How long before the first CarVirus?

Engineering departments of the University of Washington and the University of California San Diego have just “hacked” the electronic control systems of a current passenger car, in the linked article, the engineers gained access to the vehicle’s electronics and control circuits, giving them the ability to change gauge readings, apply/disable brakes and accelerators, sound the horn, and basically have full access to the vehicle’s electronic controls

Even though it’s never specified, the test vehicle appeared to be a Chevy Impala (there are photos in the linked article) with the OnStar system…

Since OnStar uses satellite/cellular communications for information transfer, it’s theoretically possible for a malicious program to be created and downloaded into an OnStar equipped vehicle with functioning OnStar hardware, or, indeed, any highly computerized vehicle with satellite/cellular linkage

That said, the chances of it happening are probably quite low, but the technology is capable of being compromised by specially designed malware designed to compromise the electronics, do I see it ever happening, well, no, but the potential is there, and it’s an interesting experiment…

…looks like I should go and wire up a cutoff switch into my OnStar box, or at the very least, disable it, the "Big Brother-esque aspects are bad enough, without the potential of it being a vector for CarViruses, spyware, adware or other malware…

Heh, who knows, in a few years time, we may have to purchase a copy of Symantec/Kaspersky/McAffee “Car Security” software :wink:

Thats crazy… Although… I cant see why one would even want to do something like that. Im sure following posts will supply us all with ample wierdo reasons.

“Some men just want to watch the world burn.”

It depends on how much control is available through the electronics. If hacking into a car lets you unlock the doors and start the engine, I can see where a few people might be inspired to give it a try.

Or just unlock the doors, grab that purse that’s sitting on the front seat, and be on your way.

I could see it being useful for carjacking scenarios. Or if James Bond’s car is equipped with On-Star.

Years ago in a very fun spy-based one-shot roleplaying game, our group’s computer whiz used just this trick to knock a couple bad guys out of a chase sequence. Don’t know if it’d ever come up in the real world; if it did, I imagine it’d be in Russia.

If I were a cop in a high-speed chase, I’d love to be able to kill the other guy’s engine without touching him.

If the car you’re chasing has OnStar you can already just call them and tell them they’re running from the police. Seen it done several times in those high speed chase video TV shows.

I’m not an engineer, but I don’t think this is necessarily true. It depends on how Onstar is integrated into the vehicle. Apparently it is hooked into some sensors and some controls, but which? From ads I’ve seen it can detect airbag releases, and it can shut off the engine. But can it engage the brakes, or make them fail?

It might be true, or it might be true on some vehicles and not others. I would like to see some more data before I start panicking about brake viruses.

Well, most people cannot even keep their computers secure on their own now, so the same problems will indeed exist for the average person as autos become more complex.

My muscle car is a 2002. 8, almost 9 years old. I can change the shift points for the tranny, release the rpm limiter and high speed setting, delete the oxygen sensors if I want to put headers and exhaust on, change fuel ratios and many other things just by plugging a tool into the OBD port under the dash. (On Board Diagnostics). I installed a resistor that reverses the default setting of always having the traction control on, and now it is only on if I choose to turn it on, all using the stock switch. If I want to take it to the Hot Rod shop they can do much more, because the function of the engine is essentially run by computer input from various sensors.

The average person already views their car as too complex for them to understand and work on, but they are not. Just like people view their computers. Spark, fuel, air, and timing to make it all go boom at the right moment are still the basics. The internal combustion engine has not changed much, features have just been added.

There will always be a way to get around any added feature if you wish. Most users will trust the features that came on the vehicle. And there will be a thriving after-market in turning them off and tuning them out. Things like On Star are great if it offers you a benefit that you value, but it can be used against you too.

So can your garage door opener or your wireless router or the automatic sprinkler system in your lawn.

I remember the jokes that were going around about “crashes” and the “blue screen of death” when Microsoft announced they were trying to sell a Car PC, but I think that was essentially the entertainment interface (radio, etc, plus some displays). I do not think it was the main car controller, the one with its hands directly on the engine, steering, and brakes. I presume that there are multiple levels of controllers?

Damn this must have been written on a very slow news day, and the guys at Udub, and UCSB must really be publicity hungry and think the public are all idiots.
I started to read the article, but when I got to:

and then I read

While it is not stated, the ignition key also had to be present for the computer to be booted up in the first place.
At this point I could not stop laughing. I was laughing to the point I could not finish this humor piece.
In other news, if you leave your computer turned on and your front door open, someone can walk in and erase your files, or upgrade your system to Windows Vista (which one is worse?)
I am not always the most observant guy in town, but I am fairly sure that even on my worst day ever I would notice the large black cable protruding out of the OBD socket connected to the laptop that is being used by a guy (who I have never seen before) in the passenger’s seat. If this were actually were to happen, I might just make a few inquiries.
I have many fears in this life, but having my car computer remotely reprogrammed is not even in the top 10,000 of my fears.

I thought it was amusing as well, more in a “let’s see what happens if we do this” kinda’ way, like you, I feel that the possibility of AutoMalware is quite slim, fun experiment, though

The thing is, if this can be controlled via a laptop, I’d imagine that it could be done wirelessly as well. Just hook a dongle up to the OBDII port with a cell phone receiver (or even bluetooth if you’re going to be driving near them). Then write an app for a smart phone that can dial in to that car and you can gain access. Yes, I know that means you need to gain access to the car to begin with, but that’s not difficult. Off the top of my head I can think of two easy ways. 1)Ex-wife stops over to drop the kids off and needs to use your bathroom, grab her keys run out to her car and install it. You’re back in the house before she’s out of the bathroom. 2)Disgruntled employee finds his bosses car in the parking lot, smashes a window and installs it. Boss finds smashed window, assumes it’s random and doesn’t think any more of it.

I thought that there had already been one. An article I read a month or two ago at the height of the Toyota flap implied that one had already been found, anyway.