I wonder if LG fridges can be infected as well? :D

Source: SC Magazine (http://www.infosecnews.com/news/index.cfm?fuseaction=newsDetails&newsUID=bc5789cf-e448-4a6e-bee9-a5dd291405ed&newsType=News)
Mobile virus infects Lexus cars by David Quainton

Lexus cars may be vulnerable to viruses that infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet.

"If infected mobile devices are scary, just thinking about an infected onboard computer..," said Eugene Kaspersky, head of anti-virus research at Russian firm Kaspersky. "We do know that car manufacturers are integrating existing operating systems into their onboard computers (take the Fiat and Microsoft deal, for instance)."

It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses.

"At this stage it's still early but it just goes to show that technology has consequences," said David Emm, senior technology consultant at Kaspersky. "It's scary stuff."

Vulnerable operating systems are increasingly moving onto a number of different devices. Last year the Slammer worm infected 13,000 Bank of America ATMs as a result of them moving to a Windows-based operating system.

"I've even seen screenshots of major commercial aeroplanes with Windows 2000-based operating systems," said Mikko Hypponen, director of anti-virus research at Finnish firm F-Secure. "Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."

Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

When contacted Lexus declined to comment.

wow, that is scary. Imagine the impact if a virus were to infect the navigation system on say an amublance or firel rescue vehicle. the thought of people getting lost wouldnt be so bad, but this could casue people there lives. not to mention the havoc it could cause if like the article says, when brakes and engines start being effected. if a car were to brake hard while on a freeway it would almost certainly cause a major acciident. and you know there are people out there who would be making a virus just for this reason.

Cars are an obvious target for viruses. It's okay if you don't use the operating system for the engine and the brakes, but when you do..."

Any system critical devices such as breaks should be standalone, that can not be accessed by anyone exept an authorised fitter.

Having said that I have witnessed the affects of a computer controlled suspension system, on a car transporter, malfunction. It through the trailor into an uncontrolable oscilation. Resulting in a rolled over lorry with 13 brand new Rover Saloon, looking not so new.

More and more it becomes possible to actually kill someone with your computer. This is a clear indication that we must redouble our efforts to combat those who would create malicious code, or do such heinous things. Although I'm quite sure that an onboard computer system isn't directly connected to such critical systems as brakes or steering, it's only a matter of time. At the moment I'd be more concerned with someone manipulating the fuel/air mix to the point the vehicle wouldn't run at all - imagine that on an ambulance or fire truck sent out on an emergency call... or a police unit trying to get to a gunfight in progress...

On the other side of the coin - (gasp, dare I actually say it?) - is it possible that we're taking computers a bit TOO far into other areas? Should we really trust crucial systems such as hospital life support systems, national economies, all the way down to our home refrigerators and vehicles to vulnerable systems? Where are the quality of life improvements if our computerized devices are so manipulated?

Give me a '66 Chevy anyday.

mmmmmmmmm '66 chevy /drool

hmmm.. could add new meaning to War-Driving..

Forget infecting the car, what about infecting passenger aircraft?

is it possible that we're taking computers a bit TOO far into other areas? Should we really trust crucial systems such as hospital life support systems, national economies, all the way down to our home refrigerators and vehicles to vulnerable systems?
its is not the evolution that make them vulnerable.. it is the dumb developers...

you just cant be lazzy when developing automation software.... If you are figuring about cars, picture an Nuclear Power Plant or a Airplane.... or a chemical plant.

A car inst a Intel computer that you will only loose a word file when your favorite O.S. crashers...

If the car systems are being infected, we need only to blame DEVELOPERS!

Perhaps they are using the MS Developing Guide for a Secure Application :)

When I was last working on cars, about 5 years ago, the
systems were still strictly in ROM and not capable of being
infected by rogue or malicious code. You could burn your own
PROMs to change operating parameters, but it wasn't easy.

They are rushing way too fast into more sophisticated features
that can only be supported by a fully functional programmable
computer with vulnerabilities designed in, because of ease and
convenience.

I don't think any of the critical safety features are accessible
though. The cell phone can't talk to the ABS, for example.
:cool:

I don't know how to respond to this. In one way I can see that the possible ramifications of viral infection of automobiles, airplanes, etc. But at the same time, I don't feel that blaming the developers is a viable alternative. I guess that inherently they are responsible for their code, but at the same time, M$ doesn't seem to be held responsible when a Windows machine is infected, even if it costs millions of $$$. Although I think accountability would make the industry that much better, I don't see that as possible, because after all, I've read that M$ has like 20,000 developers, it would be really difficult to trace the vulnerable line of code to any one of them. Especially with the millions and millions of line of code in Windows. But the dangers of all of this "advancement" are not lost on me. I think the responsibility should go to those that chose the system that was/is used. With all of the available possibilities it is possible that they could make a better choice that the one that they made, it is also possible that they could make a worse choice. I know I will never buy a fiat if it has Windows in it. I've also heard that the UK's navy is going to start using a Windows based system in their nuclear warships. So the next thing we know there are a bunch of nuclear warships under the control of some hacker in Sri Lanka, who thinks the whole thing is funny as they watch [insert favorite city's name here] disappear into a cloud of smoke and flame. When all of that (hypothetical anyways) could have been prevented with a better choice in OS for the given application.

Just like your home computer, if you deploy a technology such as navigation to a public medium like bluetooth and the internet. What would we expect? At present the cars are using computers to drive the engine and break systems. But navigation and internet access is not part of that, and probably never will be. Except where already applied by mass transit. Sophisticated trucking companies use position data to adjust fuel ratios into the combustion chamber. For example when they are rolling across the great planes of the USA they can have their fuel mixture backed off via a GPS system and when they reach the high plains and then Denver the fuel ratio is adjusted accordingly to enable and increase in forward momentum. This saves a ton of fuel. But it is also not public. In fact it's a sat channel.

Not many ambulances or firetrucks use on board navigation. It's too expensive to build private infractructure and is inaccurate and unsecure when using a public medium such as bluetooth and a cell phone. You wouldn't open up a police network to the internet without a VPN, why would you do the same in their cars? What I would worry about is all the 9/11 call centers are using Windows NT and Dos based systems. :eek: And they are tied together with loose security controls to ouside agencies, such as the Sheriff Dept, Highway patrol, FBI, etc. They just "trust" one another and in most cased the people maintaing the systems are a contractor so there is another interface.

Those windows imbedded devices aren't the same as the windows you surf the web with. All the crap is removed and they are locked pretty decent but any device can be exploited. How many NT and Unix based patches to we see for CISCO devices a year? Yes CISCO used NT. And counter measures are built into critical, life threatening systems.

As for taking a step back... Air travel would not be safe without computers. In fact modern flight models would not be possible without a computer making tiny correcting adjustments to airflow over it's surface. The plane would drop out of the sky. Imagine managing traffic flow in heavy corridors without computers monitoring where the cars are stopped and where they are flowing and adjusting patterns. Cars are also much safer, anyone who has had antilock breaks, or traction control knows what I mean. And I don't know for sure but I bet some imbedded computer deploys the airbag as well. As for disabling a vehicle... moth balls, sugar and knife are MORE effective.

Airplanes operate Navigational Guidance in a number of ways, they aren't very suseptable because they are not public. And one would have to circumvent the wrath of well funded national and international agencies with police powers. First the pilot has a human navigator and can fly with NO external guidance. Then they have ground based radar in the form of airport approach control and segmented corridors that handle traffic monitoring outside the airport control. Then they have navigational beacons such as a VOR or other devices that get them within visual of a runway. Then the have glide slope radiators at the end of the runways and then GPS and then manual over ride. I am worried about the guy not shutting off his laptop during takeoff and external radio interference more than someone breaking one of the systems and feeding false information to a plane comming in for a landing during a fog, like in the movie Die Hard X. Wonder why the other Airports in LA or the Regional Control center didn't just radio the planes and tell them the Airport was under siege by terrorists who adjusted the Glide Slope to be a few hundred feet off?

And we saw what happened on 9/11 when a breakdown in trasportation system was discovered. They didn't use a computer virus.

I see no problem in putting a computer into a car. But why not just stop at that. Cars have no need to communicate with cell phones, pda, or a pc. With more technology comes more junk and these cars are the prime example. I thought it was a stupid idea when cell phones started becomming bluetooth capable, now we have cell phone viruses, now car viruses.

I own an 87 caprice calssic, and I love the fact that when I turn the key. It starts, When I press the gas it goes. If I wanted it to communicate with me, I'd install a computer with bonzi buddy on it in the dash.

Do you think they will take out the problem that causes the viruses (wireless communication)? Of course not. Untill your t.v., fridge, toilet, shower, car, and clothes are all talking to eachother and all have some type of virus its going to keep on getting worse.

I would hope that government officials are smart enough to never put a civilian accessable wireless equipment on military equipment. but they have done dumber things.

Just like your home computer, if you deploy a technology such as navigation to a public medium like bluetooth and the internet. What would we expect? At present the cars are using computers to drive the engine and break systems. But navigation and internet access is not part of that, and probably never will be. Except where already applied by mass transit. Sophisticated trucking companies use position data to adjust fuel ratios into the combustion chamber. For example when they are rolling across the great planes of the USA they can have their fuel mixture backed off via a GPS system and when they reach the high plains and then Denver the fuel ratio is adjusted accordingly to enable and increase in forward momentum. This saves a ton of fuel. But it is also not public. In fact it's a sat channel.

Yes. It's called Qual Comm. I had one on my truck. It also monitors if a trailer is attached to the cab of the truck or not, the speed of the truck, it's idling time, current inside and outside temperatures, the works. Most companies use it as a tool to keep track on their drivers and make sure they're driving the full 12 hours per 24 they're supposed to. However, this isn't the system in question...

Not many ambulances or firetrucks use on board navigation.

For how much longer?

As for taking a step back... Air travel would not be safe without computers. In fact modern flight models would not be possible without a computer making tiny correcting adjustments to airflow over it's surface.

What an amazing thing... I distinctly remember seeing and riding in 747's back in 1974. I'm sure they were flying earlier than that as well. I also distinctly remember they were touted (just as today) as the 'safest form of travel.' I also seem to remember there were less crashes...or less crashes we heard about at least.

Cars are also much safer, anyone who has had antilock breaks, or traction control knows what I mean.

I won't argue this with you. The antilock braking system is a wonderful thing. I'm curious though with the advent of these public-accessed navigation systems how much longer it will be before someone figures out how to crack them?

and on to Spazz:
Untill your t.v., fridge, toilet, shower, car, and clothes are all talking to eachother and all have some type of virus its going to keep on getting worse.

The day they computerize my toilet is the day I truly believe they've gone too far - and the day I build myself an outhouse. :D

Hi BlackIce,

I read a sci-fi novel where toilets were used to detect health problems. That doesn't sound so far fetched anymore. Pee into the toilet, quick analysis and ding ding your doc gets called.

I am vaguely familiar with Qual Com and its reporting. The system even lets a trucker receive and send Fax’s. But this system actually manages the fuel intake into the manifold based on incline and speed as equated to your location.

I highly doubt ambulances with ever use a public navigation system. I authored a feasibility study of retrofitting snow plows (because one was lost in a blizzard in 1998) with such a system and along with that rollout- migration to rescue vehicles. The snow plow people had a greater need because they could not locate the plow and rescue the driver. There really wasn't anything that could be used at the time (2001) outside of a GPS receiver that would send coordinates back to the dispatcher and display it on a map. But that is not what I would call navigation. There really isn't a need. Maps are fairly static even in high growth areas. The dispatcher has access to all necessary information and in some cases the exact location of the vehicle. And roads don't wonder off their route, they are fairly static and won't change during the duration of the vehicles trip. I could see a need if they were dispatched to cities 1000 miles as a normal operating procedure. What I worked out for that system was not public. That would be like putting an unprotected wi-fi link on the main 911 servers.

As for the 747, I said modern. :) That thing is old and to my recollection was never designed to use a computer. The old one's were all dials, and then later retrofitted to take advantage of advancing technology, like the radar that scans the space in front of the craft and will automatically either raise or lower the altitude (depending on direction) to avoid midair collisions. Or the computer systems designed to detect and mitigate wind shear, the mechanism for a lot of crashes). But it can fly on nothing more than a jet engine and hydraulics to manipulate airflow. There were less crashes because they were an exponential number of less flights. Actually I think it's the other way around, I remember planes crashing all the time in the 70s. Not so much these days, except those small private planes seem to drop like flies, but the aren't in the same league. In addition many countries didn't even have airports yet and we can't control what goes on in Korea or Chili etc. Only the planes that come into our air space have to meet safety requirements.


I agree with you that those caught messing around with systems that could cause public safety concern could be treat more harsh than someone accessing your web cam. ;)

//Edit hate to tell you Spazz, that 87 caprice classic has a computer in it, that if failed, would not let you turn the key and step on the gas. Cars don't need to communicate to a PDA, but people in the car use communication conduits housed in the car. They aren't the same systems. Until the day comes when the car drives itself and needs info on the nearest gas station.