Fuel Economy, Hypermiling, EcoModding News and Forum - EcoModder.com - Hacking a Jeep's electronic control systems

EcoModder.com (https://ecomodder.com/forum/)

- The Lounge (https://ecomodder.com/forum/lounge.html)

- - Hacking a Jeep's electronic control systems (https://ecomodder.com/forum/showthread.php/hacking-jeeps-electronic-control-systems-32418.html)

Hacking a Jeep's electronic control systems

A few years ago these same hackers did this same thing with a Prius, but at that time they had to be in the car, plugged into the system. This attack was wireless.

Hackers Remotely Kill a Jeep on the Highway

j

...and they (those guys) probably *learned* the trick from their NSA "handlers" (wink,wink).

Quote:

Originally Posted by Old Tele man (Post 487805)

...and they (those guys) probably *learned* the trick from their NSA "handlers" (wink,wink).

Right, because it's a complicated feat to hack into a modern car's CANbus, requiring expensive tools.

Quote:

Originally Posted by darcane (Post 487817)

Right, because it's a complicated feat to hack into a modern car's CANbus, requiring expensive tools.

I really like the way the spokesperson claims that it's impossible to prevent remote hacking. I'd bet quite a large sum that it's impossible to remotely hack my Insight, and I'm absolutely certain that it couldn't be done to my '88 Toyota pickup.

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack - Slashdot

Quote:

Originally Posted by MrL0G1C on Slashdot.org

How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.

Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability | Ars Technica

Quote:

Originally Posted by paergrin on Cars Technica

Basically the CAN bus is how all car systems talk to each other. It's just one bus for the car and it's kind of neat in its implementation: each message contains its own priority and that's used for bus conflicts. MessageIDs are either 11 or 29-bit numbers and lower numbers are higher priority. AIRBAG_WLAMP is 0x12 so it's quite high priority, to light up an airbag malfunction. 0s on the bus take priority and transmitting devices also listen at the same time, and if what they see on the bus isn't what they are transmitting they stop for the higher priority message to go through.

What makes this function is that per the standards, only one device is allowed to send any given message ID. Your brake system can't send an AIRBAG_WLAMP, and your entertainment system sure as hell can't tell the brakes that the radar detects an imminent collision please press the brakes hard as hell. This is normally fine because yeah, the uConnect doesn't know how to send those messages so no problem, right?

The remotely accessible nature of the system combined with a vulnerability in the system combine to allow the attacker to overwrite the firmware of the entertainment system, teaching it how to send all these nifty CAN bus messages, thus allowing this.

https://news.ycombinator.com/item?id=9324191
Many vehicles have multiple CAN buses, looking at you Tesla Model S.

Quote:

Originally Posted by jamesqf (Post 487903)

Absolutely true.

But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...

I think all critical functions (powertrain, brakes, steering, etc) need to be on their own separate CAN bus that is air-gapped from any other CAN bus in the car. Simply having multiple CAN buses doesn't fix the problem if they can still communicate with each other.

I'm such a paranoid that when I got my 1971 VW Superbeetle, I took the AM radio out. :) ...but true.

This is fascinating. From the 30th Chaos Communication Conference, this guy just wanted to add his own menu to the dashboard of his VAG car.

https://www.youtube.com/watch?v=7h7LWeET1fI

It's an hour long, but from 22:11 to 23:43 there is a good CAN Bus Crash Course. There are dominate and recessive bits; collisions aren't detected, they are arbitrated.

After that there is a lot of hackers laughing in the audience and it goes right down the rabbit hole.

Quote:

Originally Posted by darcane (Post 487917)

But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...

But it's certainly not my dream. I have absolutely zero use for WiFi in a car, and a lot of reasons - hackability is only one - why I wouldn't want it. I don't suppose I'm alone, so I wonder if any manufacturers are going to address this market segment.

If not... Well, at least it's likely to save me quite a bit of money I otherwise might spend on buying newer cars :-)

FYI...ANY system that permits external INPUT via ANY communication link (hard- or soft-wired) is susceptible to hacking. And, this is especially true of 'new' car technologies designed to enable the manufactures to 'listen' to vehicles as they're being driven for (supposedly) "engineering" analyses only (sure!)...because the SAME commands they use to 'test' subsystems (brakes, steering, ignition, lights, etc.) can be likewise "controlled" by a hacker. And, most car companies (currently) use NO security protection against "outside" takeover and control by hackers...all it's ALL done via satellite link!

Here is a DIY approach to threat assessment:
Car Hacker's Handbook

And here's what the manufacturers are doing:
Firewalls can't protect today's connected cars | Computerworld

http://images.techhive.com/images/ar...large.idge.png

There's your problem. This diagram from the above link disagrees with the above video, which at 5:00 shows a similar block diagram that inserts a CAN Gateway before the OBDII port.