Lots of recent projects have shown that modern automobiles, because of their heavy reliance on computerised components and internet connectivity, can be abused, manipulated and taken over by a hacker with enough determination. But a new, freely downloadable book presents car hacking in a more positive light, as a way to check the security of your own vehicle.
There are sections on vehicle communication systems, attacking key fobs and immobilizers, and setting up a suitable hacking garage. Basically, everything you need, although the manual doesn't hold your hand and expects you to already know what you're talking about to some extent.The book's web site, http://opengarages.org/handbook/ provides links for a free download of the book as a pdf or an epub, as well as links to purchase a copy of the book at, Amazon (paperback / kindle), Barnes & Noble (paperback / nook), and Google Play (ebook).
(Score: 2) by carguy on Sunday July 27 2014, @01:30PM
Per this recent article/press release, TI is now selling very low power Bluetooth (1 microamp in sleep mode) as a replacement for wiring inside the car. From http://articles.sae.org/13163/ [sae.org]
"Bluetooth can be used to replace cables for things like open and closing windows, adjusting mirrors, and turning on interior lights," said Ram Machness, Business & Marketing Director for Automotive Wireless Connectivity at TI. "CAN and LIN cable cost a lot and they add weight. Using Bluetooth lowers weight, reduces complexity for assemblies, and reduces complexity in service centers because they don't have to stock cables."
(Score: 3, Insightful) by present_arms on Sunday July 27 2014, @01:47PM
And we all know how secure blue tooth is :)
http://trinity.mypclinuxos.com/
(Score: 5, Funny) by sjames on Sunday July 27 2014, @03:32PM
I knew a kid in the first grade with that. Something about antibiotics. He seemed reasonably secure.
(Score: 3, Interesting) by present_arms on Sunday July 27 2014, @01:41PM
I have a Citreon C4. I swear it has more computers than NASA in it, first there is the ECU for the engine, (timings, diagnostics etc) then there is the trip computer, it can tell me how many miles left in the tank, miles I have done, the average MPG (can be switched to metric L/100KM) in 2 places so i can compare to and from journeys, electronic speedometer, displaying both digital and the more traditional "dial" readings, an electronic rev counter, automatic lights and window wipers, climate control, electric windows that can be opened/closed by the key fob, auto dimming rear view mirror that senses a bright light and adjusts, door mirrors with auto folding on locking the car, mp3 player, with random play. then there is cruise control and speed limiter (useful sometimes). then there's the sensors for low tyre pressure, any glitches in the engine. sensors in the seats for seat belt warnings. abs breaks with (shitty) traction control that can only be turned off below 30MPH the moment you hit 31 it turns back on again.anti hijack auto locking doors at 6MPH. Bluetooth to connect phones, fondle slabs etc. I swear if anyone hacked that car, they could do untold mischief to it. biggest beef of the car, no robot button, bastard :P.(google C4 ads) although that was the old model.
http://trinity.mypclinuxos.com/
(Score: 0) by Anonymous Coward on Sunday July 27 2014, @01:49PM
> fondle slabs
I don't know what this is, but I'm strangely aroused.
(Score: 5, Informative) by present_arms on Sunday July 27 2014, @01:59PM
a fondle slab is a term coined by the register [theregister.co.uk] to describe a tablet.
http://trinity.mypclinuxos.com/
(Score: 3, Interesting) by MrGuy on Sunday July 27 2014, @04:20PM
Wondering how long it's going to be until one of the major automobile makers gets this taken offline with a DMCA demand, and how long before the author is facing felony charges for "inciting" others to violate the CFAA?
I know they're new at this, but very soon the automotive industry is going to catch up to every other industry in calling their security flaws "trade secrets."
(Score: 2) by frojack on Sunday July 27 2014, @05:24PM
Not likely. Because there is nothing much in it. I've been surfing it in the ebook form.
So far I haven't seen a single reliable thing that you could do without total physical access to the vehicle for an extended period of time.
Most of it is simple restatement of what is available elsewhere, including ridiculous suggestions like this one for standing in a parking lot entering 3192 digits in a specific order into key pad car door lock system for 20 minutes trying to get the door unlocked.
The book isn't a how-to. Its pretty much a joke. Be sure you download it, and don't pay for it, because the free download is about the only fair price.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Sunday July 27 2014, @05:51PM
> ridiculous suggestions like this one for standing in a parking lot entering 3192 digits in a specific
> order into key pad car door lock system for 20 minutes trying to get the door unlocked.
What is ridiculous about that? Very few people would think that was possible. It is the kind of thing that someone who did it 'professionally' could even automate with an arduino and some actuators for a couple of hundred bucks. [forbes.com]
(Score: 2) by forsythe on Sunday July 27 2014, @04:59PM
For those of us who would rather not open ourselves to these, is there a reasonably hard date that can be a safe point for buying cars? A date that someone can point to and say ``If you buy a car that was built before here, it's reasonably secure.''?
I know my fifteen year old Corolla is still wired to the gills with an ECU, a trip computer, and probably a good chunk of what present_arms' C4 has, but I'm also reasonably secure that it can't be war driven (take the meanings as you will) by just anybody with a laptop and some luck on the side of the road, nor can it be stopped dead on the highway because a police officer mistypes a license plate during a high-speed chase somewhere.
(I did skim the book, but didn't see anything directly relating to this).
(Score: 2) by frojack on Sunday July 27 2014, @05:58PM
Each of the *cough* vulnerabilities in this book arrived in cars at various dates.
What you give up in safety, crashworthyness, gas mileage, features, and creature comforts to hold off the roaming hoards of of digital car thieves and hackers (snort) is not going to be worth it. You are far more at risk from regular smash and grab thieves, and driving anything 15 years old makes you pretty immune from those guys too.
Contrary to TFS, wifi enabled cars are very rare, its only started to appear in production cars in the last couple of years, mostly to keep the back seat passengers entertained. Bluetooth and Wifi aren't realistic attack vectors, as they have such limited range that they present exactly zero attack surface while driving. Nor are bluetooth or wifi wired into the engine computers or the transmission computers. When present, all they ever connect to is the entertainment system.
Avoid any Onstar, or any car that has is equipped with its own built-in cellular account.
Laptop on the side of the road? Seriously? Come on!
No, you are mistaken. I've always had this sig.
(Score: 2, Interesting) by Adamsjas on Sunday July 27 2014, @06:57PM
Wifi in cars is gonna be more common than you think frojack.
http://www.nbcnews.com/business/autos/most-2014-gm-cars-will-also-be-wi-fi-hotspot-f1C8539395 [nbcnews.com]
and also
http://www.nbcnews.com/business/autos/connectivity-cars-new-generation-built-wifi-hot-spots-n104241 [nbcnews.com]
According to those NBC reports, hotspots in cars will become a common option in 2014 and following years.
Chrysler led the way with this back in 2012, but now ford and chevy are getting into it big time.
The problem is that you have to pay a cell bill for your car, that can easily run $50 per month.
Ford is talking about sending software downloads to engine computer updates via celular connection, which
sounds pretty dangerous unless extreme security is built into the system. Car companies have had a lousy track record when it comes to digital security or even understanding the need for it. If they can send updates via cellular data links it means they are planning some sort direct connection to the car computers. Hope they have some lockout physical switch that the owner has to manually enable when they get an email or something.
(Score: 1, Interesting) by Anonymous Coward on Sunday July 27 2014, @09:01PM
I think cars are going to have all the same problems with being "cloud connected" that the home automation guys are setting people up for. There are all kinds of market pressures and 'businesses cases' to do it and very little push back. Its going to take a couple of dead blonde baby girls before they turn that ship around.k