The potential to murder with computers has been around for a while already. Governments are just waking up to it. To use the classical example: imagine hacking into a hospital network and changing a patient's blood type...
scary thing (imo) is that computer hacking is (compared to what you would otherwise have to do) so low cost and low risk that now "unknowable" assassinations (i.e. difficult or impossible to tell if the death was an accident or not) are within reach of everyone ...
One, you must have the knowledge of how to hack that specific car's ECU. You must know the make, model, and exact ECU of the car.
Two, you have to actually be familiar with reverse-engineering ECUs to begin with.
Three, you need special equipment to connect to an ECU diagnostically, let alone in a way to reprogram it.
This adds up to a lot of hassle, and greatly limits the number of people who have the skills to pull this off. Who would develop this method but a government with the time/manpower to create and test it? And, if the government wants you assassinated, why would the government allow a real/accurate investigation anyway?
It would be far simpler to create a small microcircuit to play havoc the the ECU, than to hack the ECU. But, even then you'd primarily just lose mileage (and a mechanic would quickly locate it).
And for the special equipment, that's not always the case -- my car's engine controller can be reprogrammed by tapping into a few wires on the CD changer harness in my trunk, and that's likely to go unnoticed by me, my mechanic, the police, you name it.
But again (see my other response to a similar statement), theory is wildly different from reality.
The ECU controls things like fuel-oxygen ratios, how much the throttle is open, etc. Steering, braking, and the transmission are almost strictly physical/mechanical interfaces.
Unless you drive a Prius, or like system where the brakes are digital, you can counter a sudden, massive acceleration with your steering, brakes, and by turning the car off—no matter what the ECU wants.
The applicability of this kind of sabotage for murder/assassination is limited.
>The applicability of this kind of sabotage for murder/assassination is limited.
Possibly. But I'm not sure I'd react all that well if, while driving in the middle of the night, my lights suddenly went out, my stereo started playing music at full volume, and my throttle went wide open.
And that's all a possibility on my 2003 car -- newer cars are moving towards doing much more with software. And where there's software, there will always be viruses.
i don't like "you must have the knowledge of how.." based arguments. how expensive is this knowledge? bored undergrads at good to decent schools learn enough to pull this kind of thing off given a few K in bootstrap money.
organized crime has both the will and the funds to do something like this. so could an independent person... you're talking $50-$75k and 6 months of a persons time to figure out how to delete someone without anyone even thinking it was murder?
the advantage of "hacking" the ECU is that by making changes in software you can make changes that can't be detected by a mechanic or by a vigilant pre-drive screen of your car. after i read the autosec.org paper my first thought was "this is dumb, it requires physical access to the car to pull off, i already have that, i can perform hundreds of other types of physical sabotage to make the car crash. nothing new here."
a few weeks later i realized "wait a minute, if i make a change in software, it can theoretically remain undetected forever before i activate it. also, nothing the operator does to find it could work. also, if i die in a wreck on the freeway that looks like i just lost control of my car, will the state police rip apart the wreckage, find the ECU, and verify that it hasn't been tampered with? will they know how to? will they even think to do that? and even then it wouldn't matter because the software could erase itself from permanent storage just-in-time..."
there are a lot of advantages and i think the barrier to entry is a lot lower than you say it is.
But understand my position: I am not an advocate of automated cars, or even highly computerized cars. The more computerized the car becomes the more points of failure it gets, whether that be a dropped internet/GPS connection, a hardware glitch, or "cosmic rays" (which got the blame for the Prius brake issues).
It takes significant developmental effort to hack the ECU. And if you don't want the changes to be detectable by mechanics or a prescreen drive test, you need to be especially cautious in your changes. You must disassemble and analyze the ENTIRE codebase of the ECU to determine where you want your changes to reside, then pack it back in.
A simple countermeasure is to let the mechanics look at the ECU version checksum. Standardize the checksum across the model, with subsequent patches being listed as a different version number. Then the mechanic checks with the official manufacturer's guide and you know if there's a problem.
You are sounding paranoid.
Physical security is always the first, and most effective barrier. If the interface were better secured digitally, it wouldn't take a genius to access the ECU's circuitry and wire an extension. But again, it takes significant investment.
If the ECU is modified to accelerate at maximum speed at some random moment, the only thing necessary to defeat it is switching into neutral and pulling off the road! The range of destructiveness the ECU can cause is limited, though it can rack up your repair bills.
Crime syndicates usually buy shares in the local police force. If you meet a mysterious end in a car accident the investigation would be tampered with regardless of the method used to kill you.
Unlike a website, a car requires access to a physical, proprietary interface to embedded components. You must craft an attack to the interface and ECU.
And there are chips that can have their memory permanently burned into them (I don't know if ECUs use them, however). Patches are impossible, but there's no risk of infection either. Just test it rigorously first.
>Unlike a website, a car requires access to a physical, proprietary interface to embedded components.
That's not necessarily true.
For example, my car's ECU can be reprogrammed using the instrumentation bus. The instrumentation bus can be accessed using the wires that interface with the CD changer. That means that the audio system is on the same network as the ECU -- and if I had a Bluetooth adapter, that'd likely be on the same network as well.
What I meant about it being impossible to patch the ECU was, if they used one of the single-write chips to store the firmware it couldn't be hacked/patched except by being replaced, or possibly manipulated from the inputs.
> Indeed, researchers can disable electronically controlled brakes via Bluetooth
That I didn't know. That's a major security problem, and another reason I'm glad for my 9 year old car.
A friend of mine worked at a company that made diagnostic computers for cars and he managed to brick a BMW that required an engineer from Germany to fix the issue (an upgrade of the BMW's firmware was interrupted by the power going out, leaving the car's computer in an inconsistent state).
AFAIK a bedside test is always done before a transfusion, simply because the records cannot be trusted even without malicious intervention (and a test is pretty easy to do).
