Driver IRQL not less or equal, please schedule a patch at your local car dealership

Subject: General Tech | July 5, 2018 - 01:15 PM |
Tagged: security

Chris Roberts, who's claims to fame include taking over the thrust control of an airplane via the in flight entertainment system, spoke at length about the lack of security on less expensive vehicles.  With the electronics of cars and trucks becoming more and more complex and interactive, new threats are appearing almost daily and almost nothing is being done about it.  Car manufacturers will need to set up a method to update the software running on their vehicles, especially considering the fact that current laws make it illegal for owners to install patches on their own. 

The terrifying part is that he told The Register that the automobile industry is far ahead of all other transportation industries; apart from Tesla, the last newsworthy software update involved fudged emissions, not security enhancements.

View Full Size

"I put a network sniffer on the big truck to see what it was sharing. Holy crap! The GPS, the telemetry, the tracking. There's a lot of data this thing is sharing."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

July 5, 2018 | 02:16 PM - Posted by anonymouse (not verified)

Are you part of the engine management system? No? then GTFO the CAN bus and get your own network to play in!

July 5, 2018 | 06:41 PM - Posted by serpico (not verified)

I didn't hear about that airplane thing. It sounds like pretty bad design if there is some sort of connection between airplane cabin entertainment and airplane critical system management.

July 6, 2018 | 10:57 AM - Posted by Moyenni (not verified)

That claim is controversial at best.

July 8, 2018 | 12:32 PM - Posted by JoeMoo (not verified)

I think the guy is full of it. I believe all he saw was an information data stream from the engines, but never actually controlled anything.

July 8, 2018 | 12:31 PM - Posted by JoeMoo (not verified)

Non-story. Trucks have two buses; a general purpose information/data bus and an engine control bus. The connectors for the former are in the cab and the CAN/1939 protocol is well documented. These are used for diagnostics and for the on-board computers which the drivers use for messaging, maps and their driving logs.

Some trucks allow some control of the engine through this bus. High security load trucks may allow a shutdown if the onboard system doesn't get expected information on a timely basis. Others may reduce maximum speed remotely. However, none of these "take over" the driving of the truck in any manner.

The engine control bus has much tighter timings and is limited to a set of known devices. I suspect most are designed to shut down if an unknown device is detected. Regardless, it has a similar vulnerability as an engine from 30 years ago--namely, if you have physical access to something, you can do nasty things to it.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.