« There they go again | Main | Preorder confusion for Skating on Stilts »

May 17, 2010


I'd never heard of you before. ADD, you know. But I've enjoyed your posts at Instapundit so much I tracked you down on Wikipedia. You're now bookmarked.

I saw your post on war driving on Glen's site. Just FYI they had physical access to the car. If you have physical access to most computing devices you win. It's the third law of security.


If I'm reading the report correctly, they found ways to compromise the auto network using both wireless (keyless entry and OnStar) as well as through hardware access to an electronics port. So I suspect that they could have done most of the things they did using wireless access, but it might have been more hassle.

I saw another post of yours on IP and thought I'd see if you ever responded to this post. I believe the part in the paper you should be looking at is the part that reads: "In this paper we intentionally and explicitly skirt the question of a “threat model.” Instead, we focus primarily on what an attacker could do to a car if she was able to maliciously communicate on the car’s internal network. That said, this does beg the question of how she might be able to gain such access."

Then they briefly discuss the possible wireless threats while describing that they basically made their remote attack machine wireless:

"The other vector is via the numerous wireless interfaces implemented in the modern automobile. In our car we identified no fewer than five kinds of digital radio interfaces accepting outside input, some over only a short range and others over indefinite istance. While outside the scope of this paper, we wish to be clear that vulnerabilities in such services are not purely theoretical. We have developed the ability to remotely compromise key ECUs in our car via externally-facing vulnerabilities, amplify the impact of these remote compromises using the results in this paper, and ultimately monitor and control our car remotely over the Internet."

Basically they used physical access. The only other potential wireless threat is probably Onstar. By the way the other article I saw on the internet kill switch was kind of humorous. I'm pretty sure the most that the US could is to shut off the root DNS servers and at that point people would go on using the IP's that are already cached at their ISPs servers, until they created community DNS servers that could handle the load. The internet is designed to route around a kill switch, and if you did somehow manage to implement one it would not be long before just about anyone would be able to flip it.

I did see your comment, and I agree that the researchers mostly used physical access for their most striking compromises, but they also noted that there were wireless access points that hook to critical functions. I think this is just editorial judgment. I could have included a disclaimer saying that wireless compromises weren't the principal attack vector, but then I would have had to explain that there were wireless vulnerabilities and interconnections, and that the history of security failures is that where there's a vulnerability there will eventually be a compromise. In the interest of not making the post too long, I left both points out, and I don't think the omissions left the wrong impression. Happy to have your detailed comment, though, for readers who really are into this issue.

The comments to this entry are closed.