How I Hacked My Connected Car, and Other Thoughts on Vehicle Cybersecurity



In the near future, self-driving vehicles will likely be the standard . Cars nowadays are essentially just computers with wheels, and they’re getting more entangled. This, of course, provides chances to make our lives simpler, but it may also increase the digital attack surface and possible risks if manufacturers leave proper car cybersecurity measures unaddressed or faulty.

Whether or not you’research car hacks, I ask that you continue reading. I’ll discuss some insights to what I believe to be the future of connected automobiles and the possible security challenges that reflects to clients and manufacturers — and explain how I was able to hack my own automobile.

Automobile Electronics 101

To begin with, in case you’re new to car electronics, it’s ’s important to understand a few essential concepts. A couple of years back, before I started getting into auto hacks, I recall buddies saying their automobile computers had an issue and had to be replaced. I’d like to picture there was just one pc in an auto that commanded all electronics, however I couldn’t have been more wrong.

Modern vehicles have a lot of computers, each built for very specific jobs, and they’re connected through an internal network. Modern vehicles also have sensors that measure everything from warmth to petroleum pressure, wheel speed, tire inflation, and much more, all which are controlled by particular modules that are, in nature, very technical computers.

Below is a listing of the most frequently found auto electronics. Notice This isn’t a comprehensive listing, and different automobile manufacturers can name these systems differently:

Engine control module (ECM)
Transmission control unit (TCU)
Body control module (BCM)
Electronic brake controller module (EBCM)
Climate controller unit
Supplemental restraint system (SRS) control module

Vehicles of all types today implement exactly what ’s known as a Controller Area Network (CAN bus), therefore the different modules/computers inside a car can share info. As an example, the ECM may need to notify you about an issue with the engine by sending an error code to be shown on the dashboard, or even so the EBCM may need to send a signal to the ECM to decrease engine torque if the present driving terrain is too slick. Such messages are sent through the CAN bus, which now behaves like a central system that carries messaging between all the different ECUs, in place of the last way those messages had to move through awkward wiring inside the automobile.

With contemporary vehicles, where dozens of ECUs can work concurrently, the internal vehicle network is continually loaded with hundreds of messages being sent every minute from many different sensors and computers — it’therefore easy to liken the CAN bus into a network, and networks could be assaulted.

Vehicles may be vulnerable in different ways due to their internal network can lack security controls. Just like the first days of the world wide web, where computers were expected to become “good,” the computers within your car will receive and execute any education since it’s anticipated that everything they receive comes from a trustworthy source. However, that’s perhaps not necessarily so.

In addition, every car manufacturer uses different messages or codes inside their CAN bus — for example, an education taken from the CAN bus that comprises “665 F0 16 00 00” may instruct the car to turn on the headlights for a single maker, but it may turn up the radio quantity for a different, or just do nothing. This represents a struggle for security researchers because these instructions are often not publicly accessible and have to be reverse engineered.

While shuffling commands in this manner may add a level of difficulty for somebody who may want to hack your car by incorporating, as an example, a module to control the car remotely using a mobile network, it certainly doesn’t make the job impossible, and additional controls must be invented and put into position to keep burglars out.

Emerging Challenges Related to Connected Cars

Technologies like vehicle-to-vehicle (V2V) and also vehicle-to-infrastructure (V2I) communications are on the upswing, also I’m sure they’ll offer many advantages to consumers, manufacturers and even public infrastructure administration. Later on, it will likely be very common for vehicles to receive updates over the air (OTA) like your smart phone does today. This can help enhance present features and performance or add new features to your motor automobile.

But it is of the utmost importance that proper security controls are taken under account from the very early stages, provided that each new technology represents a possible new attack vector. As an example, attacks that demand cloning of wireless key fobs are getting more common, and until car manufacturers handles these security flaws, we may want to put away our wireless key fobs in a bag that blocks RFID signals.

More on Connected Cars

Podcast: Connected Cars, Smart Homes and IoT Security
Discover that the X-Force Red Automotive Testing Practice

How I Was Able To Hack My Vehicle

To demonstrate that it is possible to incorporate new modules/ECUs that a car will anticipate without doing any checks, I’ll share with you a few of the particulars of the way I was able to add a set of new features to my vehicle. Even though the module I included is from the same manufacturer, a person with sufficient knowledge and time may produce their own module and then add it into a car.

The feature I wished to add for my automobile combines traction and stability control and may also be useful for specific off-road situations. I put out to have a copy of the workshop manual for the car, which contains detailed wiring diagrams of components. While reading through the manual, it became evident that the attribute I was after was commanded by the EBCM, therefore I knew I had two choices: try to alter the firmware of my unit or receive a different model of EBCM. Reverse engineering a firmware from scratch requires a great deal of work and skills, in order that point, the most reasonable option was to receive a different model of EBCM that already had the specific feature I had.

After additional inspection of the workshop manual, I discovered the wiring diagram, and it revealed that this new EBCM also had a steering wheel sensor (SAS), an off button for the stability and traction module, a new relay known as a stop lamp relay, and a few changes in the wheels wiring, mainly to link the stop lamp relay with a couple new wires into the EBCM principal harness.

Before buying the essential components, I wished to make certain this would work. So, I started to examine the wires directly out of my car, and for my surprise, that the harness for the SAS and the off button were previously there. It appeared that the required elements for the new feature must interact with one another, therefore there was one missing piece of the mystery: will the new elements integrate with the other management modules?

I conducted some additional study and stumbled upon something auto manufacturers call variant coding, which is a code that tells all management modules which features they have enabled and which are disabled. This code is put around the BCM — therefore with no capacity to alter the variant code, the newest EBCM wouldn’t work. Fortunately, there are open source tools out there that could help do exactly that.

So, I bought all the essential components, plugged them and rewired everything in line with the specifications in the workshop manual. Pictured below is the EBCM primary plug on which I had to carry out some rewiring.

Plug image 1

After turning the car on, as anticipated, a bunch of diagnostic trouble codes (DTCs) popped up because the newest EBCM was anticipating a variant coding with the newest feature enabled.

What followed were a few hours of trial and error, disconnecting the car battery and reconnecting it following every switch on the variant coding. FinallyI discovered the perfect variant code for my specific car make, model and collection of features, displayed below.

The majority of the DTCs were gone at that time, and all that has been left to do was repaint the SAS and alter a setting on the ECM to tell it that the new module has been currently available (that was done with a decoder program ).

Ultimately I went out for a test drive and also the newly added stability and traction feature appeared to function as anticipated. But there was just only one missing bit: there was supposed to be a light on the dash that would tell me every time that the module was engaged, but I didn’t observe that mild popping up throughout the test drive. The next step was to disassemble the dash and check what was going on. After opening itbecame clear that the LED for that index, in addition to a few resistors and transistors, were missing. Providentially, the circuit board gets the space to solder in those parts.

This experiment took a while and little research but notice the way I didn’t encounter any security controls that hindered the changes I needed to make.

Exactly the same procedures I used to carry out these alterations could allow a criminal to embed a personalized piece of hardware and control almost any feature on a car, ranging from acceleration and brakes for windshield wipers and mic. This may be as straightforward as putting together a Raspberry Pi, a CAN bus port and wireless access, then plugging it to the CAN bus of a car or truck. Doing so might require physical access into the vehicle — but remember that connected cars are getting increasingly more common these days which could only make matters easier for remote people in the future.

The Future of Vehicle Cybersecurity

To wrap up, here are some key takeaways from this project:

Variant code informs the management modules of an automobile which features are active or inactive.
There are lots of computers in contemporary vehicles, each handling very specific jobs, that are connected through a local network within the car.
Components from other models made by a manufacturer can work if they are appropriately wired and configured.
Automobile management modules may trust whatever info is sent on the local network and may not carry out any sort of identification of their the authenticity of additional management modules or apparatus attached to the CAN bus.
Most of all, anyone with sufficient knowledge and time could produce new modules. This can be both good or poor, and with malicious purpose, an attacker may implement a module to control your car remotely.

Remember: any device that could wirelessly offer access into the internal CAN bus of a car is a possible new attack vector, which makes it critical to implement proper vehicle cybersecurity steps .

Understanding that modern day automobiles are all outfitted with numerous internal computers, a network-like central, and minimal controls, and with attached cars currently a daily reality, it is high time to develop and implement controls into every new model should we don’t need to find ourselves in the middle of vehicular security chaos in the years to come.

Read a case analysis on sovereign automobile testing

The article How I Hacked My Connected Car, and Other Thoughts on Vehicle Cybersecurity appeared on Security Intelligence.

Buy Tickets for every event – Sports, Concerts, Festivals and more

Discover more from Teslas Only

Subscribe now to keep reading and get access to the full archive.

Continue reading