Lexus Computers Infected Via Bluetooth

Country_hacker writes "SCNews is reporting certain models of Lexus have been found with corrupted operating systems in their on-board computers. Evidently the virus got transferred through the Bluetooth interface. It's still unclear whether or not the computers run Symbian."

Obligatory

Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

So maybe this thing is running Windows? In this case, we already have a solution [mistupid.com].

And shouldn't vehicle have a read-only section just for the essentials? So that even the main system is down, the car will detach the OS and still function like a, like a, car?

Re:Obligatory

So I guess that we have to close all the open windows, get out, and then open the windows again?

Re:Obligatory

Try:

Up, down, up, down, left, right, left, right, blinkers, horn, clutch, gas.

Re:Obligatory

I did this a month ago, and my tank is still on full. I took out 4 pedestrians too, a Nissan titan, someone's dog, and a row of mailboxes with no damage.

The new Konami ECU rules.

Re:Obligatory

Isn't that how cars started going feral in Roger Zelazny's "Last of the Wild Ones"? (And "Devil Car" and "Auto-de-Fé", too).

Re:Obligatory

It almost certainly will still run, unless it's a completely idiotic design. The ECM and/or PCM (engine control module / powertrain control module, whatever these cars call it, the thing that runs the automatic transmission, the injectors, the spark, idle air control, etc.) is almost certainly not attached in any meaningful way to an embedded computer running a known OS. They're all attached to some sort of bus on modern OBD-II cars, but the ECM is usually capable of operating on its own. ECMs and PCMs are usually 8 or 16 bit micros with truly embedded software (read: no conventional OS, written specifically for the application at hand). Modern ones are flash-upgradable, but I highly doubt this would be enabled through any sort of radio interface, and even if it was, it wouldn't be any sort of thing where it could pick up a virus.

Sounds to me like the fancy mapping stuff and maybe some user interfacing is controlled by the affected computer, not the fundamental powertrain stuff. Any car designer that runs his powertrain off anything but a hardened, reliable, embedded micro is just an idiot, and I can't believe Toyota would do something that dumb.

Re:Obligatory

The car has a whole separate computer for essentials. These used to run a single program as a matter of course but some of them are now fast enough to run a RTOS instead, and some of the communications protocols used today essentially demand that you have a real OS on there. The cars actually have several computers in them now, and probably have one each for the engine, transmission, skid control, body management, and maybe even separate units to manage power seatbelts. The airbags might have a computer or just some relays, too. Then, there is a computer that manages stuff like navigation and entertainment, and maybe climate control. Oh yeah, that's anoth computer I forgot, climate control. It even has several of its very own sensors and actuators...

Anyway, all of this stuff is connected together to some degree except the entertainment computer, which probably only connects to the PCM, usually through the BCM, when climate control is managed by it. Seatbelts connect to the BCM, climate control might, airbags will. The ABS will connect to the PCM in cars with traction control and also tell the transmission's computer (connected to the PCM) what to do, as well as modulating throttle via the PCM.

The car already contains a network of computers, and each one typically is designed to work with its neighbor and only powertrain components directly influence units to which they are not attached. The worst thing you might do to a car like this (in most cases) is screw with the climate control settings.

Symbian and Cabir Virus

Cabir is transmitted as an SIS file (Symbian distribution file), disguised to be a Caribe Security Manager utility. If the infected file is launched, the telephone screen will display the inscription "Caribe".

The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.

Here is a link Caribe [f-secure.com]

Anti-virus companies have been warning for some time that mobile networks could be the next targets of virus authors. Mikko Hyppönen, director of anti-virus research at F-Secure, said several months ago that there was a danger of viruses spreading into GPRS networks through USB ports, and that pocket-PC devices would be easy targets for virus coders.

Fiat & Microsoft

"We do know that car manufacturers are integrating existing operating systems into their onboard computers (take the Fiat and Microsoft deal, for instance)."

Proof that like seeks like when it comes to reliability.

So what?

It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses.

This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here. What I do see are large privacy implications and holes for infection... We are worried about RFID tags and readers installed along the highway? Why they don't even need to add the RFID tags to the wheels. Just have all the car's devices communicating through Bluetooth. The car owners think their sweet, overpriced, GPS navigation system is badass and the government gets to see where you were going, how fast you were going, and where you are going to. Perfect.

"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure. "Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."

While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.

For now I'm sticking to my handheld GPS and windshield mounts. The only way it can be infected is if I sneeze on it and the only way that someone else could read it from 15 feet away would be with binoculars or a telephoto lens.

BTW, Bill Roehl is a known Saturn owner. He traded one in for another in 2002. That information is about as useful as knowing Bill Gates auctioned his 1999 (non BT equipped) Lexus off for charity.

Re:So what?

This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here.

The advantage is that the industry doesn't have to spend the next five years haggling over a wired communications standard for mobile phones. Instead they use Bluetooth, which is here right now. Using Bluetooth also means that handset manufacturers don't need to build more than one digital interface into their equipment. One of the devices people want to use with their handsets is a cordless headset, so manufacturers have to support that device. Why would they want to build in an entirely separate, wired interface for cars? (And why would you want to pay for them to do that?)

I always thought thoses Sybians were dirty.

That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?

New excuse

... to be late for work, because the 'flat tire' excuse is so passe.

Here is the bio on the Lasco virus writer

This is the guy who wrote the Lasco variant and posted source code online: Marcos Velasco [mobilemonday.net]

Here it is folks!

The first incidence of a drive-by virus!

Ideas for automotive pranks

Using the code to inspire a car to:
- Flash obscene messages in morse code through the brake light
- Warn of imminent empty tank, then say 'Just kidding' on the information center display.
- Mess with the volume of the radio subtly, if it uses CANbus.
- Lock the doors while playing a WAV of cackling laughter through the NAV system's audio interface.

If you avoid the obvious 'rofl make teh car crash like windows lololololol omfg' ideas, there should be lots of fun things you could do with the security hole this virus uses.

Time to head to Costco

and buy tin foil in bulk, it's gonna take a lot to protect my car...

Seriously, can the infected car infect another car that's sitting next to it at a stop light? Or people who are walking by it in the crosswalk?

Aircraft and Windows

"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure.

Calm down folks. I've seen plenty of cool looking computers built in to aircraft instrument panels. Yes, some of them run Windows.

First, you can be assured that they only update via a firmware media card such as SDRAM. Nobody's going to point a Bluetooth antenna at an airplane and knock it out of the sky.

Second, of the gripes that most of you have about Windows, the majority and the most egregious behaviors have to do with what happens when you network these things to insecure places. Windows has actually become quite stable in the last few releases. In a stand-alone configuration these systems are fairly reliable platforms.

Third, most pilots rarely get in to the down and dirty features of their displays. They don't have the time, nor do most of them care enough to learn any more than they need to get the airplane safely from point A to point B. You can say one thing for certain about Windows: the path is well worn. As long as you are doing relatively conventional stuff, it will serve you well.

Fourth, these are just navigation boxes. There are backup instruments. If a navigation computer dies, there will be other resources to navigate with. There are very few things in the panel of the airplane which do not have a backup of some sort --particularly where the avionics stack is concerned.

I say this as one who really doesn't like using or programming with Windows. Like any tool, it has its flaws; though when properly used, it can be quite safe.

Re:Aircraft and Windows

Windows has always been very secure in it's original intended environment. Attached to nothing but a power source and a printer. It is when it is allowed to communicate with other computers that security is completely lost.

But is it "Mission-Critical"?

I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems

He's (probably) talking about in the cabin. If that's the case, so what? Worst case: passengers can't watch the inflight movie. (I might even be grateful for that)

Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do...

... but we don't. This is the Navigational System- and it isn't clear that it was adversely affected by the virus! I'm glad they caught this now, BEFORE it caused major problems.

One of the BIG things drummed into me during flight training was: fly the airplane. It doesn't matter if the nav systems are acting up. The same applies to automobiles. (Though I'm sure there will be accidents "caused" by crashed Nav. systems)

Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

I can't decide if this a non-sequitir, or a wonderfully subversive way to relate insecurity and viruses with Microsoft/Bill Gates.

Symbian?

Whether it runs Symbian is irrelevant.
No, wait. No it's not. There still doesn't exists a single Symbian VIRUS which could SELF-REPLICATE. Because it should be impossible.

If a phone asks you:
a) Random guy is sending you a file, do you want to receive it?
b) This file is an installable application with name XYZ, would you like to install it?
c) The origin of this application could not be verified, unless you trust the source, it is not recommended to install it. Would you like to install it anyway?
d) Application XYZ want's to use bluetooth interface, do you allow this?
Do you answer YES to each of these questions?
I wouldn't.

Anyway, if this one truely replicates without user intervention, there must exists a way to execute the code. What is the normal way to achieve this on PC? Stack/buffer flaw within a privileged process.
Now, I'm going to say something which will come and bite me in the ass: There is no way to execute code 'accidentally' in Symbian.

If you have evidence to the contrary, I'd be most interested in how it is done...

Sorry about my pompous attitude. I'm sure someone will figure something out in the future, but right now, is there a way?

Additional details

I'm a little suspicious of this story.

I drive an LS430. The navigation system, phone, audio system, and air conditioning control system are driven by a system made by Denso. I can't say with certainty what operating system it's running, but it looks like an evolution of a design they've had going since at least 1998.

The Bluetooth interface is rather limited. You can use the hands-free capability after pairing it with your phone. You can transfer a phonebook using the OBEX profile. To my knowledge, none of the other Bluetooth profiles are supported--most notably the Object Push Protocol (OPP). In order to get OBEX phonebook transfers to work, you have to put the car phone system into a special mode; it won't just blindly accept transfers--even from paired devices. If this system is running Symbian and is really vulnerable, I wonder if it manifests itself only when attempting to transfer phonebook entries from an infected device.

The same navigation system is used in a number of cars beyond the Lexus LS430 and LX470. The SC430, GX430, and RX330 use the same Bluetooth system, as does Toyota's Land Cruiser and Prius.

Phil

Re:Aeroplane!

Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Re:Aeroplane!

Now see here, you bloody colonial; we don't spell correctly, or use correct grammar to "piss you off", but rather because we prefer to use language as a form of civilised communication. One day perhaps you too can evolve and adopt this method of interaction, rather than stomping around the globe spreading violence, obesity, patents and litigation (I'm assuming you're American?)

Re:Aeroplane!

Funny thing is 'Aeroplane' is exactly the kind of thing a non-native English speaker like myself could say. We may be able to pass for natives (if you can't hear our accents) but sometimes we betray ourselves by using slightly archaic words.

I remember saying 'thrice' to an American once. He thought I was quoting Shakespeare!

X.