Tuesday, 21 July 2015
hip hop through the subway speakers?
A few years ago I was sitting on a New York Subway, when some hackers jacked into the MTA carriages's audio system and started playing hip-hop through the speakers. No-one in the carriage seemed to bat an eyelid, and I wasn't sure if it was commonplace or if New Yorkers were as insulated as Londoners when on public transport.
I wondered at the time just how long it would be before this started happening to other forms of transport.
I now see a couple of hackers have just published some computer code which can be used to intercept automobile firmware and mess around with the systems. They have been doing it in plain view, so that manufacturers get onto the security requirement, but it does raise the kind of issues I was thinking about as I travelled uptown on the 5.
Cars have a sort of Local Area Network whose speed has been progressively increasing for the last few years.
There's a few standards like CAN (Controller Area Network) and LIN (Local Interconnect Network) which have to be more resilient to electromagnetism and EMF noise as well as having workshop-friendly industrial looking connectors.
A typical modern car has 50-100 microprocessor systems, so these modern-day computer linkages are pretty important, and have progressively increased in speed, running at around a Megabit per second in modern cars.
Naturally, car manufacturers are already talking about wifi car diagnostics, and the wifi extension IEEE 802.11p has been around for some years, specifically as a vehicular communication system to support ITS (Intelligent Transportation Systems). The idea is that cars can talk to one another as well as to the workshop.
That's where the modern-day equivalent of the subway train hackers come along. If they can bridge the gap from the roadside to the car using wifi, and then hook onto the car's 'LAN', there's a potential way to exploit the car's control system.
The two guys that just tried it with a Chrysler in the USA also illustrate the start of an intriguing era for cars.
They get more computerised, but the uConnect fix for the Chrysler has to be uploaded manually via a USB stick into the vehicle. Its's supposed to be a driver-friendly update, but I do wonder whether its is completely foolproof? We all know the strange things that can happen with, say, a Windows update.
I remember when we needed to update something in the sporty little red car. It ran the special car version of Windows and needed someone with a fairly extensive computer knowledge to get it all working. Or the time my smart windscreen was replaced by a normal windscreen fitter who effectively disabled the whole car for about three weeks until all the right control systems could be reinstalled by the car dealers' people.
So, who will get there first? The car dealers or the hackers? Maybe Suzi Quatro was prescient with 'Can the CAN'?