- image from YouTube video of DefCon 21 presentation

Can Bus Fun

Standing on the shoulders of giants, we look at what fun can be had with the CAN bus in a car, and why Dodge Viper radios might play RnB for no reason

3y ago

Few places would seem less likely to find car stuff than DefCon, the hacker conference that causes hotel security to remove all the phone jacks from the rooms and warn the staff to not let anyone near anything technical, and yet since DefCon 21 in 2013 there has been a large amount of interest in the shiny bits inside all sorts of automobiles.

Charlie Miller and Chris Valasek who admitted in their first presentation were not car guys decided to buy a Prius and a Ford Escape and see what they could do messing about with the Controller Area Network in the cars. They weren't exactly subtle about how they got into the wiring, a crowbar was mentioned as being used to remove the dash on the Prius for example, and the cars were rendered useless after they did such things as blow up the hybrid drive in the Toyota or convince the dashboard it was travelling at Bugatti speeds while stationary

Miller and Valasek admit they took a pry bar to the dashboard

Miller and Valasek admit they took a pry bar to the dashboard

Now you may or may not have seen Richard Hammond in a Volvo talking about "pooing himself" thanks to Pilot Assist II. Personally, knowing what I do now about CAN bus and the fun things that can be done to it, and even worse, what can be done using that lovely in car WiFi that we are so enamored over, in the case of a talk given at DefCon 23, changing radio station and playing RnB at max volume. Imagine if you will someone doing that to Mr Hammond and making the stereo play nothing but Genesis!

Check out the above talk "Remote Exploitation of an Unaltered Passenger Vehicle" by Miller and Valasek. They go into some technical detail that may be mumbo jumbo to most, but they also show just how scary this can get.

Of course, dicking about with the radio is all very funny isn't it, but what if you totally disable the brakes? How about driving down the motorway at sixty mph and finding your car suddenly wants to floor it and hang a right while loosening the seat-belts? Or disabling the airbags and slamming the anchors on? All of these are entirely feasible as the security industry finds out more and more interesting interactions between software and hardware in cars.

Volvo pilot assist II may indeed be semi autonomous, it may indeed be no more than a helping hand but if you can remotely access it in the same way as shown in the talk from DefCon 23, you can make that hand switch from helping to harming in no time at all.

The worst thing about this whole subject is how complacent manufacturers seem to be. Stating that their systems are "unhackable" is but one grievous error, it's the proverbial red flag in front of a bull, just ask Sony about George Hotz their "unhackable" PlayStation 3.

These days, car buyers really need to take the attack surface of the vehicle into consideration, anything could happen with an unsecure vehicle as Miller and Vasalek have shown. Just check out the vehicle related talks from the past 4 DefCon conferences, Specifically "Can You Trust Autonomous Vehicles?" by Jianhao Liu, Chen Yan, Wenyuan Xu from DEF CON 24, and " Drive it like you Hacked it: New Attacks and Tools to Wireless" by Samy Kamkar from DefCon 23.

Join In

Comments (0)