Hackers into your idrive???
12-28-2005, 03:09 PM
#1
Contributors
Thread Starter
Join Date: Sep 2005
Location: Long Island, New York
Posts: 1,624
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 2005 525i Titanium Silver Metalic and 2003 325xi Jet Black with the Premium Package in both cars.
Just found an article on AOL regarding Bluetooth technology and viruses. 2nd. paragraph deals with BMW's idrive. The article was long but I just posted some of it. Interesting read for all that have GPS, etc. installed in their BMW's
Are Your Car?s Electronics Safe?
By ERIC PETERS
Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.
The concern is that this electronic back-and-forth with the outside world -- and wireless communication systems -- could enable a hacker to access a vehicle's onboard systems and infect them with a computer virus. Many of these systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's center console to control a menu of in-car operations) are based on a version of Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.
Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.
A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.
The good news is that nothing happened.
"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.
These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.
At least so far.
Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.
Are Your Car?s Electronics Safe?
By ERIC PETERS
Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.
The concern is that this electronic back-and-forth with the outside world -- and wireless communication systems -- could enable a hacker to access a vehicle's onboard systems and infect them with a computer virus. Many of these systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's center console to control a menu of in-car operations) are based on a version of Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.
Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.
A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.
The good news is that nothing happened.
"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.
These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.
At least so far.
Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.
12-28-2005, 03:17 PM
#3
Senior Members
Join Date: May 2005
Posts: 647
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Mr 5er' post='216521' date='Dec 28 2005, 04:09 PM
Just found an article on AOL regarding Bluetooth technology and viruses. 2nd. paragraph deals with BMW's idrive. The article was long but I just posted some of it. Interesting read for all that have GPS, etc. installed in their BMW's
Are Your Car?s Electronics Safe?
By ERIC PETERS
Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.
The concern is that this electronic back-and-forth with the outside world -- and wireless communication systems -- could enable a hacker to access a vehicle's onboard systems and infect them with a computer virus. Many of these systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's center console to control a menu of in-car operations) are based on a version of Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.
Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.
A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.
The good news is that nothing happened.
"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.
These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.
At least so far.
Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.
Are Your Car?s Electronics Safe?
By ERIC PETERS
Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.
The concern is that this electronic back-and-forth with the outside world -- and wireless communication systems -- could enable a hacker to access a vehicle's onboard systems and infect them with a computer virus. Many of these systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's center console to control a menu of in-car operations) are based on a version of Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.
Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.
A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.
The good news is that nothing happened.
"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.
These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.
At least so far.
Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.
This is actually well discussed in the WiFi and mobile tech industry. Some sample discussion can be found here and a pretty good write-up on this security forum
Yeah, no doubt, scary stuff. You would think people have better things to do with their time (and talent).
12-28-2005, 04:01 PM
#4
Members
Join Date: Nov 2005
Location: USA via Italy
Posts: 52
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: An 1994 Ashamed-Mobile Partially Loaded, Leather. Radioless, Heatless, Gas-needleless.
What happened to devices asking for passwords before initiating any type of actions? My old motorola V600 I believe (the numbers are worn off). But whenever I forget my password for my cell I cant access my Mac or vice versa'. Just curious.
12-28-2005, 06:28 PM
#5
Super Moderator
Join Date: Mar 2004
Location: Pittsburgh, PA USA
Posts: 17,310
Likes: 0
Received 2 Likes
on
2 Posts
My Ride: G30 M550i
Model Year: 2018
This was also discussed a bit here on these forums way back in June of 2004...
http://forums.e60.net/index.php?showtopic=1356
http://forums.e60.net/index.php?showtopic=1356
12-28-2005, 08:06 PM
#6
Contributors
Join Date: Oct 2004
Location: So Cal, USA
Posts: 14,776
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 545iSMGSilver GrayAuburn Dakota LeatherLogic 7 Premium SoundSports Package
Originally Posted by Rudy' post='216586' date='Dec 28 2005, 07:28 PM
This was also discussed a bit here on these forums way back in June of 2004...
http://forums.e60.net/index.php?showtopic=1356
http://forums.e60.net/index.php?showtopic=1356
See here too Post #4... very important!!!
http://forums.e60.net/index.php?show...14503&hl=virus
another one here... not started by Rudy tho.
http://forums.e60.net/index.php?showtopic=6739&hl=virus
12-28-2005, 08:53 PM
#8
Contributors
Join Date: Oct 2004
Location: So Cal, USA
Posts: 14,776
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 545iSMGSilver GrayAuburn Dakota LeatherLogic 7 Premium SoundSports Package
Originally Posted by Rudy' post='216632' date='Dec 28 2005, 09:41 PM
Thanks for linking to them!
12-29-2005, 01:25 AM
#9
Senior Members
Join Date: Aug 2005
Location: Cymru
Posts: 302
Likes: 0
Received 0 Likes
on
0 Posts
Like many computer security articles, this strikes me as FUD.
i-drive does indeed use a (very hacked) version of Win/VxWorks - but this bears no relation to Windows XP for example - the notion that it's inherently insecure is total b*ll*cks.
Regarding bluetooth - the car has to be paired with a device before it will talk with it, or nothing happens. Also, bluetooth is only active in your e60 when the ignition is on, I.E you'll likely be driving it at the time.
So unless some cracker can come up with a way of a) hijacking my bluetooth, b) hacking i-drive and c) do this whilst I'm driving past them, then I'll be sleeping easy
i-drive does indeed use a (very hacked) version of Win/VxWorks - but this bears no relation to Windows XP for example - the notion that it's inherently insecure is total b*ll*cks.
Regarding bluetooth - the car has to be paired with a device before it will talk with it, or nothing happens. Also, bluetooth is only active in your e60 when the ignition is on, I.E you'll likely be driving it at the time.
So unless some cracker can come up with a way of a) hijacking my bluetooth, b) hacking i-drive and c) do this whilst I'm driving past them, then I'll be sleeping easy
12-29-2005, 06:03 AM
#10
Contributors
Join Date: Mar 2005
Posts: 2,573
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 2006 530i Sport
Silver Gray - Black Leather - Anthracite Maple
Manual Transmission
Premium Audio
Cold Weather Package
Rear sunshade
Sirius Radio
Autobahnd Roadblock (3M) film kit
Originally Posted by shiny' post='216708' date='Dec 29 2005, 05:25 AM
Like many computer security articles, this strikes me as FUD.
i-drive does indeed use a (very hacked) version of Win/VxWorks - but this bears no relation to Windows XP for example - the notion that it's inherently insecure is total b*ll*cks.
Regarding bluetooth - the car has to be paired with a device before it will talk with it, or nothing happens. Also, bluetooth is only active in your e60 when the ignition is on, I.E you'll likely be driving it at the time.
So unless some cracker can come up with a way of a) hijacking my bluetooth, b) hacking i-drive and c) do this whilst I'm driving past them, then I'll be sleeping easy
i-drive does indeed use a (very hacked) version of Win/VxWorks - but this bears no relation to Windows XP for example - the notion that it's inherently insecure is total b*ll*cks.
Regarding bluetooth - the car has to be paired with a device before it will talk with it, or nothing happens. Also, bluetooth is only active in your e60 when the ignition is on, I.E you'll likely be driving it at the time.
So unless some cracker can come up with a way of a) hijacking my bluetooth, b) hacking i-drive and c) do this whilst I'm driving past them, then I'll be sleeping easy
Right. I shudder when I think about the fingernail-scraping grasp tech writers have on the world they're bringing to the masses. I often wonder what other areas of reportage this extends to... (medical reporting?) But I digress.
There are no fewer than 7 different operating systems in the E60, and as shiny so accurately pointed out, VXWorks is at the core. VXWorks went to Mars. No, not Mars, PA... the planet Mars. The spooks where I work can do some gnarly stuff with regard to bluetooth, but insertinig a virus or piece of runtime code onto our cars is pretty unlikely. Oddly enough, the WinCE devices are the only ones that have been cured of the early Bluetooth bugs - I've seen sweeps, the ones that don't show vulnerabilities are running CE.
Even without vulnerabilities, there are brute force methods of inserting yourself into bluetooth communications, but those are no longer Microsoft issues. They are issues with the spec itself.