Wikipedia:Reference desk/Archives/Science/2015 July 21

Science desk
< July 20	<< Jun | July | Aug >>	July 22 >

Welcome to the Wikipedia Science Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

July 21

Can sound travel through Mars' atmosphere?

Imagine this situation. Two people at a distance are shouting over the surface of Mars (ignore the habitability). Could they hear sound? --IEditEncyclopedia (talk) 04:35, 21 July 2015 (UTC)[reply]

Here is a webpage from NASA JPL about Mars Polar Lander's acoustic microphone. This 1999 space probe was lost and could not operate its instruments atthe Martian surface. But, you can read what planetary scientists expected to hear!

After the loss, the Planetary Society tried to piggyback their experiment on another spacecraft, the NETLANDER probe. That mission never launched; CNES did not fund it. I don't recollect any more recent serious scientific effort - attached to NASA or any other space exploration agency - to place a microphone on Mars. (Here's the project webpage, hosted at Berkeley's Space Sciences Laboratory: Mars Microphone). "Sound on the surface of Mars is expected to be similar to that on Earth, except much fainter because the atmospheric pressure is much less than on Earth. Martian atmospheric pressure is about 7 millibars (as on Earth, this is altitude-dependent), which is less than 1% of the Earth's."

Even if the Martian atmosphere could transfer sound waves - perhaps at very low amplitude - it is unlikely that any such sound would be audible to unassisted human ears. Human ears don't work very well in extremely low ambient pressure. The technical term is "barotrauma": exposing your ear to such low pressure that is not at equilibrium with the rest of your body can cause temporary or permanent damage, including hearing loss. Here's a recent research article: Predictors of ear barotrauma in aircrews exposed to simulated high altitude. We know from experiments like this (and from terrible accidents) that humans don't deal well with low pressure: high altitude air crews and astronauts on the Martian surface are both, for practical physiological purposes, essentially in total vacuum; they must be provided a safe and controlled pressurized environment. If you're interested in "trying it out for yourself" just to see what it's like to expose your ears to near-vacuum conditions, the FAA and the Air Force work jointly to open up their high altitude physiology and safety training program to civilian members of the public every once in a while. You can find details at American Flyers, a commerical facilitator. A friend of mine flew up to Beale for this course some years ago: the effects of severe low pressure were, in his words, quite unpleasant. In addition to physical discomfort, there are also profound psychological effects.

Nimur (talk) 05:11, 21 July 2015 (UTC)[reply]

Just to be clear, sound clearly exists on Mars. It has an atmosphere, which can transmit vibrations. That's all sound is: matter which vibrates. The Martian atmosphere, though quite thin by Earth standards, is real, and thus can really transmit sound waves. You are correct that it is unlikely humans could hear the sound, for a variety of reasons, but the sound clearly would exist, and be detectable, just not by unaided human ears. --Jayron32 05:31, 21 July 2015 (UTC)[reply]

Be careful, you'll have the philosophers spouting their "If a tree falls in a forest..." nonsense here before too long!. Entirely correct answer though. Fgf10 (talk) 11:29, 21 July 2015 (UTC)[reply]

Ermmmm...wouldn't they be wearing helmets, so they would not be able to the shouts! Sorry! I think Jayron is correct.DrChrissy ^(talk) 14:15, 21 July 2015 (UTC)[reply]

Let's be clear- there are two distinct definitions for sound - see Sound#Definition. One definition is based on physics, and that works fine on Mars, as per Jayron. However, the second definition requires Auditory sensation evoked by the oscillation - So Nimur's perspective is also valid. To go back to the old saw about trees falling that Fgf10 mentions, the solution is very clear - from a physics perspective, sound is just vibration and energy, and of course the tree makes a sound. From a music theory or audiological perspective, sound needs a hearer, and so there isn't a sound if there's no perceiver. SemanticMantis (talk) 14:33, 21 July 2015 (UTC)[reply]

I don't think, even under that definition, sound needs somebody to actually hear it, but just needs to be something somebody could hear, if they were present. In that way it's similar to other human perceptions. We don't theorize that the forest entirely ceases to exist when nobody is looking at it, after all. (I suppose you could, but both would violate Occam's razor, so you would need to explain exactly why it changes depending on the presence or absence of an observer. We do get some things in quantum mechanics that seem to follow that pattern, but that's very different from macro objects.) StuRat (talk) 15:25, 21 July 2015 (UTC)[reply]

No, that's not how the definition works. It doesn't say "capable in principle of being heard", it says "auditory sensation." Using that definition, it's not a sound if nothing hears it. You don't have to use that definition if you don't want to :) SemanticMantis (talk) 15:57, 21 July 2015 (UTC)[reply]

I think it is clear enough that if you could put your ear to a railroad track on Mars, you would hear the oncoming train about as far as on Earth. So the question is how well the sound travels through the Martian air, complicated by the impedance mismatch at the astronaut's helmet (and perhaps at the source, if the source is, say, another astronaut with a smashed radio screaming at a White Ape). I think that the specifics of the helmet are going to matter a lot. But apart from that, well, the sound can be simulated; it's just, alas, that these bastards seem to be holding out on us. Wnt (talk) 19:40, 21 July 2015 (UTC)[reply]

Quick calculation for viability of camping turbine project

I had an idea to turn such a fan as this into a turbine to charge electronics when camping. It's IP55 waterproof.

I'm trying to calculate whether this is viable. I figured if applying 270 mA at 12 V gives a flow of 89.4 CFM (cubic feet per minute) and the wind speed is 5 m/s then the flow rate through the fan blades is 5 m/s x 60 s/min x pi x (0.014 m)2 = 185 litres which is only 6.5 cubic feet. Even if the wind was 10 m/s which is not unlikely but 8m/s is most likely, it's still not going to be producing much power. Am I right in declaring this idea to not be viable? ----Seans Potato Business 14:03, 21 July 2015 (UTC)[reply]

Another reason why it's impractical is that windmill blades need to be far from the ground or anything else that will slow the wind, so you would need to carry a mast with you while camping, too. Alternatively, I like the idea of a flexible solar panel on the top and back of your backpack, so it can charge your devices (in your backpack) while you walk. StuRat (talk) 14:42, 21 July 2015 (UTC)[reply]

It's Scotland so there's plenty of wind, particularly in the hills but not so much sun! 7-8 m/s is a reasonable expectation on the hills. --Seans Potato Business 15:38, 21 July 2015 (UTC)[reply]

On the ground ? StuRat (talk) 15:44, 21 July 2015 (UTC)[reply]

I've no idea. It gets windy enough to make conversation difficult. --Seans Potato Business 16:33, 21 July 2015 (UTC)[reply]

Another option might be piezoelectrics in your shoes to charge things as you walk. That would involve a wire going up each leg, though, into your backpack. StuRat (talk) 15:46, 21 July 2015 (UTC)[reply]

While we're on a digression, I should add that camping frequently involves the availability of free fuel. I don't know if there is a mini steam engine you can carry with you to recharge your electronics, but searching for "camping thermocouple" I found a few links like [1] which sort of make me think there must be a way to recharge items quietly and easily from a campfire. But I'm a bit shy of finding the genuine article at the moment. Of course, if you don't have fuel available you could always find out where the New Horizons mission control replica is and heist its power supply. :) (Fallout... what's a little fallout?) Wnt (talk) 18:02, 21 July 2015 (UTC)[reply]

Here's a review of that product [2]. Here's a review of several off-the-grid chargers, ranging from hand cranks to solar to various combination devices [3]. SemanticMantis (talk) 18:43, 21 July 2015 (UTC)[reply]

Yeah, the general suckiness of thermocouples and the lack of some solid state gizmo that works as quietly, but with the efficiency of a Carnot engine... that strikes me as one of the most gaping holes in our current technology. In this century there are not supposed to be compressors and combustion chambers and fans everywhere, dang it! Wnt (talk) 19:46, 21 July 2015 (UTC)[reply]

And this appears to be the product you're looking for, although if you're prepared to pay a fortune (for the UK you're looking at £300-£500) the Trinity Wind Turbine is a lot cooler (the whole thing folds down into a neat little cylinder about the size and shape of the cardboard tube from a toilet roll). – iridescent 22:05, 21 July 2015 (UTC)[reply]

This guy demonstrates the concept. I think the most practical idea is to use lightweight foldable solar panels. They'll produce some power even in cloudy Scotland though of course much less than in bright sunshine. You probably won't be able to charge something power-hungry like an iPad but it should be possible to charge a radio or maybe a mobile phone. Here are some reviews. Short Brigade Harvester Boris (talk) 05:08, 22 July 2015 (UTC)[reply]

Do people ever make birth control for male nonhuman animals?

I watched a nature documentary that reported that African elephants were confined to nature conservation parks, which had limited space, because human beings were taking over the land for agriculture or something related to the expansion of human development. The elephants thrived in the park too well, and hunting them was no good, because they bereaved the dead. So, a viable option was to invent birth control for the female elephants. This reminded me of the fate of the North American deer and how birth control was invented for the female deer. Do people always make birth control drugs for female animals and not male animals? Is it ever possible to temporarily make infertile a male animal? 140.254.226.190 (talk) 14:08, 21 July 2015 (UTC)[reply]

At least a handful of places have sterilized male squirrels in an effort to control the squirrel population - Santa Monica here [4], UC Davis here [5], Britain here [6]. Many of them use Gonacon - more on that here [7]. SemanticMantis (talk) 14:15, 21 July 2015 (UTC)[reply]

Oh, Gonacon is just a redirect to Wildlife_contraceptive, and doesn't have good info. From the Telegraph article above, "The vaccine stops ovulation and lactation in female squirrels, while halting testicular development in males." The ecoworld article says " Once injected, the animal in question is sterile for 2-4 years." The same article says it can also be used on Feral hogs, horses, deer, cats, and dogs. So the answer to your question is "yes" - Gonacon only started being deployed in the wild fairly recently, but it works on males and females, and will probably increase in usage over the next decade. SemanticMantis (talk) 14:27, 21 July 2015 (UTC)[reply]

I suspect that the question was directed at non-surgical methods, but let's not forget castration.DrChrissy ^(talk) 14:35, 21 July 2015 (UTC)[reply]

Castration changes the physiology and behaviour of male animals, thus vasectomy is the preferred surgical option.

http://www.biodiversityscience.com/2012/12/11/vasectomy-elephant-longer-term/

Roger (Dodger67) (talk) 15:44, 21 July 2015 (UTC)[reply]

Yes it is common practice in the UK (and probably other countries too) to neuter male cats and dogs. --TammyMoet (talk) 17:59, 21 July 2015 (UTC)[reply]

I'll also add that sterilizing females is more effective than sterilizing males, at least for most species. population biology, sexual selection, and fecundity usually work out for mammals such that the number of viable females is the limit to population growth. If you sterilize say 20% of males, you still might find that 100% of viable females give birth that season. But if you sterilize 20% of females, then only 80% can give birth that season. This is why control of wild populations usually targets females or both sexes, and not just males. SemanticMantis (talk) 18:37, 21 July 2015 (UTC)[reply]

Is the correct answer. One human male produces enough sperm to get every woman in the world pregnant in a few weeks. Elephants tend to live in herds of females, with calves, and bulls either solitary or in small groups. The herds and bulls only normally come together to mate. It would only need on rampant bull elephant to mess up the park's program. I suspect the park would want to control the population at a stable level, and keep genetic diversity and family groups. So putting e.g. half of the cows in each herd on the pill would be the best way to achieve population control, whilst retaining diversity. Martin451 16:38, 22 July 2015 (UTC)[reply]

Wild animal photos

Wikipedia:Help_desk#Wild_animal_photos Can someone identify two animal species if provide the photos?Lbertolotti (talk) 20:30, 21 July 2015 (UTC)[reply]

Without seeing the photos, we have no way of knowing whether the species can be identified. Certainly we succeed in making positive identifications sometimes, but it very much depends on the images, and the amount of other information provided (not least the location where the photos were taken). You should note however that when it comes to insects (like the fly which is one of your subjects), it is sometimes only possible to make a positive identification of a particular species through microscopic examination and/or dissection. AndyTheGrump (talk) 20:39, 21 July 2015 (UTC)[reply]

@AndyTheGrump Ok, do you want me to use the Wikimedia uploader for this?Lbertolotti (talk) 22:17, 21 July 2015 (UTC)[reply]

I've added some other wild animals images, luckily we will identify them all.Lbertolotti (talk) 16:54, 22 July 2015 (UTC) Perhaps we should change the images descriptions now.Lbertolotti (talk) 19:05, 26 July 2015 (UTC)[reply]

Bird

 

Photo of a bird taken at Anchieta Island

Well here it is.Lbertolotti (talk) 00:34, 22 July 2015 (UTC)[reply]

Hey that's a start! Is this near Anchieta,_Espírito_Santo? I can't find a WP article related to Anchieta Island. SemanticMantis (talk) 01:32, 22 July 2015 (UTC)[reply]

Anchieta Island, in the northern coast of the state of São Paulo, Brazil, famous as the site of a state prison.Lbertolotti (talk) 01:42, 22 July 2015 (UTC)[reply]

The photo is very difficult to make out, but I'm guessing that's a plover of some sort. There are a lot of plovers in South America, and many of them have dark backs and white fronts (which is all the colouration I can make out in that photo). Did the bird resemble any of the ones on that list? Smurrayinchester 08:00, 22 July 2015 (UTC)[reply]

Looks like a plover, but the bird's body proportions are different from those images. Look at the size of his legs compared to his torso.Lbertolotti (talk) 12:56, 22 July 2015 (UTC)[reply]

I was thinking it looked more like one of the stilts or avocets. SemanticMantis (talk) 14:24, 22 July 2015 (UTC)[reply]

Am I seeing things, or does the bird have a plume of feathers from the side/back of the head?DrChrissy ^(talk) 14:56, 22 July 2015 (UTC)[reply]

His head was quite smooth, unfortunately I couldn't get closer or he would have flown away.Lbertolotti (talk) 15:21, 22 July 2015 (UTC)[reply]

But there appears to be something white protruding from the side/back of the bird's head?DrChrissy ^(talk) 15:34, 22 July 2015 (UTC)[reply]

Fly

 

Photo of a fly taken at Lagoinha beach

Looks like one of the Musca sp. but getting the exact species may be difficult, if not impossible. Roger (Dodger67) (talk) 19:07, 22 July 2015 (UTC)[reply]

All Musca sp have 6 legs?Lbertolotti (talk) 00:51, 23 July 2015 (UTC)[reply]

• All insects have 6 legs, so, yeah. --Jayron32 01:41, 23 July 2015 (UTC)[reply]

Fish

 

Photo of a fish taken at Noronha Island

The black spot on the tail is usually indicative of a Red drum, aka Channel bass, they're a rather ubiquitous fish. However, this fish doesn't seem quite like a red drum because a) the spot is dead center on this fish, and on a red drum, it's closer to the top and b) this one doesn't look like it has a red tint, whereas the red drum does. That's the best I can figure out though. --Jayron32 01:48, 23 July 2015 (UTC)[reply]

Looks like a juvenile French grunt to me. As they mature they loose the spot and become more yellow. However, in his Reef Fish Identification, Paul Humann follows his juvenile French grunt description with:

These marking are nearly identical to those of several juveniles and adults in the family, making identification difficult. Similar to pale phase of Cottonwick, H. melanurum, distinguished by lower body stripes that are horizontal. Similar Tomtate, H. aurolineatum, distinguished by lack of yellow markings, especially on the belly.

It may not be possible to distinguish between them with your photo. I don't know about the distribution of the other two, but French grunts are very common in Noronha. -- ToE 14:50, 25 July 2015 (UTC)[reply]

Fish2

  Resolved

 

Photo of a fish taken at Noronha Island

Hard to say from the angle, but I'm inclined to say some variety of puffer fish. Snow ^{let's rap} 23:27, 22 July 2015 (UTC)[reply]

Possibly of genus Tetraodon or Tetraodontidae? Don't we have a dedicated ichthyologist here at the ref desks? Who is it I'm thinking of? Snow ^{let's rap} 23:37, 22 July 2015 (UTC)[reply]

Ah, ok, remembered that completely wrong, but still, as Obsidian Soul has answered other fishy questions, perhaps he can give an appraisal of my best guess so far, which is that this a variety of (or close relative to) the checkered puffer, as seen in this picture of a specimen off the coast of Belize? Snow ^{let's rap} 05:22, 23 July 2015 (UTC)[reply]

@Obsidian Soul

Not sure who the helpful gnome is who added this, but I'm curious, is the {{u|}} template once again failing to send automated notices? Snow ^{let's rap} 12:14, 25 July 2015 (UTC)[reply]

It's a Scrawled filefish. Here is a side photo of one, also at Noronha. -- ToE 13:05, 25 July 2015 (UTC)[reply]

Ah, man, I didn't even get the order right? Snow ^{let's rap} 00:15, 26 July 2015 (UTC)[reply]

Goose

 

Photo of 3 Gooses taken near Ouro Preto

Here I was thinking about the white ones.Lbertolotti (talk) 16:54, 22 July 2015 (UTC)[reply]

These appear to be Roman Tufted Geese. Be aware that the plural of goose in English is geese, not gooses. (Gooses are rude pinches to the buttock, so the mistake can lead to unintended comedy.)

The knob at the base of the upper beak and the colouring matches the Chinese goose. -- Roger (Dodger67) (talk) 19:16, 22 July 2015 (UTC)[reply]

I can't say I really see an orange fleshy knob above the nares. Could be, but the picture is at a bad angle and blurry. μηδείς (talk) 01:39, 23 July 2015 (UTC)[reply]

Sand Dollar

 

Photo of Sand Dollar taken at a beach near Parati

Looks consistent with Mellita quinquiesperforata, which was very commonly found in a survey in a bay a bit farther south [8]. --Amble (talk) 21:38, 22 July 2015 (UTC)[reply]

Can u tell if this one was dead or alive?Lbertolotti (talk) 23:15, 22 July 2015 (UTC)[reply]

It still has spines and a lifelike color, so it's either alive or recently deceased. If it had been long dead, you would just have a bleached hard test. I can't say more than that based on the photo alone. Did you pick the animal up from underwater, or did you find it on the sand at the beach? --Amble (talk) 23:22, 22 July 2015 (UTC)[reply]

That was a long time ago, but I think the waves brought him to the sand.Lbertolotti (talk) 00:48, 23 July 2015 (UTC)[reply]

Bird

 

Photo of a bird taken at Noronha Island

 

Brown booby, for comparison.

 

Note that some brown boobies (juveniles ?) lack the white bibs.

Brown booby ? Although yours looks to be grey, not brown, but they do range in color to blacks, especially in juveniles. StuRat (talk) 17:24, 22 July 2015 (UTC)[reply]

Based on that reasoning, mine would be even younger than the ones you showed.Lbertolotti (talk) 17:53, 22 July 2015 (UTC)[reply]

Check out this juvenile Brown Booby: [9]. It has only a very subtle lightening of the color on the bib, which I believe I see in your pic, too (although the bib area is almost entirely hidden in your pic). This one has a brown beak and feet, though, unlike yours. StuRat (talk) 17:58, 22 July 2015 (UTC)[reply]

Sea Urchin

 

Photo of some sea urchins taken at Noronha Island

Visually similar photographs and books suggest it's probably Tripneustes ventricosus. --Amble (talk) 00:18, 23 July 2015 (UTC)[reply]

Worm

 

Photo of a worm taken at a forest near Parati

Worm 2

 

Photo of a worm taken at a mill near Parati

That looks like a caterpillar (a larval moth or butterfly), not a worm. StuRat (talk) 17:16, 22 July 2015 (UTC)[reply]

(I changed title to add the 2, since sections with identical titles can cause bugs.) StuRat (talk) 17:18, 22 July 2015 (UTC) [reply]

Is there some way of being sure? Lbertolotti (talk) 17:23, 22 July 2015 (UTC)[reply]

The first worm is clearly an (oligochaete) earthworm, given the obvious and diagnostic feature of the clitellum, and the lack of the specializations of a leech. The second creature is a caterpillar, given the obvious diagnostic feature of the six true legs and the parapodia. μηδείς (talk) 19:04, 22 July 2015 (UTC)[reply]

How many times per day does a normal person leave their house?

Assume a democratic western country. Count things like going to work, going to the shops, walking the dog, etc but only if the person returns home between each activity. If the person does all those things but does not return home between each one, then it only counts as having left the house once. — Preceding unsigned comment added by 193.50.192.37 (talk) 19:04, 21 July 2015 (UTC)[reply]

You need to be more specific about what you mean by "normal". ←Baseball Bugs ^{What's up, Doc?} carrots→ 19:16, 21 July 2015 (UTC)[reply]

The dictionary definition will do. — Preceding unsigned comment added by 193.50.192.37 (talk) 19:23, 21 July 2015 (UTC)[reply]

That has 21 separate definitions. ←Baseball Bugs ^{What's up, Doc?} carrots→ 19:29, 21 July 2015 (UTC)[reply]

Along with the problems as to what is "normal" and what isn't there are too many variables for there to ever be a definitive answer. House in the city or the country? Weekday or weekend? Single person or family? etc etc. MarnetteD|Talk 19:34, 21 July 2015 (UTC)[reply]

Why is it a problem to define a norm? The question is clearly statistical - in which norms are common. 209.149.113.45 (talk) 19:39, 21 July 2015 (UTC)[reply]

I am normal and I normally leave my house once a day; sometimes I go out again in the evening but not normally.--Shantavira|^{feed me} 19:51, 21 July 2015 (UTC)[reply]

As noted by MarnetteD, one's occupation is likely to drive the answer. Someone who works in a company might well leave home just once or twice a day. Someone who works at home might go in and out of their door many times in one day - or possibly not at all. Someone who's a traveling salesman or a touring performer might go months between stays at home. So the question as it stands can't really be answered. ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:07, 21 July 2015 (UTC)[reply]

• All of these concerns about what is normal, occupation, etc. could be handled by reporting a mean. Table 2 here [10] presents some data. They come up with 4.3 trips per person per day. (and to everyone else, please at least attempt to do some research or find a reference before challenging the question.) SemanticMantis (talk) 21:02, 21 July 2015 (UTC)[reply]
  • It remains to be seen whether that's what the OP really wanted. ←Baseball Bugs ^{What's up, Doc?} carrots→ 21:15, 21 July 2015 (UTC)[reply]

That's what they're supposed to be getting, though, this being the reference desk and all. I'm fairly certain they didn't ask for sophistry about their question. Ian.thomson (talk) 21:21, 21 July 2015 (UTC)[reply]

If the question is vague, it's not our fault. ←Baseball Bugs ^{What's up, Doc?} carrots→ 21:24, 21 July 2015 (UTC)[reply]

The item linked to is only about how people travel not the number of times one might leave the house in a day so it is only a partial answer to the OPs question. This proves my point about the difficulty in getting a definitive answer. BTW my post was not sophistry. MarnetteD|Talk 22:18, 21 July 2015 (UTC)[reply]

How to reliably kill all transponders on a car

I have seen different, vague, confusing things about how many transponders are put on modern cars. In the light of this story, this is no matter a matter for vague wondering. Of course, a critical security patch is available ... the funny thing about critical security patches is, though, there's always a next one, right up to the end of the supported life of a product, no matter what the product. If a driver, hypothetically, would for some reason prefer not to find his car repeatedly running him over and over under the guidance of its parallel parking feature and rear-view camera on the same unlucky day that the North Koreans cause millions of simultaneous traffic accidents in the space of an hour, it would appear that a no-nonsense Battlestar Galactica approach is needed, and fast.

So can anyone point to resources that a) try to go through all the known types of cars and say where everything with an antenna of any kind may be hidden away at, b) give instructions how to physically destroy them, and c) can you inform whether there are any legal coercive tactics already set up to try to prevent this because of the loss of surveillance data?

P.S. this is not a personal request for advice. I have a car from 1997 and a map. :) Wnt (talk) 20:37, 21 July 2015 (UTC)[reply]

Does Paranoia not have the answers you are looking for? --Jayron32 21:56, 21 July 2015 (UTC)[reply]

This is a real news story. The vulnerability has been known for nine months, but not that many vehicles even received the patch. Even if you believe there's no other way in and the security is perfect now, that still leaves any good group of hackers with a beautiful opportunity to make Pearl Harbor look like a kid saying boo. Wnt (talk) 22:01, 21 July 2015 (UTC)[reply]

Youtube has a very comprehensive and thorougher instructional video of how to disable, stage-by-stage any unwanted electronic car gadgets in just 4 and 35 seconds. Hope this helps.[11]--Aspro (talk) 23:03, 21 July 2015 (UTC)[reply]

Imagine the following scenario, which I think is actually FAR more likely than the above news story (I actually question how "plausible" some of the claims in the "news story" are, is it even possible to disable a car's brakes from the computer? I don't believe consumer cars have brake-by-wire yet, I know some cars can automatically APPLY the brakes, but I've not heard of a car where the pedal can literally be uncoupled from the brakes, but I'm not any kind of expert so I could be wrong.) SO, imagine you do go in and disable some "transponders" in your car, but you've also inadvertently disabled some safety feature, like Automatic braking for example, and you have an accident, and the insurance company finds out that you've "hacked" the car, I imagine you would be up a proverbial creek, all your warranties would be void and you would possibly be personally liable for any and all damages. Vespine (talk) 23:11, 21 July 2015 (UTC)[reply]

• Sorry, this is the link to the real article. Note the citations to at least two other tests where brakes were disabled. Wnt (talk) 00:03, 22 July 2015 (UTC)[reply]

These are quite sensational claims! Is there any evidence that the attack could succeed against an unmodified vehicle? Have there been any independent verifications of the claims?

The story claims that the attackers demonstrated remote attacks that can disable a vehicle as it operated on a public roadway (the article says the motor vehicle was operated on Interstate 64 in Missouri when the brakes were intentionally disabled). It's alarmingly unethical - and very probably illegal - to demonstrate these vehicle failures while operating a vehicle on a public roadway in the state of Missouri.

Nimur (talk) 01:14, 22 July 2015 (UTC)[reply]

Either the main journalist is sexing the story up, and/or all three of them are complete idiots. So far as disabling all transponders goes, it would have to depend on both the model and the options fitted, there is no general solution. Greglocock (talk) 01:29, 22 July 2015 (UTC)[reply]

It seems ludicrous to risk actual harm to uninvolved individuals, when the technical merits of these claims could be equally-well demonstrated on a closed course - or even on a non-moving vehicle! To me, this irresponsibility suggests a serious lack of integrity - and causes me to doubt the veracity of the claims.

Besides, even if we wish to accept the claims exactly at face value... so what are the actual implications? Are we supposed to start panicking because a psychopathic attacker who wishes to destroy vehicles and harm humans can cheaply and anonymously attack a vehicle's brakes? The attacker could throw rocks at cars, or drop caltrops on the freeway, too... there are thousands of ways that a person can wreak harm on unsuspecting soft targets. This particular harm-by-cyberattack is difficult to execute, and depends on specific details in specific incarnations of certain technologies ...so, where is the novelty?

Honestly, I am more worried about enemies and random psychopaths who would drop caltrops on roadways than I am worried about computer-enthusiast miscreants who attempt to "hack" vehicle safety and control electronics. How serious a threat are caltrops? They are so serious that they are listed as Item #1 in the CIA virtual Museum Tour(with photos!). You don't need to use advanced technology to cheaply and effectively execute anonymous attacks on public infrastructure.

So, Wnt, as you harden your security against electromagnetic threats, what preventive defenses are you taking against caltrops? How secure is your car against rock-throwers? ...Vandals who slash tires or cut wires? ... Sugar in the gas tank? ...Snipers emplaced on the roadway? How about the more mundane threat of running our of gas due to an economic denial of service atrack? Why do you choose to fixate only on one specific category of potential threats to your vehicle? In one of our recent discussions on security as it pertains information and technology, I linked to some great resources to help you consider the whole security picture - specifically, the plenum session of the President's Cyber Security summit in January 2015. Again, in a computer security question that came up in March of this year, I linked to the computer security section of the Marine Corps Physical Security manual. Your vehicle's greatest security weakness is probably not its computer system or its wireless radios. If you are so concerned about esoteric computer security threats that you would alter your motor vehicle in an effort to remove radios... perhaps you should hire a guard for your vehicle to protect against other, more perspicuous vulnerabilties.

Nimur (talk) 06:02, 22 July 2015 (UTC)[reply]

I think you're missing the point. This one brand controls (and I mean controls) 470,000 vehicles. The articles suggest others have the same problems. Now yes, two hackers playing with one vehicle is a small threat. But a group like North Korea or the Syrian Electronic Army could line up a botnet with thousands of computers, infect millions of vehicles, and SIMULTANEOUSLY crash a large fraction of them. And guess what -- if there are two hundred thousand traffic accidents on the road, you can hit your Onstar button but the cops ain't comin! Now if North Korea could put sugar in the gas tank of every car in my neighborhood, I'd want to harden against that, sure ... though even if they could, it's less distressing to have your vehicle sabotaged when you're not in it. As for ethics, well, is putting a car in neutral on the highway really that much more unethical than putting half a million cars on the road that can be tracked, spied on, and even crashed remotely? (the article skirted some obvious issues, like whether the hackers could tap into the microphone and listen to the occupants' conversations) Wnt (talk) 10:24, 22 July 2015 (UTC)[reply]

I wonder how much access they had to the target vehicle before the demonstration. Greglocock (talk) 10:38, 22 July 2015 (UTC)[reply]

I doubt that it is chicanery on the part of the Wired author. A bill was introduced yesterday in response to this [12] but the details aren't available yet at that link; from the description it doesn't sound like it goes far enough. I don't want car companies to protect their records of everywhere I've ever driven; I don't want them to have them at all. And I don't want an interface to be "secure", I want it genuinely not to be there at all. Wnt (talk) 10:54, 22 July 2015 (UTC)[reply]

How much access did they have to the vehicle? They own it. They initially connected to the Jeep using the hard-wired technician's connection. Then, they rewrote the firmware of the controller. Then, they called a friend who happened to be a writer and said, "Hey, hop in our Jeep and take it for a ride and see what we can do!" This is in no way equivalent to the headline that I saw today: "Hackers take complete control of a smart car from across the globe!" 209.149.113.45 (talk) 14:52, 22 July 2015 (UTC)[reply]

Source for this additional info? It's interesting since the Wired article seems to imply as Wnt suggested that they were able to take control over it remotely without physical access so either with the default firmware, or with new firmware they can upload without physical access but they won't reveal much more until the Black Hat conference. (However they learnt about the vunerability initially.) I presume that in reality, what they mean is that it can happen remotely, but only with special firmware that can be uploaded by someone with physical access which can then use the cars built in system to accept remote commands. Of course one thought is that as long as this can happen with access to the technician port, you could enable remote control simply by designing a device which can be plugged in and is capable of accepting remote commands. This may cost more since you need a unique device for every vehicel you target (ignoring any you recover for later use) and also has a higher risk of being noticed (although in reality, I suspect someone with sufficient resources could make a device most people are unlikely to notice unless they look very carefully and while I'm not sure where the port is on these cars, I suspect people rarely look at them), but otherwise would be just as effective. Now if the vehicle had a clear indication that the technician port was being used on the dashboard, this may be noticed, but that's presuming it can't be hidden by someone with access to the technician's port. Nil Einne (talk) 16:24, 22 July 2015 (UTC)[reply]

It is actually the lack of a reputable source that causes me to disbelieve the claims in this Wired article. Has there been any independent verification? Is there an entry in the national Common Vulnerabilities and Exposures database? What is the entry number? Which peer-reviewed computer security or automotive engineering journal has published a study of this problem? In this case, all the syndicated re-published news articles in the world are worth less than a single good technical write-up in an industry journal.

Instead we are asked to believe that two independent researchers accomplished an incredible feat. Of course it is possible that they discovered and exploited a serious oversight in production vehicles; but this is unlikely. What we need is independent verification. These researchers purport to favor complete disclosure instead of a silent behind-the-scenes security fix. Ok, great - so why didn't Wired link to a CVE entry and a technical whitepaper? Apparently the researchers do not wish to disclose their methodology or permit outside scrutiny?

This is the difference between sensational journalism that has mass appeal to uninformed users of technology, and actual computer security engineering that can be taken seriously by informed individuals. Nimur (talk) 16:56, 22 July 2015 (UTC)[reply]

This "story" is being heavily exaggerated by the media. This morning, I saw a headline "Hackers take complete of a smart car and smash it into a ditch from across the globe!" So, you have to avoid anything written since July 18, 2015. All you will find is garbage. In the original wired article by Andy Greenberg (who mysteriously becomes a woman in articles I've seen written in the past few days), he clearly states that he was given the car by the hackers and he explains that they messed with the stereo, windshield wipers, and set the transmission into neutral. Then, he went to an empty lot and they did more fun stuff. How? Go back to the previous article that Andy wrote. He explains that they sat in the back seat and were directly wired into the car. They replaced the firmware and were able to control the car. So, who are these hackers? Charlie Miller and Chris Valasek have been "hacking" the firmware of various cars for about five years. They work for IOActive and are trying to PROTECT cars from hackers, not turn the world into a global demolition derby. They are trying to perfect a method of rewriting the firmware so they can remote-control as much of the car as possible, all in an attempt to uncover and fix weaknesses. But, all they can control is what the computer controls. Does the computer control the steering wheel? No. Does the computer control the brake (not the ABS - the physical brake)? No. All of that nonsense is coming from Andy Greenberg, who obviously has a tendency to exaggerate. 209.149.113.45 (talk) 17:09, 22 July 2015 (UTC)[reply]

Trying to trace back the exaggerations...

Claim: Hackers disabled the brakes. Original articles: Hackers turned off the engine. Power brakes went out. It was much harder to stop the car, but it was possible - especially if the driver was smart enough to use the emergency brake.

Claim: Hackers took control of the steering wheel. Original articles: Hackers could turn power steering on and off. If that happens while turning, the wheel will jerk as it becomes easier and suddenly harder to turn. This does not give the hackers ability to turn the wheel.

Claim: Hackers disabled the car. Original articles: Hackers were able to shut off the engine. Hackers were able to shift into neutral. That does temporarily disable the car, but you can start the engine back up or shift back into drive.

Claim: Hackers took control of a smart car from an unsuspecting young woman and smashed her expensive SUV into a ditch. Original article: ??? This claim has nothing to do with anything previously written. 209.149.113.45 (talk) 17:44, 22 July 2015 (UTC)[reply]

First I should mention I've read the Wired article more carefully and realise it does actually specifically mention rewriting the firmware. I missed that because I only skimmed through the article and it came in a much later section. My bad. (In some ways it didn't really matter whether it was original firmware, or remotely modified firmware for my main point, but I didn't explain this very well.)

Anyway it sounds like you're conflating two different things. The article Wnt highlighted and you yourself pointed to refers to he latest research and says that the car can be controlled remotely. It specifically mentions the previous research which required physical access, but says it was with not only different cars, but different brands of cars. These cars don't use the Uconnect system they were targetting (well it doesn't directly say that, but it's fairly obvious from what was written and some research).

The article doesn't directly state, but seems to strongly imply that no physical access was ever required as it mentions a security flaw (*1), that they wanted to demonstrate an attack which required no physical access (*2) and in particular where it mentions rewriting the firmware, this comes right after they mention the vunerability. Later it goes on to discuss patching the bug etc. No where does it seem to suggest they needed physical access to enable any part of the attack.

So while we can't rule out journalistic sensationalism, it does seem to me that the article strongly implies this flaw did not require physical access and from the researchers POV, it sounds to me like that's definitely what they were trying to achieve. (And per my earlier point, the previous research is interesting, but if anything suggests this flaw doesn't require physical access rather than suggesting it does.)

I don't know if anyone disagrees that the car belong to the hackers, but this tells us nothing about whether they needed physical access to be able to do all they did. *3 (There are many obvious reasons why they would be using their own car.) It also fairly obvious that the hackers are not intending to do anything harmful, but again, this tells us nothing about whether or not they needed physical access.

The only sign we have of that is they seem to be talking about it openly, but that is also explained, there is already a patch for the flaw *4 and they aren't going to release the part which enabled them to rewrite the firmware. (Which also seems to imply they didn't need physical access to me.

*1 It's possible the security flaw is there should be no connection between the network portion and the control portion regardless of firmware changed by physical access. I don't think that's what's being referring to do for the reasons explained later.

*2 Which could mean no physical access was required at the time of control (rather than ever). However as I pointed out earlier, while less impressive and more expensive, you could easily make your physical access attack in to a remote one by adding a remote control device connected to the technician port which in reality very few people are likely to notice if done well. So it doesn't seem to me an attack which required physical access at some stage is really that much more impressive than an attack which requires constant physical access.

*3 By which I'm only referring to after the've worked out what they can do. They're likely need physical access or access to the source code etc to work out how to carry out the attack in first place. Trying to work it all out remotely would likely be an exercise in frustation

*4 I don't think the fact the patch requires physical access tells us much about whether rewriting the firmware using a vunerability. Using a vunerability to patch a flaw is a very bad idea even for a computer system. The controversy over white angles who've done it demonstrates that. It's surely an even worse idea for a car. "Whoops I BSODed your computer" could easily become "Whoops I caused you to have an accident killing yourself, your children and plenty of other children".

P.S. In response to Nimur, but also to the to some extent IP, remember that the article strongly implies that the researchers are fully willing to disclose the details except for how to rewrite the firmware. They only haven't done so yet because they are waiting for the security conference. AFAIK, this practice is common among respected researchers in many computer science fields. Related practices are common in other fields. They have already disclosed the flaw to the relevant parties 9 months ago such that a patch exists. We may dislike their willingness to work with the journalist, who published this story now before the conference (probably with ther permission) with so little details, but in reality that too is fairly common in the modern world in many different areas of science, like it or not given the various demands.

Nil Einne (talk) 19:30, 22 July 2015 (UTC)[reply]

I agree with you, Wnt, that the risks seem to outweigh the benefits, some of which just seem silly. You can turn up the volume on your car from the Internet now, versus reaching all the way over to the radio ? Sure, that's worth making a car that can be hacked ! Here's a list of the features of the Uconnect system: [13]. Of those, several seem potentially dangerous if hacked or if they just have a bug. Turning the volume to a deafening level could cause an accident (and I had a TV where the remote kept sending the volume up signal, so this even seems possible just as a bug). Turning the heat on max on a hot summer day could be dangerous (hopefully the occupant could still open windows). The autostart feature could be used to run the car out of gas or, if in a garage (particularly attached to a house), create a dangerous build-up of carbon-monoxide. If the car isn't smart enough to check to see if the car is running before trying to start it, then that could cause something bad to happen (not quite sure what). StuRat (talk) 16:33, 22 July 2015 (UTC)[reply]

• @209.149.113.45: See [14]. Despite what you say, the computer does appear to be controlling the steering wheel. (I can't say from that video what would happen if the driver and the computer had a dispute, though) Wnt (talk) 19:22, 22 July 2015 (UTC)[reply]

• I should add that apparently Hacking Team had a similar opinion in 2008; I found this by searching Wikileaks' trove for 'Onstar': [15] (which is mostly commenting on [16], but they sound like they might know something themselves) Wnt (talk) 23:28, 22 July 2015 (UTC)[reply]

• A 60 Minutes report shows a demonstration of a car being remotely hacked, giving the hacker the ability to apply or disable the brakes and control other systems: [17] See starting 6:45 into the video. Edison (talk) 19:54, 24 July 2015 (UTC)[reply]

• I believe the ability to control the brakes and steering wheel to be designed for automatic parallel parking. Normally the driver would put the car in reverse, and let the car park itself. However, once the ability exists for those systems to be automatically controlled, then unless there is a mechanical lockout of some type, the potential for the software to be modified to allow brakes and steering to be remotely controlled also exists. Automatic steering could also be present for lane maintenance, and automatic braking could exist for an accident avoidance system or Cruise Control (although CC typically lacks brake control). CC also involves automatic control of the accelerator, but that could be a mechanical system, much more difficult to hack. Just keeping all the various system isolated would also make them safe from hacking. That is, there should be no signal wires connecting any critical system like brakes, acceleration, or steering to any system which allow for remote control. (Power might be shared by systems, but that has less risk.) StuRat (talk) 16:38, 25 July 2015 (UTC)[reply]

I'm glad that a few people think I'm not nuts for asking, but I do regretfully have to note that nothing here has answered if there are instructions how to track down and disable all transponders (aside from the car crush video, which among other things I doubt is all that reliable a method!) Wnt (talk) 18:04, 25 July 2015 (UTC)[reply]

@Wnt:, @StuRat:, @Nimur:, @209.149.113.45:, I'm adding this here for completeness, if people have follow up questions, it may be better to start a new discussion: It's conference time so details are starting to emerging although the full report won't be release until August 10th.

Without meaning to blow my own trumpet, [18] seems to confirm I was largely right in my reformed final post above. If we ignore the hyperbole, the details now seem to be similar to what they were before in the Wired article. The hack is possible with the old default firmware. It can use either wifi, or the cellular service which is available by default.

The stuff you can do by default is fairly limited but the problem is you can also update the firmware to allow you to gain far more control. Working out how to do this isn't easy, and I presume the researches still don't plane to release details, but of course if someone malicious does work out how to do it could have fairly serious consequences.

Some details that are either new or weren't clear before from what I read: Controlling steering is indeed possible with the updated firmware but it only at low speed although since you can control brakes and locks, this would still have consequences.

Accessing a specific car may be difficult since the IP is dynamic but finding a random car may be less so. (Although as more cars are patched it'll likely get harder. I'm not completely sure how the Jeep's (well possibly not just Jeeps) connection is routed to the internet but it may be the Chrysler have also implemented a firewall.)

Wifi while far less remotely vunerable may be another option. It seems the WPA key is fairly useless since it's calculated from first power on time, except it doesn't normally know the actual time during power on.... However wifi isn't always activated,

Nil Einne (talk) 22:27, 7 August 2015 (UTC)[reply]

@Nil Einne: Thanks for the reference. The limitations you mentioned don't reduce my fears though, because my main worry is a national level attack by a team capable of putting in the work to figure out the unspecified details and motivated to cause maximum damage with every single car in the network at once. Wnt (talk) 23:08, 7 August 2015 (UTC)[reply]

@Wnt: Well I'm not denying the info available suggests it could have likely had some rather dire consequences including perhaps some lives lost if malicious people had found out about it before anything was done about it, or if such flaws still exist in other cars. (Although I'm actually much more worried about idiots who do it for the lulz or professionals who work out a way to make a money from this, then nation states in a case like this.) I think the best hope is that manufacturers are shocked in to getting serious such as seperating their entertainment systems from their control systems physically by the media attention. Then again, I wonder how you'd manage that with self driving cars.

Anyway I mainly came back since the report is out [19].

Also I came across [20] which seems to confirm they're now blocking the ports somehow. A bit scary may be the revealation from there they may have known about the problem since October. [21] suggests January 2014 albeit limited info at the time. Looking at the report, I don't know what was disclosed in January 2014, but in October it seems it was "disclosed the fact the D-Bus service was exposed and vulnerable". They then disclosed in March 2015 that they could send arbitary messages by reprogramming the chip (which I presume if FCA had competent software engineers should have been alarm bells that they could perhaps control parts like the brakes that they should control). It was May when they disclosed they could use the cellular service instead of just wifi. That also confirms Sprint Cellular is blocking port 6667. (I don't know if this is only incoming, if it's outgoing to non Sprint Cellular customers, people who use IRC must be annoyed.)

One thing the report does suggest is it's a fair amount more difficult to control the car, then it was the Prius as the system does have some detection of what it assumes is anomalous messages. However the limits of what they can do wasn't well tested since they were concentrating on the "remote exploit". (For example, it seems one of the reason for some of the stuff only working at slow speed is because they need to stop the ECU with diagnostic messages which can only be done at low speed. They mention the possibility of sending fake speeds, it would seem to me another possibility is if they can find a way knock the ECU offline semi permanently so it stays offline at high speed.

Nil Einne (talk) 14:40, 12 August 2015 (UTC)[reply]

Oh and:

Although it may be hard to see, the markings on the main MCU are D70F3634, which when googled show that that it was a Renesas v850 chip! Luckily for us, this was the same processor used for the infotainment system, so reverse engineering scripts, techniques, and tools could be reused.

even better

Unfortunately, we feel that this scenario has too many prerequisites to be l33t.

and

We first reverse engineered the disassembly to C because one of the authors of this paper is a complete psychopath. From there, the C function was ported to Python for testing. The following code is the Python code derived from the disassembly.

(BTW it seems the port blocking is even for devices connected to the same tower so is probably fairly effective.)

I also see that the wifi part (where it generates the password from the time, but the time is a default time because it generates it before it has the real time) was only from their Jeep, so it's more difficult to be sure it always does that. However they point out that even if you are bruteforcing, it may only take 2 minutes to bruteforce a month of possible start time keys. (I presume a small number of people will change the key, so there's no guarantee you'll get every car, and as mentioned, wifi is only active when you pay for it.)

Nil Einne (talk) 15:31, 12 August 2015 (UTC)[reply]

Interesting, but bug fixes aren't actually a solution. The part about the GPS timestamp when a car door is opened should give an idea of how greedy the manufacturers are for data. In such a system, there will be a lot of hacks possible. Tesla's ability to surprise-update all their cars (and I mean their cars; the person who paid is merely a rider) is not actually convincing me that they are secure, but rather, that the North Koreans might only need to pull a few of a kid's teeth in order to convince Daddy, some employee there, to sign off on 'spyware' that turns out to be more like an apocalypse. Wnt (talk) 20:21, 12 August 2015 (UTC)[reply]