Lexus Computers Infected Via Bluetooth 339
Country_hacker writes "SCNews is reporting certain models of Lexus have been found with corrupted operating systems in their on-board computers. Evidently the virus got transferred through the Bluetooth interface. It's still unclear whether or not the computers run Symbian."
Obligatory (Score:4, Interesting)
So maybe this thing is running Windows? In this case, we already have a solution [mistupid.com].
And shouldn't vehicle have a read-only section just for the essentials? So that even the main system is down, the car will detach the OS and still function like a, like a, car?
Re:Obligatory (Score:4, Funny)
Re:Obligatory (Score:5, Funny)
Up, down, up, down, left, right, left, right, blinkers, horn, clutch, gas.
Comment removed (Score:5, Funny)
Re:Obligatory (Score:3, Informative)
Re:Obligatory (Score:4, Interesting)
Re:Obligatory (Score:5, Informative)
Sounds to me like the fancy mapping stuff and maybe some user interfacing is controlled by the affected computer, not the fundamental powertrain stuff. Any car designer that runs his powertrain off anything but a hardened, reliable, embedded micro is just an idiot, and I can't believe Toyota would do something that dumb.
Re:Obligatory (Score:4, Funny)
"Magneto Inside"
What's Under YOUR Hood?
(But then the X-Men would chase you everywhere and you'd have to fight off all the yellow spandex crazies.)
Re:Obligatory (Score:5, Informative)
Anyway, all of this stuff is connected together to some degree except the entertainment computer, which probably only connects to the PCM, usually through the BCM, when climate control is managed by it. Seatbelts connect to the BCM, climate control might, airbags will. The ABS will connect to the PCM in cars with traction control and also tell the transmission's computer (connected to the PCM) what to do, as well as modulating throttle via the PCM.
The car already contains a network of computers, and each one typically is designed to work with its neighbor and only powertrain components directly influence units to which they are not attached. The worst thing you might do to a car like this (in most cases) is screw with the climate control settings.
eeeek (Score:2)
Re:Obligatory (Score:2)
An Air gap is a good idea for critical networks whether they be located in a nuclear power station or your spiffy new car.
Re:Obligatory (Score:2)
I meant the concept of an air gap where no direct communication is possible between two networks one secure one not
Symbian and Cabir Virus (Score:5, Informative)
The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.
Here is a link Caribe [f-secure.com]
Anti-virus companies have been warning for some time that mobile networks could be the next targets of virus authors. Mikko Hyppönen, director of anti-virus research at F-Secure, said several months ago that there was a danger of viruses spreading into GPRS networks through USB ports, and that pocket-PC devices would be easy targets for virus coders.
Re:Symbian and Cabir Virus (Score:2)
want to bet a tenner that the car getting 'infected' is just the virus arriving in the cars obex inbox, sitting there and doing _nothing_.
the anti virus companies would like their hand on the symbian/smartphone pie.. so they're making these things sound far worse than they are.
Re:Symbian and Cabir Virus (Score:2)
Because it is just sitting in the inbox, unexecuted. This is not yet a worm that can be spread by doing nothing.
Re:Symbian and Cabir Virus (Score:2)
Re:Symbian and Cabir Virus (Score:2)
Re:Symbian and Cabir Virus (Score:2)
Re:Symbian and Cabir Virus (Score:2)
Correct -- that makes it a trojan.
But it's just semantics -- you don't want worms, viruses, or trojans; they're all potentially just as harmful.
Fiat & Microsoft (Score:5, Funny)
Proof that like seeks like when it comes to reliability.
Re:Fiat & Microsoft (Score:2, Interesting)
Re:Fiat & Microsoft (Score:2)
Re:Fiat & Microsoft (Score:3, Insightful)
Re:Fiat & Microsoft (Score:4, Funny)
Fire extinguisher?
I knew that Microsoft OSes cause computers to crash but I didn't know it caused them to crash and burn.
Re:Fiat & Microsoft (Score:3, Funny)
4,124 Spiders is about the right number to keep around to make sure that any one of them works at any one time...
Re:Get the facts (Score:2)
So what? (Score:4, Insightful)
This is a car that is full of wires and is basically a large chunk of metal. Explain to me why we are using Bluetooth instead of a wired solution. I don't see the advantages here. What I do see are large privacy implications and holes for infection... We are worried about RFID tags and readers installed along the highway? Why they don't even need to add the RFID tags to the wheels. Just have all the car's devices communicating through Bluetooth. The car owners think their sweet, overpriced, GPS navigation system is badass and the government gets to see where you were going, how fast you were going, and where you are going to. Perfect.
"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure. "Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."
While Windows 2000 is adequate for my home computer to surf the web and read email (after proper precautions are taken) it is absolutely NOT adequate for flying an airplane. I am not worried about worms and viruses infected an airplane running Windows 2000 (and I'm not sure why it was mentioned in the article as it really isn't related) but I am worried about the stability of the OS and the implications it may have.
For now I'm sticking to my handheld GPS and windshield mounts. The only way it can be infected is if I sneeze on it and the only way that someone else could read it from 15 feet away would be with binoculars or a telephoto lens.
BTW, Bill Roehl is a known Saturn owner. He traded one in for another in 2002. That information is about as useful as knowing Bill Gates auctioned his 1999 (non BT equipped) Lexus off for charity.
Re:So what? (Score:5, Insightful)
Re:So what? (Score:2)
I really don't know what you're talking about as it isn't related. Handsfree cell phone support via bluetooth in the car i
Re:So what? (Score:2)
Re:So what? (Score:2)
...Except when the Nav computer gets infected and 0WNZ0Red.
Re:So what? (Score:3, Interesting)
Whoah, wait a minute. You sure you're not just freaking out over nothing? Just for reference: On a ca
Re:So what? (Score:2)
Do YOU know what a GPS is ?
Mine doesn't do any of those things except determine my latitude, longitude and altitude from some satellites. It doesn't even have a screen !!
Re:So what? (Score:2)
If win2k is used in airplanes today and there hasn't be any crashes or problems. Then it i
Re:So what? (Score:2)
If win2k is used in airplanes today and there hasn't be any crashes or problems. Then it is suitable for airplanes.
If hydrogen is used in blimps today and there hasn't be any crashes or problems. Then it is suitable for blimps.
If fossil fuels are used in industry today and there hasn't be any cataclysm or mass die offs. Then it is suitable for industry.
If there has not been a major problem yet, then there never will be. Because logic tells me that anything that has not happened yet, never will.
Re:So what? (Score:3, Informative)
- When someone calls my cell phone, I can his a button to mute the stereo, answer the call, and use my car stereo (with a mic in the car) for taking the call so it doesn't distract me while driving.
- When Apple finally releases an iPod with Bluetooth, or something similar, just drop it into my car anywhere and start playing tracks off it like it was plugged in.
Those are two quick, easy reasons that I'd want bluetooth in my car, and I'm sure there are more.
Re:So what? (Score:2)
- When someone calls my cell phone, I can his a button to mute the stereo, answer the call, and use my car stereo (with a mic in the car) for taking the call so it doesn't distract me while driving."
Like this...
http://www.bmw.co.nz/content_accessories_cat.asp? i temID=305&CatID=21&ParentCatID=2 [bmw.co.nz]
But how can I stop someone hijacking my phone etc. when I an stopped at the lights, or in a public car park etc. Have the vendors really sorted the secur
Re:So what? (Score:3, Interesting)
Airliners are not being flown by Windows boxes. If there's anything in the cockpit running Windows, it would h
Re:So what? (Score:2)
Slashdotters, please, listen: Windows 2000 and XP are remarkably stable. My brother and
Re:So what? (Score:2)
Re:So what? (Score:2)
There are other digital inputs for the car. It has XM satellite radio. The XM stream has the ability to disable the radio. Don't know if it has a path into other vehicle systems.
I always thought thoses Sybians were dirty. (Score:5, Funny)
Ah - "her" car maybe? (Score:2, Offtopic)
I always thought thoses Sybians were dirty. That they're spreading infection isn't too surprising. Who the heck drives around with one in their car though?
I hope you meant to say: Who the heck drives around with one in her car though?
bluetooths mission statement (Score:2)
That definately show interoperability, but I have to wonder if the virus is bluetooth qualified?
New excuse (Score:5, Funny)
Here is the bio on the Lasco virus writer (Score:5, Informative)
This is the guy who wrote the Lasco variant and posted source code online: Marcos Velasco [mobilemonday.net]
Hmm... (Score:3, Funny)
Doubtful (Score:3, Insightful)
Re:Doubtful (Score:2)
Sounds like the OS is breaking to me...
Not so Doubtful (Score:2)
Re:Doubtful (Score:2)
it just wraps itself again in an installer and sends itself to anyone willing to accept it in the vicinity - the key word is willing to accept it.
I find it hard time believing that these actually propogate far in the wild - they're mainly being spread by warez boards.
Re:Doubtful (Score:2)
If we look at email worms today, they spread by users clicking on attachments. End users will click on anything and it is problem. Obviously its a problem for cars since people are getting their cars infected hence it made the news.
As long as there's ignorant users, there's always a need for antivirus software. People like to open things.
Re:Doubtful (Score:3, Insightful)
Here it is folks! (Score:5, Funny)
Re:Here it is folks! (Score:2)
Ideas for automotive pranks (Score:5, Funny)
- Flash obscene messages in morse code through the brake light
- Warn of imminent empty tank, then say 'Just kidding' on the information center display.
- Mess with the volume of the radio subtly, if it uses CANbus.
- Lock the doors while playing a WAV of cackling laughter through the NAV system's audio interface.
If you avoid the obvious 'rofl make teh car crash like windows lololololol omfg' ideas, there should be lots of fun things you could do with the security hole this virus uses.
Re:Ideas for automotive pranks (Score:2)
- When the driver activates the A/C, roll down the windows instead.
- Scroll fake (read: *bad* - "IBM \/ 25 1/2") stock quotes over the internal DVD screens.
- At random intervals, from a dead stop, refuse the transmission permission to leave 1st gear.
Re:Ideas for automotive pranks (Score:2)
Pfft, you talk like this is innovative. My friend's van already has this feature, and it's 15 years old!
Re:Ideas for automotive pranks (Score:2)
On long downhills leave vehicle in gear, switch off engine, pump gas for awhile, switch on, BANG!
Exhaust fumes ignite explosively.
Tends to amaze followers when large chunks of the silencer come shooting out at them.
Re:Ideas for automotive pranks (Score:2)
I do, and I like it that way.
Time to head to Costco (Score:4, Interesting)
Seriously, can the infected car infect another car that's sitting next to it at a stop light? Or people who are walking by it in the crosswalk?
Better still... (Score:2)
As you sit there trying to get it going again, every car that passes you is infected.
It's a brilliant DDoS. Sort of like having a bunch of pizza
is onstar next? (Score:2, Insightful)
Are militaries retarded enough (Score:2)
Whistles... (Score:2)
Ah great! I was actually wondering what Kapersky would find as a new whistleblowing topic for this month.
Not a bad one this Lexus thing. And he AGAIN got the Slashdot attention. And AGAIN more publicity, although I have yet to hear anything from Kapersky that would be of any real interest.
In Soviet Russia, Kapersky OWNS Slashdot. But well...nevermind, he's an insensitive clod.
Please God (Score:2)
Please tell me this is not true.
Aircraft and Windows (Score:5, Interesting)
Calm down folks. I've seen plenty of cool looking computers built in to aircraft instrument panels. Yes, some of them run Windows.
First, you can be assured that they only update via a firmware media card such as SDRAM. Nobody's going to point a Bluetooth antenna at an airplane and knock it out of the sky.
Second, of the gripes that most of you have about Windows, the majority and the most egregious behaviors have to do with what happens when you network these things to insecure places. Windows has actually become quite stable in the last few releases. In a stand-alone configuration these systems are fairly reliable platforms.
Third, most pilots rarely get in to the down and dirty features of their displays. They don't have the time, nor do most of them care enough to learn any more than they need to get the airplane safely from point A to point B. You can say one thing for certain about Windows: the path is well worn. As long as you are doing relatively conventional stuff, it will serve you well.
Fourth, these are just navigation boxes. There are backup instruments. If a navigation computer dies, there will be other resources to navigate with. There are very few things in the panel of the airplane which do not have a backup of some sort --particularly where the avionics stack is concerned.
I say this as one who really doesn't like using or programming with Windows. Like any tool, it has its flaws; though when properly used, it can be quite safe.
Re:Aircraft and Windows (Score:4, Insightful)
Re:Aircraft and Windows (Score:2)
But is it "Mission-Critical"? (Score:5, Insightful)
He's (probably) talking about in the cabin. If that's the case, so what? Worst case: passengers can't watch the inflight movie. (I might even be grateful for that)
Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do...
One of the BIG things drummed into me during flight training was: fly the airplane. It doesn't matter if the nav systems are acting up. The same applies to automobiles. (Though I'm sure there will be accidents "caused" by crashed Nav. systems)
Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.
I can't decide if this a non-sequitir, or a wonderfully subversive way to relate insecurity and viruses with Microsoft/Bill Gates.
Symbian? (Score:5, Insightful)
No, wait. No it's not. There still doesn't exists a single Symbian VIRUS which could SELF-REPLICATE. Because it should be impossible.
If a phone asks you:
a) Random guy is sending you a file, do you want to receive it?
b) This file is an installable application with name XYZ, would you like to install it?
c) The origin of this application could not be verified, unless you trust the source, it is not recommended to install it. Would you like to install it anyway?
d) Application XYZ want's to use bluetooth interface, do you allow this?
Do you answer YES to each of these questions?
I wouldn't.
Anyway, if this one truely replicates without user intervention, there must exists a way to execute the code. What is the normal way to achieve this on PC? Stack/buffer flaw within a privileged process.
Now, I'm going to say something which will come and bite me in the ass: There is no way to execute code 'accidentally' in Symbian.
If you have evidence to the contrary, I'd be most interested in how it is done...
Sorry about my pompous attitude. I'm sure someone will figure something out in the future, but right now, is there a way?
The car wasn't really infected by a virus (Score:2)
Re:The car wasn't really infected by a virus (Score:2)
Happens here in Oz ometimes with people buying old cars with MPH speedos, then going 60 because the sign says 60.
Sensationalist crap (Score:2)
Impact of the infection (Score:2)
Additional details (Score:5, Informative)
I drive an LS430. The navigation system, phone, audio system, and air conditioning control system are driven by a system made by Denso. I can't say with certainty what operating system it's running, but it looks like an evolution of a design they've had going since at least 1998.
The Bluetooth interface is rather limited. You can use the hands-free capability after pairing it with your phone. You can transfer a phonebook using the OBEX profile. To my knowledge, none of the other Bluetooth profiles are supported--most notably the Object Push Protocol (OPP). In order to get OBEX phonebook transfers to work, you have to put the car phone system into a special mode; it won't just blindly accept transfers--even from paired devices. If this system is running Symbian and is really vulnerable, I wonder if it manifests itself only when attempting to transfer phonebook entries from an infected device.
The same navigation system is used in a number of cars beyond the Lexus LS430 and LX470. The SC430, GX430, and RX330 use the same Bluetooth system, as does Toyota's Land Cruiser and Prius.
Phil
Arogant ignorance (Score:4, Informative)
In your article Mobile virus infects Lexus cars by David Quainton a reference is made to Symbian operating system as follows:
" It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses. "
Symbian is a MOBILE PHONE operating system and has nothing to do with cars. No car manufacturers are Symbian licensees. This could not have been hard to verify - Symbian's web site (www.symbian.com) clearly lists Symbian licensees.
Further to this, what you refer to as "various worms and viruses" is actually malware. All existing malware for Symbian is not based on bad code exploits but rather on user's explicitly bypassing security and dismissing security warnings.
Please ensure that this error is corrected asap. This is bad press for a good company (Symbian) and I am sure they will not waste time in debunking this ignorant rant.
Re:Serves you right (Score:2)
Re:Serves you right (Score:2)
It's like when you buy a old russian mig jet. You buy one to fly, and one for parts.
Re:Serves you right (Score:2)
Re:Serves you right (Score:2)
The trick is to buy a classic car. If in California, you should buy a '74 model or earlier (pre-emissions). There are lots of models to choose from. Many of the US-built cars from that era use parts that can be sourced from your neighborhood parts store (maybe even Autozone!) because the same parts were u
Re:Serves you right (Score:2)
I've got a 1986 911 Turbo...plenty easy to get parts for, and if something breaks...pretty easy to find the mechanical problem and fix it. Cheap? No...but, easily fixable.
Re:Serves you right (Score:2)
Re:Volkswagen type 1 (Score:2)
ob luddite post (Score:2, Insightful)
Re:Aeroplane! (Score:5, Funny)
Re:Aeroplane! (Score:2, Funny)
[long pause]
Well, uh, see ya.
Re:Aeroplane! (Score:2)
Re:Aeroplane! (Score:5, Funny)
Re:Aeroplane! (Score:5, Insightful)
I remember saying 'thrice' to an American once. He thought I was quoting Shakespeare!
X.
Re:Aeroplane! (Score:2)
http://www.nao.org.uk/pn/00-01/0001220.htm
Re:Aeroplane! (Score:2)
I refuse to be held responsible for actions commited before even my parents were alive. Furthermore, actions that my country commited in the past in no way excuse actions that your country commits now. "But they did it first!" is something most people grow out of around puberty.
Re:Aeroplane! (Score:2)
So you're saying that someone with an obviously (to anyone who knows any Finnish) Finnish name Mikko Hyppönnen, who works for a Finnish company {is British/used to live in Britain} because he says "aeroplane"?
I mean, I know it was a troll, but try to do it with a little more class in future.
Jedidiah.
Re:Aeroplane! (Score:2)
There weren't too many airplanes back then.
Why don't you see how the Wright Brothers spelled it? They invented the damn thing.
Re:Aeroplane! (Score:2)
I can't, he's no longer with us I'm afraid.
Besides, none of his aircraft designs worked. He had the imagination for sure, but he wasn't able to work out the specifics and get one to actually work.
airplanes, aeroplanes (Score:2)
I was arguing that the airplane was invented in the US, and that the inventors get to name their invention what they want.
But as I looked up the links, I only became more confused. The Wright brothers called their airplane an "aeroplane", so I don't know why we'd change the spelling of that, since even the original american inventors spelled it differently.
Re:Yet another reason to avoid Microsoft (Score:2, Funny)
From what I have seen, most drivers use the "One fingured salute" mostly.
(Brits: that's 2 fingered for you)
Re:Yet another reason to avoid Microsoft (Score:2)
Seriously people, when you bash something based on flimsy evidence or logic your credibility *plummets*.
Re:Yet another reason to avoid Microsoft (Score:2)
I HATE defending MS, but we need to be a lot more conservative in our rush to pummel them. Not only has no one established causality here, no one has even established a link! Looks like MS was only included to take a cheap shot.
Re:Well how STUPID (Score:2)
Er... No. Bluetooth more-or-less works as intended. Short-range RF-based communication. Check.
The "criminally irresponsible" part comes from automobile designers (or cell-phone designers, or PDA designers, etc) allowing a possibly untrusted source of input to do anything to onboard computers.
As an aside, to those who've mentioned that, at "worst" an attacker could mess with the climate control s