Prius tested for virus susceptibility

I think this was first reported by a Russian antivirus firm. Yep, leave it to ex-KGB trolls to figure out a way to spread fear to the masses. Movies like Terminator 3: Rise of the Machines didn't help either.

In theory, I suppose it *might* be possible to pull off such a hack if the onboard RTOS became more promiscuous with the outside world, especially if a wireless interface is used between the car and the scantool. That would be a nightmare, unless you could easily flash new security protocols to the scantool interface.

This is the concern I have from an industrial process control perspective. A lot of clients are using short-range WIFi instead of running expensive cable to a remote transmitter. This gives an enterprising hacker a direct view inside the plant process system, and the "security" is marginal at best.

I can recommend such things as hardware routers and firewalls, but then the cost "advantage" over a conventional wired transmitter evaporates. And let's face it, most industrial techs are a lot more familiar with 4-20 mA analog signals than with weird protocol stacks and emulators.

For the most part, I highly doubt a Bluetooth-equipped Prius can be hacked by compromising the Bluetooth stack. The onboard RTOS, in this case CANBus and LIN stack extensions, don't allow the two-way transfer from the phone to the internal car network. For the most part, LIN is a low priority extension and isn't allowed higher priority.

CANBus is Timing Triggered and also highly specialized wrt how the stack is built and how you can hook into the stack. You must have a great deal of knowledge of CANBus protocol to even understand what the system is saying.

CANBus expects an exactly-framed message, wrt header and data, before it will even look at the message. Much like other industrial protocols such as Foundation FieldBus or ControlNet, it's light years easier to just hack the control room display interface, which is almost always a Windows XP OS.

That's the same as aviation fly-by-wire systems. The onboard RTOS is actually three separate OS's, so even if one OS is compromised, the other two can maintain control.

The pilot chart system for preflighting, using Jeppesen, is actually run on Windows. It's relatively easy to infect the preflighting system with a computer virus, but so what?

At the worst, this is an inconvenience to the pilot who then must manually enter data into the CFMS. The Windows OS that runs the preflighting system and the CFMS don't even speak the same protocol, all the CFMS is looking for is coordinates, nothing else.

The aircraft onboard maintenance mode actually writes information to a standard 3.5 computer disk. You can stick a disk with all sort of boot-sector worms and viruses into the plane and nothing happens. The RTOS only allows downloading data, it refuses to upload anything.

 

gee another thing Toyota did right... what a surprise...

great post mdb654, good info to know