dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3091

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 edit

antdude

Premium Member

Can a virus hitch a ride in your car?

An article: »news.com.com/Can+a+virus ··· 904.html

A virus can wreak havoc on computer files, hard drives and networks, but its malicious effects tend to be measured in wasted time, lost sales and the occasional unfinished novel that evaporates into the digital ozone. But what if viruses, worms or other forms of malware penetrated the computers that control ever more crucial functions in the car?

Could you find yourself at the wheel of two tons of rolling steel that has malevolent code coursing through its electronic veins?

That frightening prospect has had Internet message boards buzzing this year, amid rumors that a virus had infected Lexus cars and SUVs. The virus supposedly entered the cars over the Bluetooth wireless link that lets drivers use their cell phones to carry on hands-free conversations through the cars' microphones and speakers.

The prospect is not so implausible. A handful of real if fairly benign cell phone viruses have already been observed, in antivirus industry parlance, "in the wild."

Still, a virus in a cell phone might muck up an address book or, at worst, quietly dial Vanuatu during peak hours. But malicious code in cars, which rely on computers for functions as benign as seat adjustment and as crucial as antiskid systems that seize control of the brakes and throttle to prevent a crash, could do far more harm...
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Worse yet they are working on a steering assist thing now. Kind of a enhanced cruise control. Basically its makes small adjustments in your steering based on how fast your going. With things like electronic throtal the breaking system and now this steering assist stuff it could get bad in a hurry. If it can make small adjustments in steering like how much you need to turn your wheel to turn the car it if affected by a virus could out and out turn the car all on its own. Id say that with gps and all that good stuff already in cars we will see the first car with a true auto pilot in no less 5 to no more than 10 years from now. Imagine viruses infecting that. All a car theif need to is infect your car with a trojan and control the car by remote from his own car. heh

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

1 recommendation

Sparrow

Premium Member

My first thought after finishing the article was to be on the lookout for spam e-mails selling AV/AT programs for your car that "IS NOW AT GREAT RISK!"

Unfortunately, I have a feeling the spammers and scammers (and possibly less reputable auto insurance companies) will be the first ones to cash in on this, long before the AV/AT vendors and virus and trojan writers get started.

I'm not surprised since malware has gotten into more restricted projects than a car.
dave
Premium Member
join:2000-05-04
not in ohio

1 edit

2 recommendations

dave

Premium Member

said by Sparrow:

Unfortunately, I have a feeling the spammers and scammers (and possibly less reputable auto insurance companies) will be the first ones to cash in on this,
Nah. The auto-makers have already sold the onboard advertising rights; they're too valuable to be left to third-party scumbags entrepreneurs fulfilling a crying need that society has for more advertising opportunities.

You did read the EULA when you signed for that new car, didn't you?

ironwalker
World Renowned
MVM
join:2001-08-31
Keansburg, NJ

ironwalker to antdude

MVM

to antdude
Next onstar will have popups!;)

Seriously....bluetooth or not,I wouldnt link anything to my car from the net or outside pc sources non auto related.Theres just too much valuable electronics in a car to even play around.One virus knocking out an automobiles pc is just throwing away $1,000....give or take few hundred.
The automobile industry already makes a killing in after market parts and mechanics hourly labor rate always goes up...no sense adding to the destruction of my wallet.

Crypto5
Premium Member
join:2001-01-07
Saint Charles, MO

Crypto5 to Nanaki

Premium Member

to Nanaki
said by Nanaki:

Worse yet they are working on a steering assist thing now. Kind of a enhanced cruise control. Basically its makes small adjustments in your steering based on how fast your going. With things like electronic throtal the breaking system and now this steering assist stuff it could get bad in a hurry.
Eventually, automobiles will have a fully computerised drive-by-wire system, where there's no mechanical linkage between the control interface and the work being done, it will all be interpreted and commanded. There are a lot of design decisions that could enhance passenger safety, namely not having a giant steering wheel directly in front of a driver with a steel shaft running a few feet down to the rack. Traction control, anti-rollover, and anti-skid systems would also be able to do a lot more to keep the car controllable under adverse handling conditions if they could also deflect the steering gear.

Fly-by-wire systems have been in use in aircraft for more than 30 years, and are generally held to be safe and reliable engineering accomplishments. An automobile is a far simpler system to define control laws for than an airplane: there's no vertical plane for worry about, and only one control mechanism (turning the wheels) instead of the 3
(aileron, rudder, elevator) that an aircraft's flight control laws have to deal with.

I look forward to drive-by-wire systems, I think they could really advance the state of the art of automobiles. I'm not really worried about them getting infected by something, because control systems are deterministic, closed-loop computer environments. No extraneous inputs, no outputs, and a watchdog that can cycle the system in the blink of an eye, without the operator even knowing it happened.

NanDog
The Pup Was Female, I'M Not
Premium Member
join:2003-12-28
Bremerton, WA

NanDog to antdude

Premium Member

to antdude
Yikes! All the more reason to spend more time driving my 1969 Z28 Camaro rather than my Nissan truck! No computers in that old fire-breathing Chevy!

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

1 recommendation

Sparrow

Premium Member

said by NanDog:

Yikes! All the more reason to spend more time driving my 1969 Z28 Camaro Firebird rather than my Nissan truck! No computers in that old fire-breathing Chevy Pontiac!
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to Crypto5

Premium Member

to Crypto5
There's an even more sophisticated system that relieves you of all need to control the vehicle. It's called "public transport".

Brat75
I remember 8-tracks
join:2003-02-05
Kent, WA

Brat75 to antdude

Member

to antdude
Sad, tho, isnt it?

You could drive down the street, talking on the cellphone and checking your email on your PDA while making sure you're going the right way with On-Star, and listening to your new DVD music.

Honestly, next car I buy, i'm going to ask what specs the computers are inside. I bet the dealer person won't understand. I dont want wireless. I dont want Bluetooth. I dont want On-star! I want privacy.

But I guess I wont get much.

Brat75
bluezanetti
Premium Member
join:2003-10-04

bluezanetti to antdude

Premium Member

to antdude
Look folks,

This isn't "Independence Day" let's whip up a virus to crash the alien (literally) OS. I'm sure it can be done, but script kiddies bearing down on hacking into a Buick??? Come on...

Blue

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to NanDog

Premium Member

to NanDog
said by NanDog:

Yikes! All the more reason to spend more time driving my 1969 Z28 Camaro rather than my Nissan truck! No computers in that old fire-breathing Chevy!
Yeah, but those cars won't last forever.

davide27
Premium Member
join:2004-12-06
Burnaby, BC

davide27 to antdude

Premium Member

to antdude
I don't know why but for some reason I feel uncomfortable using the cruise control while driving. This isn't going to ease me mind!

Jim Gurd
Premium Member
join:2000-07-08
Livonia, MI

Jim Gurd to ironwalker

Premium Member

to ironwalker
said by ironwalker:

Next onstar will have popups!;)

Onstar is such a ripoff. $17 per month for what? If I have an emergency I will use my cell phone.

They advertise that you can use your Onstar to make phone calls but it's not part of the monthly fee. You must pay extra for that. No thanks.

Fortunately I don't own a GM car but if I did I would make sure it didn't come with Onstar. Why pay for equipment I will never use.

Crypto5
Premium Member
join:2001-01-07
Saint Charles, MO

Crypto5

Premium Member

said by Jim Gurd:

Onstar is such a ripoff. $17 per month for what? If I have an emergency I will use my cell phone.

I have to say that I feel the same way about the $17 monthly charge, but having someone asking if you're all right following an accident is pretty cool.

Sure, you can dial out on your own cell phone after an accident, as long as:
•your arms or hands arent broken,
•your phone is still sitting where you left it
•You are still conscious.

Airbag + hands on wheel + elbow leaning on window sill + accident = good chance that your hands and arms will be pretty messed up following a wreck.

The point of the onstar system is that the car dials out automatically if your airbags pop or the impact sensor registers a severe hit. It transmits the current location of the car, so the dispatcher knows where the car is located, so even if you dont respond to them over the phone, they can still send the cops and EMS out to see if you're still alive.

I believe there's an anti-theft mode as well, whereby if your car is stolen, the police can call Onstar and have them query the vehicle for its current location.

I know what response the above sentence triggers in most people here, and the answer is 'yes, they can', and 'yes, there is a policy that covers how they do it.'

»www.onstar.com/us_englis ··· lectinfo
OnStar only obtains the location of a vehicle when a user initiates a request for service, there is an Air Bag Deployment, Advanced Automatic Crash Notification is triggered or when required to do so by a valid court order in criminal procedures.
I think it's an ingenious system, and I think it's a good system for cars to have. Equipment-wise, it's a trivial cost compared to the price of the car. You're talking about a GPS plus a cellphone. Seeing as how all E911-compliant cellphones have some GPS capability in them anyway, you're really only talking about a cellphone electronics package, which is at most an $100 addition to the cost of the car.

I hope that they branch out to cover non-GM vehicles, otherwise I'll never get a chance to try it out.

Jim Gurd
Premium Member
join:2000-07-08
Livonia, MI

Jim Gurd to antdude

Premium Member

to antdude
Yeah, it's true that they can locate you when the airbag deploys and you can't speak. However the chances of me having an accident in an area where there are no witnesses who can call 911 for me is very slim.

The other services are dubious at best such as remotely unlocking the doors. Big deal, I can do that right now. My vehicle has a numeric keypad on the door that unlocks it even without a key. No need to pay Onstar for that.

GM is starting to make it mandatory on many new models. You get the Onstar hardware whether or not you want it and the price is included in the cost of the vehicle. Supposedly the first year is free but after that you pay monthly. Sorry, I don't another bill to pay. Fortunately I own a Ford and will most likely buy another when the time comes.

dddane
join:2002-01-10
Chicago, IL

dddane to Jim Gurd

Member

to Jim Gurd
going with that theory, why would anyone pay ADT a monthly fee to watch their security system? Afterall, most people have phone's... if someone broke in or a fire started, they could just call 911...

Jim Gurd
Premium Member
join:2000-07-08
Livonia, MI

Jim Gurd

Premium Member

said by dddane:

going with that theory, why would anyone pay ADT a monthly fee to watch their security system? Afterall, most people have phone's... if someone broke in or a fire started, they could just call 911...
The security system is to protect your home when you aren't there. There is no such need in a vehicle and Onstar isn't marketed as a burglar alarm or a fire alarm.
travanx
join:2002-01-15
Altadena, CA

travanx to antdude

Member

to antdude
why would the bluetooth be connected into the cars computer? There doesn't seem to be any reason that the phone system would be linked to the cars ECU in any way.

The only virus I could see is if somehow/someway one of the diagnostic computers could get a virus and when someone goes in for service that computer infects the car. But can an ODB 2 port be written to? Or can it only be read from?

I guess if someone was to flash the ECU firmware with bad code? But it would be pretty obvious where that would have happened if your cars firmware is getting reflashed.
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

said by travanx:

There doesn't seem to be any reason that the phone system would be linked to the cars ECU in any way.
In other computing circles, that is no guarantee that it isn't linked.
travanx
join:2002-01-15
Altadena, CA

travanx

Member

A bluetooth device should only be connected to the ignition, power and negative to be used in a car. And maybe wired through a mic/speakers or however you talk and listen to it.
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

1 edit

IGGY9 to antdude

Premium Member

to antdude
I think that CNET link is an updated story. But I covered this and I think their original story on this back in January of this year.

Buy a Lexus Get a Virus

»iggy.gnomeblog.com/blog/ ··· 550.html

Your vacuum is now at risk as well.

Is your Dyson vacuum now a security risk for virus infection?

»iggy.gnomeblog.com/blog/ ··· 465.html

Crypto5
Premium Member
join:2001-01-07
Saint Charles, MO

Crypto5

Premium Member

said by IGGY9:

I think that CNET link is an updated story. But I covered this and I think their original story on this back in January of this year.

Buy a Lexus Get a Virus

»iggy.gnomeblog.com/blog/ ··· 550.html

It's important to note that in that story, they're talking about the in-dash navigation/entertainment comptuer, not the ECU.
travanx
join:2002-01-15
Altadena, CA

travanx

Member

If they are talking about the navigation, then the virus really doesn't affect anything of risk on the car, such as the examples of it taking over the brakes or steering, etc. Though I guess the navigation could go crazy and just start yelling loud sayings or something at you. Or maybe turn up the music really loud? So bluetooth stuff is hooked into the stereo system/navigation?
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

2 edits

IGGY9

Premium Member

But unless you know the design of the car. How do you know what systems may interact or in some way be connected to each other? I merely posted to add to the thread. I wasn't looking for someone to find a reason to be critical of me ( actually you should contact CNET if your taking issue with their reporting - I didn't really add my thoughts in that post ). The point was an infection can take place. No matter how unlikely - it seems it has occurred. As I stated in the Dyson blog post. The likelihood of that model vacuum becoming infected is highly unlikely. But if some odd events occurred - the possibility of infection exist. As I also stated towards the end of the Dyson post. Consumers and companies need to keep in mind that adding these types of technology to consumer products. Opens up the chance for security issues. These should be fully examined when designing such features.
dave
Premium Member
join:2000-05-04
not in ohio

dave to antdude

Premium Member

to antdude
And for how long will the auto-makers be able to resist the lure of remote diagnosis? All the critical engine systems reporting to an onboard data repository that can be remotely queried...

(and you hope it's only "queried")

ironwalker
World Renowned
MVM
join:2001-08-31
Keansburg, NJ

ironwalker to antdude

MVM

to antdude
quote:
Did Kaspersky Labs start this urban legend as a publicity stunt?
Vmyths believes Kaspersky Labs actually did get a phone call from someone with a frustrating Lexus problem. It's still a common tactic for antivirus vendors to create publicity for these things, and we believe Kaspersky Labs followed established norms for creating media hype.

Kaspersky Labs shielded itself from full embarrassment by telling the media they were only "investigating" a Lexus virus accusation. Hence, we must largely blame this urban legend on the many experts and pundits who failed to exercise caveat lector when they retold the story in their own words.
Lexus automobile virus (urban legend)

from »vmyths.com/hoax.cfm?id=2 ··· 4&page=3

I like how they asked for a lexus to test this out:D

Cho Baka
MVM
join:2000-11-23
there

Cho Baka to antdude

MVM

to antdude
Thanks for the link Ironwalker.

I used to work for a Lexus Dealer. I was intrigued, to say the least, to hear this story/these rumors.

I no longer work on the "bench". I now fly a desk.

We at the dealer could not conceive of any method that this would be possible.

None of my peers at other dealers have encountered this either.

I have a friend who works for the company that manufactures (oem) and services this system for Lexus. He had not heard of this, and also can not conceive of any way where this would be technically possible. I realize this is here-say to those here, but this is more than good enough for me.

There was an alarmist story linked to from morning broadband bytes here too. Some story from a South African media outlet, claiming massive infection levels in the USA.

If anyone doubts the denials, go to any online Lexus forum, and look around.

One such forum is clublexus www.clublexus.com

another is »www.lexusownersclub.com

Crypto5
Premium Member
join:2001-01-07
Saint Charles, MO

Crypto5 to dave

Premium Member

to dave
said by dave:

And for how long will the auto-makers be able to resist the lure of remote diagnosis? All the critical engine systems reporting to an onboard data repository that can be remotely queried...

(and you hope it's only "queried")
McLaren already does this. You hook the diags port up to a modem they give you, and it dials out (or in, if you give them the number before you hook it up). There is a physcial connect that takes place to link the ECU and the communications system. If there were going to be a sort of 'wireless OBD' system, logic and good design would make this the simlest option, specially if there's already a bluetooth or wireles subsystem in the car: you could hook up the ECU to this wireless system, put the ECU in diag mode to do your work, and then disconnect it again.

Honestly, this is like the rumor that wont die, and people are just being alarmist about it.

WHAT IF WHAT IF WHAT IF WHAT IF WHAT IF WHAT IF

OMG WHAT IF!

I dont think remote LAN diagnosis is really a 'lure' for automakers. It's a lot simpler and cheaper just to hook up a OBD plug, and more lucrative for their service centers too.

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

Sparrow

Premium Member

Maybe the later posters didn't get a chance to read the originally posted article in it's entirety.

It may help clarify the misunderstandings:
»news.com.com/Can+a+virus ··· 904.html