We are all aware that the carmakers seem to be incapable of building a safe car as more and more safety recalls are made public daily. We really can’t blame them solely for the lack of mechanical safety as most companies outsource many components vs in-house built years ago.
These recalls are not limited to mechanical problems only, but include many programming errors of the computers in the vehicles. Eg: 2014 Chevy Impala brakes apply by themselves, or 2015 Ford SuperDuty pickup engage reverse even though you want drive.
By now you are aware that the carmakers have used GNU licensed software scripts in their programming for years without being told by their in-house programmers. These scripts are available to anyone to both analyze and use. Sometimes these have exploitable code that poses not only a security risk like the recently disclosed ‘Heart Bleed’ , but a safety risk as well.
You should also be aware that car computer systems do not have even the most basic protection like username password authentication. Nor do they have firewalls or antivirus protection, thus they are wide open for exploitation by hackers. Since 2003 there is only one language (protocol), CAN, in car computers and it makes it easier for hackers.
Not that any antivirus protection would help. Anyone that has used a computer for anytime at all can fully attest to the fact that antivirus software really doesn’t help. Now even Symantec Senior VP Brian Dye admits defeat in the ‘Antivirus War’.
Since hackers can and do make it through firewalls on your desktop or laptop PC, it really isn’t that big of problem except for the annoyance and the lost data, as you can always wipe your hard drive and reinstall. Yes, I know that people say Apple and Linux computers are safe, but even they are seeing their computers hacked.
Unfortunately, on a car it is entirely different and can be devastating when a hacker takes control of your car’s computer system and could disable brakes, increase speed, or turn off other safety devices. Also when NOT if this happens to get your car’s computers reprogrammed (wiped and reinstalled like the pc) is a bit more complicated and expensive as it requires a reprogramming tool like the Actia Pass Thru+ J2534 and the skills to do it right.
You might think you are safe because of the sheer numbers of cars, or that to hack them requires a physical presence. But that is a false security, as was originally demonstrated at Automotive Week in May 2011 by NXP, with their Car to X communications product.
. This demonstration is from the Consumer Electronics Show in 2013
The people at NXP showed how their new communications board could fit in the ‘Shark Fin’ on the car’s roof. NXP disclosed that it operates using the 802.11P protocol which is the same one you use probably at work and home. Their communications board can talk to other cars, traffic lights and other 802.11 enabled devices as far away as 1 mile at over 200Kph and even through other vehicles like semi-trucks.
Here at STA, we have been attempting to disclose the problem of driving with a ‘Bluetooth’ enabled scan tool connected to the car, as that is definitely a security problem. However with the adoption of the 802.11 (WiFi) communications protocol in cars, this just got much worse. Being able to communicate with cars from a distance of one mile without anyone knowing* is extremely bad.
Now consider what would happen if a hacker used a directional antenna, that distance can increase substantially. Don’t forget that communications with traffic lights, as it becomes increasingly more possible for a hacker to take control of a traffic light.
NHTSA is supposedly looking into car programming and communications security, but given their recently exposed failures, and considering that Symantec, the company that pioneered commercial antivirus software, has now thrown in the towel on pc antivirus, we should not put our faith in NHTSA or the carmakers.
The only person you can trust with your safety is YOU!
In a previous article we disclosed how you could protect yourself and that is now more important than ever. You should consider having your own personal scan tool and carrying it with you in your car at all times. When you notice a change in your car’s operation, you should immediately pull over and use your scan tool to check your recorded data to a current set.
Do this for not only your safety, but for the safety of everyone else that shares the road with you.
* there are other more frightening situations that I am privileged to , but I have agreed not to disclose them publicly
Comparing our 2X80S to competitors
|Controls Data Corruption|
|Improved Data Speed|
|Enhanced Software Included|
|Phone Tablet PDA Capable|
|Multiple PC Applications|
|Multiple Phone Tablet PDA Applications|
|2 Wheel Vehicle Applications|
|Legacy OS Support|
Yes or Included No or not included Some or limited
|All above information is based on published information as of 01/2015 or products purchsed to confirm|