今天我参加了一个有趣的谈话在防御,显示一个潜在的安全漏洞,我从未想过一百万年。是的,窃听你的车的轮胎压力监测系统。谈所谓的“让空气轮胎压力监测系统”是由迈克Metzger。原来这样的攻击的攻击表面是巨大的。踏法案规定,每辆车在美国建造2007年之后必须有一个轮胎压力监测系统内置的。它还证明,汽车轮胎压力监控(及)使用未加密的射频轮胎和接收者之间的通信。系统及传感器警报是这恼人的低压灯打开我们都熟悉你的短跑控制台。
传感器有一个电池,ASIC压力监测和射频组件。这些传感器和射频接收机通常发现在你的躯干或手套箱。它通常是相同的射频接收机用于你的密钥卡。系统及系统使用315 mhz或433 mhz频率和使用编码但不encyption。一个惟一的ID燃烧在每个传感器(有点像MAC地址)。这个地址,地址和每个传感器的系统使用寄存器汽车ECU的工厂或经销商使用“特别”的工具。数字应该是独一无二的所以如果你的系统及射频你旁边拿起从汽车传感器系统知道它应该忽视这些信号因为他们没有注册。系统及系统通常提供多达10个传感器。这是如果你有一组雪地轮胎你不必去经销商,让他们重新学习一年两次传感器id。需要注意的是,通过设计及系统传感器只活跃在汽车发展的速度远远高于20英里每小时(基于轮胎转速),一个“特别”的低频传输接收、应用或磁铁附近。 Once active the sensors send their pressure info once every minute unless there is a problem (like rapidly decreasing pressure). All of the TPMS info is sent to the cars ECU for processing and action. The speaker went through the details on how to build your own "special" tool to force a "sensor" to register to the ECU and went through a bit about the commands that it will accept. To this point the researcher has been able to compromise the TPMS system itself but hasn't had time to attack the ECU yet. So for now we are safe except for the annoying low-pressure light. Of course Mike will try and find some buffer overflow or other vulnerability that allows him to escape into and own the ECU itself. If possible this would allow for all sorts of nastiness like shutting off a car that is running, damaging the engine by setting bad values in the ECU, creating power issues, etc. Modern ECUs sometimes include features such as cruise control, transmission control, anti-skid brake control, and anti-theft. If he finds something I'm sure we'll hear about it at the next Defcon! For more info see here: http://www.defcon.org/html/defcon-18/dc-18-speakers.html#Metzger Or more here http://en.wikipedia.org/wiki/Tire-pressure_monitoring_system
这里给出的意见和信息是我的个人观点,而不是我的雇主。我在我的雇主官方发言人。
从杰米Heary更多:信用卡略读:小偷如何窃取你的信用卡信息在你不知道的情况下谷歌Nexus One和十大手机安全需求你为什么总是要撕碎你的登机牌吗 视频租赁记录提供更多的比你的在线数据隐私保护新的SSL袭击的真相2009强城市传说IT安全/ >去 杰米的博客 更多关于安全的文章。*
*
*
*
*
*