Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Worms Security Wireless Networking Operating Systems Software IT Hardware

Lexus Computers Infected Via Bluetooth 339

Country_hacker writes "SCNews is reporting certain models of Lexus have been found with corrupted operating systems in their on-board computers. Evidently the virus got transferred through the Bluetooth interface. It's still unclear whether or not the computers run Symbian."
This discussion has been archived. No new comments can be posted.

Lexus Computers Infected Via Bluetooth

Comments Filter:
  • Obligatory (Score:4, Interesting)

    by fembots ( 753724 ) on Wednesday January 26, 2005 @03:42PM (#11484469) Homepage
    Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

    So maybe this thing is running Windows? In this case, we already have a solution [mistupid.com].

    And shouldn't vehicle have a read-only section just for the essentials? So that even the main system is down, the car will detach the OS and still function like a, like a, car?
    • by greechneb ( 574646 ) on Wednesday January 26, 2005 @03:47PM (#11484530) Journal
      So I guess that we have to close all the open windows, get out, and then open the windows again?
    • Re:Obligatory (Score:4, Interesting)

      by Thud457 ( 234763 ) on Wednesday January 26, 2005 @03:57PM (#11484665) Homepage Journal
      Isn't that how cars started going feral in Roger Zelazny's "Last of the Wild Ones"? (And "Devil Car" and "Auto-de-Fé", too).
    • Re:Obligatory (Score:5, Informative)

      by QuasiEvil ( 74356 ) on Wednesday January 26, 2005 @04:07PM (#11484761)
      It almost certainly will still run, unless it's a completely idiotic design. The ECM and/or PCM (engine control module / powertrain control module, whatever these cars call it, the thing that runs the automatic transmission, the injectors, the spark, idle air control, etc.) is almost certainly not attached in any meaningful way to an embedded computer running a known OS. They're all attached to some sort of bus on modern OBD-II cars, but the ECM is usually capable of operating on its own. ECMs and PCMs are usually 8 or 16 bit micros with truly embedded software (read: no conventional OS, written specifically for the application at hand). Modern ones are flash-upgradable, but I highly doubt this would be enabled through any sort of radio interface, and even if it was, it wouldn't be any sort of thing where it could pick up a virus.

      Sounds to me like the fancy mapping stuff and maybe some user interfacing is controlled by the affected computer, not the fundamental powertrain stuff. Any car designer that runs his powertrain off anything but a hardened, reliable, embedded micro is just an idiot, and I can't believe Toyota would do something that dumb.

    • Re:Obligatory (Score:5, Informative)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday January 26, 2005 @04:07PM (#11484765) Homepage Journal
      The car has a whole separate computer for essentials. These used to run a single program as a matter of course but some of them are now fast enough to run a RTOS instead, and some of the communications protocols used today essentially demand that you have a real OS on there. The cars actually have several computers in them now, and probably have one each for the engine, transmission, skid control, body management, and maybe even separate units to manage power seatbelts. The airbags might have a computer or just some relays, too. Then, there is a computer that manages stuff like navigation and entertainment, and maybe climate control. Oh yeah, that's anoth computer I forgot, climate control. It even has several of its very own sensors and actuators...

      Anyway, all of this stuff is connected together to some degree except the entertainment computer, which probably only connects to the PCM, usually through the BCM, when climate control is managed by it. Seatbelts connect to the BCM, climate control might, airbags will. The ABS will connect to the PCM in cars with traction control and also tell the transmission's computer (connected to the PCM) what to do, as well as modulating throttle via the PCM.

      The car already contains a network of computers, and each one typically is designed to work with its neighbor and only powertrain components directly influence units to which they are not attached. The worst thing you might do to a car like this (in most cases) is screw with the climate control settings.

      • Sorry for botching my /strong tag. My bad.
      • How do you think the 'Mod' chips work. they UPLOAD code to the PCM. All the systems are linked so as to enable the systems to interoperate ie climate control is tweaked down a notch when the engine is heavily loaded or in danger of overheating.

        An Air gap is a good idea for critical networks whether they be located in a nuclear power station or your spiffy new car.
  • by EggMan2000 ( 308859 ) * on Wednesday January 26, 2005 @03:42PM (#11484470) Homepage Journal
    Cabir is transmitted as an SIS file (Symbian distribution file), disguised to be a Caribe Security Manager utility. If the infected file is launched, the telephone screen will display the inscription "Caribe".

    The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.

    Here is a link Caribe [f-secure.com]

    Anti-virus companies have been warning for some time that mobile networks could be the next targets of virus authors. Mikko Hyppönen, director of anti-virus research at F-Secure, said several months ago that there was a danger of viruses spreading into GPRS networks through USB ports, and that pocket-PC devices would be easy targets for virus coders.

    • If by "penetration" you mean : User willfully installs, then yeah, you're right.

      want to bet a tenner that the car getting 'infected' is just the virus arriving in the cars obex inbox, sitting there and doing _nothing_.

      the anti virus companies would like their hand on the symbian/smartphone pie.. so they're making these things sound far worse than they are.
    • Correct me if I'm wrong, but wouldn't running Sybian [sybian.com] in a Lexis be pretty dangerous?
  • by winkydink ( 650484 ) * <sv.dude@gmail.com> on Wednesday January 26, 2005 @03:42PM (#11484471) Homepage Journal
    "We do know that car manufacturers are integrating existing operating systems into their onboard computers (take the Fiat and Microsoft deal, for instance)."

    Proof that like seeks like when it comes to reliability.

  • So what? (Score:4, Insightful)

    by garcia ( 6573 ) * on Wednesday January 26, 2005 @03:42PM (#11484477)
    It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses.

    This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here. What I do see are large privacy implications and holes for infection... We are worried about RFID tags and readers installed along the highway? Why they don't even need to add the RFID tags to the wheels. Just have all the car's devices communicating through Bluetooth. The car owners think their sweet, overpriced, GPS navigation system is badass and the government gets to see where you were going, how fast you were going, and where you are going to. Perfect.

    "I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure. "Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."

    While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.

    For now I'm sticking to my handheld GPS and windshield mounts. The only way it can be infected is if I sneeze on it and the only way that someone else could read it from 15 feet away would be with binoculars or a telephoto lens.

    BTW, Bill Roehl is a known Saturn owner. He traded one in for another in 2002. That information is about as useful as knowing Bill Gates auctioned his 1999 (non BT equipped) Lexus off for charity.
    • Re:So what? (Score:5, Insightful)

      by PCM2 ( 4486 ) on Wednesday January 26, 2005 @03:49PM (#11484541) Homepage
      This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here.
      The advantage is that the industry doesn't have to spend the next five years haggling over a wired communications standard for mobile phones. Instead they use Bluetooth, which is here right now. Using Bluetooth also means that handset manufacturers don't need to build more than one digital interface into their equipment. One of the devices people want to use with their handsets is a cordless headset, so manufacturers have to support that device. Why would they want to build in an entirely separate, wired interface for cars? (And why would you want to pay for them to do that?)
      • Using Bluetooth also means that handset manufacturers don't need to build more than one digital interface into their equipment. One of the devices people want to use with their handsets is a cordless headset, so manufacturers have to support that device. Why would they want to build in an entirely separate, wired interface for cars? (And why would you want to pay for them to do that?)

        I really don't know what you're talking about as it isn't related. Handsfree cell phone support via bluetooth in the car i
        • Not sure about this model but many cars have integrated stereo/navigation/cellphone systems so that the stereo can mute when a call is recieved or the voice navigation can play overtop the radio, etc. This is a usefull way to integrate technologies together to give a better user experience which also has the benifit of being more safe (no reaching for volume knobs!).
          • integrate technologies together to give a better user experience which also has the benifit of being more safe

            ...Except when the Nav computer gets infected and 0WNZ0Red.

        • Re:So what? (Score:3, Interesting)

          by PCM2 ( 4486 )

          I really don't know what you're talking about as it isn't related. Handsfree cell phone support via bluetooth in the car is one thing. Tying bluetooth to the navigation system is another. Use bluetooth all you want to keep people from holding their phones and talking while driving and chewing gum. Keep it out of sensitive areas that are built into the car and are basically running whenever the car is on.

          Whoah, wait a minute. You sure you're not just freaking out over nothing? Just for reference: On a ca

    • While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.

      If win2k is used in airplanes today and there hasn't be any crashes or problems. Then it i

      • If win2k is used in airplanes today and there hasn't be any crashes or problems. Then it is suitable for airplanes.

        If hydrogen is used in blimps today and there hasn't be any crashes or problems. Then it is suitable for blimps.

        If fossil fuels are used in industry today and there hasn't be any cataclysm or mass die offs. Then it is suitable for industry.

        If there has not been a major problem yet, then there never will be. Because logic tells me that anything that has not happened yet, never will.

    • Re:So what? (Score:3, Informative)

      by cheinonen ( 318646 )
      Reasons why I might want Bluetooth in my car:

      - When someone calls my cell phone, I can his a button to mute the stereo, answer the call, and use my car stereo (with a mic in the car) for taking the call so it doesn't distract me while driving.

      - When Apple finally releases an iPod with Bluetooth, or something similar, just drop it into my car anywhere and start playing tracks off it like it was plugged in.

      Those are two quick, easy reasons that I'd want bluetooth in my car, and I'm sure there are more.
    • Re:So what? (Score:3, Interesting)

      by Rorschach1 ( 174480 )
      Seriously, the FAA isn't that stupid. Go read DO-178B. Critical functions that could cause a catastrophic failure in the event of a malfunction are classified as Level A, and I only know of one off-the-shelf RTOS that's been submitted for approval. Submitted, not approved, last I heard. And an embedded RTOS is orders of magnitude smaller and easier to validate than something like Windows 2000.

      Airliners are not being flown by Windows boxes. If there's anything in the cockpit running Windows, it would h
    • While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.

      Slashdotters, please, listen: Windows 2000 and XP are remarkably stable. My brother and
    • No version of Windows is FAA certified for flight control. There are some pieces of equipment like this [teledyne-controls.com] that are certified as supplementary equipment, but they are just additional information sources for the pilot. Critical flight systems must be "DO-178B Level A" certified by the FAA. Most aircraft manufacturers develop their own, the only off the shelf certifed system is the INTEGRITY [ghs.com] RTOS.
    • We just bought an Acura TL, and Bluetooth for hands-free telephone was an attractive feature. This model does not have a GPS nav. system, but it does have audio response and it does show cell-related messages on the dash panel.

      There are other digital inputs for the car. It has XM satellite radio. The XM stream has the ability to disable the radio. Don't know if it has a path into other vehicle systems.

  • by glrotate ( 300695 ) on Wednesday January 26, 2005 @03:43PM (#11484489) Homepage
    That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?

    • I always thought thoses Sybians were dirty. That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?

      I hope you meant to say: Who the heck drives around with one in her car though?

  • Bluetooth SIG Mission Statement Develop, publish and promote the preferred short-range wireless specification for connecting mobile products, and to administer a qualification program that fosters interoperability for a positive user experience.

    That definately show interoperability, but I have to wonder if the virus is bluetooth qualified?

  • New excuse (Score:5, Funny)

    by JavaNPerl ( 70318 ) * on Wednesday January 26, 2005 @03:45PM (#11484510)
    ... to be late for work, because the 'flat tire' excuse is so passe.
  • by EggMan2000 ( 308859 ) * on Wednesday January 26, 2005 @03:46PM (#11484521) Homepage Journal

    This is the guy who wrote the Lasco variant and posted source code online: Marcos Velasco [mobilemonday.net]


  • Hmm... (Score:3, Funny)

    by TubaJon ( 786172 ) on Wednesday January 26, 2005 @03:47PM (#11484528) Homepage
    I guess you could say that it's more than just a "Bug" on the windshield.
  • Doubtful (Score:3, Insightful)

    by pploco ( 694950 ) on Wednesday January 26, 2005 @03:51PM (#11484576)
    I rather doubt the OS in the vehicle is covering critical components such as breaking. The thought of a mobile virus is disturbing though.
    • I rather doubt the OS in the vehicle is covering critical components such as breaking.

      Sounds like the OS is breaking to me...
    • ever heard of traction control??
    • mobile virus is constrained to local machines, internet worms spread to the whole damn globe. but it's more of a 'malicious program' than a true virus anyways.

      it just wraps itself again in an installer and sends itself to anyone willing to accept it in the vicinity - the key word is willing to accept it.

      I find it hard time believing that these actually propogate far in the wild - they're mainly being spread by warez boards.
      • it just wraps itself again in an installer and sends itself to anyone willing to accept it in the vicinity - the key word is willing to accept it.

        If we look at email worms today, they spread by users clicking on attachments. End users will click on anything and it is problem. Obviously its a problem for cars since people are getting their cars infected hence it made the news.

        As long as there's ignorant users, there's always a need for antivirus software. People like to open things.

    • Re:Doubtful (Score:3, Insightful)

      by ad0gg ( 594412 )
      Lot of times the HVAC,NAV, Entertainment will share the same computer/board. Problems with the computer/board, can cause the HVAC to stop working which may seem annoying but can be dangerous especially when condensation forms on the inside of the windshield.
  • by DrDebug ( 10230 ) on Wednesday January 26, 2005 @03:52PM (#11484603) Journal
    The first incidence of a drive-by virus!

    • Sounds funny, but that's actually quite possible, in the sense of "war-drive-by virus." I can imagine somebody crafting trojans that adapt to mimic and replace files found on unsecured wifi networks.
  • by Chairboy ( 88841 ) on Wednesday January 26, 2005 @03:53PM (#11484607) Homepage
    Using the code to inspire a car to:
    - Flash obscene messages in morse code through the brake light
    - Warn of imminent empty tank, then say 'Just kidding' on the information center display.
    - Mess with the volume of the radio subtly, if it uses CANbus.
    - Lock the doors while playing a WAV of cackling laughter through the NAV system's audio interface.

    If you avoid the obvious 'rofl make teh car crash like windows lololololol omfg' ideas, there should be lots of fun things you could do with the security hole this virus uses.
    • You are evil! Can I play?

      - When the driver activates the A/C, roll down the windows instead.
      - Scroll fake (read: *bad* - "IBM \/ 25 1/2") stock quotes over the internal DVD screens.
      - At random intervals, from a dead stop, refuse the transmission permission to leave 1st gear.

      • At random intervals, from a dead stop, refuse the transmission permission to leave 1st gear.

        Pfft, you talk like this is innovative. My friend's van already has this feature, and it's 15 years old!
    • Here's one that dates back to WWII.

      On long downhills leave vehicle in gear, switch off engine, pump gas for awhile, switch on, BANG!

      Exhaust fumes ignite explosively.

      Tends to amaze followers when large chunks of the silencer come shooting out at them.

  • by Tenebrious1 ( 530949 ) on Wednesday January 26, 2005 @03:54PM (#11484630) Homepage
    and buy tin foil in bulk, it's gonna take a lot to protect my car...

    Seriously, can the infected car infect another car that's sitting next to it at a stop light? Or people who are walking by it in the crosswalk?

    • Say you're chatting on the phone at the mall, and some phr33k injects the virus into your BT phone. You head home, and the virus hops into your car on startup. Then, as you're passing this 5Kr1p7 K1dd13'5 ex-girlfriend's exit the virus notices this on your GPS and disables your car. Maybe by cutting off fuel injection, forcing you to coast to the side of the road.

      As you sit there trying to get it going again, every car that passes you is infected.

      It's a brilliant DDoS. Sort of like having a bunch of pizza
  • well if the virus can infect the cars "operating system" what would stop it from trying to get into the onstar system? It would be pretty nasty to have your car get turned off remotely while driving.
  • To eventually use computer hardware and software that's too well known and vulnerable? It's the Praetorians from The Net. [imdb.com] They want to get their Gatekeeper software onto all military hardware.
  • Ah great! I was actually wondering what Kapersky would find as a new whistleblowing topic for this month.

    Not a bad one this Lexus thing. And he AGAIN got the Slashdot attention. And AGAIN more publicity, although I have yet to hear anything from Kapersky that would be of any real interest.

    In Soviet Russia, Kapersky OWNS Slashdot. But well...nevermind, he's an insensitive clod.

  • From TFA "I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems,"
    Please tell me this is not true.
  • Aircraft and Windows (Score:5, Interesting)

    by AB3A ( 192265 ) on Wednesday January 26, 2005 @04:05PM (#11484745) Homepage Journal
    "I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure.


    Calm down folks. I've seen plenty of cool looking computers built in to aircraft instrument panels. Yes, some of them run Windows.

    First, you can be assured that they only update via a firmware media card such as SDRAM. Nobody's going to point a Bluetooth antenna at an airplane and knock it out of the sky.

    Second, of the gripes that most of you have about Windows, the majority and the most egregious behaviors have to do with what happens when you network these things to insecure places. Windows has actually become quite stable in the last few releases. In a stand-alone configuration these systems are fairly reliable platforms.

    Third, most pilots rarely get in to the down and dirty features of their displays. They don't have the time, nor do most of them care enough to learn any more than they need to get the airplane safely from point A to point B. You can say one thing for certain about Windows: the path is well worn. As long as you are doing relatively conventional stuff, it will serve you well.

    Fourth, these are just navigation boxes. There are backup instruments. If a navigation computer dies, there will be other resources to navigate with. There are very few things in the panel of the airplane which do not have a backup of some sort --particularly where the avionics stack is concerned.

    I say this as one who really doesn't like using or programming with Windows. Like any tool, it has its flaws; though when properly used, it can be quite safe.
  • by cliffiecee ( 136220 ) on Wednesday January 26, 2005 @04:11PM (#11484805) Homepage Journal
    I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems

    He's (probably) talking about in the cabin. If that's the case, so what? Worst case: passengers can't watch the inflight movie. (I might even be grateful for that)

    Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do...

    ... but we don't. This is the Navigational System- and it isn't clear that it was adversely affected by the virus! I'm glad they caught this now, BEFORE it caused major problems.

    One of the BIG things drummed into me during flight training was: fly the airplane. It doesn't matter if the nav systems are acting up. The same applies to automobiles. (Though I'm sure there will be accidents "caused" by crashed Nav. systems)

    Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

    I can't decide if this a non-sequitir, or a wonderfully subversive way to relate insecurity and viruses with Microsoft/Bill Gates.
  • Symbian? (Score:5, Insightful)

    by Fizzl ( 209397 ) <fizzl@fizz[ ]et ['l.n' in gap]> on Wednesday January 26, 2005 @04:24PM (#11484956) Homepage Journal
    Whether it runs Symbian is irrelevant.
    No, wait. No it's not. There still doesn't exists a single Symbian VIRUS which could SELF-REPLICATE. Because it should be impossible.

    If a phone asks you:
    a) Random guy is sending you a file, do you want to receive it?
    b) This file is an installable application with name XYZ, would you like to install it?
    c) The origin of this application could not be verified, unless you trust the source, it is not recommended to install it. Would you like to install it anyway?
    d) Application XYZ want's to use bluetooth interface, do you allow this?
    Do you answer YES to each of these questions?
    I wouldn't.

    Anyway, if this one truely replicates without user intervention, there must exists a way to execute the code. What is the normal way to achieve this on PC? Stack/buffer flaw within a privileged process.
    Now, I'm going to say something which will come and bite me in the ass: There is no way to execute code 'accidentally' in Symbian.

    If you have evidence to the contrary, I'd be most interested in how it is done...

    Sorry about my pompous attitude. I'm sure someone will figure something out in the future, but right now, is there a way?
  • That's just the story the guy came up with when the cop asked him why he was going 80 in a 55 zone.
  • Regarding the question whether Symbian is involved: Here's [ukonline.co.uk] some money for you to make... Load up your phone with all Symbian "viruses" that are out there and see if you can make the challenge!
  • I understand that whenever you try and drive your car to a legitimate Lexus service centre, the virus redirects you to that dodgy body shop by the river.
  • Additional details (Score:5, Informative)

    by Phil Wherry ( 122138 ) on Wednesday January 26, 2005 @05:08PM (#11485476) Homepage
    I'm a little suspicious of this story.

    I drive an LS430. The navigation system, phone, audio system, and air conditioning control system are driven by a system made by Denso. I can't say with certainty what operating system it's running, but it looks like an evolution of a design they've had going since at least 1998.

    The Bluetooth interface is rather limited. You can use the hands-free capability after pairing it with your phone. You can transfer a phonebook using the OBEX profile. To my knowledge, none of the other Bluetooth profiles are supported--most notably the Object Push Protocol (OPP). In order to get OBEX phonebook transfers to work, you have to put the car phone system into a special mode; it won't just blindly accept transfers--even from paired devices. If this system is running Symbian and is really vulnerable, I wonder if it manifests itself only when attempting to transfer phonebook entries from an infected device.

    The same navigation system is used in a number of cars beyond the Lexus LS430 and LX470. The SC430, GX430, and RX330 use the same Bluetooth system, as does Toyota's Land Cruiser and Prius.

    Phil
  • Arogant ignorance (Score:4, Informative)

    by ArrayIndexOutOfBound ( 694797 ) on Wednesday January 26, 2005 @07:02PM (#11486620)
    Symbianite writes to Ron Condon (SC editor) and David Quainton (article author):

    In your article Mobile virus infects Lexus cars by David Quainton a reference is made to Symbian operating system as follows:

    " It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses. "

    Symbian is a MOBILE PHONE operating system and has nothing to do with cars. No car manufacturers are Symbian licensees. This could not have been hard to verify - Symbian's web site (www.symbian.com) clearly lists Symbian licensees.

    Further to this, what you refer to as "various worms and viruses" is actually malware. All existing malware for Symbian is not based on bad code exploits but rather on user's explicitly bypassing security and dismissing security warnings.

    Please ensure that this error is corrected asap. This is bad press for a good company (Symbian) and I am sure they will not waste time in debunking this ignorant rant.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...