Excerpted from
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars
-- Jerry
The tire pressure monitors built into modern cars have been shown to
be insecure by researchers from Rutgers University and the University
of South Carolina. The wireless sensors, compulsory in new automobiles
in the US since 2008, can be used to track vehicles or feed bad data
to the electronic control units (ECU), causing them to malfunction.
Earlier in the year, researchers ... showed that the ECUs could be
hacked.... The new research shows that other systems in the vehicle
are similarly insecure. The tire pressure monitors are ... wireless,
allowing attacks to be made from adjacent vehicles. The researchers
used equipment costing $1,500... to eavesdrop on, and interfere with,
two different tire pressure monitoring systems.
The pressure sensors contain unique IDs, so merely eavesdropping
enabled the researchers to identify and track vehicles remotely.
Beyond this, they could alter and forge the readings to cause warning
lights on the dashboard to turn on, or even crash the ECU completely.
Unlike the work earlier this year, these attacks are more of a
nuisance than any real danger; the tire sensors only send a message
every 60-90 seconds, giving attackers little opportunity to compromise
systems or cause any real damage. Nonetheless, both pieces of research
demonstrate that these in-car computers have been designed with
ineffective security measures.
[To be presented at Usenix.]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
