Seems like early 2000s cars were the last of the good cars. You had full airbags by that point but cars were mostly still just basic fuel injected internal combustions engines with sensible transmission choices that had seen probably decades of iteration at that point. If you wanted some crazy infotainment its not hard to roll your own with the standard sized stereo slots in those cars. No telemetry. No "driver aids" behaving nondeterministically. Mechanical linkages vs by wire. Just a car. Starts with a key. Exactly what is says on the tin and nothing more or less.
I'm curious who you are routinely interacting with that they care about your car keys. :D
I do think the writing is on the wall for old fashioned keys, though? For one, they don't really give you that much protection. As laughable as poorly done key fobs are, a physical key is a pretty low bar as far as deterrence goes.
It can be annoying to consider, but cultural norms protect cars far more than anything else. Is why many in suburban areas can get away with having their keys in the cars at all times.
Keys have been chipped for > 30 years. The technology is proven, secure, and reliable. Kia and Hyundai learned this the hard way when they tried to shave pennies a few years ago.
Fobs just created another attack vector catering to people too lazy to take it out of their pocket or purse.
> people too lazy to take it out of their pocket or purse
Keyless start has another legitimate function besides laziness: it allows you to leave your car locked with the engine (and AC) running while a baby or dog is inside.
Of course, you can accomplish the same by having two keys with you; you decide whether that's another example of laziness. :-)
It's not a legitimate function because the car will beep at you if you walk away.
Some aftermarket remote starts have this feature.
However, in many states it's illegal to leave a car running unattended.
Though one could argue in court the baby or dog could serve as the attendant. Having said that, leaving a baby or dog unattended, AC or not, is just stupid.
My Ford from the year 2000 has a 5 digit keypad on the door. I can lock my keys in the car, leave it running, lock and unlock it without an extra key. I can grant anybody access by just giving them the code. I hated carrying the stupid bulky keyless entry fob in my pocket, and threw it in a drawer, so my keychain is very small. It still has a chipped key to turn on the ignition system and start the vehicle. It's vehicle locking perfection.
Chipped keys have constantly fallent to cloning attacks and worse. The idea "you insert it therefore the whole system is secure" is backwards reasoning when the problem is the chips, protocols, and buggy security implementations themselves.
Sure, but where I live they are mandated by law in every new car.
There's plenty of kids on my street, and I'm much more comfortable knowing everyone has one when backing out of a driveway, and not just the people who bothered to go get one installed aftermarket.
Older cars are more likely to be things like coupes, a form factor more or less abandoned today. I know, I used to drive a coupe. Dear God, the rear visibility was the worse out of any car. And the side blind-spots. You'd think a small vehicle would have good side visibility but no, all you get are those tiny little back windows.
My car hit the breaks for me last week on a highway. I’m quite happy with the computerization of cars for this reason. It could be better as the link shows the downsides, but it probably has saved (tens of?) thousands of lives overall.
A couple months ago I was driving a rental and I coasted up on slow exit traffic with the intent of dodging right after the person to my right passed me. Well I got that far but I got close enough to the slowing traffic in front of me in the process it decided to brake. And of course because electronic throttle they lock you out of the gas. And it takes a couple seconds for it to decide that no, I really did want to go fast, so it lets me do that but of course the CVT needs to incrementally wind its way there at a leisurely pace.
So instead of cleanly pulling off my merge into a lane going 10mph faster than me I look like a goddamn moron for zipping over and then hard braking away 20mph of speed. All because some programmers buried in Toyota HQ somewhere spent too much time on the HN or Reddit or whatever circle jerking it in the comments with the "you can never go wrong by braking" crowd. Could have been way worse had it been a spicer situation, like merging into traffic with a disabled vehicle at the end of the merge ramp or just about any other case with equal or great speed differential and equal or lesser margin.
A car should do what I say. I can understand doing something when I have provided no input or perhaps ignore a 0-100% press to prevent wrong pedal accidents but this is just horrible systems design. If I'm traveling at speed and mash the gas it stands to reason I did that on purpose.
I intentionally opted out of these sort of driver assist features because I don't trust the firmware going into them. If a safety misfeature can be disabled manually you also run the risk of an insurer denying a claim if they find out it wasn't engaged. Better to not have it in the first place and use the mark I eyeball for safety.
Yeah, I'm not happy I have them, but I'm happy other drivers have them. I guess they help overall, since I need to be careful to keep a safe distance from the guy in front of me anyway.
I came to the same conclusion. The exact year varies a bit by manufacturer.
Chevy's pre-2008 were in a good spot, maybe 2007 for the avalanche body change? Quite a few Hondas and Toyotas were good through the early teens, especially the 4 cylinders.
I have a late 80s GMC pickup, 2005 Buick, and a Chevy Volt. The only one I have any real issues with is the Volt, though that's only been the last couple years as the battery is getting old; the most frustrating thing is needing to run questionable software on an airgapped laptop just to turn the Volt back on when a high voltage safety flag is flipped tripped in the computer.
Really depends on the particular model and when it got refreshed and how much the OEM cares about it more so than the manufacturer.
Sometimes the platforms that the OEMs don't care about are great because the idiot dick swinging engineers who want to hit their KPIs neglect them. Sometimes they're terrible because they get phoned in. The flagship platforms are usually safe but sometimes they put too much bleeding edge tech in them.
Re. the radio: Now its a big useless screen that shows me useless data while still hiding all the useful data that I can get over OBD-II. And whats worse, that screen is tied to your fucking cars computer and configures your car so you cant remove it, no matter how much the software sucks. I hate my 2022 CR-V's garbage infotainment screen. Its a shit UI, shit audio quality, and the Bluetooth is bugged to all hell. I already have a computer with me in my car called a phone that does everything but better. And that's not saying much.
There still are cars being sold without much of new "technology", I daily a MY2024 Abarth 595 that still doesn't have start-stop, ECall, auto braking, telemetry, lane-assist, the infotainment is replaceable by a standard third-party box without messing with the rest of the car and still has a traditional ignition key. It's a basic turbocharged FIAT FIRE engine, so maintenance is stupidly cheap and anyone can do it.
I own a bunch of impractical cars, but my daily driver is a 2005 Honda. I always explain to people exactly this. It's the last good year before everything became too digitized and wireless. It's got physical controls, a real horn, a cable driven throttle and at 350,000 miles with so little maintenance and no sign of stopping.
I also own a 05 55 AMG, also all mechanical, but oh so impracticable :D
Think you're onto something. I'm still rolling a 2005 Toyota. Incredibly functional, reliable, and I can add whatever I want and choose instead of having it forced down my throat by the current wave of nonsense ... Oh, and zero worries about it being hacked !
I recently read "The car hacker's handbook". It seemed to explain the basics very well and pointed me to all the necessary software and hardware to get started.
Bluetooth stacks are very complex due to the initially-vague 1.1 spec and the need for thousands of per-device quirks handlers. Even as specs were tightened, old device interop remains needed. If you implement a stack precisely as per spec, about half the devices out there won’t work with it (no exaggeration).
This situation is not a recipe for good code. Now that BLE has audio (the last thing from classic that it lacked), we can begin phasing out BT classic and this mess. However, it will be a decade before anyone can safely drop bt classic interop.
Basically: anywhere you have a Bluetooth stack that supports bt classic, feel free to ASSUME there are RCEs and DOSs lurking. You will not be wrong.
Source: a full blown case of PTSD from having written and debugged a few BT stacks
Could still contain it though. Bluetooth would only be needed for the non critical sound/calls/navigation stuff which should be it's own separate subsystem, on a read only OS with boot chain security so even if you did find an exploit in the bluetooth stack, it would only give you access to very unimportant things, and only until the car reboots.
Of course I don't expect it's implemented anywhere near securely, but in theory it's very possible. Game console companies have this stuff pretty solved.
It's a local attack via bluetooth, location tracking is not very interesting. Recording audio likewise not all that exciting for much the same reason. The phonebook though, that's exfiltrating PII.
>In some cases pairing is possible without any user interaction.
Baloney. No implementations in the wild do this, or they would have loudly trumpeted it.
"In order to conduct an attack, the hacker needs to be in range and able to pair their laptop with the targeted infotainment system over Bluetooth. In some cases pairing is possible without any user interaction, while in others pairing requires user confirmation, or it may not be possible at all."
I agree that it's not world shatteringly bad, but... you're being a bit disingenuous. :)
I don't think there's an exploit there, but even assuming there was, it'd require an attacker to know the phone number of the person they are attacking and for the car to be on at the same time when they execute the attack.
Seems like you still need a device either exploited or created physically located near your target/s. Maybe a car worm virus? Exploit one car and if it has a cell connection piggyback?
The infosec community loves their weasel words don't they?
The only other career path other than "meteorologist" where they get it wrong half the time with the burden of proof on the recipient, and everyone looks the other way.
There are cases where vulnerable code is found, but it may take weeks of tinkering to actually build an exploit that gets arbitrary RCE.
An example could be a buffer overflow that only allows a few bytes to be written. At first, you're likely just causing segmentation faults. DEP and ASLR will make writing an exploit that gives RCE difficult. This is when an attacker "may" be able to do something, if there's an attacker determined enough to figure out a full exploit.
The original researcher might not be interested in spending that time and just wants the vendor to fix it.
Seems like early 2000s cars were the last of the good cars. You had full airbags by that point but cars were mostly still just basic fuel injected internal combustions engines with sensible transmission choices that had seen probably decades of iteration at that point. If you wanted some crazy infotainment its not hard to roll your own with the standard sized stereo slots in those cars. No telemetry. No "driver aids" behaving nondeterministically. Mechanical linkages vs by wire. Just a car. Starts with a key. Exactly what is says on the tin and nothing more or less.
I'm routinely ridiculed for driving a car with a traditional ignition key, and insisting upon it, as if it's exclusive to Luddities.
Everyone else can enjoy their reflection/replay attacks or whatever.
Honorable mention to Toyota who has still not completely abandoned this simple, functional technology for a clunky fob that can be easily hacked.
FWIW, fobs are not for your convenience. It's for theirs.
> FWIW, fobs are not for your convenience. It's for theirs.
Same with touch buttons. Not for you convenience, it's for theirs.
I'm curious who you are routinely interacting with that they care about your car keys. :D
I do think the writing is on the wall for old fashioned keys, though? For one, they don't really give you that much protection. As laughable as poorly done key fobs are, a physical key is a pretty low bar as far as deterrence goes.
It can be annoying to consider, but cultural norms protect cars far more than anything else. Is why many in suburban areas can get away with having their keys in the cars at all times.
Keys have been chipped for > 30 years. The technology is proven, secure, and reliable. Kia and Hyundai learned this the hard way when they tried to shave pennies a few years ago.
Fobs just created another attack vector catering to people too lazy to take it out of their pocket or purse.
> people too lazy to take it out of their pocket or purse
Keyless start has another legitimate function besides laziness: it allows you to leave your car locked with the engine (and AC) running while a baby or dog is inside.
Of course, you can accomplish the same by having two keys with you; you decide whether that's another example of laziness. :-)
It's not a legitimate function because the car will beep at you if you walk away.
Some aftermarket remote starts have this feature.
However, in many states it's illegal to leave a car running unattended.
Though one could argue in court the baby or dog could serve as the attendant. Having said that, leaving a baby or dog unattended, AC or not, is just stupid.
My Ford from the year 2000 has a 5 digit keypad on the door. I can lock my keys in the car, leave it running, lock and unlock it without an extra key. I can grant anybody access by just giving them the code. I hated carrying the stupid bulky keyless entry fob in my pocket, and threw it in a drawer, so my keychain is very small. It still has a chipped key to turn on the ignition system and start the vehicle. It's vehicle locking perfection.
Chipped keys have constantly fallent to cloning attacks and worse. The idea "you insert it therefore the whole system is secure" is backwards reasoning when the problem is the chips, protocols, and buggy security implementations themselves.
Moving the goalposts. No chipped key car has ever been stolen by beaming some kit off AliExpress at it and simply driving away.
I bought kit that can do this off AliExpress.
Here's the repo: https://github.com/joelsernamoreno/EvilCrowRF-V2
Backup cameras are amazing. Especially now that I have kids shorter than my trunk line, I appreciate them even more.
A lot of the other stuff, though, I agree with you.
Back up cameras can easily be added aftermarket if wanted. But frankly, many of those older cars had much better rearward vision that anything today.
Sure, but where I live they are mandated by law in every new car.
There's plenty of kids on my street, and I'm much more comfortable knowing everyone has one when backing out of a driveway, and not just the people who bothered to go get one installed aftermarket.
We must have driven very different cars. Rear visibility has always been terrible, and rear cameras are a god send.
Older cars are more likely to be things like coupes, a form factor more or less abandoned today. I know, I used to drive a coupe. Dear God, the rear visibility was the worse out of any car. And the side blind-spots. You'd think a small vehicle would have good side visibility but no, all you get are those tiny little back windows.
But, it was a beauty.
Generally, I think you're right. But there is quite a range even for coupes. I'm sure Porsche can afford to use higher strength steels, but the pillars on a 911 are surprisingly thin: https://h7.alamy.com/comp/B082JF/2008-porsche-911-turbo-in-s...
On the other hand, coupes with rear hatches can be particularly bad: https://www.motortrend.com/uploads/sites/10/2015/11/2004-toy...
Looking at the extremes like the Honda CRZ, it does seem to be a low priority area!
Ah, I agree for the most part, however, safety has definitely moved forward. There is a lot more to safety than airbags and seatbelts.
My car hit the breaks for me last week on a highway. I’m quite happy with the computerization of cars for this reason. It could be better as the link shows the downsides, but it probably has saved (tens of?) thousands of lives overall.
A couple months ago I was driving a rental and I coasted up on slow exit traffic with the intent of dodging right after the person to my right passed me. Well I got that far but I got close enough to the slowing traffic in front of me in the process it decided to brake. And of course because electronic throttle they lock you out of the gas. And it takes a couple seconds for it to decide that no, I really did want to go fast, so it lets me do that but of course the CVT needs to incrementally wind its way there at a leisurely pace.
So instead of cleanly pulling off my merge into a lane going 10mph faster than me I look like a goddamn moron for zipping over and then hard braking away 20mph of speed. All because some programmers buried in Toyota HQ somewhere spent too much time on the HN or Reddit or whatever circle jerking it in the comments with the "you can never go wrong by braking" crowd. Could have been way worse had it been a spicer situation, like merging into traffic with a disabled vehicle at the end of the merge ramp or just about any other case with equal or great speed differential and equal or lesser margin.
A car should do what I say. I can understand doing something when I have provided no input or perhaps ignore a 0-100% press to prevent wrong pedal accidents but this is just horrible systems design. If I'm traveling at speed and mash the gas it stands to reason I did that on purpose.
My car hit the brakes for me last week on a highway as well, except there was no reason to, there was nothing there. I'm not as happy.
I intentionally opted out of these sort of driver assist features because I don't trust the firmware going into them. If a safety misfeature can be disabled manually you also run the risk of an insurer denying a claim if they find out it wasn't engaged. Better to not have it in the first place and use the mark I eyeball for safety.
Yeah, I'm not happy I have them, but I'm happy other drivers have them. I guess they help overall, since I need to be careful to keep a safe distance from the guy in front of me anyway.
Even the structures of cars have improved. The crumple zones and structural rigidity is constantly evolving.
I also like sensors and crash avoidance tech.
[dead]
Each improvement is hugely less influential than the last. Seatbelts get you 90% of the way there. Airbags do most of the rest, etc, etc.
All those improvements have been undone by the entire market turning in to brodozers and soccer mum tanks.
I came to the same conclusion. The exact year varies a bit by manufacturer.
Chevy's pre-2008 were in a good spot, maybe 2007 for the avalanche body change? Quite a few Hondas and Toyotas were good through the early teens, especially the 4 cylinders.
I have a late 80s GMC pickup, 2005 Buick, and a Chevy Volt. The only one I have any real issues with is the Volt, though that's only been the last couple years as the battery is getting old; the most frustrating thing is needing to run questionable software on an airgapped laptop just to turn the Volt back on when a high voltage safety flag is flipped tripped in the computer.
Really depends on the particular model and when it got refreshed and how much the OEM cares about it more so than the manufacturer.
Sometimes the platforms that the OEMs don't care about are great because the idiot dick swinging engineers who want to hit their KPIs neglect them. Sometimes they're terrible because they get phoned in. The flagship platforms are usually safe but sometimes they put too much bleeding edge tech in them.
I miss them too.
Re. the radio: Now its a big useless screen that shows me useless data while still hiding all the useful data that I can get over OBD-II. And whats worse, that screen is tied to your fucking cars computer and configures your car so you cant remove it, no matter how much the software sucks. I hate my 2022 CR-V's garbage infotainment screen. Its a shit UI, shit audio quality, and the Bluetooth is bugged to all hell. I already have a computer with me in my car called a phone that does everything but better. And that's not saying much.
There still are cars being sold without much of new "technology", I daily a MY2024 Abarth 595 that still doesn't have start-stop, ECall, auto braking, telemetry, lane-assist, the infotainment is replaceable by a standard third-party box without messing with the rest of the car and still has a traditional ignition key. It's a basic turbocharged FIAT FIRE engine, so maintenance is stupidly cheap and anyone can do it.
I own a bunch of impractical cars, but my daily driver is a 2005 Honda. I always explain to people exactly this. It's the last good year before everything became too digitized and wireless. It's got physical controls, a real horn, a cable driven throttle and at 350,000 miles with so little maintenance and no sign of stopping.
I also own a 05 55 AMG, also all mechanical, but oh so impracticable :D
Think you're onto something. I'm still rolling a 2005 Toyota. Incredibly functional, reliable, and I can add whatever I want and choose instead of having it forced down my throat by the current wave of nonsense ... Oh, and zero worries about it being hacked !
Is there an exploit? I've always wanted to explore the inner workings of my car's computer system, but I don't know how.
I recently read "The car hacker's handbook". It seemed to explain the basics very well and pointed me to all the necessary software and hardware to get started.
It is an interesting topic for sure.
That book looks very promising. Thanks a bunch!
Look up OBD-II.
I read recently about how some cars can be hacked and stolen through the CAN bus to the headlights.
https://arstechnica.com/information-technology/2023/04/crook...
Bluetooth stacks are very complex due to the initially-vague 1.1 spec and the need for thousands of per-device quirks handlers. Even as specs were tightened, old device interop remains needed. If you implement a stack precisely as per spec, about half the devices out there won’t work with it (no exaggeration).
This situation is not a recipe for good code. Now that BLE has audio (the last thing from classic that it lacked), we can begin phasing out BT classic and this mess. However, it will be a decade before anyone can safely drop bt classic interop.
Basically: anywhere you have a Bluetooth stack that supports bt classic, feel free to ASSUME there are RCEs and DOSs lurking. You will not be wrong.
Source: a full blown case of PTSD from having written and debugged a few BT stacks
Could still contain it though. Bluetooth would only be needed for the non critical sound/calls/navigation stuff which should be it's own separate subsystem, on a read only OS with boot chain security so even if you did find an exploit in the bluetooth stack, it would only give you access to very unimportant things, and only until the car reboots.
Of course I don't expect it's implemented anywhere near securely, but in theory it's very possible. Game console companies have this stuff pretty solved.
I’m half excited about this, and hoping I can exploit the infotainment on my Octavia 4
[flagged]
Why leave out the first 2/3rds of the sentence, which are the more severe ramifications of the exploit?
>From there the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.
Combined with:
>"In some cases pairing is possible without any user interaction"
You end up with a stalker's dream.
But also you're potentially able to backdoor in if future vulnerabilities are found. One foot in the door so to speak.
It's a local attack via bluetooth, location tracking is not very interesting. Recording audio likewise not all that exciting for much the same reason. The phonebook though, that's exfiltrating PII.
>In some cases pairing is possible without any user interaction.
Baloney. No implementations in the wild do this, or they would have loudly trumpeted it.
I can turn any security finding into a "yawn" by either ignoring and/or disbelieving most of it, too.
Does the attacker actually need to be nearby?
Or does there just need to be some communications link between the car's Bluetooth transceiver and the attacker?
I'd think that installing a BT <--> cell network bridge would easily solve that hurdle.
What BT <--> cell bridge?
The cell -> phone -> bluetooth audio bridge?
I don't think there's an exploit there, but even assuming there was, it'd require an attacker to know the phone number of the person they are attacking and for the car to be on at the same time when they execute the attack.
BT to cell bridge? Just a phone stuck somewhere would work.
They mean to attach a device to the victim car that does Car BT <-> Device <-> 5G <-> Hacker
Seems like you still need a device either exploited or created physically located near your target/s. Maybe a car worm virus? Exploit one car and if it has a cell connection piggyback?
Feels a little like the 90s ILUVYOU emails :)
Are there BT antennas for long range? Like, can I make a Yagi style antenna out of a Pringles can and some all thread like we used to do for WiFi?
No but there are bluetooth gateways that allow local bluetooth LE connections on one side and wifi / cell on the other. Cassia makes some great ones.
I can see somebody setting up a Cassia in a car park and performing all sorts of bluetooth LE shenanigans remotely.
Bluetooth uses the same 2.4GHz as WiFi
> The attacker may also be able
The infosec community loves their weasel words don't they?
The only other career path other than "meteorologist" where they get it wrong half the time with the burden of proof on the recipient, and everyone looks the other way.
Show your work, or it's not possible.
This is the wrong attitude to have.
There are cases where vulnerable code is found, but it may take weeks of tinkering to actually build an exploit that gets arbitrary RCE.
An example could be a buffer overflow that only allows a few bytes to be written. At first, you're likely just causing segmentation faults. DEP and ASLR will make writing an exploit that gives RCE difficult. This is when an attacker "may" be able to do something, if there's an attacker determined enough to figure out a full exploit.
The original researcher might not be interested in spending that time and just wants the vendor to fix it.
Unfortunately, you can only cry wolf so many times before no one will believe you anymore.