Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Transportation

Cyber Attacks Demonstrated On Autonomous Ground Vehicles 52

An anonymous reader writes As vehicles increasingly rely on automation, software and technology enhancements to run basic functionality, those systems serve as a potential safety risk when under cyber attack. Mission Secure uses a proprietary methodology developed by the University of Virginia with the Department of Defense for identifying the most consequential and easy to carry out cyber attacks on any system that a defense capability must address. The goal of the pilot is to demonstrate how to identify vehicle safety threats malicious cyber attackers could use to easily compromise the vehicle's key control systems and how these attacks could be detected and protected.
This discussion has been archived. No new comments can be posted.

Cyber Attacks Demonstrated On Autonomous Ground Vehicles

Comments Filter:
  • by gweihir ( 88907 ) on Wednesday January 14, 2015 @01:58PM (#48813073)

    There is no need for any "proprietary method". You do what any competent security consultant does: You understand the system, you identify critical components and attack vectors. If needed, you consult with experts on the technology evaluated. You correlate the attack vectors and critical components, rate according to your experience and propose fixes. That is it. There is absolutely nothing new or surprising here. There are absolutely no new threats here. The whole article is sensationalist bullshit.

    • by gurps_npc ( 621217 ) on Wednesday January 14, 2015 @02:04PM (#48813127) Homepage
      The author thought that people needed to be reminded that if we let computers control cars, then a hacker can hack your car. This might cause deaths.

      Apparently, they don't seem to understand that computers already control airplanes, submarines, other boats, trains, and nuclear missiles.

      Not to mention computer controls power plants (including nuclear power plants, dams, our traffic systems, etc.

      • by NoKaOi ( 1415755 )

        And that an old carbureted vehicle without a single transistor can be carjacked with a gun and a mask. And can crash into other cars. The real question is: Is the risk of causing deaths higher for autonomous vehicles or human driven vehicles?

        • by gweihir ( 88907 )

          Well, if autonomous vehicles do not manage to be significantly better than human drivers, they will likely not take off. And once they are significantly better, it may eventually spell the end of humans driving in the long run.

      • Only if it can be remotely accessed, or if there is a physical access than can be utilized with greater ease than the rest of the vehicles security.
        If something like that is the case, your security 'expert' is most likely a brain damaged rhesus monkey, kind of like the guy that suggests you leave your loaded gun on the front porch.
      • by gweihir ( 88907 )

        Yes, sounds very much like it. I think we also already have seen demos last year about hackers engaging brakes remotely and starting engines.

        There is a drive to integrate everything, because a modern car has an inordinate amount of cabling, which is expensive and heavy. Just running power and data everywhere would be a lot cheaper. And, as you point out, it is done in a lot of other places already.

      • Yeah but can we all just agree that connecting some of these systems to the internet or a wireless network is a bad idea?

        I want a person who sees one screen with internet access, makes a decision, and presses a physical button on the controls for the nuclear power plant.

        So auto driving cars are great -- can be secured, but let's not be cavalier about "other things are computer controlled" -- there's going to be iPhone software that tweaks the car and that means 100X more access by script kiddies to mayhem.

        • No there does not need to be iphone software that tweaks the car. That itself would be a stupid idea.

          I predict that the cars in question will have no wireless connection from the controlling computer. There will be a wired plug, just like in current cars.

          Because adding wireless capacity to the part of the car that controls fuel injection is a moronic idea - as you pointed out.

    • "proprietary methodology"

      Somebody is trying to sell the electronic equivalent of 'distressed properties'.

    • by sribe ( 304414 )

      Well, much like dish soap, concentrated bullshit is better than regular-strength bullshit!

    • by Anonymous Coward

      Indeed. And neither TFS nor TFA mentions any attack that's actually been "demonstrated", they're couched in purely theoretical/hypothetical terms. "Oh, if you pay us some stupid amount of money we can tell you what attacks you need to defend against. But no, we're not going to show you any for free, what do you take us for?"

  • by jtara ( 133429 ) on Wednesday January 14, 2015 @02:10PM (#48813181)

    I interviewed for a job working on an autonomous vehicle project, many years ago. Oh, to clarify, this was an autonomous MILITARY vehicle. I see this is just about cars.

    My job would have been to do retro-documentation.

    That's a violation of the approved development process. I turned the job down.

    There is an annoyingly-complicated process that is supposed to be followed. And then there is how things are ACTUALLY done.

    Based on this, I suspect your auto-parking Lexus may well be less susceptible than some driverless tank. :( Auto companies don't have to follow standards so ridiculously-difficult to follow that they aren't followed, and then go through the motions after the project is completed.

  • Someone with Ham Radio and a directional antenna could probably cause the crash. I have seen a car alarm go off , unlock the doors and pop open it's trunk using just legal Ham Radio Equipment.
    • by __aaclcg7560 ( 824291 ) on Wednesday January 14, 2015 @02:42PM (#48813465)
      An old roommate had a red Toyota Corolla. One day he lost his car in a big parking lot, found it, unlocked it, and started the engine before he realized that it wasn't his. Turned out there were ~20 unique keys for his particular model. He got "lucky" with finding an exact same car that used his particular key.
      • So what was your friend's next move: check the glove box for the name of the person who was at that moment driving his car?

      • by antdude ( 79039 )

        "And then?"

      • I had family members who drove a 1947 Chevy home from the movies. It was identical to their own. The other people made the same error and took our Chevy home. My aunt discovered the problem two days later when she opened the glove compartment. She called the police and they tracked down the car and arranged the swap.
    • I remember the car alarms in San Antonio going off all the time. (Virtually everyone had car alarms in San Antonio.) They'd go off if someone honked their horn, walked by the car, or in one case, used the neighbors doorbell.
      On a pet peeve note, the cars with alarms that would tell me to "step away from the car" when I walked past on the sidewalk always went off, but that was because I would reply by jumping on the bumper to set it off. You may own your car douchebag, but you don't own the space around it. (
      • Most of us learned to ignore car alarms.

        In college, our dorm was next to the parking lot. One night, some car alarm malfunctioned & went off with a the car horn on continuously. It woke us up at 2am. After 20 minutes we went out to try to shut it off. We were not willing to break things & couldn't pop the hood to disconnect the batt. So we tried to go to sleep. 2 hours later, the horn's 2nd tone stopped. In 20 minutes it was quiet as the battery died & we cheered.

        Now the owner had a dead b

  • The second episode of Ghost in The Shell: Arise [wikipedia.org] featured a former military general seizing control of the Traffic Control AI to trap 20 million people in their vehicles and holding them for ransom.
  • meanwhile the tried and true methods of bombs planted on vehicles, tampering with brakes, shooting drivers, etc. continue to get body count

    "I don't need no high tech shit to whack somebody" -- Vinny "Dago Football" Bartoli

  • The Cylons were able to defeat the new, shiny, electronically controlled Vipers while the older Mark II Vipers were impervious to cyber attacks.

    Once again, analog is better than digital.

    • Once again, analog is better than digital.

      Not quite. Being networked together was a major vulnerability for the colonial fleet. A patch sent out from the defense mainframe prior to the attack created an opening for the Cylons to exploit by shutting the navigation systems for the battlesars and vipers in battle. Battlestar Galactica survived because it's computers weren't networked together and the patch wasn't installed.

      • Actually, it is the same since (some) cars, such as Tesla, can be remotely updated. They don't have to go to a shop to get their software changed.

        While in BSG they installed a patch to the mainframe first, there is nothing to say a similar process couldn't be done or found to compromise vehicles which allow this operation.

      • As a follow up, see this article [cnn.com] which mentions cars talking to one another. That's another term for networking.

        Imagine someone able to hack this type of system and the chaos they could cause.

        Again, analog is better than digital.
      • Correct - once they fixed the backdoor, the Mk VII Vipers, and all the other newer/digital systems, were all safe to use once again.

        Galactica was being retired, and thus wasn't slated to receive the upgrades (and Adama was opposed to network systems anyway). The Battlestar Pegasus had the Command Navigation Program, but it was offline for maintenance since Pegasus was in dock at the time of the attack, and thus Pegasus was unaffected.

        The lesson is that patch management and updates are seriously important t
  • Then it can be hacked.

    This is why you don't trust computers.

    Says the guy who has worked in computers since the 80s and rolled his own in the 70s.

  • by xmousex ( 661995 ) on Wednesday January 14, 2015 @03:50PM (#48814039) Journal

    you will find your car pulling into the nearest walmart, telling you there is a sale on things you like to buy, that your friends are already there shopping, and you must sit in this parking lot for at least 10 minutes before going home or pay the unlock fee on various 3rd party apps your car installed for you at 2am this morning.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...