View Single Post
Old 07-24-2015, 02:42 PM   #5 (permalink)
freebeard
Master EcoModder
 
freebeard's Avatar
 
Join Date: Aug 2012
Location: northwest of normal
Posts: 27,562
Thanks: 7,738
Thanked 8,554 Times in 7,041 Posts
Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack - Slashdot
Quote:
Originally Posted by MrL0G1C on Slashdot.org
How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.
Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability | Ars Technica
Quote:
Originally Posted by paergrin on Cars Technica
Basically the CAN bus is how all car systems talk to each other. It's just one bus for the car and it's kind of neat in its implementation: each message contains its own priority and that's used for bus conflicts. MessageIDs are either 11 or 29-bit numbers and lower numbers are higher priority. AIRBAG_WLAMP is 0x12 so it's quite high priority, to light up an airbag malfunction. 0s on the bus take priority and transmitting devices also listen at the same time, and if what they see on the bus isn't what they are transmitting they stop for the higher priority message to go through.

What makes this function is that per the standards, only one device is allowed to send any given message ID. Your brake system can't send an AIRBAG_WLAMP, and your entertainment system sure as hell can't tell the brakes that the radar detects an imminent collision please press the brakes hard as hell. This is normally fine because yeah, the uConnect doesn't know how to send those messages so no problem, right?

The remotely accessible nature of the system combined with a vulnerability in the system combine to allow the attacker to overwrite the firmware of the entertainment system, teaching it how to send all these nifty CAN bus messages, thus allowing this.
https://news.ycombinator.com/item?id=9324191
Many vehicles have multiple CAN buses, looking at you Tesla Model S.
  Reply With Quote