Cars, Security and a Peek into my Life
Friendly reminder that connecting your car to the internet comes with responsibility.
Make installing updates a priority, even though it’ll be a pain and requires going to the dealership to pickup a USB.
Also:
General Motors, and especially Chevy, is at the forefront of bringing 4G LTE internet into dashboards (learn more in this column.)
While other automakers are starting to offer this feature, most put the WiFi settings within the infotainment system’s Settings area.
Chevy’s way to connect is a bit different.
Use OnStar to access the WiFi settings.
Here’s the OnStar site
Found in a 2016 Chevy Trax.
Connecting a car comes with a responsibility – never connect your car to public WiFi, and you are legally responsible for passengers Hotspotting off your car’s connection.
The computer in your car runs on a network called CAN bus.
The Controller Area Network (CAN) is the standard for all vehicles. More specifically, inside your car there are almost 100 computers (called ECUs – Electronic Control Units) which use CAN bus to talk to one another.
Everything on the bus – big and small – is considered equal, so steering is equal to say, the fuel door latch. Moreover, the system never wonders where the message came from or who sent it, it just accepts and executes it.
Example: the fuel door button is pulled, sending a message that says, “open now!” and the fuel door says “okay got it, opening!”
That’s how car hacking works – because there’s no checks or balances, the system just accepts it and executes the command.
CAN bus was developed by Bosch in the 1980s, built when there was no outside world.
But then along came the Internet, and the connected car, and that’s why vehicles today are vulernable – they’re built on a system that isn’t ready to be secured for the internet because it never even imagined the internet would exist.
It’s an emerging industry that’s growing ridiculously quickly, auto companies have endless money, and there’s many verticals being created to choose from.
– fix CAN bus, that thing is a mess
– get good at D-Bus
– work for the companies that build the infotainment units eg. Harmon Kardon
– cellular companies, there’ll be a vertical dedicated to securing connected cars
– learn the QNX Operating System, 75% of cars use it
– figure out how to mass update older cars
– develop a penetration test for cars
***
And with this post, I’ve now summarized a talk, that summarized another talk about that talk HAHA
Screenshots from the Black Hat presentation about the first remote hack of a passenger vehicle – a 2015 Jeep Cherokee (more here.)
It was these guys – Charlier Miller and Chris Valasek.
1 – the attack they released no longer works
As of publishing of this post, the attack stopped working because Sprint closed the port they were using to enter the car (nice Sprint.)
If you own a Chrysler and were part of the 1.4 million recall, breathe a bit easier.
2 – update your car
This Jeep thing is a wakeup call – if your automaker issues an update, make it a priority. The industry is still in its infancy, the update will probably be inconvenient “pick up a USB from the dealership” DO IT.
Be mindful about how you connect your car to the internet (please never pair your car to public WiFi.)
From Black Hat 2015.
