Good article, because it's a canary in the coal-mine that warns us against drive-by-wire in personal automobiles. Personally I will never own or use a car that is drive-by-wire, especially if it's connected to the internet. I believe strongly there will be (soon?) be an incident where an org or individual will hack a fleet of such cars, cause widespread death, and the public will pull their hair and say "how could this have happened?!"
To what end? If the hack happens, I think it's much more likely that we see a string of assassinations that look like accidents, or kidnappings that don't look like vehicle-related skulduggery at all. It's just not as valuable if you pull the trigger all at once.
Turn all stoplights green (not red!) at the same time. This was actually the idea of a scifi story back in the 1960s--it came out first as a short story (probably in Analog), then as a book. (FWIW, I found the short story better.)
Like many of the ideas in the book 1984, turning all the stoplights green at the same time in New York City was probably not possible in the 1960s. It is now.
The Italian Job has this as a plot point back in 1969. IIRC, it was even more sophisticated than just turning all the lights green.
Retrieving the gold is left as an exercise to the reader.
IMHO: if you want an entertaining movie, watch the 2003 movie. If you're planning a bank heist, the 1969 version is probably more informative. N.B.: I've never done a bank job.
I don't think it is. When you install a signal controller there's this diode board, one diode for each phase. You use a wirecutter and remove diodes in order to tell the controller which phases ought to be allowed at the same time. What you're describing would only be possible if all signals were installed with all diodes removed.
I can't speak for the whole industry, but back when I was part of it, thats how our controllers worked. Admittedly, I don't think New York City was a customer.
A few decades back, Texas law specified that traffic lights must be wired in relays to not allow 2 perpendicular directions to be green at once. I hope this has not changed.
“Because some people just want to see the world burn”, unfortunately.
The idea that someone would actually fly two commercial airliners into downtown manhattan to take out the World Trade Center was also pretty unlikely, circa 2000 and 2001.
The thing about airliners is that they run out of fuel or get shot down. It's not like you can hijack a few and use them repeatedly for decades. They only way they're decent weapons is if you use them immediately.
The US and China go to war, over Taiwan say. This would be part of a general attack on the US, and would include things like the power grid, internet infrastructure, and anything else that can be disabled or turned against us.
Terrorists decide that 9/11 wasn't good enough, and they can do 1000x more damage, death and terror from the comfort of their computers.
Extortionists decide to leverage this capability to extort money from car companies.
More targeted killings would be motivated according to your thought.
This is just the top of my head. I'm sure there are others.
It just seems like the degree of premeditation involved here would also come to the conclusion, given how over invested we are in our military, that is better to make it seem like the US is perpetually shooting itself in the foot rather than make it seems like the US has been shot. We tend to get all rambunctious when we know it was an attack, better to have us lose the war before we know we're fighting it.
When it comes to remote vehicle access I think you could do more damage carefully over the course of a decade than you could do rashly in a day.
I think Taiwan is the most logical short-term thread model that could lead to widespread cyber incidents internally.
Other continues be something like NotPetya, localized cyberwar tactic that hits public internet and runs amuck. But to get from that to critical infra in US, let alone personal autos, is hard to picture.
> It's just not as valuable if you pull the trigger all at once.
Not if they short-sell the car-manufacturer stock first! Granted, that might increase their odds of being caught, but attackers don't have to be wise to be dangerous.
Depending on what can be hacked, another possibility would be a string of suspiciously-smooth thefts.
I don't want to want to discount the possibility that this would be the ambitious endeavor of an actor with otherwise small-time-crook vibes, but I think it's more likely to be a nation state with bigger plans than getting rich.
Do you drive an old car? Drive-by-wire throttles and controller area networks became commonplace in cars a solid 20 years ago. The benefits of these components within a car is completely orthogonal to any sort of external network connectivity.
I swapped an EJ22 out of a 2001 Subaru Impreza into an '86 BRAT. At least as of 2001, there were still a lot of discrete pairs of wires that a sufficiently savvy person (I.e., not me) could debug with a multimeter. Thank goodness. It was enough fun getting it running without involving CANBUS in the process.
I believe our 2005 Civic was largely discrete pairs of analog wires too, even if it was throttle by wire. It gave me very little electrical trouble.
Troubleshooting the headlights on my 2010 Suzuki SX-4 involved printing some 30 pages from TFM. The entirety of the wiring diagram for my '76 Triumph TR6 fit on three pages. We own a Willys CJ-2A, and the whole wiring diagram fits on one sheet. The wiring diagram for the circuits that actually make it run probably fits on an index card.
When you turn off the headlights in my wife's 2018 Impreza, there's a noticeable delay between turning the switch and the computer deigning to allow you to turn the lights off.
Analog systems can be difficult to troubleshoot too, depending on the issue. I've spent some time scratching my head on some old turn signal systems on old motorcycles before, and their diagrams looked simple... at first. Digital electronics can be a pleasure to work with if you have the right tools, the right information, and the system wasn't designed poorly. The Suzuki and the Impreza aren't just more complicated for no reason -- they're also most sophisticated vehicles that do more things.
Are there recent model vehicles without computer controlled throttles?
I know ABS implies computer modulated braking, but I don't think it implies the computer can brake without user input or override user input and not brake. Otoh, automatic emergency braking is standard on some vehicles and optional on many.
Computer controlled steering is currently rare, but is part of lane keeping assistance.
ESC (basically same actuator hardware as ABS) can definitely brake without user input and it's mandatory in all cars sold after 2012. Steering assist is mostly torque limited by design, you should be able to easily overpower it.
>Steering assist is mostly torque limited by design, you should be able to easily overpower it.
Glad you said "mostly". The Cybertruck is an exception, with full drive-by-wire. There may be others. If the 'truck is a hit (and it is) expect its ideas to spread.
Yeah, my info was based on George Hotz interviews on Openpilot. He said they are safe because even if the software wants to steer the car off the road, the lane keep assist actuator won’t be able to steer that hard and will disengage. Haven’t personally tested that myself :)
I’m saying the physical actuators that turn the steering wheel when LKA is on are torque limited on purpose, so they won’t be able to make a sharp turn or overpower a human, even if they won’t disengage when a human tries to override it (e.g. due to a bug or sensor failure).
Well the authorities will probably do something sensible like ban keyboards or something. They already banned the flipper zero in Canada because it can be used to unlock insecure cars.
So I agree, but my question next is what cars are you finding that meet this standard? Networks show up in cars quite early, not sure how far back I’d have to go to buy one that is suitably off grid.
I own a 1999 Mercedes-Benz E300 turbodiesel and a 1995 Toyota Land Cruiser. Both of these vehicles are modern, computerized machines with electronic engine management, airbags, and computer controlled transmissions. Neither of them have any need for "software updates" nor do they have any way to do so. They both have OBD-II interfaces, and the Benz has a proprietary interface as well. I'll be sticking with these vehicles for as long as it takes for the current complexity fetish to subside. If that means never buying another vehicle that's fine by me :)
My plan for the Land Cruiser is to install the engine and transmission from an early 2000s Mitsubishi Fuso. This will entail grafting the ECU and TCU from the Fuso into the Cruiser's wiring harness, and doing some transmission modifications to hook up the tailshaft to the Toyota transfer case. Should just about double fuel economy and improve driveability. I can't think of any reason I'd buy a newer vehicle, the "improvements" they offer just aren't worth the cost.
> Neither of them have any need for "software updates" nor do they have any way to do so.
Pretty sure they could get firmware updates for the ECU and TCU. There's probably somebody doing ECU tunes for more power / better efficiency / better noises, even if that's just tweaking the tables ajd even if there are no factory software updates. Electronicly controlled transmissions often have some updates available over their early service life, even if they're not well publicized or pushed. ODB-II is commonly used for that, although maybe the 1995 would need modules removed and rom chips replaced.
Yes, and there are aftermarket standalone transmission and engine controllers available. Another thing people do is stick another node in the CAN network which intercepts packets and rewrites them. But what I meant is that the cars, when they were shipped, were done. Like, they struck the right balance between features and complexity s.t. the product that was shipped was complete. That's the kind of equipment I like to depend on, not something that's a constant experiment.
Are they fully reflashable or can be just parameter adjusted? I have a random power steering ECU, it came with a mask ROM variant of a Fujitsu MPU. Having a microcontroller != having a field malware programmable micro.
> nor do they have any way to do so. They both have OBD-II interfaces,
You sure about that, at least if someone has direct access to your car I'm guessing they could very easily clip something on that could control the car under particular conditions.
Sure they could plug a device which sniffs or rewrites CAN frames right into the OBD-II port or the 38 pin port on the Benz. I have done so myself even. I'm not worried about it one bit. Someone would have to specifically want to target me, and if they have access to my car they also have (much easier) access to my house. I am not worried about that either.
Look, if you want to really mess up a car all you need is a pair of needle nose pliers. Locate the brake lines where the hard line meets the soft line going to each caliper, and squash each hard line to crack it just enough that fluid starts to slightly weep out. When the driver first steps on the brakes in earnest the fluid will flow out, and eventually (maybe 5-10 braking events later) the brakes will no longer work.
Again, my threat model does not include someone targeting me specifically. If someone wants to hurt me or vandalize my property they're not gonna do it by writing some esoteric computer program. If you connect your car to the Internet the threat model needs to expand to include "bulk" attacks, which I suspect are actually much more likely.
Got it, so you accept the risk of local access and poorly segmented canbus and maybe access via complex RF style-hacks more or less, but remove the software, wifi, cell and presumably Bluetooth threat models. That makes sense to me.
I also have a simple downgrade path to a fully mechanical vehicle. On the Benz replace the injector pump with a mechanical one and the transmission with an older hydraulically controlled automatic or manual. Similar options available on the Toyota.
But really the "threat model" is about complexity, not malice. I'm not worried someone will try to hack my car. If they manage it, good on them. I am worried about a manufacturer preventing me from maintaining my cars. Newer cars are so tightly locked down that maintenance is unnecessarily difficult.
On grid cars don't tend to stay that way. My 2013 Ford was built with a 2g modem, a recall replaced that with a 3g modem, and now the 3g modem has no one to talk to. My 2017 Chrysler also has a 3g modem with no one to talk to.
A malicious person could standup a fake 3g network, I guess. But LTE has strong mutual auth, so cars with 4g modems will be very hard to attack once 4g is dead. OTOH, 4g and 5g can more easily coexist: as I understand it, 5g can run with 4g compatible control protocol, with some slots 4g and some 5g depending on the needs of the mobile stations nearby, 2g and 3g needed a block allocated, so once the minimum size block was no longer well utilized, it's a waste of spectrum. This may mean 4g is kept alive a lot longer than 2g/3g.
