34 votes

Watch DARPA Hackers Take Control Of A Toyota Prius

http://www.fromthetrenchesworldreport.com/watch-darpa-hacker...

Andy Greenberg is a writer for Forbes. He has agreed to drive a Toyota Prius that serves as the test subject for DARPA engineers doing research on car hacking. He has no idea what he’s in for.

To prove just how much modern cars are controlled by their computer systems, the engineers proceed to screw with Greenberg’s speedometer, gas gauge, brakes, transmission, horn and steering wheel — all while he’s driving, and all from a laptop connected to the car.

The details are in Greenberg’s latest Forbes story, where he plays guinea pig for Charlie Miller and Chris Valasek, two engineers doing consulting work for the Pentagon’s Defense Advanced Research Projects Agency. They’re doing research into the potential threat of car hacking, and they will present their findings at the Las Vegas hacker convention next month.


http://youtu.be/oqe6S6m73Zw

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hastings

Hastings' accident is coming to mind now !

----------------------------
Dr.Ron Paul's 2002 Predictions
http://www.youtube.com/watch?v=zGDisyWkIBM

with a top speed of 34 mph

the prius is a far safer car for investigative journalists.

"The two weakest arguments for any issue on the House floor are moral and constitutional"
Ron Paul

So would this be a potential

So would this be a potential way to have someone have an accident with a tree or something?

Or a pedestrian.

As long as it was the right pedestrian.

Pandas is bad.

Its not like...

It is not like the NATIONAL SECURITY STATE would ever use this to silence whistle blowers or their "criminal" journalist accomplices.[read: D. Gregory][see: Hastings]

in order to actually do what was done in the video

You would have to basically install an entire new computer system for the engine and most of the other components.

Source... I have programed ECU's for race cars.

Tools of war are not always obvious. The worst weapon is an idea planted in the mind of man. Prejudices can kill, suspicion can destroy, and a thoughtless, frightened search for a scapegoat has an everlasting fallout all of its own.

Yes, it may be, But...

My brother helped develop those domestic auto computers in the past, along with many other projects, for the last thirty years. I worry that the government can, somehow, get involved in what is put into the computers. I think my brother had security clearance for work on governemnt equipment.

Would it not be easy for them to demand he not reveal anything that would be placed in our car computers, secretly. Like they are now using secret FISA courts and the NSA's collection of everyone's cell phone and email records. I don't trust them!

Modern cars have dozens of

Modern cars have dozens of ECUs each with their own EEPROM, RAM, CPU, and bus interface. No longer are cars run from a single ECU. In fact ECU is more often being referred more generically as Electronic Control Unit instead of Engine Control Unit. The ECM (Engine Control Module ECU) now is only responsible for engine controls and emissions. This module is the only one required to actually interface with the OBD-II port for emissions testing.
ABS, Cruise Control, Transmission, Airbags, radio, telematics, power windows, power locks, instruments cluster, instruments controls, etc. each have their own ECU linked together via a high speed serial bus (Modbus, CAN, ISO, etc) Each with their own IP address of sorts.
Here's the kicker, the bus used by most manufactures is much like wired Ethernet. Meaning that just like a network in the office it is only as secure as the physical wires and equipment. Once one system is compromised it can see all traffic on the network and send fake data pretending to be any system it wants.
As others in this thread pointed in various videos, even a compromised radio connected to the bus can pretend to be any ECU it wants or send commands to any ECU so long as it is what the receiving ECU understands.

Having worked on VW's I am able to run VCDS from my laptop and get reports from all ECUs. I can place many of these in diagnostic mode. I can instruct the Braking ECU to retract the rear calipers so I can change the pads. I can tell each individual window to roll up or down, each door lock, each light inside and out. I'm sure if I poked around a little more I could find the byte and address to instruct the cruise control ECU to open the throttle 100%.

running a Diag check is far different then a "takeover"

The CAN system in modern cars are preprogramed to allow the diag check you describe. Doing an actual takeover is far different.
There are dozens of built in redundancies on in the system that are mechanical, digital and/or analog that would have to be removed.

Throttles have built in systems to keep check on a full throttle situation regardless of what the ECU is telling it to do. The brakes are ALWAYS fully mechanical with ABS only acting as a pulser. the steering systems are like force feedback(in most cases)that is easily overcome by the driver.

To do something like what happened to micheal hastings, it would be easier for somebody to just swap out his car for a nearly identical car that has been extensively modified to allow remote takeover. (or give someone a few days with his car to do the mods)

Tools of war are not always obvious. The worst weapon is an idea planted in the mind of man. Prejudices can kill, suspicion can destroy, and a thoughtless, frightened search for a scapegoat has an everlasting fallout all of its own.

An ECU for a stripped-down

An ECU for a stripped-down race car is nothing like some "luxury" car that uses a computer for everything function on the car and all systems talk back to each other through some sort of CAN bus or other method.

I do get mad about is when I hear people who have no clue about anything mechanical or electrical fear monger with outright lies that any car with EFI can be hacked to kill you or that your cable box, TV, or even washing machine has cameras and microphones in them. The latter is completely senseless. Almost everyone has a cell phone and carries it with them. Why would they need to put a camera in a TV to spy on you? Or a washing machine?

Please come join my forum if you're not a trendy and agree with my points of view.

You obviously missed this DARPA presentation.

https://www.youtube.com/watch?v=6OfcgJ-pl7Q

These systems were never designed with hacking protection and therefor are easily accessed with the right knowledge and I would be willing to bet Micheal's NEW Mercedes had on-Star. Even if he opted not to subscribe to on-Star, I would be willing to also bet it could be activated remotely at anytime.

You obviously didn't read

You obviously didn't read anything I typed, nor understand how these systems in cars actually work.

Please come join my forum if you're not a trendy and agree with my points of view.

Yeah I did

but it sounded like you confused EFI with ECU in your last paragraph, unless you really did mean Electronic Fuel Injection.

I did not confuse them. EFI

I did not confuse them. EFI is electronic fuel injection. An ECU is an engine control unit. That's all an ECU does...control an engine. The other computers in a car that control other functions are not called ECUs. You could have a carbureted car with mechanical ignition and have a computer that controls an ABS system, and the car won't have an ECU. It's also a pretty recent thing that OBD2 systems link all computers together, even for luxury cars. Your common import from the '90s, OBD1 or OBD2 aren't going to be able to be hacked to do anything dangerous. Just because a "computer" is controlling something in a car does not mean it can even be accessed to do anything.

It's why I think this notion of washing machines spying is just stupid. I know the ins and outs of such devices and there is nothing in their circuitry to allow them to communicate merely through their power supply. One minute people like Alex Jones say that they're not very intelligent when it comes to technology, and then they have the gall to claim that your washing machine is going to spy on you, and THEN they don't even want to listen to people who are electrical engineers who will bust the myth and they will just be labeled as some disinfo agent.

Please come join my forum if you're not a trendy and agree with my points of view.

Really?

Did you even watch the DARPA VIDEO?

Sorry you are Wrong!

1. "Your common import from the '90s, OBD1 or OBD2 aren't going to be able to be hacked to do anything dangerous." Wrong! If you have cruise control and ABS I can tell you it would be easy to put you in a situation that would have you pissing your pants. Just pop a modified EPROM in the ECU and you just lost control of your breaking and acceleration once you hit 65 mph, better yet that could be implemented via the diagnostic port which is easier to access. While were at it lets put in an RF or cell mod so we can trigger it at will, don't forget the GPS, No Problem. But were not talking 90's imports are we mister ramicio? No we are talking about one Micheal Hastings in a 2013 Mercedes Benz, which has so much control built in that you wouldn't have a chance.

2. Just because a "computer" is controlling something in a car does not mean it can even be accessed to do anything. YES IT DOES, either physically or if new enough, remotely. Do you even know how microprocessors work? Here's microcomputers 101 "all computers need instructions." Your BIOS on your computer could be flashed in about 60 seconds so the next time you turned it on, all it would do is FLASH YOU BACK!

3. "It's why I think this notion of washing machines spying is just stupid." I agree, why bother when they now have smart meters with a massive database of load signatures that have at least a 90% accuracy of identifying exactly what you are doing in your home at any given moment!

4. Oh and yes they had power line communications back in the mid 80's. One company planned to market it but failed to do so (that's another reality you will dismiss,) but yes they had proof of concept. But I am reassured, to here you inspected all modern day appliances to make sure our privacy is safe.

What's your background anyways? Please don't tell me you have one of those cushy DOD jobs. I hear Gov shills make a pretty penny nowadays's.

Back in the '90s those units

Back in the '90s those units were not computers that linked to other computers. They were complete standalone units. Even today, unless you're getting some crazy hybrid, or an expensive luxury car, all systems are still standalone and don't communicate with each other. Dealers have separate scan tools for different systems.

You can't just pop a modified PROM in a computer. They don't just come with sockets, they have to be desoldered and then socketed. But I guess some government spy could accomplish that task in probably 10 seconds because anything sinister is always all powerful. An ECU does not control ABS nor cruise control. All ABS does is pulse the brakes. It's just a motor, not a servo, nor a stepper. It just spins. You can't tell it a specific place to stop so you can totally disable the brakes. There is also such a thing called the emergency brake that is totally mechanical, and it's falsely called a parking brake. There is also such thing as turning off the car. Oh, but let me guess, you're going to come on here and tell me that that's something that is computer controlled and can't be overrided?

This thing that happened to this journalist was explosives. You can't hack a computer in a car to make the engine and its mounts separate from a car.

Yeah, doing your wash is so interesting that they need to spy on the average housewife doing such a task... Stupidity...

You and all of the morons who downvoted me are just clueless. You're eating the conspiracy bait and become super paranoid over nothing. You don't understand how these actual systems in cars work.

I don't need to physically inspect an appliance. Just download its repair manual and look in there. No damn cameras or microphones.

Ah, yes...more paranoia. A person has a brain and can actually look at devices or their manuals to see that there are no cameras and microphones in them instead of listening to conspiracy bait like technologically-clueless Alex Jones, so they must be a government shill.

Please come join my forum if you're not a trendy and agree with my points of view.

What do you make of this?

The New York Times:
Researchers Show How a Car’s Electronics Can Be Taken Over Remotely

http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1&

Here's the report mentioned in the article:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Thank you.

:)

Pandas is bad.

That's why I'm sticking with what I know...


http://youtu.be/P8UtRNCztVI

Pandas is bad.

Funny stuff man. lol

 

What's your thoughts on this?

What's your thoughts on this? Breaks the RSA 256 security on an ECU with a $25 box-

http://www.blackhat.com/us-13/arsenal.html#Illera

Check out http://ronpaulforums.com for activism and news.

Are you sure...

Most cars ECU's have read/write capability through the OBD II port these days. I know because my friends reprogramed their ECU's on their VW's with this dongle thing and increased their boost for their turbo. If you had access to the programing language for the car you could plug in a device with a radio into that port and control the car's accelerator, ABS, Airbags, anything that's controlled by the ecu.

We were reprogramming the computers on Jetta TDIs...

7 or 8 years ago - www.biodiesel.infopop.cc www.tdiclub.com - it was necessary for running homebrew biodiesel blends. This was when the sulfur in diesel fuel went from 500 ppm to 15, with the resulting loss in lubrication. Lots of things were affected like cold filter plug points and reports of 'problems' that were actually extra fuel efficiencies the computer didn't expect or other such things.

Though VW was leading the way in biodiesel use and research in Germany the U.S. dealerships had no knowledge and spoke against using biodiesel, necessitating the hacks.

Pandas is bad.

Jefferson's picture

Not

according to this lady. The good part starts around 1:30
(I didn't vote you down BTW)

http://youtu.be/6OfcgJ-pl7Q

Hack the Reaper, sounds like a band name and a wonderful counter

Hack the Reaper, sounds like a band name and a wonderful counter

I see you posted it first

I guess I should scroll down next time.

burn.

.