I like to read technology news and sometimes this news intersects with my work as a locksmith. Today I was reading about research (after reading it appears to only be speculation though) being done by men examining how secure or insecure automobiles’ internal data communications networks are. This may be shocking to some, but your car has a computer in it communicating with different parts of the car. The concern here is that somebody could be driving next to you on the freeway, dislike the bumpersticker on your car, and turn your car off using some app on his phone that exploits a bluetooth security hole in your car’s computer. The researchers go so far as to list which vehicles they think are the least and most secure. In the comments was a very interesting observation:
So what this guy is saying is that somebody with a thorough understanding of a modern car could walk up and take the tail light out, plug his laptop in, and unlock the doors and start the car! Even somebody without any understanding of these cars but access to the tools and instruction could do so; I can see a gang of car thieves with a really intelligent criminal mastermind running it giving his thieves tools and explicit instructions in a flip book format on how to steal expensive cars for him. Maybe that’s what this was all about?
All of these inroads made by computers in our lives seem to be generally for the better, making our lives easier, but there can be unforeseen consequences. That is why I remain leery of installing locks that can be accessed via the customer’s data network. I have read too many times of people bypassing firewalls or passwords and gaining access to people’s physical assets like their baby monitor, for example.
I work in the automotive after market (ECU tuning). I can actually back up what they’re saying. Even if they did come by it via speculation, they’re actually pretty much dead on.
That is primarily because the german cars use what we call a “Can Gateway” but is better of though as a firewall. Every different system in the car has it’s own private canbus. Anything that needs to travel between the busses has to go through the gateway. In the case of VW/Audi vehicles, it’s locked down quite well. It knows what packets belong on what bus and only allows a very limited subset of properly formatted and required packets to pass between those busses.
Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).
Doing those things requires access to the can wires, but the bus is used for so much now-a-days, there’s always plenty of places to access it. Many of them without requiring keys or an open hood.