So You’re Connecting your Car to the Internet…

Friendly reminder that connecting your car to the internet comes with responsibility.

Make installing updates a priority, even though it’ll be a pain and requires going to the dealership to pickup a USB.

Also:

  • never connect your car to public WiFi
  • only use WPA2 security
  • if plugging in a USB key into the car, make sure it’s clean and virus-free
  • and you’re legally responsible for Hotspot users

 

 

How to Connect a GM Vehicle to the Internet

General Motors, and especially Chevy, is at the forefront of bringing 4G LTE internet into dashboards (learn more in this column.)

While other automakers are starting to offer this feature, most put the WiFi settings within the infotainment system’s Settings area.

Chevy’s way to connect is a bit different.

Use OnStar to access the WiFi settings.

On rearview mirror > press OnStar button > say “WiFi Settings” > settings appear on dash screen >
follow instructions

Here’s the OnStar site

Found in a 2016 Chevy Trax.

Security Reminder:

Connecting a car comes with a responsibility – never connect your car to public WiFi, and you are legally responsible for passengers Hotspotting off your car’s connection.

 

 

Your Car’s Computer runs on the CAN bus Network

(photo credit: Wikipedia and author EE JRW)

The computer in your car runs on a network called CAN bus.

The Controller Area Network (CAN) is the standard for all vehicles. More specifically, inside your car there are almost 100 computers (called ECUs – Electronic Control Units) which use CAN bus to talk to one another.

There’s 2 problems with CAN bus:

1

Everything on the bus – big and small – is considered equal, so steering is equal to say, the fuel door latch.  Moreover, the system never wonders where the message came from or who sent it, it just accepts and executes it.

Example: the fuel door button is pulled, sending a message that says, “open now!” and the fuel door says “okay got it, opening!”

That’s how car hacking works – because there’s no checks or balances, the system just accepts it and executes the command.

2

CAN bus was developed by Bosch in the 1980s, built when there was no outside world.

But then along came the Internet, and the connected car, and that’s why vehicles today are vulernable – they’re built on a system that isn’t ready to be secured for the internet because it never even imagined the internet would exist.

 

 

Have a Job for Life – Go into Auto Security

It’s an emerging industry that’s growing ridiculously quickly, auto companies have endless money, and there’s many verticals being created to choose from.

New Job Possibilities

– fix CAN bus, that thing is a mess

– get good at D-Bus 

– work for the companies that build the infotainment units eg. Harmon Kardon

cellular companies, there’ll be a vertical dedicated to securing connected cars

– learn the QNX Operating System, 75% of cars use it

– figure out how to mass update older cars

– develop a penetration test for cars

***

And with this post, I’ve now summarized a talk, that summarized another talk about that talk HAHA

 

 

Car Hacking Looks like This

Screenshots from the Black Hat presentation about the first remote hack of a passenger vehicle – a 2015 Jeep Cherokee (more here.)

It was these guys – Charlier Miller and Chris Valasek.

2 Biggest Takeaways for the Average Driver

1 – the attack they released no longer works

As of publishing of this post, the attack stopped working because Sprint closed the port they were using to enter the car (nice Sprint.)

If you own a Chrysler and were part of the 1.4 million recall, breathe a bit easier.

2 – update your car

This Jeep thing is a wakeup call – if your automaker issues an update, make it a priority. The industry is still in its infancy, the update will probably be inconvenient “pick up a USB from the dealership” DO IT.

Be mindful about how you connect your car to the internet (please never pair your car to public WiFi.)

From Black Hat 2015.