[EE] OBD connectors entry point for car hacking

[Peter]

Scary but expected. Apparently there are up to 70 mcu's running some 100MB of
code in a car. And there is a state guaranteed unsecured data access point. The
OBD connector. It did not take too long until 1 and 1 were added together:

http://www.autosec.org/pubs/cars-oakland2010.pdf

Suddenly ancient VW beetles look very safe.

-- Peter

--
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

--
You received this message because you are subscribed to the Google Groups "piclist_archive" group.
To post to this group, send email to piclist...@googlegroups.com.
To unsubscribe from this group, send email to piclist_archi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/piclist_archive?hl=en.

[M. Adam Davis]

Just like a computer - if the attacker has physical access to the car,
then they can cause it to fail in a myraid of ways later.

This isn't much different than cutting the brake line, or placing a
device to cut the brake line, though it is harder to detect if done
well.

Also note that most of these attackes require the ignition to be on,
which requires a valid key and RFID chip. Not terribly difficult to
get if you also have physical access to the car, but it's an
additional layer of security they gloss over.

In other words the paper is essentially saying that if someone has
access to the key and the car, then they have as much control over the
vehicle as you do.

-Adam

On Thu, May 20, 2010 at 3:25 AM, Peter <plpet...@yahoo.com> wrote:
> Scary but expected. Apparently there are up to 70 mcu's running some 100MB of
> code in a car. And there is a state guaranteed unsecured data access point. The
> OBD connector. It did not take too long until 1 and 1 were added together:
>
>  http://www.autosec.org/pubs/cars-oakland2010.pdf
>
> Suddenly ancient VW beetles look very safe.
>
> -- Peter
>
> --
> http://www.piclist.com PIC/SX FAQ & list archive
> View/change your membership options at
> http://mailman.mit.edu/mailman/listinfo/piclist
>



--

http://chiphacker.com/ - EE Q&A site

[Jake Anderson]

Peter wrote:
> Scary but expected. Apparently there are up to 70 mcu's running some 100MB of
> code in a car. And there is a state guaranteed unsecured data access point. The
> OBD connector. It did not take too long until 1 and 1 were added together:
>
> http://www.autosec.org/pubs/cars-oakland2010.pdf
>
> Suddenly ancient VW beetles look very safe.
>
> -- Peter
>
>

because if somebody is able to physically sit inside your car, altering
the code in a micro is the only way to cause the car to crash.
To me this is like saying that a trusted person inside your LAN is able
to really screw up your computer system.

If somebody is inside the car your screwed, If they have physical access
to the wiring of the car your screwed, can bus hack or no.

The traditional IT solution of a firewall is appropriate to protect the
cars electronics from outside attack over wireless connections, and one
would hope this is implemented.

[Russell McMahon]

> Just like a computer - if the attacker has physical access to the car,
> then they can cause it to fail in a myraid of ways later.

I think that is a more relevant point than eg

> This isn't much different than cutting the brake line, or placing a
> device to cut the brake line,

ie this allows somebody to in advance target a vehicle which is known
to *occasionally* drive by a sparsely populated route. You access the
vehicle "at your leisure" to set it up then can stop it, open doors
etc at the time and location of your choice.

This may be of vanishingly small concern for the average car owner,
but if your super secure bulletproof Mercedes has been in for repair
or servicing and comes back with something like this embedded
invisibly then it may offer the occupant to his pursuers at the
subsequent time and place of their choosing.

It simplifies "Stop the (high speed evasive action taking how do I
catch this thing?) car, open the doors, get out with your hands up" to
"get out with your hands up".

> In other words the paper is essentially saying that if someone has
> access to the key and the car, then they have as much control over the
> vehicle as you do.

More - it's saying that if they EVER had access to it (even before you
acquired it) then they subsequently can have as much control over the
car as you do. Or more.


R

[Peter]

Jake Anderson <jake <at> vapourforge.com> writes:
> If somebody is inside the car your screwed, If they have physical access
> to the wiring of the car your screwed, can bus hack or no.

I'll just run down a couple of everyday cases in which tampering with the car
could have a significant impact:

- Company car, car programmed to track employees trips without their knowledge
- Company or rental car, interfaced with immobilizer so it shuts down if it
exits the designated area (for example heading across a border). Results in a
night spent in the boonies and lawsuit. Optionally the people spending the night
in the boonies also get mugged, possibly violently, or become coyote snacks.
- Jealous or control freak husband/wife makes changes on car to track SO or to
cause trouble under certain circumstances. The plot backfires and results in
some injury to a couple in the back seat of the car.
- Teenager tinkers with parent's car, induces unwanted bug, car crashes later as
a result, perhaps by surprising the driver with something as innocuous as
suddenly appearing strange instrument displays.
- Parents have a mechanic modify the car so it is slow when teenager child
drives it, to avoid further speeding. Car is rear ended in traffic as a result.

This is just like that, off of my head. I think that tampering with a car's
systems should be illegal, and doing so should require a license of some sort,
and the tampering be entered into the car's paperwork by law. Same as
modifications to a car's mechanics or exterior lights must be and are. I also
think that there should be some kind of special license for cars modded for
racing, and that that should be made obvious from the outside of the car too
(different colored license plates etc).

I am sure that some companies will provide a firewall for cars, the problem is
not the firewall it is the system design, which is unprotected yet proprietary.
This results in the impossibility of testing for tampering by arbitrary third
parties, legitimate or not.

-- Peter

[PICdude]

Quoting Peter <plpet...@yahoo.com>:


> ... I also

> think that there should be some kind of special license for cars modded for
> racing, and that that should be made obvious from the outside of the car too
> (different colored license plates etc).

> ...


Que!?!?!?

As an avid car person (gear-head, gas-brain, aficionado, etc), I
commonly mod my cars for "racing". For auto-crossing it may be some
basic suspension mods; for drag racing it may be power mods also; for
better mileage it may be a free-flowing exhaust, but that adds power
so would be considered a racing mod (right?); and though I haven't
done this yet, there may be a case to mod for just aerodynamics. If
I'm driving my car as normal on the roads, but race them on
closed-courses on weekends, why is it anyone else's business to know
any of this, especially if I stay within the DOT and EPA standards?

-Neil.

[Adam Field]

>> If somebody is inside the car your screwed, If they have physical access
>> to the wiring of the car your screwed, can bus hack or no.
>

Not only that, but can you trust the original factory software? I know
Toyota's recent problem was hardware (I'm pretty sure), but it could
have just as easily been a software issue.

> This is just like that, off of my head. I think that tampering with a car's
> systems should be illegal, and doing so should require a license of some sort,
> and the tampering be entered into the car's paperwork by law. Same as
> modifications to a car's mechanics or exterior lights must be and are. I also
> think that there should be some kind of special license for cars modded for
> racing, and that that should be made obvious from the outside of the car too
> (different colored license plates etc).

I'm not sure what country's laws you are referencing. Here in the US,
the laws vary from state to state but in general we don't need to
document any modification made to either software or hardware. Cars in
most states do have to pass a yearly safety and emissions test.

As for "modified for racing," that could be anything really, but
there are plenty of cars that are super quick right off the show room
floor. And they are not super expensive exotics either.

[Russell McMahon]

> > ... I also
> > think that there should be some kind of special license for cars modded for
> > racing, and that that should be made obvious from the outside of the car too
> > (different colored license plates etc).
> > ...

> As an avid car person (gear-head, gas-brain, aficionado, etc), I ...

...

> If I'm driving my car as normal on the roads, but race them on
> closed-courses on weekends, why is it anyone else's business to know
> any of this, especially if I stay within the DOT and EPA standards?

The standard 'social contract' answer to that sort of question and
situation is that where there is an impingement of 'rights' which
cannot exist simultaneously unaffected, then some accommodation is
required.
As somebody famous but not enough to be memorable with certainty said
(misquote for sure but point made) "My right to swing my fist ends at
the top of your nose".

Denial of that leads to eg lots of men with bare arms and killing
large amounts of people while their guns kill nobody.
ie Blind insistence on the right to do xxx because it's manifestly
harmless, while the harmed lie bleeding in the streets, possibly
literally in the case of cars, is all too common.

The OP's comment was probably based on the 'manifest imbalance' in
social contract which HE perceived from the modified car brigade, just
as you (apparently :-) ) think DOT & EPA compliance make modified cars
as safe as ordinary cars in the hands of ALL comers.

Think about that - if DOT & EPA certification is NOT a complete answer
to concerns about the hazards from people who use modified cars, and
if there is NOT complete lack of deviation from the norm from the use
of EPA & DOT certified vehicles, why would you even think of using it
as a 'defense' against the OP's arguments.

It MAY be that this is true - that OT & EPA certified modified
vehicles have absolutely no discernible difference in their safety
statistics compared to the balance of the sensibly comparable
vehicular population. What chance do you think there is that that is
true? If it's not true, what degree of difference do you think there
is?

I'd presume that the OP doesn't care how safe the VEHICLE is per se -
but what the effect of the vehicle is when used in 'everyday
situations', for whatever reason.

Do you think that that's fair?





Russell

[Lee Jones]

Don't ban high performane cars, ban low performance drivers.

But that will never fly in a politically correct world.

Lee Jones

[cd...@windstream.net]

Also ban low performance vehicles in the mountains on Interstate highways. We drive several times a year Cleveland, Ohio to Atlanta, Georgia. These characters with their little vans with luggage carriers on top might do 90 mph down hill, but can't do 55 mph uphill, and insist in driving left (high speed lane) are a real pain! Last time Northbound (we'll be doing that Sunday), wife (she's 71 years) got on the Cougar (Ford Cleveland 2.5L. DOHC, 24 valve) passed a flock on the right, when she pulled back to the left, the speedo was at 110 mph and still climbing uphill! At the same time the average for that leg was 32 MPG. With sufficient power a vehicle can stay in overdrive all the time!

[Russell McMahon]

> Don't ban high performane cars, ban low performance drivers.

> But that will never fly in a politically correct world.

I'll see your un-PC statement and raise you an un gear-head C one.

"Don't ban high performacne cars, ban low performance drivers from
driving them".
ie, you can mod your car in accordance with regulations BUT/AND also
have to pass an extra licence class to be allowed to use them. Fair?

_____________

NZ major national newspaper headlines today something like:

'The teenager who had been 'drifting' came out of a side street and
lost control of his vehicle. It mounted the footpath and struck an
adult and two young children. One child died at the scene. The other
is in intensive care".

Same day another child was killed elsewhere in similar circumstances.
Our national population is a tad over 4 million.
Two in a day is a statistical unlikelihood but alas not a rarity here.
Things are happening.

Separating out the guys with the enhanced brakes and shocks from the
urban drifters gets a bit hard. A bit of support from the responsible
ones in dealing with the larrikins will probably help reduce the sort
of blanket statements that started this sub-thread.


R
.

[cd...@windstream.net]

Part of the problem is drivers just aren't trained properly to begin with. The required driver training is very minimal. Even saw an instructor move the car to a street where the the student didn't have to back up or manuever. When granddaughter got here license, I spent several hours with her driving. Some of the things we worked on, included up/down steep hills, proper use of gears, looking well ahead (miles if you can) and estimate what's going to happen when you are there, blending with running traffic. Encouraged her to experiment with performance of vehicle on varying surfaces when traffic and space conditions allow to determine the safe operating limits (braking and steering).

[Vitaliy]

Peter wrote:
> I'll just run down a couple of everyday cases in which tampering with the
> car
> could have a significant impact:
>
> - Company car, car programmed to track employees trips without their
> knowledge

Already happens routinely, no need for OBD. GPS transmits location back to
main office, via a cell network. I don't really see the problem, if it's a
company car and the employer has the right to know its location. Just as
when you use a company PC, you waive your right to privacy. You want
privacy? Use your home computer, and drive your own car.

> - Company or rental car, interfaced with immobilizer so it shuts down if
> it
> exits the designated area (for example heading across a border). Results
> in a
> night spent in the boonies and lawsuit. Optionally the people spending the
> night
> in the boonies also get mugged, possibly violently, or become coyote
> snacks.
> - Jealous or control freak husband/wife makes changes on car to track SO
> or to
> cause trouble under certain circumstances. The plot backfires and results
> in
> some injury to a couple in the back seat of the car.
> - Teenager tinkers with parent's car, induces unwanted bug, car crashes
> later as
> a result, perhaps by surprising the driver with something as innocuous as
> suddenly appearing strange instrument displays.
> - Parents have a mechanic modify the car so it is slow when teenager child
> drives it, to avoid further speeding. Car is rear ended in traffic as a
> result.

How come you don't have an example with a baby seal in it? They are so
obviously contrived.

Last time I rented a car, the agreement I signed said that if I crossed the
state line or drove the car into Canada, they would charge me extra. This
technology has nothing to do with OBD, it's a passive GPS device -- but they
could easily connect it to an immobilizer. Why don't they? My guess is, it's
because they aren't stupid. Neither are most parents and spouses.

> This is just like that, off of my head. I think that tampering with a
> car's
> systems should be illegal, and doing so should require a license of some
> sort,
> and the tampering be entered into the car's paperwork by law.

They have laws like that for airplanes, which is why a small single engine
airplane costs $100,000 when it shouldn't cost more than a sedan. It is laws
and regulations that drive the cost of a wooden propeller to $5000.

Plane owners can't afford to comply with the laws, so they do their own
repairs and pay mechanics to sign off on repairs patched up with aluminum
cans. It is also why there is a thriving homebuilt plane industry (the regs
for homebuilt planes are more lax, so they cost a fraction of the cost of a
mass-produced plane).

I picked up a book at a thrift store, which describes the state of the art
in general aviation in the 1970s. You couldn't tell that it was that old.
The plane I'm training in (built in 2003) has a carbureted engine.

> Same as
> modifications to a car's mechanics or exterior lights must be and are. I
> also
> think that there should be some kind of special license for cars modded
> for
> racing, and that that should be made obvious from the outside of the car
> too
> (different colored license plates etc).

I often think that people who mandate "CAUTION: HOT" labels on coffee cups
and "Harmful if Swallowed" warnings on fish hooks, should wear special
labels too.

> I am sure that some companies will provide a firewall for cars, the
> problem is
> not the firewall it is the system design, which is unprotected yet
> proprietary.
> This results in the impossibility of testing for tampering by arbitrary
> third
> parties, legitimate or not.

ECU firmware has two numbers, Calibration ID and Calibration Verification
Number, which are already used by some emissions stations to check whether
the ECU had been tampered with.

Free market is the best way to protect ourselves. Car companies don't want
to kill their customers. It's bad for business.

Vitaliy

[Oli Glaser]

>I often think that people who mandate "CAUTION: HOT" labels on coffee cups
>and "Harmful if Swallowed" warnings on fish hooks, should wear special
>labels too.

:-) Couldn't agree more - do they really think they will manage to stop
people finding new and improved ways to injure themselves with these
warnings? The main problem is that anyone who is stupid enough to put their
dog in the microwave to dry it off etc, is quite obviously stupid enough not
to read any warning labels or manuals too. Soon we'll have hot coffee
handling certifications and training days, but they won't help either :-).
Douglas Adams was spot on..

[Marechiare]

> They have laws like that for airplanes, which is why a
> small single engine airplane costs $100,000 when it
> shouldn't cost more than a sedan.

And they seem not to "cost more than a sedan".
Compare prices of small aircraft engines to the prices of sedans by
the same manufacture:
http://www.rolls-royce.com/civil/products/smallaircraft/

[peter green]

> And they seem not to "cost more than a sedan".
> Compare prices of small aircraft engines to the prices of sedans by
> the same manufacture:
> http://www.rolls-royce.com/civil/products/smallaircraft/
>

If you are going to do this at least pic a manufacturer that actually
makes both! "Rolls-Royce Group plc" (makers of aviation engines) and
Rolls-Royce Motor Cars are NOT the same company.

[RussellMc]

> If you are going to do this ...

For any responses please change subject line to [OT] eg

Re: [OT] OBD connectors entry point for car hacking

[RussellMc]

> And they seem not to "cost more than a sedan". ...

For any responses please change subject line to [OT] eg

Re: [OT] OBD connectors entry point for car hacking