Saturday, 15 October 2016

Hack the a car

Some of you might know that I've been building a custom car (for what feels like an eternity) and I have kept it really basic with no modern technology at all.  (Hey, I've seen some of the code you guys (and myself) write, I'm not trusting that in my £100k car!).

Here's a photo of earlier in the year, minus lots of things, working brakes being one of them, hence the custom low-loader delivery truck:

So whilst I keep Lil'Merc nice and dumb, I do have an MG F, a Subaru Sambar and a shiny new Mercedes c200 company car, that has LOTS of new technology.

I went through a cycle of getting various OBDII bluetooth devices for the MG F, only to find that is was built 6 months before that technology was adopted and has a MEMS unit in it, which is not compatible. Sigh.  I even did some diagnostic work with this guys Android app to try and get it to work, with no luck.  So I did what I do best.  I threw the stuff to the back of the "Play desk" and got on and did some "other" stuff.

Well....time has moved on, things have changed and I did some stuff recently (for work/work) that led me to look into connecting to cars at a low level.  According to "the people that know", modern cars are just at the tipping point, where they will ALL BE CONNECTED, ALL OF THE TIME.

Yay!, WooHoo! great, 5G access from my vehicle, oh hang on, "won't that be like Big Brother in my car?  Will my insurance company be monitoring my every move / speed etc...?" This type of thinking will get counter-acted with responses like: "Yes, but think of the benefits and all the good/nice shiny stuff that you will now be able to do, it's okay, it's just a small compromise, honest...." well, anyway, I'll not discuss the ethics of such things, it's going to happen, it's just a matter of when & how:

What was the point I was going to make.....oh, I remember :-)

I'm currently typing this post on a KALI Linux OS laptop.  Most of people will not really know what that means (or care!).  But you should.  You REALLY should.  Why?  Well, it gives me access to pretty much all of the tools I need to perform Penetration Testing of Networks and Software.  "Why would I have this", you ask?  Well, partly for "fun", but mainly for curiosity and, well, because I like to know how things work "inside the black box".

You would be really surprised how many home WiFi can be hacked into in less than an hour - yes, even today, in 2016, it is still that simple.  Why?  Consumers, or "users" as us IT chaps like to call people.  Consumers like simple (just ask Microsoft about Windows XP), what consumers like to think is: "the manufacturer has my back, they've done everything for me, I just plug-n-play and the world is made of marshmallows and fluffy candy...skip..skip...skip..."

The truth is quite a way off from that.  I'll save Home Networking and the Internet-of-things for a future post, as I'm trying to remind myself to stick to the topic of cars.

I just dug out the "stuff" that I put to the back of the "Play desk", dusted off a Raspberry Pi Zero, my C-programming wurzel gummage head and got to reading all about CAN bus sniffing with WireShark from my Kali Linux OS laptop....

By the end of the weekend, I may or may not have "bricked" my Mercedes c200 or my MG F or my Subaru Sambar (not going anywhere near my wife's car!), but I will have learnt a LOT more about how it talks to itself, how I can listen to those conversations, how I can inject my own code to "do things" well as finding out, just how secure my car is from the outside.

Today, people think, "I've installed anti-virus software on my tablet / laptop, I'm protected".  But, in the very near future, they will have to start thinking, "am I safe & secure when I get in my car?"  and I don't mean the seat belt style safe&secure, I mean, "did that geek sitting in that coffee shop window I just stopped at for the red-light, just hook into my cars WiFi, drop an app into my car that is now sending data back to his laptop and then allow him to have full control of my car?  such as locking the doors and holding me to ransom and only releasing me when I pay.  Then deleting all reference from the cars computer and being totally untraceable?"

Sounds like something from a movie....but it'll soon be a real possibility... so if you want to know more about hacking a car, either visit AMAZON and buy the book for £35+ or CLICK HERE for an earlier pdf version.    Happy reading.

"If you’re curious about automotive security and have the urge to hack a two-ton computer, make The Car Hacker’s Handbook your first stop."

UPDATE: This Arduino Can-Bus Shield looks like a great place to start with the physical access

No comments:

Post a Comment