Hackers Going After Traffic Signs

After hackers played several high-profile pranks with traffic signs, including warning San Francisco drivers of a Godzilla attack, the U.S. government advised operators of electronic highway signs to take “defensive measures” to better secure their property.

Last month, signs on San Francisco’s Van Ness Ave were photographed flashing “Godzilla Attack! Turn Back” and highway signs across North Carolina were tampered with last week to read “Hack by Sun Hacker.”

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, this week advised cities, highway operators and other customers of digital-sign maker Daktronics Inc to take “defensive measures” to minimize the possibility of similar attacks.

It said that information had been posted on the Internet advising hackers how to access those systems using default passwords coded into the company’s software. “ICS-CERT recommends entities review sign messaging, update access credentials and harden communication paths to the signs,” the agency said in an alert posted on Thursday.

Jody Huntimer, a representative for Daktronics, declined to say if the recent attacks involved the bug reported by ICS-CERT.

“We are working with the ICS-CERT team to clarify the current alert and will release a statement once we have assessed the situation and developed customer recommendations,” Huntimer said via email.

Krebs on Security, a widely read security blog, posted a confidential report from the Center for Internet Strategy, or CIS, which was sent to state security officials. It warned that the pranks created a public safety risk because drivers often slow or stop to view the signs and take pictures.

CIS also predicated that amateur hackers might attempt to hack into other systems in the coming weeks following the May 27 release of “Watch Dogs,” a video game from Ubisoft focused on hacking critical infrastructure.

Source

Blackberry Goes Infotainment

Blackberry’s QNX Software Systems has announced a partnership that will allow its infotainment system to be placed in car’s digital instrument clusters.

The technology will allow drivers to see their music lists and album art, turn-by-turn navigation directions and local news in between instruments such as the speedometer and tachometer.

BlackBerry announced its collaboration with Rightware, a maker of automotiveuser interface design tools, at the Telematics Detroit show here. The collaboration combines the QNX Neutrino operating system and the Rightware Kanzi user interface.

QNX demonstrated the instrument cluster in a Mercedes-Benz concept car. The system also uses MirrorLink, an industry standard for the integration ofsmartphones into infotainment systems. The system is able to mirror Android-based smartphones to both the infotainment center on the console and the instrument cluster display.

With the MirrorLink connection, the instrument cluster can display realtime information, such as local speed limits, turn-by-turn directions, traffic reports and incoming phone calls. Because the cluster is fully digital, it can dynamically change views, highlighting the most important information and using advanced visualizations to help the driver process information more quickly.

“QNX Software Systems and Rightware have already worked together on successful production programs, including the exciting new Audi virtual cockpit,” said Peter McCarthy, director of global alliances for QNX.

With the Kanzi software, developers can create UIs with photorealistic, real-time 2D and 3D graphics. The QNX OS enables the Kanzi UI to access vehicle data and services, including navigation, multimedia, speed, RPM, and car diagnostics. It essentially provides an abstraction layer based on QNX’s persistent publish/subscribe (PPS) technology.

Source

Is Ethernet For Autos?

The most ubiquitous local area networking technology used by large companies may be packing its bags for a road trip.

As in-vehicle electronics become more sophisticated to support autonomous driving, cameras, and infotainment systems, Ethernet has become a top contender for connecting them.

For example, the BMW X5 automobile, released last year, used single-pair twisted wire, 100Mbps Ethernet to connect its driver-assistance cameras.

Paris-based Parrot, which supplies mobile accessories to automakers BMW, Hyundai and others, has developed in-car Ethernet. Its first Ethernet-connected systems could hit the market as soon as 2015, says Eric Riyahi, executive vice president of global operations.

Parrot’s new Ethernet-based Audio Video Bridging (AVB) technology uses Broadcom’s BroadR-Reach automotive Ethernet controller chips.

The AVB technology’s network management capabilities allows automakers to control the timing of data streams between specific network nodes in a vehicle and controls the bandwidth in order to manage competing data traffic.

Ethernet’s greater bandwidth could provide drivers with turn-by-turn navigation while a front-seat passenger streams music from the Internet, and each back-seat passenger watches streaming videos on separate displays.

“In-car Ethernet is seen as a very promising way to provide the needed bandwidth for coming new applications within the fields of connectivity, infotainment and safety,” said Hans Alminger, senior manager for Diagnostics & ECU Platform at Volvo, in a statement.

Ethernet was initially used by automakers only for on-board diagnostics. But as automotive electronics advanced, the technology has found a place in advanced driver assistance systems and infotainment platforms.

Many manufacturers also use Ethernet to connect rear vision cameras to a car’s infotainment or safety system, said Patrick Popp, chief technology officer of Automotive at TE Connectivity, a maker of car antennas and other automobile communications parts.

Currently, however, there are as many as nine proprietary auto networking specifications, including LIN, CAN/CAN-FD, MOST and FlexRay. FlexRay, for example, has a 10Mbps transmission rate. Ethernet could increase that 10 fold or more.

The effort to create a single vehicle Ethernet standard is being lead by Open Alliance and the IEEE 802.3 working group. The groups are working to establish 100Mbps and 1Gbps Ethernet as de facto standards.

The first automotive Ethernet standard draft is expected this year.

The Open Alliance claims more than 200 members, including General Motors, Ford, Daimler, Honda, Hyundai, BMW, Toyota, Volkswagen. Jaguar Land Rover, Renault, Volvo, Bosch, Freescale and Harman.

Broadcom, which makes electronic control unit chips for automobiles, is a member of the Open Alliance and is working on the effort to standardize automotive Ethernet.

Source

Software Glitch Hits Prius

Toyota is recalling nearly 1.9 million Prius hybrid automobiles globally in order to fix a software glitch that could damage transistors and cause a loss of power.

Some 700,000 of the Priuses are in the U.S., according to a statement. Another 997,000 are in Japan, 130,000 in Europe and the remainder in other places around the world, according to media reports. Toyota didn’t immediately respond to a request for confirmation of those details on.

Toyota plans to tweak software in the Priuses for the motor/generator ECU (engine control unit) and the hybrid control ECU. The current settings “could result in higher thermal stress in certain transistors, potentially causing them to become damaged,” Toyota said. “If this happens, various warning lights will illuminate and the vehicle can enter a failsafe mode. In rare circumstances, the hybrid system might shut down while the vehicle is being driven, resulting in the loss of power and the vehicle coming to a stop.”

Toyota is also recalling about 260,000 2012 RAV4 compact sport utility vehicles, 2012-2013 Tacoma trucks and 2012-2013 Lexus RX 350 SUVs in the U.S., the company said Wednesday.

Toyota will apply an update to skid control ECU software on cars in this recall to fix an “electronic circuit condition” that could cause the vehicles stability control, anti-lock braking systems and traction control function to shut down intermittently, Toyota said. However, in the event of such a failure the standard brakes will still work, according to the company.

No accidents or injuries have been reported in connection with the software problems, Toyota said. The software update will be applied free of charge at local dealers.

Source

Tesla Updates Charging Software

Tesla Motors Inc is making changes to prevent overheating of its charging systems, including giving customers upgraded wall adapters and providing charging-software upgrades, the electric-car company said on Friday.

The moves come after a November garage fire involving a Model S in Irvine, California, which the Orange County Fire Authority said may have been caused by a Tesla charging system or by a connection at the electricity panel on the wall of the garage.

At the time, Tesla disagreed with the fire officials’ findings, denying that the charging electronics were related to the fire. A Tesla spokeswoman did not immediately respond to a question on Friday about whether the upgrades were related to the Irvine fire.

In a Friday press release, Tesla said that its goal was to prevent excessive heating of the adapters used to charge its cars. A variety of factors ranging from corrosion to inappropriate wiring of electrical outlets can cause overheating, the company said.

A December tweak to its charging software tackles the issue through reducing charging by 25 percent if the charging system detects fluctuations in power entering the vehicle, Tesla said.

“Tesla believes that this software update fully addresses any potential risks,” the release said. But as a precaution, it said it would make available an improved wall adapter with a thermal fuse for affected customers, staring in a few weeks.

Separately, three road fires in Model S sedans caused Tesla’s stock to fall sharply in October.

The fires occurred in Washington state, Tennessee and Mexico. In the U.S. incidents, Model S sedans caught fire after running over road debris. In Mexico, a Model S caught fire after striking a concrete wall.

On Friday, Tesla’s stock fell 1.23 percent to $145.72, up from levels under $120 in late November but down from its high of $194.50 in late September.

Source

Is The Tesla Hackable?

It’s the curse of the connected car once it’s linked to the Internet, it’s, well, on the Internet. In the case of the Tesla Model S, this means that mischievous hackers could, in theory, control some functions of the vehicle and even snoop without the owner’s knowledge.

Tesla offers Android and iPhone apps for Model S owners, which can be used to check the vehicle’s battery, track its location and status, and tweak several other settings, like climate control and the sunroof. It can also be used to unlock the doors on the Model S.

Dell senior engineer George Reese says the REST API used by Tesla to provide access for Android and iPhone apps has several fairly serious security flaws, which could offer a way in for unscrupulous hackers.

According to an article written by Reese for O’Reilly, Tesla appears to have broken from accepted best practice when designing the API for the Model S.

“It’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs–Twitter uses it), this scenario is one that screams for its use,” he wrote.

However, Reese notes, this is merely a potential attack vector, not one that could be immediately exploited. That said, a compromised website particularly one designed to provide “value-added services” via the API to Tesla drivers could prove highly damaging.

“I can … honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving,” Reese wrote.

Automotive hacking has been posited by experts for some time, and several presentations at this year’s Defcon detailed fairly comprehensive methods of compromising some models.

Source

« Previous Page