骇客们有可能这样控制你的汽车……

你可能在美国影集里看过这样的情节：一位具有亿万身家的虚构社交网络公司创办人原本正在开车，却突然无法操控车辆；于是车子在马路上横冲直撞，不停变换车道闯红灯… 但那位被困在车内的驾驶人却毫无办法，他对车子的控制权、特别是煞车，显然被车子本身夺走了──也就是说，那辆车被人从远程遥控了。然后，你看到那辆车子在屏幕上爆炸(很刺激的画面)，但身为软件开发天才的男主角在千钧一发中逃脱。 以上只是电视剧的情节，而且是科幻影集；能支持远程遥控的车辆是一个制造惊悚画面吸引观众的好题材，但在现实中真的有可能吗？….嗯…听起来不可思议，但是，有。 在2011年3月，美国华盛顿大学(University of Washington)与加州大学圣地亚哥分校(University of California-San Diego)的研究团队，共同发表了一份《汽车攻击面的综合实验性分析(Comprehensive Experimental Analyses of Automotive Attack Surfaces)》技术论文，提供给美国国家科学院(NAS)一个针对电子车辆控制与意外加速议题的委员会参考。 NAS的立场是为了协助厘清汽车产业界对于车载电子设备是否可能遭受骇客攻击的质疑──传统观念认为，骇客若要达到攻击目的，会需要将发动攻击的硬件与车载计算机网络实际连结。因此论文作者以最新的量产轿车为平台，进行了系统性与实证性的远程攻击面分析。 而研究人员在分析过程中发现，以往在现实世界不曾有过(像电视影集情节那样)严重的汽车安全漏洞危及车辆与驾驶人：“传统汽车并不支持连网功能，因此汽车制造商也不需要预防外来敌人可能会采取的行动。”但是他们提出警告：“我们的汽车系统现在支持广泛的连结功能，路上行驶的数百万车辆能直接透过手机与网络来对付。”

根据NAS委托研究，汽车可能遭受攻击的安全漏洞是存在的
2nJesmc

恩智浦半导体(NXP)汽车系统与应用部门工程主管Dirk Besenbruch表示，上述论文激励该公司研究汽车安全议题。他指出，目前汽车电子装置采用的CAN总线是一种“良好的容错网络”，但骇客们确实有许多种方法能透过网络对车内的电子控制单元(ECU)发动攻击。 CAN 总线所提供的弹性能打造安全、具成本效益的网络，让供货商为汽车添加各种透过计算机控制的系统(从车窗、门锁控制，到煞车、引擎控制等安全关键功能)；但该种弹性也可能为新型态的骇客攻击提供机会──例如侵入环绕所有车内计算机控制系统(包括煞车、引擎控制等关键任务功能)的汽车内部网络。 Besenbruch坦承，举例来说，全程从远程控制汽车音响音量，甚至更糟的，蓄意停止或激活汽车引擎，是完全有可能做到的。 本文授权编译自EE Times，版权所有，谢绝转载 本文下一页：骇客如何从远程侵入汽车网络？

相关阅读：
• 动态导航，缔造智能交通服务新时代
• 汽车安全应用将迈入智能化和交互化
• 汽车安全系统的下一个发展方向将是预主动（Pro-Active）2nJesmc

{pagination} 那骇客到底要如何从远程侵入汽车网络？Besenbruch指出，提供车厂技术服务人员在日常车辆保养维护中诊断汽车状况、以及进行ECU编程的车载诊断系统(On-board diagnostics，OBD)就是一个管道。 此外骇客也可以透过将伪代码(false code)植入MP3档案中，来追踪车内的娱乐系统；这听起来没什么大不了，但一旦恶意程序进驻车用娱乐系统，就像是癌细胞一样，可能透过互连的CAN总线危及其它车用电子零件。 在前述的论文中还提到：“我们发现能透过拨打车用电话号码，或是播放特制的声音信号(用iPod编码)，就能取得汽车的控制权，威胁车内嵌入的车用资通讯系统。”其它骇客攻击管道还包括蓝牙、Wi-Fi等各种短距离无线连结接口，遥控无钥匙门锁、RFID门锁、胎压监测系统，以及手机通信接口、GPS、卫星/数字收音机系统等。 当然，以透过蓝牙进行攻击的案例来说，骇客得先在靠近汽车接收器的地方布置无线发送器；接着骇客还需要了解该车辆的蓝牙MAC位置，才能在远程利用汽车的安全漏洞，感觉会是个很复杂的工作。但研究人员指出，分析结果显示，尽管需要费比较大的功夫来布置并接近攻击车辆，有企图心的骇客确实能达到攻击目的。 因此，在远程透过无线连结接口控制车辆并不是很难做到；上述论文的作者们还发现，大部分车用蓝牙装置并不需要与使用者进行任何互动，就能完成配对。论文作者指出，无线连结频道带来许多安全漏洞：“让骇客能根据需求远程触发行动、甚至横跨多台车辆同步运作或是以交互方式进行控制。” Besenbruch也同意以上看法，他表示，不同于金融应用领域的信用卡、个人识别码、ATM机器，都是以在一个封闭的系统内运作为前提进行设计：“汽车产业面临特别严苛的技术挑战。” 他进一步指出，汽车制造商致力于维护一个开放性的系统，因此他们就不必每次在开发新车型时，又重新打造一个新的控制系统；目前有部分车辆内部已经有超过70个控制单元，所有这些电子控制单元都是相互连结的。 未来EETimes还将有一系列文章继续探讨汽车产业与芯片供货商会如何解决以上安全性议题，敬请拭目以待！ 本文授权编译自EE Times，版权所有，谢绝转载 参考英文原文：How Hackers Can Take Control of Your Car，by Junko Yoshida

相关阅读：
• 动态导航，缔造智能交通服务新时代
• 汽车安全应用将迈入智能化和交互化
• 汽车安全系统的下一个发展方向将是预主动（Pro-Active）2nJesmc

{pagination} How Hackers Can Take Control of Your Car Junko Yoshida MADISON, Wis. -- You might have seen that frightening episode of the CBS series, Person of Interest, in which a fictional social media company's billionaire founder loses control of his car. From the street, the driver appears to be either a total nutcase (well, in this case, he is) or heavily intoxicated. His car weaves through traffic left and right, crossing lanes willy-nilly and clipping other cars. But inside the car, the driver is helpless. Any control he tries, especially the brakes, is overridden, apparently by the car itself. Unbeknownst to the driver, of course, the car is under remote control. Inevitably, the car blows up (creating an exciting visual). However, the software genius escapes in the nick of time. This, of course, is TV drama. It's fiction. A remotely compromised car is a scenario that makes a good thriller and scares the bejesus out of viewers. But possible in real life? No way. Well, wait a minute. Way. In March 2011, a team of scholars at the University of Washington joined with colleagues from the University of California-San Diego, in a technical paper entitled "Comprehensive Experimental Analyses of Automotive Attack Surfaces." They prepared it for the National Academy of Sciences (NAS) committee on electronic vehicle controls and unintended acceleration. Dirk Besenbruch, engineer, group leader of Systems & Applications, Automotive, at NXP Semiconductors, recalls the paper as a wakeup call. "It triggered our work at NXP" on automotive security, he said in a recent phone conversation with EE Times. The academics' point was to debunk automotive industry skepticism about the hackability of on-board electronics. The industry's conventional wisdom was that "to implement an attack, the attacker would need to physically connect attack hardware to the car's internal computer network." That got the university researchers going. They ran "a systematic and empirical analysis of the remote attack surface of late model mass-production sedan," according to the authors. The researchers were aware, as they conducted their study, that no serious security automotive security breach -- like the one on the TV show -- has ever compromised the safety of cars and drivers in the real world. The paper's author pointed out, "Traditionally automobiles have not been network-connected and thus manufacturers have not had to anticipate the actions of an external adversary." In the paper, however, they cautioned: "Our automotive systems now have broad connectivity; millions of cars on the road today can be directly addressed via cellular phones and via Internet." Where vulnerabilities exist Source: Technical paper -- "Comprehensive Experimental Analyses of Automotive Attack Surfaces" CAN bus is the crux of the issue? While noting that the CAN bus is a "good, fault tolerant network" inside a car, NXP's Besenbruch acknowledged that there are a number of ways hackers can worm their way into the internal network and get to the Electronic Control Unit (ECU). The flexibility of the CAN bus has created a safe and cost-effective network enabling vendors to attach a number of computer control systems (ranging from the window controllers to the locks and critical safety elements such as brakes and engine). But that flexibility also creates the opportunity for new attacks -- including one in which a car's internal network can circumvent all computer control systems including mission-critical functions. Besenbruch acknowledged that it's entirely feasible for someone to remotely turn the car-audio volume ALL THE WAY UP, for example, or worse, stop or start the engine at will. Asked how exactly a remote attacker could get in, NXP's Besenbruch mentioned "On-board diagnostics (OBD)," to which service personnel have access during routine maintenance for diagnostics and ECU programming. Attackers can also go after the in-car entertainment system, he added, by "introducing false code into MP3 files," for example. By playing the file, a user unknowingly plants malicious input in his in-car entertainment system. That may not seem like a big deal, but many in-car systems today are now CAN bus interconnected. A compromised MP3 or CD player in a car could be the cancer that metastasizes in other automotive components. The University of Washington and California-San Diego researchers stated in the paper: We find we are able to obtain complete control over our car by placing a call into its cell phone number and playing a carefully crafted audio signal (encoding in an iPod) that compromises its embedded telematics unit." Other attacking scenarios include much more direct physical access via short-range wireless interfaces, such as Bluetooth; WiFi; remote keyless entry; tire pressure monitoring systems and RFID car keys; and long-range wireless interfaces such as broadcast channels including a cellphone interface, GPS, satellite radio, and digital radio. Of course, in the case of a Bluetooth-based attack, for example, the saboteur would have to place a wireless transmitter in proximity to the car's receiver. Further, the attacker needs to learn the car's Bluetooth MAC address to remotely exploit the car's vulnerability. That does seem like a lot of work. The researchers, however, concluded: "Our experimental analyses determine that a determined attacker can do so, albeit in exchange for a significant effort in development time and an extended period of proximity to the vehicle." The scenario for remotely exploiting control of a car via wireless interface isn't far-fetched, the authors argued. Most surprising to them was that their car's Bluetooth unit responded to pairing requests even without any user interactions. Open vs. closed system Indeed, wireless channels open a plethora of vulnerabilities, "allowing attackers to trigger actions remotely on demand, synchronize across multiple vehicles, or interactively controlled," according to the paper's authors. NXP's Besenbruch concurred. Unlike the financial world where credit cards, pin numbers, and ATM machines are designed to operate in a closed system, he said, "the automotive industry faces particular technical challenges." Car manufacturers have striven to maintain an open system, so that they don't have to reinvent the wheel every time a new control system is introduced into a new model. Today, some cars already have more than 70 control units inside, he added, all of them interconnected. EE Times' Automotive Designline will examine how the automotive industry and chip suppliers are planning to address such issues in the coming series of articles.