The Book of Enoch
104.9 Do not be impious in your hearts, and do not lie, and do not alter the
words of truth, 

nor say that the words of the Holy and Great One are lies, and do not praise your idols. 
For all your lies, and all your impiety, lead not to righteousness but to great sin.
104.10 And now I know this mystery; that many sinners will alter and
distort the words of truth, 

and speak evil words, and lie, and concoct great fabrications, and write books in their own words.

Sunday, June 30, 2013

Can your automobile be remotely hacked? Part II

In my further research, I noticed this Gizmag article Apparently, the vulnerability of modern vehicle on-board computer to hacking has been well known for some times. In the experiments conducted by the joint research team of University of Washington and University of California San Diego, the researchers uploaded malicious instructions/codes through physical connection to the vehicle diagnostic port. But in reality, it is technically possible to plug a transceiver device onto the input ports, such as the vehicle diagnostic port, and then inject the external instructions/codes through the ubiquitous wireless netowork into the on-board computer. It is similar to a USB Wi-Fi adapter plugged into the USB of your home computer, which relays data between the remote Wi-Fi access point and your computer.

Such vehicle on-board computer wireless communication adapter, if you will, would allow data to be sent to  remote receivers and at the same time instructions to be received from remote devices.Now the question is what kind of security mechanism has been implemented in the on-board vehicle computer systems, or specifically whether the security protocol allows the instructions/codes issued by the remote devices to disrupt the normal operating process of the vehicle, or even to override the manual command, such as pressed brake-pedal.

We know that, in the vehicle Cruise Control system, manually applying the pressure on brake-pedal should override the previously established cruising speed settings. That is what most people would think vehicle on-board system should work: the driver's manual inputs should supersede all other forms of instructions in the system.

If Machael Hastings' car was indeed remotely hacked so that he had no control of his vehicle at all shortly before it crashed. then we need to start to pay attention to the security of on-board vehicle computer system. We need to ask the car manufacturers the following questions:

(1) In designing the vehicle on-board computer system, what kind of security features/protocols have they put into place to prevent external hacking attempt?

(2) Can an external device attached to the computer system, such as a GPS tracking device, both read and write data to and from the computer system? What kind of restrictions are put into place to limit its access to READ only? ( In my earlier story, the suspected GPS tracker presumably read data from the Transmission Control Unit (TCU) in order to identify whether I shifted the gear from "P" to "D" and "D" to "P". I did not see any sign that the tracker could WRITE to the TCU or other part of the system, but I could not rule it out.)

(3) On some critical operations such as braking, etc., does the action of the driver, i.e. manual input, override all other type of computer instructions/codes, as it should, or are there higher privileged users, such as Superuser, etc., who would be able to override even the manual operations conducted by the car drivers?

I urge you, especially those who are journalists, to investigate this matter further so that the general public could be made aware of this risk. We need to be informed what the car manufacturers have done to counter the increasing risk.
Thank you,

1 comment:

  1. They have done nothing to protect us. When Subaru service found a code in my computer that did not belong there, and did not know what it was, i shared and they refused to touch it. That was after a Homeland Security suv pulled up next to me and parked. Dark windows, and nobody got out. Yes, they can control the car remotely and allow perps entrance.