ut since they are separate issues. So that's all of our update stuff. Now in the news. There was a truly horrifying revelation which occurred recently. This is some security researchers at UC San Diego and also University of Washington have recently delivered a report. I mean, so recently I don't have it yet. But they did release some news about their results hacking car control systems. And the only way I can do this justice is to read this story, which was covered many places, and in this instance it's from the BBC. The News.BBC.com says:
"An investigation by security researchers found the systems to be 'fragile'" - that is, the control systems in cars - "to be fragile and easily subverted. The researchers showed how to kill a car engine remotely, turn off the brakes so the car would not stop, and make instruments give false readings. Despite their success, the team said it would be hard for malicious attackers to reproduce their work." So I want to make sure that everybody heard that. But this is - my concern is what this foretells. And we'll talk about that once I'm through reading this story:
"The team of researchers, led by Professor Stefan Savage from the University of California-San Diego and Tadayoshi Kohno from the University of Washington, set out to see what resilience cars had to an attack on their control systems. 'Our findings suggest that, unfortunately, the answer is "little,"' wrote the researchers from the Center for Automotive Embedded Systems Security. The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs." So 100 meg of code scattered across as many as 70 different electronic control units.
"Individual control units typically oversee one subsystem. But ECUs communicate, so that many different systems can be controlled as the situation demands. For instance, in a crash, seat belts may be pre-tensioned, doors unlocked, and air bags deployed." So there's a reason for these systems to intercommunicate is the point they're making. "The attackers created software called Car Shark to monitor communications between the ECUs and insert fake packets of data to carry out attacks. The team got at the ECUs via the communications ports fitted as standard on most cars that enable mechanics to gather data about a vehicle before they begin servicing or repair work. The researchers mounted a series of attacks against a stationary and moving vehicle to see how much of the car could fall under their control.
"'We are able to forcibly and completely disengage the brakes while driving, making it difficult for the driver to stop,' wrote the researchers. 'Conversely, we are able to forcibly activate the brakes, lurching the driver forward and causing the car to stop suddenly.' In one attack, the team transformed the instrument panel into a clock that counted down to zero from 60 seconds. In the final seconds the horn honks; and, as zero is reached, the car engine shuts off, and the doors are locked.
"They found that almost every system in the car, including engine, brakes, heating and cooling, lights, instrument panel, radio and locks was vulnerable. The team concluded that car control software was 'fragile' and easy to subvert. In some cases simply sending malformed packets of data, rather than specific control code, was enough to trigger a response.
"The team are presenting a paper on their results at the IEEE symposium on Security and Privacy in California on 19 May," which is the day before we're recording this, is yesterday, or Wednesday, because we're recording this episode on Thursday this week because, as you know, Paul and I swapped...
LEO: Yeah, which is very kind of you, thank you. And I should say very kind of Elaine. I apologize to Elaine, our transcriptionist, who has to work twice as fast today. Sorry.
STEVE: Oh, yeah. So they said, "'Cars benefit from the fact that they are (hopefully)'" - and they put "hopefully" in their paragraph - "'not connected to the Internet (yet), and currently are not able to be remotely accessed,' said Rik Fergson, a security analyst at Trend Micro. 'So in order to carry out a successful attack you would already need to have physical access' - you would currently need to have physical access - 'to the vehicle, as a break-in or as a mechanic seem the two most likely scenarios today. As cars and everything else in life, up to and including even pacemakers or refrigerators, become steadily more connected and externally accessible, research such as this should be taken increasingly seriously by manufacturers,' he added.
"'This represents an opportunity to head off a problem before it starts, in the not-too-distant future, as it may result in a real risk to life.'" Which is why I felt it was really important to share this. I mean, our listeners already know how terrifying this news is because we are, I mean, there's this tremendous drive to add features to our technology. And you can, I mean, we know that there's XM radio now in autos that is sending data to - so that we're able to listen in our cars. There's beginning to be technology that lets you check on your car. I know there's some web-based stuff that allows you to have some sort of interface with your car in some situations.
So unfortunately, I mean, I just - I hope that the people who are building these systems are listening to Security Now!, and they're being insistent enough with their management about the kind of safeguards that need to be put in place. It's already dispiriting to learn that it's possible to have, I mean, we know the problems that Toyota has been having with their brakes. And presumably this is buggy code. But here we see that it's possible for, in a research environment, for just accessing through the access ports that mechanics use, that it's possible to deliberately cause a car's brakes to be disengaged so that the foot pedal no longer engages the calipers on the disks.
LEO: So that's a hack. But we should emphasize, you need physical access to that port. You have to get in the car and reprogram it.
STEVE: Well, we should emphasize what we know, which is that the researchers did have physical access. So, yes. I don't want to scare anyone away from driving.
LEO: Nobody's going to be pointing something at you, a ray gun, a portable dog killer at you, brake killer at you as you drive by. You have to get in the car. That access port's usually right under the steering wheel on all modern cars. And they have to plug into it. At least that's the hack that they were doing.
STEVE: Yes. And so the concern, again, I don't want to over-alarm anyone. But Leo, we know where these things go. I mean, it's funny because as I'm reading about them talking about a malformed packet, it's like, wow, that's what we had with routers 10 years ago.
LEO: It's software. Software is hackable, often.
STEVE: Yes. And unfortunately, when we hear that there's a hundred megabytes of code, it's like, okay, I'm going to keep my current car running as long as I can. Just, you know, because I like the old, the nine-year-old technology I have in it.
LEO: You have a pre- what is the date that these things became common? It's been a while.
STEVE: Well, yes, it is. I mean, I have a 2001 car. So it's nine years old.
LEO: And it doesn't have the port.
STEVE: Oh, yeah, I think it does.
LEO: Yeah, I think '98 is when they started putting those ports in.
STEVE: I think it does. I mean, I think that's what they check. But...
LEO: '96, yeah.
STEVE: But again, what happens is, as we've seen before, it's like, oh, these ports are nice. These ECUs are handy.
LEO: Right.
STEVE: Let's put them in the seat belt. Let's put them, like, 70 of them apparently scattered around now in many cars, all little nodes. I mean, it's like the Borg, little nodes communicating with each other. And it's like, oh. Again, I wish there weren't - okay. First of all, what would be the motivation? It's difficult to see the motivation. And motivation does matter because we know that people are hacking, that bad guys hidden through anonymity on the Internet are hacking people's computers to get their credit card numbers and identity and authentication information in order to, ultimately, somehow, to make money, to steal money, or send spam or something. So I hope there isn't motivation for this kind of auto hacking. Frankly, Leo, it wouldn't surprise me to learn that it's possible today because that's the way these things are. The level of complexity that these vehicles have obviously now achieved to me makes them seem, as these researchers said, extremely fragile. And that's just not good news.
LEO: Right.
STEVE: So we'll hold our breath. As we've seen also, it takes motivation. And so we'll hope there isn't nefarious motivation.
LEO: This will be something on "Law and Order." I mean, it's a way to murder somebody.
STEVE: Yes. Yes.
LEO: But, I mean, remember "North by Northwest"? They got Cary Grant drunk, and they disconnected his brakes, and they sent him down a road. So that was 50 years ago. I mean, they had to cut the brake or let the brake fluid out. But if you have physical access to a car you can make it dangerous.
STEVE: Well, yes, you can do anything, yes.
LEO: And that's true in hacking, too, that a lot of times we hear about exploits that require physical access to the computer. My philosophy has always been, if somebody has physical access, you're screwed.
STEVE: And my point is, physical today, nonphysical tomorrow.
LEO: Right. Because it's software.
STEVE: Well, and because there's, I mean, there's a tremendous desire for connectivity. I mean...
LEO: That's the issue. Because right now you can't get into a car remotely because it's not online, it's not, I mean...
STEVE: Well, we hear about OnStar and, you know, oh, sir, we know you've been in an accident. We're going to deploy the 9/11.
LEO: Well, I talked with Ford about this, as a matter of fact, CEO Alan Mulally of Ford about this, and they make very sure to separate the entertainment computer from the car computer, and that there is not merely a firewall, but they're not connected systems.
STEVE: Good, good, good, good, good.
LEO: So because of that; right? You don't, if you're going to open connectivity, and boy, they really are increasing it, you cannot allow that connected computer to speak to the car computer. That would be dangerous.
STEVE: Yeah. Well, and we heard, same good intention with the high-security government networks that were going to be not connected to the Internet. But they ended up somehow being connected to the Internet. And that's caused problems.
LEO: Of course, somebody's pointing out, yeah, pointing out that the OnStar system can disable the car. The OnStar operator can disable the car. That would seem to me...
STEVE: That's what I'm saying, Leo.
LEO: ...kind of an issue. I don't know how, and I think there are rules about can they do it when it's running, et cetera, et cetera.
STEVE: I know, I know. And where did they get their security certificates? Who signed them? And has that been spoofed? I mean, you put together a blended attack, and it's like, oh, boy, this stuff relies on infrastructure that the designers assume is robust. And then elsewhere the security community goes, oh, that's not quite as strong as we thought it was. And then somebody with the motivation - again, it takes motivation. And I just don't want to have any motivation. But, unfortunately, this is, I mean, I hate being right about this kind of thing.