Hacking a Car With Music 133
itwbennett writes "Researchers at the University of California, San Diego, and the University of Washington have identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops. But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. 'It's hard to think of something more innocuous than a song,' said Stefan Savage, a professor at the University of California."
Uh, what? (Score:5, Interesting)
Maybe newer cars, where everything is "integrated", are different. In which case, I'm glad I bought a used '99 Talon rather than a brand-new anything.
used to work in Windows (Score:3, Interesting)
Microsoft Windows products have been known to scan media streams for executables, either deliberately (for installing gov't keyloggers, for example) or accidentally:
http://www.iss.net/security_center/reference/vuln/RIFF_Codec_Overflow.htm [iss.net]
Sounds like my AV receiver (Score:4, Interesting)
After obtaining a service manual for my AV Receiver, firmware updates are done by using a CD player with digital out, and hooking it to the TOSlink input on the front.
Put it in a special service mode, put a specially burned CD in the CD player, and hit play. The AV receiver grabs the firmware update information off the digital input.
Presumably there's safeguards to ensure that the firmware is transferred correctly, as well as various sync signals to ensure that if you accidentally seeked at the beginning or the player skipped it would be detected.
Probably not a simple modulated audio stream since that'll be quite slow.
Re:Uh, what? (Score:3, Interesting)
Even from the CAN bus your largest attack would be messing with fuel economy. The communications on the CAN bus are usually quite secluded from any form of digital engine control.
For example, the Oxygen and MAP sensors might broadcast on the CAN bus, and you may be able to spoof them so in the ECU it causes an engine light or bad fuel economy. Beyond that, the CAN bus is pretty much just information being sent about the status of things. There is usually no control taking place via those connections. All control based on those messages comes from the ECU directly.
Re:Uh, what? (Score:4, Interesting)
I've never seen a keyless entry system connected to a CAN bus.
I have in no way worked on all cars out there, but that would be what we with common sense call 'poor system design'.