Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Worms Security IT

Car Computer Systems at Risk to Viruses 42

datemenatalie writes "According to CNN, car computers are now at risk for potentially system-crippling viruses. According to the article, "The first mobile phone virus, Cabir, has spread to over 20 countries, ranging from the United States to Japan and from Finland to South Africa, using only Bluetooth." Though the problem isn't anything too serious yet, expect a slew of car anti-virus products to be lining the shelves before you know it."
This discussion has been archived. No new comments can be posted.

Car Computer Systems at Risk to Viruses

Comments Filter:
  • Too lazy to go looking, but this feels like old news.
    • You mean this? [slashdot.org]. They tried to infect a Prius with Cabir and managed only to run down the battery because they left the care on too long.

    • Yes. And, in fact, the Prius (and thus any Toyota/Lexus) was tested with everything thrown at it, and nothing infected it.

      Please people, just because something has bluetooth doesn't mean it's fucking retarded/broken.

      There was a bug in one vendor's support of bluetooth that allowed it to accept things without proper authentication/confirmation. One still had to RUN the program MANUALLY before it would 'infect' you and begin attempting to infect others.

      My car does not offer any way to get to the files store
      • There was a bug in one vendor's support of bluetooth that allowed it to accept things without proper authentication/confirmation. One still had to RUN the program MANUALLY before it would 'infect' you and begin attempting to infect others.

        Yes, but it was coupled with a stupid design that virtually guaranteed that many would fall for it;

        • Alertbox comes up: "Do you want to accept ? [Yes] [No]"
        • User selects "No"
        • Two seconds later (since the infected device is still in range) the same alertbox comes again.
  • expect a slew of car anti-virus products to be lining the shelves before you know it
    More like law schools/legal seminars gearing up for another angle to sue the car companies and a new defense against speeding tickets. "...because my client's car was infected by ...., he lost control and is not responable, but ... is responsable".
  • Yet another reason not to drive. Wake me when they have bicycle virusues!
  • I drive a 2004 Saab 9-3. Since buying it a year ago, it has been back to the dealership three times. In all three of those cases, there has been nothing physically wrong with the car; the software on various parts of the car was just buggy and needed to be patched. That being said, I'm not sure how that sort of virus would spread. Maybe a car could infect the diagnostic computer at the dealership which would then infect other cars? Just a thought...
    • Yeah... Or not.

      I bet you watched Independance Day and didn't have any problem with it.
    • Yep, there are certainly bugs in engine control software. It's software, that's life. If this concerns you, I'd advise you not to buy any model of car within the first two years of it coming out. And note that's "model" - so a 1.6 litre is a different model from a 1.8 litre. It's not uncommon that the engine controllers for different sizes of engine will have been developed by different people - they don't necessarily share software or even hardware. So make sure the model of car you want has been arou
      • or be like certain Octavias where a software-upgrade increased mileage at subzero temperatures from something like 30 mpg up to almost 40, a very worthwhile fix if you happen to live somewhere cold.
  • by Monte ( 48723 )
    Unlike software companies that have cutsie little "if it hoses you up beyond all hope that's just tough noogies for you" license agreements, car companies will be held liable for anything that goes wrong with a car due to hacking.

    Which is why, in the final analysis, this "vulnerability" is bullshit. Microsoft can get away scott free with releasing a shoddy product that's compromised 12 minutes after starting, General Motors can't.
    • It's not that simple, though. Microsoft isn't liable for peoples' lost property, time, financial status, jobs, etc, but car companies have always been liable for defects. Is a vulnerability a defect? Is it the infector's fault if they inadvertently infect the vehicle? And furthermore, what kind of true hacker would put people's LIVES in harm's way. That's just sick. As far as car anti-viral solutions, opening up the car to third party software like that would only make the problem worse; allowing thir
    • And for the reasons that the parent talks about, though I am assuming out of my ass, I would guess that the car companies and their suppliers have much more rigerous code testing than the average (or in Microsoft's case, below average) software house.
    • That's a very good point. Who's going to go into a car dealership and buy a new car "as is"?
  • I was under the impression that cars typically had at least two computer systems. One for the in-cabin niceities like A/C and Audio, and another totally separate system for the engine. Has there been some sort of merging of these two systems recently?

    The "comfort" system may need Bluetooth to talk to personal devices to download music, among other tasks. But what possible reason could there be to have the engine system talking to the comfort system? They would seem to be two totally different areas with
    • I think there is at least one way communication. For one thing there's the annoying beeping when the driver's seatbelt isn't engaged, then there's the fact that the cabin lights switch off immediately when the doors are closed and the engine is running, whereas they'd stay on for a little bit if the engine is off. Or at night, when your lights are on, the "comfort panel" is turned on as well. So there's gotta be some communication at least one way. To imagine a two-way system isn't unimaginable either.
      At le
    • Unless anyone can quote an example to the contrary, I can't see a situation where any in-car system allows code to be uploaded easily or by accident - or even how an attack such as a buffer overflow could be used to infect the engine management system et al.

      However, car manufacturers want to save money and using one data path through the car would do that.

      There were certainly similar concerns a few years ago (around the time that people started chipping Sierra Cosworths - that shows you how long ago this wa
    • "I am very sure that you will be still able to drive your car on your own," said Symantec Corp's mobile virus specialist Guido Sanchidrian.

      Are we reading the same article? ;-) The guy claiming things could be infected is Kaspersky, who apparently knows shit about automotive systems.

      FWIW, air-con is usually run by the engine control system. The simple reason for this is that to use air-con, you need the engine on. Also the air-con puts a significant load on the engine, so the engine controller needs to kn
  • A quote from the article:

    ""If the smartphones and on-board computers have the same channel to transfer the data ... sooner or later the hackers will find the vulnerability in the operating systems of on-board computers and ... will definitely use it," he added."

    Although that quote was a guy from Kaspersky, an anti-virus company which I've heard fearmongering on another subject.

    However, below that is this juicy bit:

    "Bluetooth is used in car electronics interfaces for monitoring and service.

    Carmakers say they
  • Yeah, embedded Windows is playing with fire. Please put it in your car, please do all those stupid things. It doesn't matter if I would encourage Microsoft to make their crappy ill product that is so friendly to virusses, they will making it anyway. But when I know their would be a car that runs embedded GNU/Linux or GNU/FreeBSD (or in the future GNU's HURD) then I would buy a car. Now I simply and boldly refuse to do so.
  • We're running Linux on ours [dashpc.com]. I'm not being elitist here, I'm just wondering what OS'es are afflicted by this.

    I assume it's not a flaw in Bluetooth, because it would be much more pervasive. AFAIK, BMW's flakey iDrive system runs Windows - and I'm not saying it's flakey because it runs Windows. I'm saying it's flakey because of telematics industry reports about it. Any correlation is probably/likely just a coincidence.

  • The worst that could happen is that the computer's control of engine performance and emissions, navigation and entertainment systems cease to function. That would probably mean an annoying trip to the repair shop or having to reboot the system.

    This is just stupid. Never happen. Car manufacturers who build cars that can be "infected" will be avoided like the plague in the marketplace.

    The public simply won't buy a car if it can be infected by a virus. In the PC world, people don't have a choice, they have t

    • In the PC world, people don't have a choice, they have to buy Microsoft Windows if they want to buy cheap and compatible. In the automotive industry it's a totally different situation.

      That's a pretty big 'if' there. There are alternatives: Macs are at pretty comparable prices, and can do the majority of things people use PCs for; Linux isn't too complex for a fair proportion of people to install and use, and again, it can do a fair proportion of the things people use PCs for.

      Now, obviously, neither o

  • This is absured.

    The first 9 stories on slashdot have 0 comments above a 3.

    And the first story that has a non-zero value has over 700 comments, and it only has 5!
  • I'm guessing car makers will be putting in all sorts of restrictions in their cars to prevent you installing any unauthorised (by them) code.

    It will probably be something like today's consoles, where the code has to be signed by the manufacture, locking out any homebrew apps - and most likely enthusiasts will find ways to "mod" their cars to allow modifications & additions to the car's software that the manufacturer never intended.

    So the possibilities of code "accidentially" being run on your car will b
  • Cars were't dangerous enough otherwise.
  • You know, the more I hear about stuff like this, the more I like my '71 Ford. Sure I had to spend a week replacing the timing gear, and another week fixing the oil pump after it sucked up parts of the old timing gear, but it least it doesn't get viruses.

"Hello again, Peabody here..." -- Mister Peabody

Working...