johnsocal

check this out - http://news.zdnet.com/2100-1009_22-5551367.html

HAZ-Matt

That's why nothing good has come from Bluetooth.

Omegalock

Yikes...that crap is scary especially with a lot of cars going with electronic throttle controls. Imagine some virus that could hijack the car and hammer the throttle just randomly.

AronZ28

And now imagine some perp stalking you in your infected car with OnStar.

Darth Xed

Easy fix, even if it would become possible, just don't answer the call... just like the easy fix for not getting a computer virus at home is to not open email attachments you don't know are safe.


You'd also be in a lot more trouble than simply having OnStar, because if you have some people chasing you down, and are sophisticated enough to call you in your OnStar phone (assuming you even paid to have it active), and send a car-computer virus to your car to shut you down, I think they'd be able to find another way to get at you too...

Z28Marcus

Ok let's get one thing straight first.... this incident is limited to attacking the onboard GPS system which IS NOT the same as the computer that controls the powertrain.

Unless the onboard GPS computer has an actual interface that somehow allows it write access to the powertrain computer, there IS NO WAY a virus can get from the cell phone to the powertrain computer. Period.

The scary thing is if integration / amalgamation of more and more of the CPUs in vehicles continues, it has great potential for just these kind of problems to arise. And problems well may arise, since integration in the long run lowers manufacturing cost - the very reason why, for example modern PC chipsets now support SVGA graphics, LAN, SATA disk control, sound and other functions, when they used to all be on separate chips / plug in cards).

What's really scary is if CPUs and functionaliuty are integrated and things like this happen:

"We know that car manufacturers are integrating existing operating systems into their onboard computers--take the Fiat and Microsoft deal, for instance," said Eugene Kaspersky, head of antivirus research at Kaspersky Labs. "If infected mobile devices are scary, just think about an infected onboard computer."

MS Windows is a huge joke in the IT security world and whilst the stuff going into a car wouldn't be the exact same thing as say Windows XP that you'd put on your desktop PC, the fact is MS does not build an OS that that lends itself to security. Instead Windows is in effect giant monolithic blob of code (still kludged from DOS if you dig deep enough into the so called 'kernel') that means a security hole in one place can potentially compromise the security of much or all of the system. This only aggravates my concerns re. the integration of multiple CPUs in vehicles.

WRT to bluetooth - Darth, you may sneer, don't open that email or don't answer the call. On some bluetooth phones, you don't even need to answer the phone... your phone can be scanned secretly... hackers already figured out to do this. Also, ever heard of spoofing? Where a spoofer sends an email or calls you pretending to be someone you know? It's doable... very doable... and so you end up opening that email with a virus (esp. bad on Windows which has so many loopholes it's not funny) because it all appears legit right down to the senders address or you take that call because the caller Id shows your Dad's name. But the scariest thing is that people making these insecure products are most often, the very last to admit there are problems. There are already proven, known severe security problem's with bluetooth phone's that don't involve a GPS computers. Go read Wired magazine for an easy introduction to all this stuff (maybe last month's) and see what I mean about the bluetooth exploits (e.g. people making free long distance calls on your phone, getting at data you have stored on there etc.) and spoofing.

I am for technology but not when it threatens privacy, control of personal info and facilitates identity theft.

Darth Xed

You have a good point about the caller ID thing...

As for the emails, the solution is to email the supposed sender and just ask if the attach is legit, and if they actually sent it...

Z28Marcus

True dat. But you're clearly a bit wiser than most folk who have no idea how anything works these days and don't care, hence are unware of the potential missueses and abuses. Knowledge is power right. Also having to send them an email and then get a response is not viable if you're at work and on a schedule and need what they supposedly sent you pronto .

Also, remember the MS Outlook hacker email exploit where an email virus could be kicked off just by having the MS Outlook email preview pane turned on until MS fixed it. I think the 'I love you' virus was an example of this though to be honest I can't recall the exact details on that one.

Bringing a connectivity solution to mass market is not easy or cheap and so like anything, corners get cut and compromises are made and engineers and designers are human so oversights and mistakes will happen. There isn't enough caution being exercised in the deveopment and deployment and adoption by the public of all this new technology. Everyone is rushing to have the latest and greatest all singing, dancing phones that can surf the web, make transactions (access their bank accounts?) etc. without asking *do I really need this right now?* and is it secure? Hackers are always on the lookout for 'cool' new hacks. And as the number of new connectivity gadgets and operating systems that run them continues to increase, the bigger the playground gets for these guys. And it's for sure that they'll find the loopholes, it's their raison d'etre.