@dcon said:
I walk past in a short sleeve shirt.
(Ok, I've been known to just wear a t-shirt when it's 60 out)
-
I get that. I replied to you but was really addressing the people who seemed to not comprehend the desire for remote start. Maybe they just thought that using one's phone was ridiculous where a fob is not.
I think I've mentioned that there's a large population of Central American immigrants in my area. When the temperature dips into the 50s or so, they start bundling up in heavy winter clothing. It's crazy.
-
When the temperature dips into the 50s or so, they start bundling up in heavy winter clothing. It's crazy.
I've been in CA for 20 years now. I STILL don't get people riding bicycles in heavy clothing (and head warmers!) when the temperature's over 70. I'd die of heat exhaustion!
-
I was born and raised in SoCal. I've never played golf in long pants, even when the temperature was in the 50s.
-
-
-
-
-
frankly so is remote ignition but apparently people are wimpy enough about the walk to the car that their comfort overrides security
There's also something satisfying about standing behind a large-displacement V8 and hitting remote start.
Have you never seen a car be so frozen over you can't get into it? Being able to start it anyway so it can warm up and melt some of the ice is handy.
In some jurisdictions, you have to be careful about it, though.
-
Because his jumper cables were in the trunk and my car wasn't starting
Good reason. Car, I take it, was old enough it didn't have fold-down rear seats.
-
Man everywhere except where I live is a hellhole.
Well, sure, if your idea of not-a-hellhole is "400 cloudy/rainy days a year."
-
When the temperature dips into the 50s or so, they start bundling up in heavy winter clothing. It's crazy.
I've seen native South Carolinians do that. Nothing like a clutching a fur coat to yourself in September.
-
That's why this year is AWFUL. Is this even the pacific northwest?
-
I was born and raised in SoCal. I've never played golf in long pants, even when the temperature was in the 50s.
Me, too. Actually, I've never played golf at all.
-
That's why this year is AWFUL. Is this even the pacific northwest?
Sunday, I tried to use my car A/C for, I think, the second time since I moved to WA. It didn't work.
-
It's not like the engine control unit just spews trouble codes on the CAN bus, the radio has to request them.
Wouldn’t a simple fix for that be to make the engine control simply always send anything it likes out on some cable and letting the radio decide whether or not to listen? If it’s programmed to listen, say, once every couple of seconds it would pick up important warnings easily in time, and it can then also have a mode that displays all warnings as they come in. No need at all for the radio to send signals to the engine.
-
there's no way a disaster like this can happen.
Of course there will always be errors that slip any control. Think "Heartbleed". But there should be much, much less of them.
-
-
For the three jurisdictions that site covers,
* Private non-commercial passenger vehicles are exempted
-
Wouldn’t a simple fix for that be to make the engine control simply always send anything it likes out on some cable and letting the radio decide whether or not to listen? If it’s programmed to listen, say, once every couple of seconds it would pick up important warnings easily in time, and it can then also have a mode that displays all warnings as they come in. No need at all for the radio to send signals to the engine.
You are suggesting to change the protocol for this one scenario? That's far from a simple fix.
-
Of course there will always be errors that slip any control. Think "Heartbleed".
Wasn't it discovered after Heartbleed bug that OpenSSL was a nightmare of sloppy, unreviewed code with several custom memory managers and obscure hacks to support arcane platforms?
-
Didn't see anyone mention this, so...
Someone should go through suspicious Chrysler-involved accidents over the past few years and give them another look. There's nothing to say that white-hats where the first one to discover this exploit.
-
Is this even the pacific northwest?
I'm not sure I understand what, specifically, is the issue. Can your question be resolved by looking around you? Are you complaining about not enough rain?
-
Are you complaining about not enough rain?
Yes, though just cloud cover and coolness would be enough. Luckily, It seems I may get that today.
-
@Hanzo said:
Of course there will always be errors that slip any control. Think "Heartbleed".
Wasn't it discovered after Heartbleed bug that OpenSSL was a nightmare of sloppy, unreviewed code with several custom memory managers and obscure hacks to support arcane platforms?
No, it was discovered well before that, it's just that no one cared back then.
-
Steering and brakes are fly-by-wire now?
Brakes: yes, that's how ABS works. Steering: article mentions that steer-by-wire is only available in reverse, which suggests to me that some kind of auto-parking functionality is probably involved; however, if the transmission:steer-by-wire interlock is in software, that's probably not much of a barrier.
-
Are you complaining about not enough rain?
Yeah. The weather in the PNW summer this year has been basically like a Kansas summer (although with smaller insects.) This only happens maybe one in ten years.
-
Steering: article mentions that steer-by-wire is only available in reverse, which suggests to me that some kind of auto-parking functionality is probably involved; however, if the transmission:steer-by-wire interlock is in software, that's probably not much of a barrier.
The auto-park feature in my car does software control of steering in reverse or forward. (So you can back into a parallel spot, then drive forward a bit to straighten out the car.) It only works under about 5 MPH, but God knows if that limitation is hardware or software.
-
It only works under about 5 MPH, but God knows if that limitation is hardware or software.
And if it's a firmware limitation, rather than a hardware one, then rewrite the firmware and sploit away!If even something utterly outrageous like this can't get people off their asses, then I don't want to live on this planet anymore.
-
If even something utterly outrageous like this can't get people off their asses, then I don't want to live on this planet anymore.
We don't need to get off our asses so much as acknowledge that being a Luddite who
fearsis skeptical by default about the benefits of change is a completely defensible position.[quote=Maciej Ceglowski]Marc Andreessen has this arresting quote, that ‘software is eating the world.’ He is happy about it. The idea is that industry after industry is going to fall at the hands of programmers who automate and rationalize it.
We started with music and publishing. Then retailing. Now we're apparently doing taxis. We're going to move a succession of industries into the cloud, and figure out how to do them better. Whether we have the right to do this, or whether it's a good idea, are academic questions that will be rendered moot by the unstoppable forces of Progress. It's a kind of software Manifest Destiny.
To achieve this vision, we must have software intermediaries in every human interaction, and in our physical environment.
But what if after software eats the world, it turns the world to shit?[/quote]
-
We don't need to get off our asses so much as acknowledge that being a Luddite who fears is skeptical by default about the benefits of change is a completely defensible position.
OK, but given that Chrysler has been making exploitable vehicles for at least two years now, perhaps they should be recalled, at the very least? And even if there's a "fix" for this particular sploit, what happens if there's another vuln? When do people say, "You know what, Chrysler? Every one of these cars will be junked, and you're eating the cost."
-
>The idea is that industry after industry is going to fall at the hands of programmers who automate and rationalize it.
That's a familiar sort of shudder inducing quote..
The idea is that industry after industry is going to fall at the hands of
programmersplanners whoautomate andrationalize it.