"Cars hacked through wireless tire sensors"

[Jerry Leichter]

Excerpted from http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars

                                                         -- Jerry

The tire pressure monitors built into modern cars have been shown to  
be insecure by researchers from Rutgers University and the University  
of South Carolina. The wireless sensors, compulsory in new automobiles  
in the US since 2008, can be used to track vehicles or feed bad data  
to the electronic control units (ECU), causing them to malfunction.

Earlier in the year, researchers ... showed that the ECUs could be  
hacked.... The new research shows that other systems in the vehicle  
are similarly insecure. The tire pressure monitors are ... wireless,  
allowing attacks to be made from adjacent vehicles. The researchers  
used equipment costing $1,500... to eavesdrop on, and interfere with,  
two different tire pressure monitoring systems.

The pressure sensors contain unique IDs, so merely eavesdropping  
enabled the researchers to identify and track vehicles remotely.  
Beyond this, they could alter and forge the readings to cause warning  
lights on the dashboard to turn on, or even crash the ECU completely.

Unlike the work earlier this year, these attacks are more of a  
nuisance than any real danger; the tire sensors only send a message  
every 60-90 seconds, giving attackers little opportunity to compromise  
systems or cause any real damage. Nonetheless, both pieces of research  
demonstrate that these in-car computers have been designed with  
ineffective security measures.

[To be presented at Usenix.]

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com