Go Back   EcoModder Forum > Off-Topic > The Lounge
Register Now
 Register Now
 


Reply  Post New Thread
 
Submit Tools LinkBack Thread Tools
Old 07-22-2015, 02:34 AM   #1 (permalink)
Cyborg ECU
 
California98Civic's Avatar
 
Join Date: Mar 2011
Location: Coastal Southern California
Posts: 6,299

Black and Green - '98 Honda Civic DX Coupe
Team Honda
90 day: 66.42 mpg (US)

Black and Red - '00 Nashbar Custom built eBike
90 day: 3671.43 mpg (US)
Thanks: 2,373
Thanked 2,172 Times in 1,469 Posts
Hacking a Jeep's electronic control systems

A few years ago these same hackers did this same thing with a Prius, but at that time they had to be in the car, plugged into the system. This attack was wireless.

Hackers Remotely Kill a Jeep on the Highway

j

__________________
See my car's mod & maintenance thread and my electric bicycle's thread for ongoing projects. I will rebuild Black and Green over decades as parts die, until it becomes a different car of roughly the same shape and color. My minimum fuel economy goal is 55 mpg while averaging posted speed limits. I generally top 60 mpg. See also my Honda manual transmission specs thread.



  Reply With Quote
Alt Today
Popular topics

Other popular topics in this forum...

   
Old 07-23-2015, 05:10 PM   #2 (permalink)
...beats walking...
 
Join Date: Jul 2009
Location: .
Posts: 6,190
Thanks: 179
Thanked 1,525 Times in 1,126 Posts
...and they (those guys) probably *learned* the trick from their NSA "handlers" (wink,wink).
  Reply With Quote
Old 07-23-2015, 07:07 PM   #3 (permalink)
.........................
 
darcane's Avatar
 
Join Date: Aug 2009
Location: Buckley, WA
Posts: 1,597
Thanks: 391
Thanked 488 Times in 316 Posts
Quote:
Originally Posted by Old Tele man View Post
...and they (those guys) probably *learned* the trick from their NSA "handlers" (wink,wink).
Right, because it's a complicated feat to hack into a modern car's CANbus, requiring expensive tools.
__________________
Past Cars:

2001 Civic HX Mods

CTS-V

2003 Silverado Mods
  Reply With Quote
Old 07-24-2015, 01:24 PM   #4 (permalink)
Master EcoModder
 
Join Date: Jun 2008
Location: Earth
Posts: 5,209
Thanks: 225
Thanked 811 Times in 594 Posts
Quote:
Originally Posted by darcane View Post
Right, because it's a complicated feat to hack into a modern car's CANbus, requiring expensive tools.
I really like the way the spokesperson claims that it's impossible to prevent remote hacking. I'd bet quite a large sum that it's impossible to remotely hack my Insight, and I'm absolutely certain that it couldn't be done to my '88 Toyota pickup.
  Reply With Quote
The Following 2 Users Say Thank You to jamesqf For This Useful Post:
darcane (07-24-2015), niky (07-26-2015)
Old 07-24-2015, 02:42 PM   #5 (permalink)
Master EcoModder
 
freebeard's Avatar
 
Join Date: Aug 2012
Location: northwest of normal
Posts: 27,561
Thanks: 7,736
Thanked 8,554 Times in 7,041 Posts
Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack - Slashdot
Quote:
Originally Posted by MrL0G1C on Slashdot.org
How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.
Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability | Ars Technica
Quote:
Originally Posted by paergrin on Cars Technica
Basically the CAN bus is how all car systems talk to each other. It's just one bus for the car and it's kind of neat in its implementation: each message contains its own priority and that's used for bus conflicts. MessageIDs are either 11 or 29-bit numbers and lower numbers are higher priority. AIRBAG_WLAMP is 0x12 so it's quite high priority, to light up an airbag malfunction. 0s on the bus take priority and transmitting devices also listen at the same time, and if what they see on the bus isn't what they are transmitting they stop for the higher priority message to go through.

What makes this function is that per the standards, only one device is allowed to send any given message ID. Your brake system can't send an AIRBAG_WLAMP, and your entertainment system sure as hell can't tell the brakes that the radar detects an imminent collision please press the brakes hard as hell. This is normally fine because yeah, the uConnect doesn't know how to send those messages so no problem, right?

The remotely accessible nature of the system combined with a vulnerability in the system combine to allow the attacker to overwrite the firmware of the entertainment system, teaching it how to send all these nifty CAN bus messages, thus allowing this.
https://news.ycombinator.com/item?id=9324191
Many vehicles have multiple CAN buses, looking at you Tesla Model S.
  Reply With Quote
Old 07-24-2015, 03:56 PM   #6 (permalink)
.........................
 
darcane's Avatar
 
Join Date: Aug 2009
Location: Buckley, WA
Posts: 1,597
Thanks: 391
Thanked 488 Times in 316 Posts
Quote:
Originally Posted by jamesqf View Post
I really like the way the spokesperson claims that it's impossible to prevent remote hacking. I'd bet quite a large sum that it's impossible to remotely hack my Insight, and I'm absolutely certain that it couldn't be done to my '88 Toyota pickup.
Absolutely true.

But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...

I think all critical functions (powertrain, brakes, steering, etc) need to be on their own separate CAN bus that is air-gapped from any other CAN bus in the car. Simply having multiple CAN buses doesn't fix the problem if they can still communicate with each other.
__________________
Past Cars:

2001 Civic HX Mods

CTS-V

2003 Silverado Mods
  Reply With Quote
Old 07-24-2015, 04:10 PM   #7 (permalink)
Master EcoModder
 
freebeard's Avatar
 
Join Date: Aug 2012
Location: northwest of normal
Posts: 27,561
Thanks: 7,736
Thanked 8,554 Times in 7,041 Posts
I'm such a paranoid that when I got my 1971 VW Superbeetle, I took the AM radio out. ...but true.

This is fascinating. From the 30th Chaos Communication Conference, this guy just wanted to add his own menu to the dashboard of his VAG car.



It's an hour long, but from 22:11 to 23:43 there is a good CAN Bus Crash Course. There are dominate and recessive bits; collisions aren't detected, they are arbitrated.

After that there is a lot of hackers laughing in the audience and it goes right down the rabbit hole.
  Reply With Quote
Old 07-24-2015, 08:56 PM   #8 (permalink)
Master EcoModder
 
Join Date: Jun 2008
Location: Earth
Posts: 5,209
Thanks: 225
Thanked 811 Times in 594 Posts
Quote:
Originally Posted by darcane View Post
But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...
But it's certainly not my dream. I have absolutely zero use for WiFi in a car, and a lot of reasons - hackability is only one - why I wouldn't want it. I don't suppose I'm alone, so I wonder if any manufacturers are going to address this market segment.

If not... Well, at least it's likely to save me quite a bit of money I otherwise might spend on buying newer cars :-)
  Reply With Quote
Old 07-24-2015, 11:32 PM   #9 (permalink)
...beats walking...
 
Join Date: Jul 2009
Location: .
Posts: 6,190
Thanks: 179
Thanked 1,525 Times in 1,126 Posts
FYI...ANY system that permits external INPUT via ANY communication link (hard- or soft-wired) is susceptible to hacking. And, this is especially true of 'new' car technologies designed to enable the manufactures to 'listen' to vehicles as they're being driven for (supposedly) "engineering" analyses only (sure!)...because the SAME commands they use to 'test' subsystems (brakes, steering, ignition, lights, etc.) can be likewise "controlled" by a hacker. And, most car companies (currently) use NO security protection against "outside" takeover and control by hackers...all it's ALL done via satellite link!
  Reply With Quote
Old 07-25-2015, 06:02 AM   #10 (permalink)
Master EcoModder
 
freebeard's Avatar
 
Join Date: Aug 2012
Location: northwest of normal
Posts: 27,561
Thanks: 7,736
Thanked 8,554 Times in 7,041 Posts
Here is a DIY approach to threat assessment:
Car Hacker's Handbook

And here's what the manufacturers are doing:
Firewalls can't protect today's connected cars | Computerworld



There's your problem. This diagram from the above link disagrees with the above video, which at 5:00 shows a similar block diagram that inserts a CAN Gateway before the OBDII port.

  Reply With Quote
Reply  Post New Thread


Thread Tools




Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Content Relevant URLs by vBSEO 3.5.2
All content copyright EcoModder.com