你可能在美國影集里看過這樣的情節(jié)：一位具有億萬身家的虛構(gòu)社交網(wǎng)絡(luò)公司創(chuàng)辦人原本正在開車，卻突然無法操控車輛；于是車子在馬路上橫沖直撞，不停變換車道闖紅燈… 但那位被困在車內(nèi)的駕駛?cè)藚s毫無辦法，他對車子的控制權(quán)、特別是煞車，顯然被車子本身奪走了──也就是說，那輛車被人從遠(yuǎn)程遙控了。然后，你看到那輛車子在屏幕上爆炸(很刺激的畫面)，但身為軟件開發(fā)天才的男主角在千鈞一發(fā)中逃脫。 以上只是電視劇的情節(jié)，而且是科幻影集；能支持遠(yuǎn)程遙控的車輛是一個制造驚悚畫面吸引觀眾的好題材，但在現(xiàn)實中真的有可能嗎？….嗯…聽起來不可思議，但是，有。 在2011年3月，美國華盛頓大學(xué)(University of Washington)與加州大學(xué)圣地亞哥分校(University of California-San Diego)的研究團(tuán)隊，共同發(fā)表了一份《汽車攻擊面的綜合實驗性分析(Comprehensive Experimental Analyses of Automotive Attack Surfaces)》技術(shù)論文，提供給美國國家科學(xué)院(NAS)一個針對電子車輛控制與意外加速議題的委員會參考。 NAS的立場是為了協(xié)助厘清汽車產(chǎn)業(yè)界對于車載電子設(shè)備是否可能遭受駭客攻擊的質(zhì)疑──傳統(tǒng)觀念認(rèn)為，駭客若要達(dá)到攻擊目的，會需要將發(fā)動攻擊的硬件與車載計算機(jī)網(wǎng)絡(luò)實際連結(jié)。因此論文作者以最新的量產(chǎn)轎車為平臺，進(jìn)行了系統(tǒng)性與實證性的遠(yuǎn)程攻擊面分析。 而研究人員在分析過程中發(fā)現(xiàn)，以往在現(xiàn)實世界不曾有過(像電視影集情節(jié)那樣)嚴(yán)重的汽車安全漏洞危及車輛與駕駛?cè)耍骸皞鹘y(tǒng)汽車并不支持連網(wǎng)功能，因此汽車制造商也不需要預(yù)防外來敵人可能會采取的行動?！钡撬麄兲岢鼍妫骸拔覀兊钠囅到y(tǒng)現(xiàn)在支持廣泛的連結(jié)功能，路上行駛的數(shù)百萬車輛能直接透過手機(jī)與網(wǎng)絡(luò)來對付?！?

根據(jù)NAS委托研究，汽車可能遭受攻擊的安全漏洞是存在的
FxIesmc

恩智浦半導(dǎo)體(NXP)汽車系統(tǒng)與應(yīng)用部門工程主管Dirk Besenbruch表示，上述論文激勵該公司研究汽車安全議題。他指出，目前汽車電子裝置采用的CAN總線是一種“良好的容錯網(wǎng)絡(luò)”，但駭客們確實有許多種方法能透過網(wǎng)絡(luò)對車內(nèi)的電子控制單元(ECU)發(fā)動攻擊。 CAN 總線所提供的彈性能打造安全、具成本效益的網(wǎng)絡(luò)，讓供貨商為汽車添加各種透過計算機(jī)控制的系統(tǒng)(從車窗、門鎖控制，到煞車、引擎控制等安全關(guān)鍵功能)；但該種彈性也可能為新型態(tài)的駭客攻擊提供機(jī)會──例如侵入環(huán)繞所有車內(nèi)計算機(jī)控制系統(tǒng)(包括煞車、引擎控制等關(guān)鍵任務(wù)功能)的汽車內(nèi)部網(wǎng)絡(luò)。 Besenbruch坦承，舉例來說，全程從遠(yuǎn)程控制汽車音響音量，甚至更糟的，蓄意停止或激活汽車引擎，是完全有可能做到的。 本文授權(quán)編譯自EE Times，版權(quán)所有，謝絕轉(zhuǎn)載 本文下一頁：駭客如何從遠(yuǎn)程侵入汽車網(wǎng)絡(luò)？

相關(guān)閱讀：
• 動態(tài)導(dǎo)航，締造智能交通服務(wù)新時代
• 汽車安全應(yīng)用將邁入智能化和交互化
• 汽車安全系統(tǒng)的下一個發(fā)展方向?qū)⑹穷A(yù)主動（Pro-Active）FxIesmc

{pagination} 那駭客到底要如何從遠(yuǎn)程侵入汽車網(wǎng)絡(luò)？Besenbruch指出，提供車廠技術(shù)服務(wù)人員在日常車輛保養(yǎng)維護(hù)中診斷汽車狀況、以及進(jìn)行ECU編程的車載診斷系統(tǒng)(On-board diagnostics，OBD)就是一個管道。 此外駭客也可以透過將偽代碼(false code)植入MP3檔案中，來追蹤車內(nèi)的娛樂系統(tǒng)；這聽起來沒什么大不了，但一旦惡意程序進(jìn)駐車用娛樂系統(tǒng)，就像是癌細(xì)胞一樣，可能透過互連的CAN總線危及其它車用電子零件。 在前述的論文中還提到：“我們發(fā)現(xiàn)能透過撥打車用電話號碼，或是播放特制的聲音信號(用iPod編碼)，就能取得汽車的控制權(quán)，威脅車內(nèi)嵌入的車用資通訊系統(tǒng)?！逼渌斂凸艄艿肋€包括藍(lán)牙、Wi-Fi等各種短距離無線連結(jié)接口，遙控?zé)o鑰匙門鎖、RFID門鎖、胎壓監(jiān)測系統(tǒng)，以及手機(jī)通信接口、GPS、衛(wèi)星/數(shù)字收音機(jī)系統(tǒng)等。 當(dāng)然，以透過藍(lán)牙進(jìn)行攻擊的案例來說，駭客得先在靠近汽車接收器的地方布置無線發(fā)送器；接著駭客還需要了解該車輛的藍(lán)牙MAC位置，才能在遠(yuǎn)程利用汽車的安全漏洞，感覺會是個很復(fù)雜的工作。但研究人員指出，分析結(jié)果顯示，盡管需要費比較大的功夫來布置并接近攻擊車輛，有企圖心的駭客確實能達(dá)到攻擊目的。 因此，在遠(yuǎn)程透過無線連結(jié)接口控制車輛并不是很難做到；上述論文的作者們還發(fā)現(xiàn)，大部分車用藍(lán)牙裝置并不需要與使用者進(jìn)行任何互動，就能完成配對。論文作者指出，無線連結(jié)頻道帶來許多安全漏洞：“讓駭客能根據(jù)需求遠(yuǎn)程觸發(fā)行動、甚至橫跨多臺車輛同步運作或是以交互方式進(jìn)行控制。” Besenbruch也同意以上看法，他表示，不同于金融應(yīng)用領(lǐng)域的信用卡、個人識別碼、ATM機(jī)器，都是以在一個封閉的系統(tǒng)內(nèi)運作為前提進(jìn)行設(shè)計：“汽車產(chǎn)業(yè)面臨特別嚴(yán)苛的技術(shù)挑戰(zhàn)?！? 他進(jìn)一步指出，汽車制造商致力于維護(hù)一個開放性的系統(tǒng)，因此他們就不必每次在開發(fā)新車型時，又重新打造一個新的控制系統(tǒng)；目前有部分車輛內(nèi)部已經(jīng)有超過70個控制單元，所有這些電子控制單元都是相互連結(jié)的。 未來EETimes還將有一系列文章繼續(xù)探討汽車產(chǎn)業(yè)與芯片供貨商會如何解決以上安全性議題，敬請拭目以待！ 本文授權(quán)編譯自EE Times，版權(quán)所有，謝絕轉(zhuǎn)載 參考英文原文：How Hackers Can Take Control of Your Car，by Junko Yoshida

相關(guān)閱讀：
• 動態(tài)導(dǎo)航，締造智能交通服務(wù)新時代
• 汽車安全應(yīng)用將邁入智能化和交互化
• 汽車安全系統(tǒng)的下一個發(fā)展方向?qū)⑹穷A(yù)主動（Pro-Active）FxIesmc

{pagination} How Hackers Can Take Control of Your Car Junko Yoshida MADISON, Wis. -- You might have seen that frightening episode of the CBS series, Person of Interest, in which a fictional social media company's billionaire founder loses control of his car. From the street, the driver appears to be either a total nutcase (well, in this case, he is) or heavily intoxicated. His car weaves through traffic left and right, crossing lanes willy-nilly and clipping other cars. But inside the car, the driver is helpless. Any control he tries, especially the brakes, is overridden, apparently by the car itself. Unbeknownst to the driver, of course, the car is under remote control. Inevitably, the car blows up (creating an exciting visual). However, the software genius escapes in the nick of time. This, of course, is TV drama. It's fiction. A remotely compromised car is a scenario that makes a good thriller and scares the bejesus out of viewers. But possible in real life? No way. Well, wait a minute. Way. In March 2011, a team of scholars at the University of Washington joined with colleagues from the University of California-San Diego, in a technical paper entitled "Comprehensive Experimental Analyses of Automotive Attack Surfaces." They prepared it for the National Academy of Sciences (NAS) committee on electronic vehicle controls and unintended acceleration. Dirk Besenbruch, engineer, group leader of Systems & Applications, Automotive, at NXP Semiconductors, recalls the paper as a wakeup call. "It triggered our work at NXP" on automotive security, he said in a recent phone conversation with EE Times. The academics' point was to debunk automotive industry skepticism about the hackability of on-board electronics. The industry's conventional wisdom was that "to implement an attack, the attacker would need to physically connect attack hardware to the car's internal computer network." That got the university researchers going. They ran "a systematic and empirical analysis of the remote attack surface of late model mass-production sedan," according to the authors. The researchers were aware, as they conducted their study, that no serious security automotive security breach -- like the one on the TV show -- has ever compromised the safety of cars and drivers in the real world. The paper's author pointed out, "Traditionally automobiles have not been network-connected and thus manufacturers have not had to anticipate the actions of an external adversary." In the paper, however, they cautioned: "Our automotive systems now have broad connectivity; millions of cars on the road today can be directly addressed via cellular phones and via Internet." Where vulnerabilities exist Source: Technical paper -- "Comprehensive Experimental Analyses of Automotive Attack Surfaces" CAN bus is the crux of the issue? While noting that the CAN bus is a "good, fault tolerant network" inside a car, NXP's Besenbruch acknowledged that there are a number of ways hackers can worm their way into the internal network and get to the Electronic Control Unit (ECU). The flexibility of the CAN bus has created a safe and cost-effective network enabling vendors to attach a number of computer control systems (ranging from the window controllers to the locks and critical safety elements such as brakes and engine). But that flexibility also creates the opportunity for new attacks -- including one in which a car's internal network can circumvent all computer control systems including mission-critical functions. Besenbruch acknowledged that it's entirely feasible for someone to remotely turn the car-audio volume ALL THE WAY UP, for example, or worse, stop or start the engine at will. Asked how exactly a remote attacker could get in, NXP's Besenbruch mentioned "On-board diagnostics (OBD)," to which service personnel have access during routine maintenance for diagnostics and ECU programming. Attackers can also go after the in-car entertainment system, he added, by "introducing false code into MP3 files," for example. By playing the file, a user unknowingly plants malicious input in his in-car entertainment system. That may not seem like a big deal, but many in-car systems today are now CAN bus interconnected. A compromised MP3 or CD player in a car could be the cancer that metastasizes in other automotive components. The University of Washington and California-San Diego researchers stated in the paper: We find we are able to obtain complete control over our car by placing a call into its cell phone number and playing a carefully crafted audio signal (encoding in an iPod) that compromises its embedded telematics unit." Other attacking scenarios include much more direct physical access via short-range wireless interfaces, such as Bluetooth; WiFi; remote keyless entry; tire pressure monitoring systems and RFID car keys; and long-range wireless interfaces such as broadcast channels including a cellphone interface, GPS, satellite radio, and digital radio. Of course, in the case of a Bluetooth-based attack, for example, the saboteur would have to place a wireless transmitter in proximity to the car's receiver. Further, the attacker needs to learn the car's Bluetooth MAC address to remotely exploit the car's vulnerability. That does seem like a lot of work. The researchers, however, concluded: "Our experimental analyses determine that a determined attacker can do so, albeit in exchange for a significant effort in development time and an extended period of proximity to the vehicle." The scenario for remotely exploiting control of a car via wireless interface isn't far-fetched, the authors argued. Most surprising to them was that their car's Bluetooth unit responded to pairing requests even without any user interactions. Open vs. closed system Indeed, wireless channels open a plethora of vulnerabilities, "allowing attackers to trigger actions remotely on demand, synchronize across multiple vehicles, or interactively controlled," according to the paper's authors. NXP's Besenbruch concurred. Unlike the financial world where credit cards, pin numbers, and ATM machines are designed to operate in a closed system, he said, "the automotive industry faces particular technical challenges." Car manufacturers have striven to maintain an open system, so that they don't have to reinvent the wheel every time a new control system is introduced into a new model. Today, some cars already have more than 70 control units inside, he added, all of them interconnected. EE Times' Automotive Designline will examine how the automotive industry and chip suppliers are planning to address such issues in the coming series of articles.