Tuesday, July 10, 2012

How to steal a BMW

Obviously I'm not going to tell you how to steal a BMW (you can watch someone else do it), however such a title might wake you up to security being a real issue in Embedded Systems designs. In my Cyber War or Cyber Peace, are your systems safe? entry I wrote:

There are several other organizations such as SAE International, that covers automotive standards getting involved in securing systems. SAE has recently put together the Vehicle Electrical System Security Committee. Does anyone really expect our vehicles to not be attacked at some point?

Seems BMW security systems have already betrayed us, by having no security on the diagnostic port, not even a password (which would only slow, not stop an attack), the BMW key fob can be reprogrammed. Emil Protalinski gives more details in Hackers steal keyless BMW in under 3 minutes.

Security by Obscurity has not been viable for a very long time. Recently Microsemi had been in the headlines about a potential venerability in their ProASCI3 parts, here is their official response: Microsemi Response: Security Claims With Respect to ProASCI 3. Whether such a flaw exist we all will know in time. The point is that if there is a port that can be exploited such OBD or JTAG, it will be exploited.

Have you accounted for deliberate attacks in your design? Keep in mind that the the Bad Guys have more money and are better armed that you are, their bosses believe in spending money on good tools! Drug dealers no long count their money, they weigh it. One million dollars in 100 bills weighs 37.4 lbs, in fifties it weighs 74.8 lbs.