Computer viruses infecting onboard computers in cars! - Tilted Forum Project Discussion Community

Lockjaw · 02-02-2005, 08:17 PM

http://news.zdnet.com/2100-1009_22-5551367.html

Quote:

Antivirus companies are researching reports that computer viruses have attacked the onboard computers of cars.

Moscow-based Kaspersky Labs was asked last weekend how to disinfect the onboard computers of several Lexus models: LX470, LS430 and Landcruiser 100. The security company was told that the infection likely occurred via a mobile phone.

Some mobile-phone viruses already exist, such as Cabir and Skulls, which spread by Bluetooth and infect handsets based on the Symbian operating system. Many Lexus cars include a navigation system that can connect to a mobile phone over Bluetooth to allow hands-free calls, and Kaspersky believes that Bluetooth could be used to transmit a virus to a car's GPS navigation system.

However, it is unclear which operating system Lexus uses for its navigation system. The company did not immediately respond to requests for comment.

"We know that car manufacturers are integrating existing operating systems into their onboard computers--take the Fiat and Microsoft deal, for instance," said Eugene Kaspersky, head of antivirus research at Kaspersky Labs. "If infected mobile devices are scary, just think about an infected onboard computer."

David Emm, senior technology consultant at Kaspersky, said it was plausible that mobile phones could infect cars.

"It's certainly a possibility, but at this stage, it seems theoretical," Emm said. "The question is whether (onboard computers) have been subjected to attacks from (devices running the) Symbian operating system. I suspect that this will be done with a handset."

Kaspersky is still researching the reports.

Until two-way wireless transmissions were banned in races, Formula 1 racing cars were equipped with antivirus software to prevent virus attacks on the car's operating system.

Sweet crap!

Willravel · 02-02-2005, 08:52 PM

That reminds me of the EMP gun on that terrible Fast and Furious sequel.

I hope for the safety of drivers everywhere this stays in the "theorecical" stage indefinatally.

asudevil83 · 02-02-2005, 10:15 PM

yeah, this is not going to be good if its true. fuck if i'd drive a car that could get some sort of virus.

i could definately see some bad shit coming out of this, accidents, cars losing functionality while driving. luckily though, the more serious virus threats are tracked down to the source. the first time some big shit happens on the road as a result of this, the shit will be hitting the ceiling with the feds.

crxforum · 02-03-2005, 09:11 AM

It was bound to happen. Japanese manufacturers leave ECUs open. Some US companies have made it so that you cannot modify the system of their cars. When the ECU was turned off it would reset each time to prevent modifications without a special by pass chip.

The Japanese have left this open for OBD (Sensor Testing for diagnostics by a mechanic) so that a trained mechanic will be able to screw around with the setting incase a vechicle needed it or if it was tuned with aftermarket equipment. But they dont want you to know that.

Nimisys · 02-03-2005, 07:08 PM

not sure how big a threat this really is. besides the difficulty of infection (bluetooth being slow and limited range to begin with) there is the actual trouble of infecting something vital. a lot of cars computers functionality is still hardwired into it. a BCM (body control module) can not be reprogrammed to act as the PCM (powertrain control module) or as a EBCM (electonic brake control module, aka abs/traction control/stability system). furthermore the actual programing of any key module can not occur with the engine running, and often can require fuses to be pulled as well as a key cycle to be made. the changable software is stored on EEPROM chips, while the base factory code that provides the basic functionality is stored on EPROM chips and ROM. so unless a module has been design to recieve and proccess new software rapidly (such as with navigation systems), the threat posed is basicly non existant.

second is communications. currently there are multiple bus protocols used on vehicles as well as multiple netwrok designs. until it is required for all vehicles to use a CAN bus, any virus created will have to be engineered specificly to travel along a given model/years internal network.

crxforum, at the core you are misunderstanding the purpose and implemintation of OBD/OBDII standards. the suggest you are making about it, is at its core false, nor applicable to this threat.

geeza · 02-05-2005, 08:34 AM

This kind of speculative crap has all the hallmarks of a weakly-constructed PR stunt.

I love the fact that they created this article out of NOTHING: here's Kaspersky commenting on something he clearly hasn't even checked out yet, but for some reason the reporters are already there before he's even had a chance to look at the patient.

And the time frame 'last weekend' oh please! "Well I remember it was, erm, last weekend because, uh, I was uh, trying to think of an imprecise time for my bogus story, and then it came to me."

"Everyone's bored of computer viruses now, so how do we get em all scared again so we can sell more of our overpriced, silly anti-virus code, and our 'update definitions' files that contain absolutely nothing? Oh yeah, let's tell them their cars are under threat, that usually motivates Americans."

Why is everybody so scaredy and pathetic these days? It's like everyone WANTS an excuse to be afraid, and these guys are profiting.

GetRdone · 02-06-2005, 07:42 PM

wish i woulda thought of that scam

02-06-2005, 10:15 PM

I have a hard time beliving that. I think that common sense on the programers part would prevent any serious damaege from happening assuming that it is true at all.

02-02-2005, 08:52 PM	#2 (permalink)
Willravel ... a sort of licensed troubleshooter.	That reminds me of the EMP gun on that terrible Fast and Furious sequel. I hope for the safety of drivers everywhere this stays in the "theorecical" stage indefinatally.

02-02-2005, 10:15 PM	#3 (permalink)
asudevil83 Psycho Location: Scottsdale, AZ	yeah, this is not going to be good if its true. fuck if i'd drive a car that could get some sort of virus. i could definately see some bad shit coming out of this, accidents, cars losing functionality while driving. luckily though, the more serious virus threats are tracked down to the source. the first time some big shit happens on the road as a result of this, the shit will be hitting the ceiling with the feds.

02-03-2005, 09:11 AM	#4 (permalink)
crxforum Crazy	It was bound to happen. Japanese manufacturers leave ECUs open. Some US companies have made it so that you cannot modify the system of their cars. When the ECU was turned off it would reset each time to prevent modifications without a special by pass chip. The Japanese have left this open for OBD (Sensor Testing for diagnostics by a mechanic) so that a trained mechanic will be able to screw around with the setting incase a vechicle needed it or if it was tuned with aftermarket equipment. But they dont want you to know that.

02-03-2005, 07:08 PM	#5 (permalink)
Nimisys Crazy Location: San Diego	not sure how big a threat this really is. besides the difficulty of infection (bluetooth being slow and limited range to begin with) there is the actual trouble of infecting something vital. a lot of cars computers functionality is still hardwired into it. a BCM (body control module) can not be reprogrammed to act as the PCM (powertrain control module) or as a EBCM (electonic brake control module, aka abs/traction control/stability system). furthermore the actual programing of any key module can not occur with the engine running, and often can require fuses to be pulled as well as a key cycle to be made. the changable software is stored on EEPROM chips, while the base factory code that provides the basic functionality is stored on EPROM chips and ROM. so unless a module has been design to recieve and proccess new software rapidly (such as with navigation systems), the threat posed is basicly non existant. second is communications. currently there are multiple bus protocols used on vehicles as well as multiple netwrok designs. until it is required for all vehicles to use a CAN bus, any virus created will have to be engineered specificly to travel along a given model/years internal network. crxforum, at the core you are misunderstanding the purpose and implemintation of OBD/OBDII standards. the suggest you are making about it, is at its core false, nor applicable to this threat.

02-05-2005, 08:34 AM	#6 (permalink)
geeza Crazy	This kind of speculative crap has all the hallmarks of a weakly-constructed PR stunt. I love the fact that they created this article out of NOTHING: here's Kaspersky commenting on something he clearly hasn't even checked out yet, but for some reason the reporters are already there before he's even had a chance to look at the patient. And the time frame 'last weekend' oh please! "Well I remember it was, erm, last weekend because, uh, I was uh, trying to think of an imprecise time for my bogus story, and then it came to me." "Everyone's bored of computer viruses now, so how do we get em all scared again so we can sell more of our overpriced, silly anti-virus code, and our 'update definitions' files that contain absolutely nothing? Oh yeah, let's tell them their cars are under threat, that usually motivates Americans." Why is everybody so scaredy and pathetic these days? It's like everyone WANTS an excuse to be afraid, and these guys are profiting.

02-06-2005, 07:42 PM	#7 (permalink)
GetRdone Psycho	wish i woulda thought of that scam

02-06-2005, 10:15 PM	#8 (permalink)
NotMVH Guest	I have a hard time beliving that. I think that common sense on the programers part would prevent any serious damaege from happening assuming that it is true at all.