I spent a few min reading the referenced paper, and they do seem to demonstrate that there's the possibility of electronically compromising car electronics, including brakes.
However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden. The steering wheel is connected directly to the wheels, and can't be controlled by the electronics. Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers. Even if the engine is racing, braking force is greater than the engine's force. [2]
If his car was vulnerable, all-electronic attack doesn't seem like a good way to assassinate someone if they can simply step on the brakes to stop the car. Changing the mechanics to allow remote control might be possible, but that's a lot of physical evidence to add to the car.
The Mercedes C250 (like almost all cars) has anti-lock brakes. The hydraulic (as you refer to them 'mechanical') brake cylinders are controlled by one of the cars ECUs based on data from the brake pedal, emergency brake, and rotational sensors on each wheel hub.
Everything in newer model cars is connected to the CAN bus (basically a broadcast serial protocol), radio, airbags, brakes, etc.
Your XM Satellite Radio could in theory detect that you are traveling over 70 mph and trigger just the right front brake cylinder. Any time you detect braking on other wheels, fire one of the 9 drivers side airbags to disrupt the operator.
The C250 definitely has an option that can sort of steer just by application of the brakes on individual wheels like you described. Their marketing name for it is "active lane keeping assist."
Agree with everything you said as possibilities. There are clear proofs of concept that an accident can be caused by a compromised electronics, and multiple ways to do it. We can come up with endless possibilities, but I was trying to establish likely vs unlikely.
In his particular case, an attacker would require Hastings to be traveling at a high rate of speed to have a high probability of a fatal injury. Highland Ave is a 35 mph surface street. So the attacker would either need to speed the car up, or have him already traveling at a high rate of speed. If it's the former, Hastings could have just used the brakes. If it's the latter, there are lots of reasons why he could crash on a two-lane city street lined with trees and parked cars at 4 am. As you point out, it's possible a sophisticated attack could have also provided all kinds of distractions to prevent him from braking effectively.
I think the most likely explanation was that he was speeding and lost control, but feel free to disagree.
I was simply correcting your authoritative statement: However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car)
You are dismissing it as unlikely, because you keep assuming that some subsystems would work as designed or intended.
I'm not comfortable discussing details on this point, but "just use the brakes" might not have been an option had the malicious payload been properly designed. I have maybe a basic to mid level of experience reverse engineering automotive firmware, and it would not be hard for me to pull off. God only knows what a state actor could come up with.
To get at actual firmware, you'll want to identify the ROM chips and wire up an appropriate reader. You might be able to get by with a bus pirate. Once you have the actual firmware, you should be able to identify the processor (get ready to learn old obscure Motorola instruction sets) and you're off to the races. If you luck out with an x86 or ARM processor I highly recommend the Hex Rays Decompiler.
I was working as a generalist on the team, so the HN expert collective may be able to give you better pointers on specific items.
> Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers
right, because ABS does not work by pulsating the pads off and back on...
What I would do if it was a spy movie:
1. plant bomb underneath.
maybe just a small (hard to find) fuse in the gas tank.
make it activated by airbag sensors.
2. hijack car electronics
3. when target is inside, locks door.
accelerate and mess with brakes
4. he can turn as he wish. by the time he realizes what's going on,
all he can do is try to avoid a high speed crash by then.
5. with doors still locked, car crash and goes boom,
just like they do in hollywood.
all the evidence left would be a burnt fuse in the exploded gas tank, and the firmware on the burnt electronics.
> right, because ABS does not work by pulsating the pads off and back on
So ABS can fully cut off brake pressure? My understanding is that it relieves extra pressure and that regardless of the valve position, either full force of the pedal (including locking the brakes) or reduced relieved pressure is still sufficient to stop a vehicle.
> What I would do if it was a spy movie
All posible. My comment was really just a response to Richard Clarke's comment that it could have been an "untraceable" "car cyberattack."
This Nova Science Now episode gives a demonstration where
Prof. Yoshi Kohno of the University of Washington hacks a car and remotely slams on the breaks....
>However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden.
about ABS brakes (and thus absence of direct mechanical control by the driver) other people have already explained.
The speed is controlled by electronic throttle control. Mercedes was among the first and brought drive-by-wire decade ago.
>The steering wheel is connected directly to the wheels, and can't be controlled by the electronics.
ever heard about electric assist steering? Mercedes does have it on the C250.
The reputation and perception is half the price of a Mercedes and this accident makes a dent in it (on the related topic - how much Toyota suffered for a runaway acceleration).
Correct me if I'm wrong: ABS doesn't cut off pressure to the brakes but instead relieves extra pressure. At no point can the ABS module ever fully cut off brake pressure that's being hydraulically applied by the driver. Incorrect?
> electronic throttle control
Yes, but my point was that regardless of what the throttle was doing, brakes can counter. If he was alert, he should have had reasonable time to start braking as the throttle opened up.
> ever heard about electric assist steering? Mercedes does have it on the C250.
>Correct me if I'm wrong: ABS doesn't cut off pressure to the brakes but instead relieves extra pressure. At no point can the ABS module ever fully cut off brake pressure that's being hydraulically applied by the driver. Incorrect?
if relief valves are kept open (instead of open/close/open/close/... like during normal ABS operation) i don't think there will be any effective braking force.
However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden. The steering wheel is connected directly to the wheels, and can't be controlled by the electronics. Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers. Even if the engine is racing, braking force is greater than the engine's force. [2]
If his car was vulnerable, all-electronic attack doesn't seem like a good way to assassinate someone if they can simply step on the brakes to stop the car. Changing the mechanics to allow remote control might be possible, but that's a lot of physical evidence to add to the car.
[1] http://www.autosec.org/pubs/cars-usenixsec2011.pdf [2] http://www.keacher.com/672/title-fight-brakes-versus-engine/