07-22-2015, 03:34 AM
|
#1 (permalink)
|
Cyborg ECU
Join Date: Mar 2011
Location: Coastal Southern California
Posts: 6,299
Thanks: 2,373
Thanked 2,174 Times in 1,470 Posts
|
Hacking a Jeep's electronic control systems
A few years ago these same hackers did this same thing with a Prius, but at that time they had to be in the car, plugged into the system. This attack was wireless.
Hackers Remotely Kill a Jeep on the Highway
j
__________________
See my car's mod & maintenance thread and my electric bicycle's thread for ongoing projects. I will rebuild Black and Green over decades as parts die, until it becomes a different car of roughly the same shape and color. My minimum fuel economy goal is 55 mpg while averaging posted speed limits. I generally top 60 mpg. See also my Honda manual transmission specs thread.
|
|
|
Today
|
|
|
Other popular topics in this forum...
|
|
|
07-23-2015, 06:10 PM
|
#2 (permalink)
|
...beats walking...
Join Date: Jul 2009
Location: .
Posts: 6,190
Thanks: 179
Thanked 1,525 Times in 1,126 Posts
|
...and they (those guys) probably *learned* the trick from their NSA "handlers" (wink,wink).
|
|
|
07-24-2015, 02:24 PM
|
#4 (permalink)
|
Master EcoModder
Join Date: Jun 2008
Location: Earth
Posts: 5,209
Thanks: 225
Thanked 811 Times in 594 Posts
|
Quote:
Originally Posted by darcane
Right, because it's a complicated feat to hack into a modern car's CANbus, requiring expensive tools.
|
I really like the way the spokesperson claims that it's impossible to prevent remote hacking. I'd bet quite a large sum that it's impossible to remotely hack my Insight, and I'm absolutely certain that it couldn't be done to my '88 Toyota pickup.
|
|
|
The Following 2 Users Say Thank You to jamesqf For This Useful Post:
|
|
07-24-2015, 03:42 PM
|
#5 (permalink)
|
Master EcoModder
Join Date: Aug 2012
Location: northwest of normal
Posts: 28,693
Thanks: 8,144
Thanked 8,924 Times in 7,367 Posts
|
Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack - Slashdot
Quote:
Originally Posted by MrL0G1C on Slashdot.org
How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.
|
Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability | Ars Technica
Quote:
Originally Posted by paergrin on Cars Technica
Basically the CAN bus is how all car systems talk to each other. It's just one bus for the car and it's kind of neat in its implementation: each message contains its own priority and that's used for bus conflicts. MessageIDs are either 11 or 29-bit numbers and lower numbers are higher priority. AIRBAG_WLAMP is 0x12 so it's quite high priority, to light up an airbag malfunction. 0s on the bus take priority and transmitting devices also listen at the same time, and if what they see on the bus isn't what they are transmitting they stop for the higher priority message to go through.
What makes this function is that per the standards, only one device is allowed to send any given message ID. Your brake system can't send an AIRBAG_WLAMP, and your entertainment system sure as hell can't tell the brakes that the radar detects an imminent collision please press the brakes hard as hell. This is normally fine because yeah, the uConnect doesn't know how to send those messages so no problem, right?
The remotely accessible nature of the system combined with a vulnerability in the system combine to allow the attacker to overwrite the firmware of the entertainment system, teaching it how to send all these nifty CAN bus messages, thus allowing this.
|
https://news.ycombinator.com/item?id=9324191
Many vehicles have multiple CAN buses, looking at you Tesla Model S.
|
|
|
07-24-2015, 04:56 PM
|
#6 (permalink)
|
.........................
Join Date: Aug 2009
Location: Buckley, WA
Posts: 1,597
Thanks: 391
Thanked 488 Times in 316 Posts
|
Quote:
Originally Posted by jamesqf
I really like the way the spokesperson claims that it's impossible to prevent remote hacking. I'd bet quite a large sum that it's impossible to remotely hack my Insight, and I'm absolutely certain that it couldn't be done to my '88 Toyota pickup.
|
Absolutely true.
But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...
I think all critical functions (powertrain, brakes, steering, etc) need to be on their own separate CAN bus that is air-gapped from any other CAN bus in the car. Simply having multiple CAN buses doesn't fix the problem if they can still communicate with each other.
|
|
|
07-24-2015, 05:10 PM
|
#7 (permalink)
|
Master EcoModder
Join Date: Aug 2012
Location: northwest of normal
Posts: 28,693
Thanks: 8,144
Thanked 8,924 Times in 7,367 Posts
|
I'm such a paranoid that when I got my 1971 VW Superbeetle, I took the AM radio out. ...but true.
This is fascinating. From the 30th Chaos Communication Conference, this guy just wanted to add his own menu to the dashboard of his VAG car.
It's an hour long, but from 22:11 to 23:43 there is a good CAN Bus Crash Course. There are dominate and recessive bits; collisions aren't detected, they are arbitrated.
After that there is a lot of hackers laughing in the audience and it goes right down the rabbit hole.
|
|
|
07-24-2015, 09:56 PM
|
#8 (permalink)
|
Master EcoModder
Join Date: Jun 2008
Location: Earth
Posts: 5,209
Thanks: 225
Thanked 811 Times in 594 Posts
|
Quote:
Originally Posted by darcane
But as more and more cars are moving towards being connected ("That's the dream, to have wifi in the car") it will become increasingly difficult to find cars that are immune to hacking...
|
But it's certainly not my dream. I have absolutely zero use for WiFi in a car, and a lot of reasons - hackability is only one - why I wouldn't want it. I don't suppose I'm alone, so I wonder if any manufacturers are going to address this market segment.
If not... Well, at least it's likely to save me quite a bit of money I otherwise might spend on buying newer cars :-)
|
|
|
07-25-2015, 12:32 AM
|
#9 (permalink)
|
...beats walking...
Join Date: Jul 2009
Location: .
Posts: 6,190
Thanks: 179
Thanked 1,525 Times in 1,126 Posts
|
FYI...ANY system that permits external INPUT via ANY communication link (hard- or soft-wired) is susceptible to hacking. And, this is especially true of 'new' car technologies designed to enable the manufactures to 'listen' to vehicles as they're being driven for (supposedly) "engineering" analyses only (sure!)...because the SAME commands they use to 'test' subsystems (brakes, steering, ignition, lights, etc.) can be likewise "controlled" by a hacker. And, most car companies (currently) use NO security protection against "outside" takeover and control by hackers...all it's ALL done via satellite link!
|
|
|
07-25-2015, 07:02 AM
|
#10 (permalink)
|
Master EcoModder
Join Date: Aug 2012
Location: northwest of normal
Posts: 28,693
Thanks: 8,144
Thanked 8,924 Times in 7,367 Posts
|
Here is a DIY approach to threat assessment:
Car Hacker's Handbook
And here's what the manufacturers are doing:
Firewalls can't protect today's connected cars | Computerworld
There's your problem. This diagram from the above link disagrees with the above video, which at 5:00 shows a similar block diagram that inserts a CAN Gateway before the OBDII port.
|
|
|
|