[weakfortress]

A long time ago I attended a DEFCON where this was discussed. Long before it became a big deal in the industry to have all this tech in cars. CANBUS was broken reliably, and if my memory serves me they even had a car you could take a shot at hacking yourself. After playing with it the entire conference I came to the conclusion I would never own a modern car if I can avoid it.

Any car running CANBUS is vulnerable to a potentially fatal attack. They have not resolved this. However, you also generally cannot avoid it. Even the base model Honda civic is vulnerable to attacks on the drive-by-wire system. In a less morbid sense, most modern cars cannot even be serviced at home without going to the dealer for a reset of whatever subsystem. ABS comes to mind.

I would not detract from an old car. A car 25 years old has 99% of the safety features of a modern car and, in good working order, will protect you just the same. Or maybe I just don't worry about it because the probability of anything greater than a minor fender bender killing you is pretty high even with modern tech.

[kube-system]

Pre-CANBUS cars were even easier to exploit. Much of everything on those systems were in plaintext, and could be easily tinkered with. A 25 year old car may have many of the same safety systems (although it is definitely missing a few), but the passive safety systems that do exist are most certainly not to the same standard as today's vehicles. To put it plainly, you are way more likely to die because the safety cage collapses on your late 90's vehicle, than you are to die because someone attacked the CANBUS of your vehicle.

DEFCON has a lot of great security demos, but don't mistake any of those demos as representative of the real-world landscape of issues.

[uconnectlol]

This idea you seem to have of DEFCON having presentations that conflate things like backdooring with remotely exploitable vulnerabilities is wrong. That would be about 1% of them. DEFCON was always reasonable quality. Not sure what the parent poster is on about, though.

[vel0city]

> CANBUS was broken reliably

So can my brake or fuel lines, if you're needing physical access. Get this, the door locks aren't even 100% secure, there's this whole thing that side steps them called "Windows".

I do lament not being able to fully flush my brakes at home and do wish the programming harness would be freely available to override the system and have the ABS clear the lines. However, I wouldn't for a second choose to not have ABS on any vehicle I own, including my motorcycle.

[Tomte]

> Any car running CANBUS is vulnerable to a potentially fatal attack.

No, it isn't. CANBUS is a non-safe protocol ("black channel" in safety parlance) and if anything safety-relevant is sent over it, there is a safety protocol on top.

[AlotOfReading]

Black channel schemes are not resistant to malicious input unless security was intentionally built in. Safety and security are separate (but related) concerns. Besides, white channel is still (unfortunately) a thing in some parts of the industry.

[jimbomins]

That's not strictly fair. The problem is that the critical systems were moved to share transport on the main hub with infotainment (safe, I did modelling of the messages for Volvo way back). On that hub is wireless access. Cars have been using CANBUS way longer than that issue entering play and without physical access you wouldn't be able to hack them and with physical access you could easily tamper with brakes or other systems.

[AlotOfReading]

Dealerships routinely violate CANbus isolation with junky "add-ons" full of security holes and wireless interfaces directly attached to important buses. Every single manufacturer that cares at all about bus integrity should be doing message signing and that's where CANBus simply doesn't work. The bandwidth is far too low for good schemes (leading to custom implementations) and there are no decent standards for hardware vendors to implement, which means more of the already-limited CPU budget has to be allocated to it.

[jdminhbg]

When it comes to potentially fatal attacks on my car, I'm a lot more worried about drunk drivers than CANBUS.

[vel0city]

In which case, having a more modern car with better safety designs is way better than not having a CANBUS.

And I definitely agree; I'm way more likely to be harmed because of a drunk driver or someone running a red because they're just too busy to bother stopping at this light today rather than some hacker remoting into my car to change the car from drive to neutral or remotely disable ABS or something like that.

[wolrah]

> CANBUS was broken reliably, and if my memory serves me they even had a car you could take a shot at hacking yourself.

This statement shows a fundamental lack of understanding of how automotive computer networks operate.

The CAN bus is just a network. It's an industrial control protocol that's been adopted by the automotive world. It doesn't offer security by design, it's intended for use in limited environments where all hardware on the network is known and trusted. CAN provides methods for prioritization of devices, that's it. Any security is left to higher layers of the stack.

There is no such thing as "breaking" CAN, you just physically connect to the network and you're able to talk to whatever controllers are on that network (most modern cars have multiple CAN buses connected to different subsets of the vehicle systems). At that point it's about the security features implemented by the devices on the network.

> Any car running CANBUS is vulnerable to a potentially fatal attack. They have not resolved this.

There is nothing to resolve at the network level. To put it another way, almost every computer that's ever been hacked over the internet was running Ethernet but that's just as irrelevant as CAN in cars.

If you are able to physically connect to the network, you can talk to and potentially spoof devices on the network.

> A car 25 years old has 99% of the safety features of a modern car and, in good working order, will protect you just the same.

You couldn't possibly be more wrong. Pick your favorite vehicle from 1997 and look up the crash test videos, then compare against a similar recent model.

Here's the most popular vehicle sold in the US, the Ford F-150, from 1997 (https://www.youtube.com/watch?v=_i5EmJBaGeQ) versus one from 2016 (https://www.youtube.com/watch?v=Cou88zi4pMY). You tell me which one you'd rather be in.

You might say, correctly, that the 1997 F-150 is particularly bad, but here you can see a 1997 Volvo V70 versus a 2009 Volvo V70 (https://www.youtube.com/watch?v=msnJK0ce-VM). Volvo has a reputation for building some of the safest vehicles on the road, and even those twelve years show substantial gains in crash performance where the older car's passenger compartment is clearly compromised while the newer one's crumple zones work as intended.

> Or maybe I just don't worry about it because the probability of anything greater than a minor fender bender killing you is pretty high even with modern tech.

Again, absolutely wrong. I say this as someone who's flipped a truck off the road at highway speed and walked away with minor abrasions and bruising from the seatbelt and a few cuts from broken glass as the rest of the truck got ruined but the cab stayed intact. My anecdote is of course statistically meaningless, but the data agrees. Crash fatality rates have consistently trended downward from the '80s until 2020. The main reason modern vehicles have gained so much exterior size without gaining nearly as much interior size is all the space taken up by modern safety equipment, crumple zones, etc.